Re: RESOLVED: Excel 2010 problem - can't quite figure it out
Social/Professional networking is key to mobility (upward or even sideways)... Start using it judiciously. :) *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Mon, Apr 8, 2013 at 11:04 PM, Kurt Buff kurt.b...@gmail.com wrote: It would not surprise me if it were true. I'm studying for the CISSP exam. I figure that will give me a better chance of finding a job - one that pays well, anyway. Kurt On Mon, Apr 8, 2013 at 7:40 PM, Jon Harris jk.har...@live.com wrote: It was on LinkedIn Today not something that Andrew post. Jon From: jk.har...@live.com To: ntsysadmin@lyris.sunbelt-software.com Subject: RE: RESOLVED: Excel 2010 problem - can't quite figure it out Date: Mon, 8 Apr 2013 22:38:56 -0400 Your manager maybe aware of your intention thus restricting your input into hiring or he/she may just have an ego that is too large to fit in a multistory warehouse. Either way good luck getting out. A recent article I saw (I think it was Andrew that posted it) on LinkedIn seems to indicate the job market may not be expanding much and may be getting tighter again despite what the numbers the government is spouting. Jon Date: Mon, 8 Apr 2013 19:30:54 -0700 Subject: Re: RESOLVED: Excel 2010 problem - can't quite figure it out From: kurt.b...@gmail.com To: ntsysadmin@lyris.sunbelt-software.com I was told to interview him only for cultural/team fit, in a separate and shorter interview, and I had to push to get that. Manager wanted to be the one who interviewed for technical ability - all alone. New guy interviewed very well, and I liked him a lot. Just one more reason why I'm not happy with my manager, and will be leaving as soon as I find the right job... Kurt On Mon, Apr 8, 2013 at 7:17 PM, Jon Harris jk.har...@live.com wrote: If you had anything to do with the hiring of the young pup then take partial credit for being smart enough to know talent when you see it. If not then watch your back he may be really good. Jon Date: Mon, 8 Apr 2013 18:57:39 -0700 Subject: Re: RESOLVED: Excel 2010 problem - can't quite figure it out From: kurt.b...@gmail.com To: ntsysadmin@lyris.sunbelt-software.com Absolutely - but I had to very unseriously threaten to kick his butt for showing me up in front of customers. :-o Kurt On Mon, Apr 8, 2013 at 6:32 PM, Robert Cato cato.rob...@gmail.com wrote: That was a good hire and a big win for him on the first day. On Mon, Apr 8, 2013 at 8:06 PM, Kurt Buff kurt.b...@gmail.com wrote: The young pup whose first day was today opened it in compatibility mode, did a Save As and it worked, then closed Excel and tried it in native mode, and it worked again. Gotta love having a new set of eyes on a problem. Don't know what root cause was, but it's a win, and I'll take it. Kurt On Mon, Apr 8, 2013 at 6:14 AM, Miller Bonnie L. mille...@mukilteo.wednet.edu wrote: Have you tried starting Excel with no add-ins as well (safemode)? Should be a /s on the command line. http://office.microsoft.com/en-us/excel-help/command-line-switches-for-excel-HA010158030.aspx -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Saturday, April 06, 2013 4:28 PM To: NT System Admin Issues Subject: Re: Excel 2010 problem - can't quite figure it out I will try that, and let you know on Monday. Kurt On Sat, Apr 6, 2013 at 1:56 PM, Orland, Kathleen korl...@rogers.com wrote: Book.xltx is the name of the template. The location should be in the XLSTART folder in Office. If not, then try this in VBE : Press [Alt]+[F11] to launch the VBE. If the Immediate window isn’t visible, press [Ctrl]+g. In the Immediate window, type ? application.StartupPath and press Enter. VBA will display the path to XLStart. -Original Message- From: Terry Dickson [mailto:te...@treasurer.state.ks.us] Sent: Saturday, April 06, 2013 2:07 PM To: NT System Admin Issues Subject: Re: Excel 2010 problem - can't quite figure it out I forget what it is called in 2010 but if you delete the default Excel Template and let Excel create a new one next time the user opens it. We have not had this problem since 2007 but in 2003 it was common. We would just delete the default and it would create a new one and the problem went away. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click
Re: POSH PtH - this is...
