Re: Thanks

[Andrew S. Baker]

Indeed... :)






*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***




On Fri, May 3, 2013 at 7:33 AM, Gary Whitten
wrote:

> In case this still gets out.   Thank you Sunbelt for running it all these
> years and thanks to all of you, from whom I learned so much that I can
> never repay.
>
> ** **
>
> Cheers!
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Color me skeptical

[Andrew S. Baker]

And I would agree with you, Ken. :)





*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***




On Mon, Apr 22, 2013 at 9:41 PM, Ken Schaefer  wrote:

>  If you go back to the source, it’s supposed to be a phrase used entirely
> for changing scientific views of our universe, but since then has become a
> debased phrase that can mean whatever you want it to mean:
>
> http://en.wikipedia.org/wiki/Paradigm_shift
>
> ** **
>
> Would letting blind people see be a scientific breakthrough? A medical
> miracle? Or a paradigm shift? I’d call the technology that enables this one
> of the former two. If society’s views subsequently change (e.g. on the
> capabilities or ability of blind people to engage with sighted society),
> that might be a paradigm shift.
>
> ** **
>
> Cheers
>
> Ken
>
> ** **
>
> *From:* Jon Harris [mailto:jk.har...@live.com]
> *Sent:* Tuesday, 23 April 2013 11:16 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Color me skeptical
>
>  ** **
>
> Personally I question what a "paradigm shift" would be considered to be.
> I would then look at that is being proposed as such a thing.  Most of
> the truly accurate "futurist" were not associated with a company selling
> hardware or software.  They were academics and entertainers.  Look at what
> Rodenberry saw when he invented Star Trek (Yeah I know maybe not a good
> choice but he did see things in his vision that we now have maybe due
> to that vision) He was looking not at what was or what was possible but
> what he saw as the future.  Like many others of his ink he was able to see
> true "paradigm shifts" even if he was not going to be a part of inventing
> them.  In my mind Jobs is and will forever be the king of salesmanship.  He
> convinced people that what he was selling was better, faster, more cool,
> than anything in the market, despite the fact that others had made it
> before him.  He was also not above allowing others to make claims that were
> patently false (Apple OS/iOS can't get bugs).  Later once he had his market
> up and running when he knew his time on that statement was running out made
> sure his marketing people did not make that claim but would quietly say it
> was possible for it to get bugs.  Google would not be in business except
> for companies like Microsoft and Yahoo.  Microsoft itself was only able to
> get going due to the inventor of an earlier OS not really being interested
> in business, well that and having family in the right place at the right
> time.
>
> A paradigm shift would be something everyone could benefit from or helps
> those in special niche markets get equal to those in the larger market.  If
> Google glass were to be able to allow the blind to see then that to me
> would be a paradigm shift.
>
> Jon 
>  --
>
> From: k...@adopenstatic.com
> To: ntsysadmin@lyris.sunbelt-software.com
> Subject: RE: Color me skeptical
> Date: Mon, 22 Apr 2013 22:03:33 +
>
> I’d argue that Google’s way of searching was/is sufficiently different to
> the competition (Alta Vista anyone) to be considered some kind of shift.**
> **
>
>  
>
> If you’re going to say that Google didn’t revolutionise search because
> they didn’t invent it, then arguably there’s been nothing revolutionised
> for hundreds of years (which I think we both agree is false). It may be
> just that we disagree on the degree of change required to call something a
> ‘paradigm shift’, but I’d argue that Google Search, and the concept of
> giving people “gigabytes” of “free” storage for Gmail were both game
> changers that propelled those two products from challengers to dominance.*
> ***
>
>  
>
> Cheers
>
> Ken
>
>  
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com ]
> *Sent:* Tuesday, 23 April 2013 3:17 AM
> *To:* NT System Admin Issues
> *Subject:* Re: Color me skeptical
>
>  
>
> *>>**  They hit paydirt with "search, don't sort" and "sell
> user data/advertising to others, not services to users". *
>
>  
>
> But that wasn't a paradigm shift.  They didn't invent search, and they
> didn't invent selling advertising, and they didn't invent the freemium
> concept or the concept where the user is the product.
>
>  
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscrip

Re: Color me skeptical

[Andrew S. Baker]

*>>If you’re going to say that Google didn’t revolutionise search because
they didn’t invent it*

No, that's not what I am saying at all.