Check out PhoneFactor... *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Tue, Apr 9, 2013 at 12:20 AM, Kurt Buff kurt.b...@gmail.com wrote: If I had one, I would. We're a small org, and a smartcard setup isn't gonna fly. Kurt On Mon, Apr 8, 2013 at 8:34 PM, Ken Schaefer k...@adopenstatic.com wrote: Why don't you use smart card login instead? Security is about managing risk, and not about avoiding every possible risk. Work in a big enough org, and the risks are so numerous there's simply no way to avoid them all - some of them just have to be accepted as is. Cheers Ken -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, 9 April 2013 1:29 PM To: NT System Admin Issues Subject: Re: POSH PtH - this is... On Mon, Apr 8, 2013 at 8:04 PM, Ben Scott mailvor...@gmail.com wrote: On Mon, Apr 8, 2013 at 8:01 PM, Kurt Buff kurt.b...@gmail.com wrote: Agree with MBS that other tools could stand in for PowerShell, but WCE was actually new to me. Well, then, you didn't say that, you seemed focused on PoSh. WCE in particular is new to me, too, but I've certainly read of attacks on the running system to recover credentials before. That's why trusting the computer you're logging into is really important. :) It's good to know there's an easy-to-use tool available, though. :) Didn't make it clear, true - wrong subject line, I suppose. Trusting computers is not something that comes easily to me, any more, unless I'm the only one who has touched it. Too many folks don't understand the implications of their actions. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: AD Simple LDAP authentication question
+1 My question was directed more to the fact that any Authenticated User has pretty much full read-access to AD anyway. -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Monday, April 8, 2013 7:14 PM To: NT System Admin Issues Subject: Re: AD Simple LDAP authentication question On Mon, Apr 8, 2013 at 4:03 PM, Christopher Bodnar christopher_bod...@glic.com wrote: I know that AD supports both Simple and SASL methods for LDAP binds: http://msdn.microsoft.com/en-us/library/cc223499.aspx What I was surprised is that there doesn't seem to be a way to disable the Simple method. It supports SSL/TLS but does not require it. Is that correct? I don't really know, but I do know that our Windows 2008 R2 domain controllers log the event below once a day. I know what's causing it and haven't cared enough to do something about it. The link takes you to a KB article which tells you how to require *signing*. It talks a lot about simple binds but doesn't explicitly say that requiring signing also causes it to reject simple binds, but seems to imply it pretty strongly. Source: ActiveDirectory_DomainService Event ID: 2886 - The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or Digest) LDAP binds that do not request signing (integrity verification) and LDAP simple binds that are performed on a cleartext (non-SSL/TLS-encrypted) connection. Even if no clients are using such binds, configuring the server to reject them will improve the security of this server. Some clients may currently be relying on unsigned SASL binds or LDAP simple binds over a non-SSL/TLS connection, and will stop working if this configuration change is made. To assist in identifying these clients, if such binds occur this directory server will log a summary event once every 24 hours indicating how many such binds occurred. You are encouraged to configure those clients to not use such binds. Once no such events are observed for an extended period, it is recommended that you configure the server to reject such binds. For more details and information on how to make this configuration change to the server, please see http://go.microsoft.com/fwlink/?LinkID=87923. You can enable additional logging to log an event each time a client makes such a bind, including information on which client made the bind. To do so, please raise the setting for the LDAP Interface Events event logging category to level 2 or higher. -- FWIW, YMMV, HTH, HAND, ATT. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: POSH PtH - this is...
Must be good. MSFT has acquired them. Kurt On Tue, Apr 9, 2013 at 6:09 AM, Andrew S. Baker asbz...@gmail.com wrote: Check out PhoneFactor... *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Tue, Apr 9, 2013 at 12:20 AM, Kurt Buff kurt.b...@gmail.com wrote: If I had one, I would. We're a small org, and a smartcard setup isn't gonna fly. Kurt On Mon, Apr 8, 2013 at 8:34 PM, Ken Schaefer k...@adopenstatic.com wrote: Why don't you use smart card login instead? Security is about managing risk, and not about avoiding every possible risk. Work in a big enough org, and the risks are so numerous there's simply no way to avoid them all - some of them just have to be accepted as is. Cheers Ken -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, 9 April 2013 1:29 PM To: NT System Admin Issues Subject: Re: POSH PtH - this is... On Mon, Apr 8, 2013 at 8:04 PM, Ben Scott mailvor...@gmail.com wrote: On Mon, Apr 8, 2013 at 8:01 PM, Kurt Buff kurt.b...@gmail.com wrote: Agree with MBS that other tools could stand in for PowerShell, but WCE was actually new to me. Well, then, you didn't say that, you seemed focused on PoSh. WCE in particular is new to me, too, but I've certainly read of attacks on the running system to recover credentials before. That's why trusting the computer you're logging into is really important. :) It's good to know there's an easy-to-use tool available, though. :) Didn't make it clear, true - wrong subject line, I suppose. Trusting computers is not something that comes easily to me, any more, unless I'm the only one who has touched it. Too many folks don't understand the implications of their actions. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Trimming stale cookies
I often get profiles bloated out with stale cookies. The Citrix User Profile Management tool can actually scan your index.dat file at logoff and remove references to stale cookies, before mirroring the folder to ensure consistency (see this article http://blogs.citrix.com/2011/01/25/notes-on-synchronising-internet-explorer-cookies-using-profile-management/ for an explanation of the process) Now, I'm not using Citrix UPM at the moment, and I want to replicate this process if at all possible. The folder mirroring I can handle easy enough - however, is there a way to scan the index.dat file for stale cookie entries and trim them that anyone knows of? Scripts or programs will do nicely - anyone know if there is a way to do this? I was hoping the file would be a nice simple text file and I could just scan and manipulate it - no such luck however. I can't seem to find anything by Googling, just wondering how the UPM tool manages to do it. Cheers, -- *James Rankin* Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.uk ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: AD Simple LDAP authentication question
I'm looking into this: http://technet.microsoft.com/en-us/library/cc778124(v=ws.10).aspx Which I wasn't aware of before. Looks like what I was interested in, but then I read this: This setting does not have any impact on ldap_simple_bind or ldap_simple_bind_s. No Microsoft LDAP clients that are shipped with Windows XP Professional use ldap_simple_bind or ldap_simple_bind_s to talk to a domain controller. So for example if you use LDP to do a simple bind, it will use ldap_simple_bind_s. So what is to stop a 3rd party application from sending a request like that? Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.com The Guardian Life Insurance Company of America www.guardianlife.com From: Michael B. Smith mich...@smithcons.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date: 04/09/2013 09:58 AM Subject:RE: AD Simple LDAP authentication question +1 My question was directed more to the fact that any Authenticated User has pretty much full read-access to AD anyway. -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Monday, April 8, 2013 7:14 PM To: NT System Admin Issues Subject: Re: AD Simple LDAP authentication question On Mon, Apr 8, 2013 at 4:03 PM, Christopher Bodnar christopher_bod...@glic.com wrote: I know that AD supports both Simple and SASL methods for LDAP binds: http://msdn.microsoft.com/en-us/library/cc223499.aspx What I was surprised is that there doesn't seem to be a way to disable the Simple method. It supports SSL/TLS but does not require it. Is that correct? I don't really know, but I do know that our Windows 2008 R2 domain controllers log the event below once a day. I know what's causing it and haven't cared enough to do something about it. The link takes you to a KB article which tells you how to require *signing*. It talks a lot about simple binds but doesn't explicitly say that requiring signing also causes it to reject simple binds, but seems to imply it pretty strongly. Source: ActiveDirectory_DomainService Event ID: 2886 - The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or Digest) LDAP binds that do not request signing (integrity verification) and LDAP simple binds that are performed on a cleartext (non-SSL/TLS-encrypted) connection. Even if no clients are using such binds, configuring the server to reject them will improve the security of this server. Some clients may currently be relying on unsigned SASL binds or LDAP simple binds over a non-SSL/TLS connection, and will stop working if this configuration change is made. To assist in identifying these clients, if such binds occur this directory server will log a summary event once every 24 hours indicating how many such binds occurred. You are encouraged to configure those clients to not use such binds. Once no such events are observed for an extended period, it is recommended that you configure the server to reject such binds. For more details and information on how to make this configuration change to the server, please see http://go.microsoft.com/fwlink/?LinkID=87923. You can enable additional logging to log an event each time a client makes such a bind, including information on which client made the bind. To do so, please raise the setting for the LDAP Interface Events event logging category to level 2 or higher. -- FWIW, YMMV, HTH, HAND, ATT. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~
RE: AD Simple LDAP authentication question
Absolutely nothing, unless you've done this: http://support.microsoft.com/kb/935834 But if that third party application is running in your forest already, it doesn't even need that. From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Tuesday, April 9, 2013 10:28 AM To: NT System Admin Issues Subject: RE: AD Simple LDAP authentication question I'm looking into this: http://technet.microsoft.com/en-us/library/cc778124(v=ws.10).aspx Which I wasn't aware of before. Looks like what I was interested in, but then I read this: This setting does not have any impact on ldap_simple_bind or ldap_simple_bind_s. No Microsoft LDAP clients that are shipped with Windows XP Professional use ldap_simple_bind or ldap_simple_bind_s to talk to a domain controller. So for example if you use LDP to do a simple bind, it will use ldap_simple_bind_s. So what is to stop a 3rd party application from sending a request like that? Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto: [cid:image001.jpg@01CE350D.D6F15430] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ From:Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date:04/09/2013 09:58 AM Subject:RE: AD Simple LDAP authentication question +1 My question was directed more to the fact that any Authenticated User has pretty much full read-access to AD anyway. -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Monday, April 8, 2013 7:14 PM To: NT System Admin Issues Subject: Re: AD Simple LDAP authentication question On Mon, Apr 8, 2013 at 4:03 PM, Christopher Bodnar christopher_bod...@glic.commailto:christopher_bod...@glic.com wrote: I know that AD supports both Simple and SASL methods for LDAP binds: http://msdn.microsoft.com/en-us/library/cc223499.aspx What I was surprised is that there doesn't seem to be a way to disable the Simple method. It supports SSL/TLS but does not require it. Is that correct? I don't really know, but I do know that our Windows 2008 R2 domain controllers log the event below once a day. I know what's causing it and haven't cared enough to do something about it. The link takes you to a KB article which tells you how to require *signing*. It talks a lot about simple binds but doesn't explicitly say that requiring signing also causes it to reject simple binds, but seems to imply it pretty strongly. Source: ActiveDirectory_DomainService Event ID: 2886 - The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or Digest) LDAP binds that do not request signing (integrity verification) and LDAP simple binds that are performed on a cleartext (non-SSL/TLS-encrypted) connection. Even if no clients are using such binds, configuring the server to reject them will improve the security of this server. Some clients may currently be relying on unsigned SASL binds or LDAP simple binds over a non-SSL/TLS connection, and will stop working if this configuration change is made. To assist in identifying these clients, if such binds occur this directory server will log a summary event once every 24 hours indicating how many such binds occurred. You are encouraged to configure those clients to not use such binds. Once no such events are observed for an extended period, it is recommended that you configure the server to reject such binds. For more details and information on how to make this configuration change to the server, please see http://go.microsoft.com/fwlink/?LinkID=87923. You can enable additional logging to log an event each time a client makes such a bind, including information on which client made the bind. To do so, please raise the setting for the LDAP Interface Events event logging category to level 2 or higher. -- FWIW, YMMV, HTH, HAND, ATT. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an