They *did* revolutionize search.  They did lots of cool back-end
integration.  They built a very, very profitable ecosystem based upon
search.

But they did not create a paradigm shift.   Nothing shifted.  We still use
web mail like we did before, and we still search (largely) like we did
before.

GoogleWave had the potential to be a paradigm shift, and if it had worked,
we'd all be communicating very differently than we do today.  It could very
well have killed email (and Google wouldn't have cared because it was tied
into their search backend just as neatly).  IMO, Google+ only exists
because GoogleWave failed.  (Or, at the very least, it exists in its
current format because GoogleWave failed)

Every escalation of technology or innovative deployment is not a paradigm
shift.

Amazon cloud? Yeah, paradigm shift.  And they built an ecosystem around it
for good measure.

iPod? A much better MP3 player, but not a huge shift.
iPod+iTunes?  Even tighter integration and appeal, but it's not like
Blackberry didn't have a market long before Apple came out with theirs.


Both Apple and Microsoft have benefited from optimization and greatly
improving different mousetraps at different times, but IMO, a paradigm
shift needs to have the *shift*, otherwise its just optimization --
desireable, but something else entirely.

The original Palm Pilot introduced a *shift*.  For the first time, it was
now possible to manage your calendar *and* contacts while you were on the
road, and have them sync up when you got back to the office.  It moved the
personal assistant or digital rolodex to a whole new level and drastically
changed how people worked.

To me, that's what a paradigm shift is all about.   Desktop PC
decentralizing corporate computing is a shift.


*>>
 I’d argue that Google Search, and the concept of giving people “gigabytes”
of “free” storage for Gmail were both game changers that propelled those
two products from challengers to dominance.*

Sure, the free storage -- greatly increased over competitors at the time --
was a competitive advantage, but gmail was/is web based mail.

No shift.


I am not suggesting that improvements are useless unless they cause a
shift, either.  The fact is, we only see those kinds of major changes a few
times every decade at most.  I'm just suggesting that we over hype
improvements to the extent that everything is seen as a home run (or
needing to be a home run), when a steady progression of singles and doubles
will just as happily win the game, while being more likely to obtain.




*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***




On Mon, Apr 22, 2013 at 6:03 PM, Ken Schaefer  wrote:

>  I’d argue that Google’s way of searching was/is sufficiently different
> to the competition (Alta Vista anyone) to be considered some kind of shift.
> 
>
> ** **
>
> If you’re going to say that Google didn’t revolutionise search because
> they didn’t invent it, then arguably there’s been nothing revolutionised
> for hundreds of years (which I think we both agree is false). It may be
> just that we disagree on the degree of change required to call something a
> ‘paradigm shift’, but
>  I’d argue that Google Search, and the concept of giving people
> “gigabytes” of “free” storage for Gmail were both game changers that
> propelled those two products from challengers to dominance.
>
> ** **
>
> Cheers
>
> Ken
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Tuesday, 23 April 2013 3:17 AM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Color me skeptical
>
> ** **
>
> *>>**  They hit paydirt with "search, don't sort" and "sell
> user data/advertising to others, not services to users". *
>
> ** **
>
> But that wasn't a paradigm shift.  They didn't invent search, and they
> didn't invent selling advertising, and they didn't invent the freemium
> concept or the concept where the user is the product.
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Color me skeptical

[Andrew S. Baker]

*>>
I'm really interested to see if this is the paradigm shift that Google
thinks it's going to be.*


Has Google actually been right about *any* paradigm shifts?

(Ponders Buzz and GoogleWave...)

Yes, I know... Old thread.





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***




On Wed, Feb 27, 2013 at 9:14 AM, Christopher Bodnar <
christopher_bod...@glic.com> wrote:

> I'm really interested to see if this is the paradigm shift that Google
> thinks it's going to be. I think if they can really work out the issues, it
> will be. But I'm not convinced they can at this point. Specifically voice
> recognition issues. With this device, the voice recognition has to be
> pretty close to 100% 24x7, or it won't catch on. They way I see this
> working in real life, is that it's going to be tethered do your phone all
> the time. Meaning  you will still have your phone with you, so it won't
> replace that device. I see it as more of an accessory to your phone. But if
> you are constantly shifting back and forth between the 2 then it's going to
> be a hard sell.
>
>
>  *Christopher Bodnar*
> Enterprise Architect I, Corporate Office of Technology:Enterprise
> Architecture and Engineering Services  Tel 610-807-6459
> 3900 Burgess Place, Bethlehem, PA 18017
> christopher_bod...@glic.com
>
>
> *
> The Guardian Life Insurance Company of America*
> *
> **www.guardianlife.com* 
>
>
>
>
>
>
> From:Kurt Buff 
> To:"NT System Admin Issues"  >
> Date:02/26/2013 08:55 PM
> Subject:Color me skeptical
> --
>
>
>
>
> http://www.theverge.com/2013/2/22/4013406/i-used-google-glass-its-the-future-with-monthly-updates
>
> On several levels, including:
>
> o- Too many areas without network capability - where I live, anyway.
>
> o- Voice interaction. Really? No thanks.
>
> o- Privacy. Do I really want Google to know that much about me? They
> already know too much.
>
> Don't get me wrong - this is amazing technology. But, I don't have to
> say yes to everything that comes along
>
>
> Kurt
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: On the subject of security...

[Andrew S. Baker]

Ah, but Ken, you've done a risk assessment. :)

Without one, there is no way to know what your status is, and what steps
should be taken (or avoided) to make it better.

This is just as true for consumers as for corporations, and often just as
ignored.





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***




On Wed, Apr 17, 2013 at 7:29 PM, Ken Schaefer  wrote:

> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Thursday, 18 April 2013 6:08 AM
> To: NT System Admin Issues
> Subject: Re: On the subject of security...
>
> > If that's the case, then he didn't make his point at all clear.
> ...
> > True again - and again unremarkable. My point is that you have to use
> the same methods to
> > protect unprivileged accounts as you do root/administrator.
> > ...
> > That's the import of my remarks about screensavers, FDE, not caching
> passwords
> > for web sites in browsers, etc. - it's all about protecting the data;
> that which resides
> > on the machine, and that which resides on teh intarwebs.
>
> If anyone's being unclear here, I think it's you.
>
> My reading of your comments is that a lot of your suggestions are geared
> towards preventing access to the system.
>
> All your suggestions about encrypting disks, having screen savers etc. are
> overkill if all my data is burnt to CDs. I'm better off investing in a safe
> to house them. Additionally, if my only PC is the one sitting in my living
> room, then when someone has got access to that machine (by breaking into my
> house), then a lack of password protected screensaver, or the fact that the
> password to the machine is on the bottom of the keyboard, is probably the
> least of my problems.
>
> Security is about managing risk: identify what the threats are, and the
> mitigate, transfer, accept etc. Security is not a checklist of technologies
> and processes.
>
> > I protect all of my accounts, privileged or not, in the same ways, and
> > have been doing so for so long that it's completely natural to me. It
> > just feels unnatural not to do so.
> >
> > No running executables from untrusted sources, turn off scripting in
> > my browsers, view all email as plain text, no remembering/caching of
> > passwords in browsers, using a unique password per web site and per
> > other accounts, regular clearing of cookies, no linking of accounts
> > between web sites, running current AV, no browsing with elevated
> > accounts, laptops have full disk encryption, etc., etc., etc.
>
> Without an evaluation of risks, this would be a complete waste of time for
> most people IMHO.
>
> I run as an admin on my personal machine. I don't bother reading all mail
> in "plain text", and I don’t full disk encrypt all my machines, and I don't
> clear my cookies. I've got better things to do with my time, and if I focus
> on protecting my identity and data instead, I'm probably just as likely as
> you to be "safe".
>
> Cheers
> Ken
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: On the subject of security...

[Andrew S. Baker]

Generally, I agree with your point.   Risk management is a holistic
endeavor, and when we forget that, we get hung up on technicalities that
don't help us achieve the end goal.

Protecting root access in a system does have some value when it comes to
persistence of malware. Malware that is confined to userland is easier to
detect and uproot than malware that makes it to a deeper level.

Your key point about the safety of data in userland cannot be denied,
however.  But, it's not like there aren't tools for that -- it's just that
people are as annoyed about using them as they are with UAC, etc.

Example:  Too many people share passwords across multiple systems/services.
 These same people tend not to use password managers.  The use of the
latter would go a long way to curtailing the mistake of doing the former.

Similarly, very few people who could benefit from it actually bother to
use encryption.


I think that the bigger problem is that most people don't realize the
importance and criticality of their data until it is lost...






*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***




On Wed, Apr 17, 2013 at 3:27 PM, Ben Scott  wrote:

> On Wed, Apr 17, 2013 at 2:43 PM, Michael B. Smith 
> wrote:
> > IOW: Security is for the MANAGEMENT of risk and MITIGATION of same. For
> real
> > world systems, and usage of them, there is no such thing as perfect
> security.
>
>   That's true, too, but the point Munroe is trying to make is that a
> lot of people lose track of the forest for the trees.  They get so
> caught up in protecting the computer that they forget why they're
> protecting it.
>
>   On my home PC, most of the the software I use is free and
> unremarkable.  I could rebuild the software configuration from scratch
> in a matter of hours.  Why do I care about protecting *that*?
>
>   I don't.  I want to protect my photos, files, bank account, Facebook
> account, etc., etc.  All of which are tied into my user account and
> who-knows-how-many third-party web sites.  They don't much care about
> my admin account.
>
>   But a lot of computer security people focus on protecting the system
> privileged account.  For example, I've gotten into strong arguments
> with *nix weenies about how protecting the root account is the most
> important thing on a system, and that's the fundamental flaw in
> Microsoft Windows, or some such thing.  They don't get that the data
> in my user account is a lot more valuable than the software install.
> They don't get that a worm can propagate from my user account just as
> easily.  And as I'm the only user of my home PC, I'm not even
> protecting other users from me.  Yah, I protect the root account, but
> only as a means to helping protect the stuff I care about.
>
>   I've had the exact same discussion about Windows and UAC.  On this
> forum, in fact.  If UAC works perfectly, it successfully protects an
> admin account on a throw-away home PC with one user.  Meanwhile, the
> malware is quite content to delete/steal all the user's data from
> userland, and then propagate to other PCs, again from userland.  It's
> mildly useful in helping prevent a reinstall of a bunch of software,
> but that's not the high value asset.
>
>   (Protecting system access is rather more relevant in business, where
> you've got more than one level of privilege.)
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Endpoint backups

[Andrew S. Baker]

+1





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***




On Wed, Apr 17, 2013 at 12:00 PM, Kennedy, Jim  wrote:

>  So the goal is to protect the orgs docs…not backup desktops.  Backup
> desktops is a method for getting to your goal.
>
> ** **
>
> Most of us would argue that redirect my docs to a server and back that up
> is a better way to get to that goal. Tell them anything on their desktop is
> subject to instantaneous loss, or redirect their desktop to the server also.
> 
>
> ** **
>
> I prefer to redirect my docs and put some controls on space and file type
> on that share and let them save their music and funny videos to the
> desktop. The users get that and like the compromise.
>
> ** **
>
> ** **
>
> *From:* David Lum [mailto:david@nwea.org]
> *Sent:* Wednesday, April 17, 2013 11:56 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Endpoint backups
>
>  ** **
>
> Files they keep on the desktop and “My Documents”.
>
> ** **
>
> *From:* Webster [mailto:webs...@carlwebster.com ]
>
> *Sent:* Wednesday, April 17, 2013 7:49 AM
> *To:* NT System Admin Issues
> *Subject:* RE: Endpoint backups
>
> ** **
>
> What is there to backup that is not in a centralized location backed up by
> a centralized backup system?
>
> ** **
>
> Carl Webster
>
> Consultant and Citrix Technology Professional
>
> http://www.CarlWebster.com 
>
> ** **
>
> ** **
>
> *From:* David Lum [mailto:david@nwea.org ]
> *Sent:* Wednesday, April 17, 2013 9:57 AM
> *To:* NT System Admin Issues
> *Subject:* Endpoint backups
>
> ** **
>
> Do any of you guys back up all your endpoints/PC’s? We’re trying to do
> that via Tivoli but troubleshooting clients is a major PITA. It seems to be
> ok 90% of the time, but the broken ones seem to take forever to find and
> repair, and it’s not easy to automate resetting the password at the client
> PC without interaction on the client/endpoint side.
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: OT: VMware vCenter upgrade; problems with vCenter Database PreCheck

[Andrew S. Baker]

Thanks for the follow-up, Michael.





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***




On Tue, Apr 16, 2013 at 8:58 AM, Michael Leone  wrote:

> So I never did get an answer on this, either from here, VMware
> Communities, or Tech Support. :-) But since the Host Agent Pre-Check
> passed, and the new vCenter 5.1 Pre-Install Check Script passed, I
> just went ahead and did it.
>
> So yesterday I upgraded my 5.