RE: .ZIP file e-mail attachments
We mostly rely on our appliance (IronPort) to catch them, but we do have a special rule that quarantines any password-protected ZIP files (because the appliance can't inspect those). From: David Lum [mailto:david@nwea.org] Sent: Tuesday, April 09, 2013 10:51 AM To: NT System Admin Issues Subject: .ZIP file e-mail attachments Do any of you guys still allow this? I ask because at %formerjob% they were blocked, but %dayjob% allows them, and last week and today we've received infected .ZIP files. Last week was another autorun outbreak, today we caught it before anyone actually ran it. We keep getting latest and greatest variants First seen by VirusTotal 2013-04-09 09:51:15 UTC (4 hours, 58 minutes ago). Grr... David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: .ZIP file e-mail attachments
Goes to the unsustainable nature of reactive antivirus. Your signatures can barely keep up with new variants. Proactive application management FTW On 9 April 2013 15:51, David Lum david@nwea.org wrote: Do any of you guys still allow this? I ask because at %formerjob% they were blocked, but %dayjob% allows them, and last week and today we’ve received infected .ZIP files. Last week was another autorun outbreak, today we caught it before anyone actually ran it. We keep getting latest and greatest variants “First seen by VirusTotal 2013-04-09 09:51:15 UTC (4 hours, 58 minutes ago)”. Grr… *David Lum* Sr. Systems Engineer // NWEATM Office 503.548.5229 //* *Cell (voice/text) 503.267.9764 ** ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- *James Rankin* Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.uk ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: .ZIP file e-mail attachments
We quarantine all zip files. They have to request release so we have a chance to see what it is. John W. Cook Network Operations Manager Partnership for Strong Families From: David Lum [mailto:david@nwea.org] Sent: Tuesday, April 09, 2013 10:51 AM To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Subject: .ZIP file e-mail attachments Do any of you guys still allow this? I ask because at %formerjob% they were blocked, but %dayjob% allows them, and last week and today we’ve received infected .ZIP files. Last week was another autorun outbreak, today we caught it before anyone actually ran it. We keep getting latest and greatest variants “First seen by VirusTotal 2013-04-09 09:51:15 UTC (4 hours, 58 minutes ago)�. Grr… David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: .ZIP file e-mail attachments
My policy is to block zip files by size. If you block all zips smaller than 500k you'll stop all the viruses. Allow zips larger than 500k and those will be the legit files. Sounds sort of silly but it absolutely works. Obviously I have scanners and such running too but that is my attachment policy. Mark - Two rules for success in life: 1. Never tell people everything you know. From: Mayo, Bill [mailto:bill.m...@pittcountync.gov] Sent: Tuesday, April 9, 2013 10:55 AM To: NT System Admin Issues Subject: RE: .ZIP file e-mail attachments We mostly rely on our appliance (IronPort) to catch them, but we do have a special rule that quarantines any password-protected ZIP files (because the appliance can't inspect those). From: David Lum [mailto:david@nwea.org] Sent: Tuesday, April 09, 2013 10:51 AM To: NT System Admin Issues Subject: .ZIP file e-mail attachments Do any of you guys still allow this? I ask because at %formerjob% they were blocked, but %dayjob% allows them, and last week and today we've received infected .ZIP files. Last week was another autorun outbreak, today we caught it before anyone actually ran it. We keep getting latest and greatest variants First seen by VirusTotal 2013-04-09 09:51:15 UTC (4 hours, 58 minutes ago). Grr... David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: .ZIP file e-mail attachments
Same here. -Paul From: John Cook [mailto:john.c...@pfsf.org] Sent: Tuesday, April 09, 2013 9:54 AM To: NT System Admin Issues Subject: Re: .ZIP file e-mail attachments We quarantine all zip files. They have to request release so we have a chance to see what it is. John W. Cook Network Operations Manager Partnership for Strong Families From: David Lum [mailto:david@nwea.org] Sent: Tuesday, April 09, 2013 10:51 AM To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: .ZIP file e-mail attachments Do any of you guys still allow this? I ask because at %formerjob% they were blocked, but %dayjob% allows them, and last week and today we’ve received infected .ZIP files. Last week was another autorun outbreak, today we caught it before anyone actually ran it. We keep getting latest and greatest variants “First seen by VirusTotal 2013-04-09 09:51:15 UTC (4 hours, 58 minutes ago)�. Grr… David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Datadomain / Exagrid - Backup Times over Cat5
Can't speak to Exagrid, but think of the DD boxes as if they are NAS devices. My (older model) 530 can ingest data as fast as I can throw information at it. Regarding speed, I suppose too slow is as too slow does. GigE is fast enough for my backups given their size. Here are some statistics about amount of data written over the last week and compression ratios. Pre-Comp (GB) Post-Comp(GB) Global-Comp Factor Local-Comp Factor Total-Comp Factor (Reduction %) --- - --- -- - Last 7 days 8718.2 331.9 18.6x 1.4x26.3x (96.2) Last 24 hrs 1412.140.1 24.2x 1.5x35.3x (97.2) --- - --- -- - On Tue, Apr 9, 2013 at 10:55 AM, Jon D rekcahp...@gmail.com wrote: I'm trying to wrap my head around the speed of backup appliances like Data Domain and Exagrid. The thing that doesn't make sense to me is the backups are going across Cat5. It seems like they would be really slow for a full backup. I know you can combine ports, but how much does that really help? Can anyone tell me how much data a full backup is for them, and how long it takes their Data Domain or Exagrid to back it up? Thanks in advace, Jon ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: .ZIP file e-mail attachments
On Tue, Apr 9, 2013 at 10:51 AM, David Lum david@nwea.org wrote: Do any of you guys still allow this? I ask because at %formerjob% they were blocked, but %dayjob% allows them, and last week and today we’ve received infected .ZIP files. Our plan: An email containing any dangerous file is quarantined. That check scans within archives (and archives within archives, and so on). If an archive cannot be scanned (corrupt, too big, too many files, too many nested levels, or encrypted) it is quarantined. Dangerous files include various known file name patterns, as well as anything that matches executable content signatures. We don't look for specific malware signatures. Any executable content is considered malware for email. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Blocking executables for the root of a share
What GPO prevents execution from a specific folder? Is that a file server policy? I'm a little out of date in that area On the issue stated, I wouldn't let users have the permissions to drop files in the root of shared areas Sent from my Blackberry, which may be an antique but delivers email RELIABLY -Original Message- From: David Lum david@nwea.org Date: Tue, 9 Apr 2013 17:45:34 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: Blocking executables for the root of a share Our last two virus incidents involved dropping an *.EXE at the root of our primary shared drive. Would it make sense to treat the root of a share the same as Windows 7 treats %OSDRIVE% and not allow the creation or running of executables in the share's root, or is that reacting too specifically to our latest events? Implementing this blocking is relatively straightforward. GPO can prevent the execution in specific folder, and McAfee can block the creation of said files. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AD Simple LDAP authentication question
+1 *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Tue, Apr 9, 2013 at 10:34 AM, Michael B. Smith mich...@smithcons.comwrote: Absolutely nothing, unless you’ve done this: ** ** http://support.microsoft.com/kb/935834 ** ** But if that third party application is running in your forest already, it doesn’t even need that. ** ** *From:* Christopher Bodnar [mailto:christopher_bod...@glic.com] *Sent:* Tuesday, April 9, 2013 10:28 AM *To:* NT System Admin Issues *Subject:* RE: AD Simple LDAP authentication question ** ** I'm looking into this: http://technet.microsoft.com/en-us/library/cc778124(v=ws.10).aspx Which I wasn't aware of before. Looks like what I was interested in, but then I read this: *This setting does not have any impact on ldap_simple_bind or ldap_simple_bind_s. No Microsoft LDAP clients that are shipped with Windows XP Professional use ldap_simple_bind or ldap_simple_bind_s to talk to a domain controller.* So for example if you use LDP to do a simple bind, it will use ldap_simple_bind_s. So what is to stop a 3rd party application from sending a request like that? *Christopher Bodnar* Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.com * The Guardian Life Insurance Company of America* * *www.guardianlife.com From:Michael B. Smith mich...@smithcons.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date:04/09/2013 09:58 AM Subject:RE: AD Simple LDAP authentication question -- +1 My question was directed more to the fact that any Authenticated User has pretty much full read-access to AD anyway. -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com mailvor...@gmail.com] Sent: Monday, April 8, 2013 7:14 PM To: NT System Admin Issues Subject: Re: AD Simple LDAP authentication question On Mon, Apr 8, 2013 at 4:03 PM, Christopher Bodnar christopher_bod...@glic.com wrote: I know that AD supports both Simple and SASL methods for LDAP binds: http://msdn.microsoft.com/en-us/library/cc223499.aspx What I was surprised is that there doesn't seem to be a way to disable the Simple method. It supports SSL/TLS but does not require it. Is that correct? I don't really know, but I do know that our Windows 2008 R2 domain controllers log the event below once a day. I know what's causing it and haven't cared enough to do something about it. The link takes you to a KB article which tells you how to require *signing*. It talks a lot about simple binds but doesn't explicitly say that requiring signing also causes it to reject simple binds, but seems to imply it pretty strongly. Source: ActiveDirectory_DomainService Event ID: 2886 - The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or Digest) LDAP binds that do not request signing (integrity verification) and LDAP simple binds that are performed on a cleartext (non-SSL/TLS-encrypted) connection. Even if no clients are using such binds, configuring the server to reject them will improve the security of this server. Some clients may currently be relying on unsigned SASL binds or LDAP simple binds over a non-SSL/TLS connection, and will stop working if this configuration change is made. To assist in identifying these clients, if such binds occur this directory server will log a summary event once every 24 hours indicating how many such binds occurred. You are encouraged to configure those clients to not use such binds. Once no such events are observed for an extended period, it is recommended that you configure the server to reject such binds. For more details and information on how to make this configuration change to the server, please see http://go.microsoft.com/fwlink/?LinkID=87923. You can enable additional logging to log an event each time a client makes such a bind, including information on which client made the bind. To do so, please raise the setting for the LDAP Interface Events event logging category to level 2 or higher. -- FWIW, YMMV, HTH, HAND, ATT. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful
RE: Blocking executables for the root of a share
I wouldn't let any exe's on any user share anywhere. I block all of that and a host of others that we deemed unneeded with FSRM. From: David Lum [mailto:david@nwea.org] Sent: Tuesday, April 09, 2013 1:47 PM To: NT System Admin Issues Subject: Blocking executables for the root of a share Our last two virus incidents involved dropping an *.EXE at the root of our primary shared drive. Would it make sense to treat the root of a share the same as Windows 7 treats %OSDRIVE% and not allow the creation or running of executables in the share's root, or is that reacting too specifically to our latest events? Implementing this blocking is relatively straightforward. GPO can prevent the execution in specific folder, and McAfee can block the creation of said files. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Blocking executables for the root of a share
I would think David is referring to SRPs (Software Restriction Policies) for the GPO-based blocking. -Bonnie From: kz2...@googlemail.com [mailto:kz2...@googlemail.com] Sent: Tuesday, April 09, 2013 10:51 AM To: NT System Admin Issues Subject: Re: Blocking executables for the root of a share What GPO prevents execution from a specific folder? Is that a file server policy? I'm a little out of date in that area On the issue stated, I wouldn't let users have the permissions to drop files in the root of shared areas Sent from my Blackberry, which may be an antique but delivers email RELIABLY From: David Lum david@nwea.orgmailto:david@nwea.org Date: Tue, 9 Apr 2013 17:45:34 + To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: Blocking executables for the root of a share Our last two virus incidents involved dropping an *.EXE at the root of our primary shared drive. Would it make sense to treat the root of a share the same as Windows 7 treats %OSDRIVE% and not allow the creation or running of executables in the share's root, or is that reacting too specifically to our latest events? Implementing this blocking is relatively straightforward. GPO can prevent the execution in specific folder, and McAfee can block the creation of said files. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Blocking executables for the root of a share
I can actually block the creation/execution with McAfee, but assuming a broken or unprotected endpoint, GPO can block execution should a file get there. From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu] Sent: Tuesday, April 09, 2013 11:08 AM To: NT System Admin Issues Subject: RE: Blocking executables for the root of a share I would think David is referring to SRPs (Software Restriction Policies) for the GPO-based blocking. -Bonnie From: kz2...@googlemail.commailto:kz2...@googlemail.com [mailto:kz2...@googlemail.com] Sent: Tuesday, April 09, 2013 10:51 AM To: NT System Admin Issues Subject: Re: Blocking executables for the root of a share What GPO prevents execution from a specific folder? Is that a file server policy? I'm a little out of date in that area On the issue stated, I wouldn't let users have the permissions to drop files in the root of shared areas Sent from my Blackberry, which may be an antique but delivers email RELIABLY From: David Lum david@nwea.orgmailto:david@nwea.org Date: Tue, 9 Apr 2013 17:45:34 + To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: Blocking executables for the root of a share Our last two virus incidents involved dropping an *.EXE at the root of our primary shared drive. Would it make sense to treat the root of a share the same as Windows 7 treats %OSDRIVE% and not allow the creation or running of executables in the share's root, or is that reacting too specifically to our latest events? Implementing this blocking is relatively straightforward. GPO can prevent the execution in specific folder, and McAfee can block the creation of said files. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Blocking executables for the root of a share
Can you make SRPs specific to a share? I thought they were user policies? (Long time since I used them though) Sent from my Blackberry, which may be an antique but delivers email RELIABLY -Original Message- From: Miller Bonnie L. mille...@mukilteo.wednet.edu Date: Tue, 9 Apr 2013 11:07:37 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: RE: Blocking executables for the root of a share I would think David is referring to SRPs (Software Restriction Policies) for the GPO-based blocking. -Bonnie From: kz2...@googlemail.com [mailto:kz2...@googlemail.com] Sent: Tuesday, April 09, 2013 10:51 AM To: NT System Admin Issues Subject: Re: Blocking executables for the root of a share What GPO prevents execution from a specific folder? Is that a file server policy? I'm a little out of date in that area On the issue stated, I wouldn't let users have the permissions to drop files in the root of shared areas Sent from my Blackberry, which may be an antique but delivers email RELIABLY From: David Lum david@nwea.orgmailto:david@nwea.org Date: Tue, 9 Apr 2013 17:45:34 + To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: Blocking executables for the root of a share Our last two virus incidents involved dropping an *.EXE at the root of our primary shared drive. Would it make sense to treat the root of a share the same as Windows 7 treats %OSDRIVE% and not allow the creation or running of executables in the share's root, or is that reacting too specifically to our latest events? Implementing this blocking is relatively straightforward. GPO can prevent the execution in specific folder, and McAfee can block the creation of said files. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: .ZIP file e-mail attachments
On Tue, Apr 9, 2013 at 7:51 AM, David Lum david@nwea.org wrote: Do any of you guys still allow this? I ask because at %formerjob% they were blocked, but %dayjob% allows them, and last week and today we’ve received infected .ZIP files. Last week was another autorun outbreak, today we caught it before anyone actually ran it. We keep getting latest and greatest variants “First seen by VirusTotal 2013-04-09 09:51:15 UTC (4 hours, 58 minutes ago)”. Grr… David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 Over my strenuous protests, yes. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Blocking executables for the root of a share
They are user policies, so if it's SRPs, it would be for those users logging on, blocked via UNC or some other connection path. If these are the only accounts with access to the shared resources, it should do the trick. As someone else mentioned, you could use FSRM on the file server also to block *.exe files (and other unwanted executable types). But, file screens apply to subfolders as well, which would each require exceptions as needed, so might not be wanted here. From: kz2...@googlemail.com [mailto:kz2...@googlemail.com] Sent: Tuesday, April 09, 2013 11:26 AM To: NT System Admin Issues Subject: Re: Blocking executables for the root of a share Can you make SRPs specific to a share? I thought they were user policies? (Long time since I used them though) Sent from my Blackberry, which may be an antique but delivers email RELIABLY From: Miller Bonnie L. mille...@mukilteo.wednet.edumailto:mille...@mukilteo.wednet.edu Date: Tue, 9 Apr 2013 11:07:37 -0700 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: RE: Blocking executables for the root of a share I would think David is referring to SRPs (Software Restriction Policies) for the GPO-based blocking. -Bonnie From: kz2...@googlemail.commailto:kz2...@googlemail.com [mailto:kz2...@googlemail.com] Sent: Tuesday, April 09, 2013 10:51 AM To: NT System Admin Issues Subject: Re: Blocking executables for the root of a share What GPO prevents execution from a specific folder? Is that a file server policy? I'm a little out of date in that area On the issue stated, I wouldn't let users have the permissions to drop files in the root of shared areas Sent from my Blackberry, which may be an antique but delivers email RELIABLY From: David Lum david@nwea.orgmailto:david@nwea.org Date: Tue, 9 Apr 2013 17:45:34 + To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: Blocking executables for the root of a share Our last two virus incidents involved dropping an *.EXE at the root of our primary shared drive. Would it make sense to treat the root of a share the same as Windows 7 treats %OSDRIVE% and not allow the creation or running of executables in the share's root, or is that reacting too specifically to our latest events? Implementing this blocking is relatively straightforward. GPO can prevent the execution in specific folder, and McAfee can block the creation of said files. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Blocking executables for the root of a share
The one I am looking at is a computer policy: Computer..Policies...Windows Settings...Security SettingsSoftware Restriction policies From: kz2...@googlemail.com [mailto:kz2...@googlemail.com] Sent: Tuesday, April 09, 2013 11:26 AM To: NT System Admin Issues Subject: Re: Blocking executables for the root of a share Can you make SRPs specific to a share? I thought they were user policies? (Long time since I used them though) Sent from my Blackberry, which may be an antique but delivers email RELIABLY From: Miller Bonnie L. mille...@mukilteo.wednet.edumailto:mille...@mukilteo.wednet.edu Date: Tue, 9 Apr 2013 11:07:37 -0700 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: RE: Blocking executables for the root of a share I would think David is referring to SRPs (Software Restriction Policies) for the GPO-based blocking. -Bonnie From: kz2...@googlemail.commailto:kz2...@googlemail.com [mailto:kz2...@googlemail.com] Sent: Tuesday, April 09, 2013 10:51 AM To: NT System Admin Issues Subject: Re: Blocking executables for the root of a share What GPO prevents execution from a specific folder? Is that a file server policy? I'm a little out of date in that area On the issue stated, I wouldn't let users have the permissions to drop files in the root of shared areas Sent from my Blackberry, which may be an antique but delivers email RELIABLY From: David Lum david@nwea.orgmailto:david@nwea.org Date: Tue, 9 Apr 2013 17:45:34 + To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: Blocking executables for the root of a share Our last two virus incidents involved dropping an *.EXE at the root of our primary shared drive. Would it make sense to treat the root of a share the same as Windows 7 treats %OSDRIVE% and not allow the creation or running of executables in the share's root, or is that reacting too specifically to our latest events? Implementing this blocking is relatively straightforward. GPO can prevent the execution in specific folder, and McAfee can block the creation of said files. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Blocking executables for the root of a share
Ah right gotcha now - path-based rules. Forgot about that bit :-) I'm just interested to see how modern SRPs stack up against the software I work with. Ta, JR Sent from my Blackberry, which may be an antique but delivers email RELIABLY -Original Message- From: Miller Bonnie L. mille...@mukilteo.wednet.edu Date: Tue, 9 Apr 2013 11:36:28 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: RE: Blocking executables for the root of a share They are user policies, so if it's SRPs, it would be for those users logging on, blocked via UNC or some other connection path. If these are the only accounts with access to the shared resources, it should do the trick. As someone else mentioned, you could use FSRM on the file server also to block *.exe files (and other unwanted executable types). But, file screens apply to subfolders as well, which would each require exceptions as needed, so might not be wanted here. From: kz2...@googlemail.com [mailto:kz2...@googlemail.com] Sent: Tuesday, April 09, 2013 11:26 AM To: NT System Admin Issues Subject: Re: Blocking executables for the root of a share Can you make SRPs specific to a share? I thought they were user policies? (Long time since I used them though) Sent from my Blackberry, which may be an antique but delivers email RELIABLY From: Miller Bonnie L. mille...@mukilteo.wednet.edumailto:mille...@mukilteo.wednet.edu Date: Tue, 9 Apr 2013 11:07:37 -0700 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: RE: Blocking executables for the root of a share I would think David is referring to SRPs (Software Restriction Policies) for the GPO-based blocking. -Bonnie From: kz2...@googlemail.commailto:kz2...@googlemail.com [mailto:kz2...@googlemail.com] Sent: Tuesday, April 09, 2013 10:51 AM To: NT System Admin Issues Subject: Re: Blocking executables for the root of a share What GPO prevents execution from a specific folder? Is that a file server policy? I'm a little out of date in that area On the issue stated, I wouldn't let users have the permissions to drop files in the root of shared areas Sent from my Blackberry, which may be an antique but delivers email RELIABLY From: David Lum david@nwea.orgmailto:david@nwea.org Date: Tue, 9 Apr 2013 17:45:34 + To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: Blocking executables for the root of a share Our last two virus incidents involved dropping an *.EXE at the root of our primary shared drive. Would it make sense to treat the root of a share the same as Windows 7 treats %OSDRIVE% and not allow the creation or running of executables in the share's root, or is that reacting too specifically to our latest events? Implementing this blocking is relatively straightforward. GPO can prevent the execution in specific folder, and McAfee can block the creation of said files. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
RE: Blocking executables for the root of a share
Nice-I think they used to be only user-based. Haven't looked for them in the Computer config node. From: David Lum [mailto:david@nwea.org] Sent: Tuesday, April 09, 2013 11:38 AM To: NT System Admin Issues Subject: RE: Blocking executables for the root of a share The one I am looking at is a computer policy: Computer..Policies...Windows Settings...Security SettingsSoftware Restriction policies From: kz2...@googlemail.commailto:kz2...@googlemail.com [mailto:kz2...@googlemail.com] Sent: Tuesday, April 09, 2013 11:26 AM To: NT System Admin Issues Subject: Re: Blocking executables for the root of a share Can you make SRPs specific to a share? I thought they were user policies? (Long time since I used them though) Sent from my Blackberry, which may be an antique but delivers email RELIABLY From: Miller Bonnie L. mille...@mukilteo.wednet.edumailto:mille...@mukilteo.wednet.edu Date: Tue, 9 Apr 2013 11:07:37 -0700 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: RE: Blocking executables for the root of a share I would think David is referring to SRPs (Software Restriction Policies) for the GPO-based blocking. -Bonnie From: kz2...@googlemail.commailto:kz2...@googlemail.com [mailto:kz2...@googlemail.com] Sent: Tuesday, April 09, 2013 10:51 AM To: NT System Admin Issues Subject: Re: Blocking executables for the root of a share What GPO prevents execution from a specific folder? Is that a file server policy? I'm a little out of date in that area On the issue stated, I wouldn't let users have the permissions to drop files in the root of shared areas Sent from my Blackberry, which may be an antique but delivers email RELIABLY From: David Lum david@nwea.orgmailto:david@nwea.org Date: Tue, 9 Apr 2013 17:45:34 + To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: Blocking executables for the root of a share Our last two virus incidents involved dropping an *.EXE at the root of our primary shared drive. Would it make sense to treat the root of a share the same as Windows 7 treats %OSDRIVE% and not allow the creation or running of executables in the share's root, or is that reacting too specifically to our latest events? Implementing this blocking is relatively straightforward. GPO can prevent the execution in specific folder, and McAfee can block the creation of said files. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe
Re: GPOs back from the dead
Well, it looks like the answer to my problems was found here: http://support.microsoft.com/kb/840674 I had one DC that was a replication partner to all other DCs. It passed every replication diagnostic test I could throw at it except one: nothing would actually replicate... I did a non-authoritative restore of the data in the sysvol folder as described in http://support.microsoft.com/kb/840674 and all seems to be replicating. -Bill On Tue, Apr 2, 2013 at 1:30 PM, Bill Songstad bsongs...@gmail.com wrote: Thanks for your response Damien. I definitely had some replication issues when I discovered this issue. But I fixed that a couple of weeks ago and replication seems to be occurring properly now.NTFRS isn't flopping any errors at this time and dcdiag is whining about account mapping (related to a user account in my phantom DDC policy) but no other problems. Next stop is combing through the replication in sites and services on each machine to see if I can spot anything. Just for giggles, I think I will make a change to the real DDC policy and see if it gets replicated. -Bill On Tue, Apr 2, 2013 at 10:36 AM, Damien Solodow damien.solo...@harrison.edu wrote: Sounds like you have some sysvol replication issues. DCDiag should be your friend here. In general, those ntfrs_ folders are from replication conflicts so you can usually delete them safely. I'd check your replication topology for sysvol (maybe dead links or an old DC still in there) as well as your File Replication Service event logs on the domain controllers to see what replication errors are being thrown. DAMIEN SOLODOW Systems Engineer 317.447.6033 (office) 317.447.6014 (fax) HARRISON COLLEGE -Original Message- From: Bill Songstad [mailto:bsongs...@gmail.com] Sent: Tuesday, April 02, 2013 1:23 PM To: NT System Admin Issues Subject: GPOs back from the dead Hi folks. I have an issue that I can't seem to pin down and am hoping someone here can help out. I recently inherited a W2K3 domain with about 20 DCs - some W2K3 some W2K8R2. The Default Domain Controller's policy is largely empty. However, at some point in the past, the Default Domain Controller's policy had dozens of settings. I recently moved a number of DCs into another container where the Default Domain Controllers policy was applied and enforced above a policy to temporarily change some WSUS settings. However, some of the DCs started applying the old (years old...) Default Domain Controllers policy. RSOP.msc revealed the dozens of policies from the old Default Domain Controllers policy being applied. Then when I moved the DC back to its original container and ran gpupdate /target:computer /force, the policy was updated to the current policy and related problems went away. Checking the sysvol folder on all of the DCs for policies referencing the old settings I discovered that 17 of 20 DCs have a secedit folder in sysvol \Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\MACHINE\Microsoft\Windows NT with the old policies configured. There are also 3 to 5 folders named secedit_ntfrs_ that do not have the settings or any settings for that matter. The other 3 DCs do not have the secedit folder at all, but they do have the secedit_ntfrs_ folders. So, I have two questions. 1) Why did these settings suddenly get applied? I mean the same Default Domain Controllers Policy was linked and enforced in both containers. and 2) How do I exorcise these old settings? Just delete the Secedit folders with the old data? Delete the gptTmpl.inf files with the old data? Something else? I'm a little fearful of blowing things out of the sysvol folder even if they are wrong. I guess I'm a little fuzzy on the replication process. Thanks for any insight, Bill ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage
Re: Datadomain / Exagrid - Backup Times over Cat5
Thanks everyone. It seems like it's as simple as the Cat5 cable is the bottle neck. I think DD does have a pre-backup dedupe, but only if it's talking to a server with a client loaded. Wouldn't help with backing up file shares on an EMC SAN. Somehow I need to figure out how to get data on 1 EMC SAN(acting like a NAS) to get to a backup appliance with speed. Without dropping 10G money. lol On Tue, Apr 9, 2013 at 2:46 PM, Richard Stovall rich...@gmail.com wrote: Good point. In that respect, DD probably shouldn't be considered a 'backup' product. Deduplication file storage might be a better moniker. On Tue, Apr 9, 2013 at 2:33 PM, Andrew S. Baker asbz...@gmail.com wrote: I can't speak about the DD products specifically, but dedupe can be independent of data deltas... *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Tue, Apr 9, 2013 at 2:10 PM, Richard Stovall rich...@gmail.comwrote: The DD products dedupe after receiving the complete data, so there is no bandwidth savings. On Apr 9, 2013 2:04 PM, Andrew S. Baker asbz...@gmail.com wrote: Most backup products of this sort are not copying 100% of your full data set across the wire. They are sending only the changed bits (deltas) so as to improve both performance and storage consumption. *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Tue, Apr 9, 2013 at 10:55 AM, Jon D rekcahp...@gmail.com wrote: I'm trying to wrap my head around the speed of backup appliances like Data Domain and Exagrid. The thing that doesn't make sense to me is the backups are going across Cat5. It seems like they would be really slow for a full backup. I know you can combine ports, but how much does that really help? Can anyone tell me how much data a full backup is for them, and how long it takes their Data Domain or Exagrid to back it up? Thanks in advace, Jon ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Datadomain / Exagrid - Backup Times over Cat5
On Tue, Apr 9, 2013 at 10:55 AM, Jon D rekcahp...@gmail.com wrote: I'm trying to wrap my head around the speed of backup appliances like Data Domain and Exagrid. The thing that doesn't make sense to me is the backups are going across Cat5. It seems like they would be really slow for a full backup. That depends how fast the network you're running is, and how much data you've got to worry about, and maybe other things. Gigabit Ethernet can stream 125,000,000 8-bit quantities per second. Framing and protocol overhead rob significantly from that. Let's assume 75% efficiency, just to have a number. That's 93 megabytes per second, or 337 gigabytes in one hour. If you're only backing up a terabyte, that might be just fine. If you're backing up a petabyte, not so much. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin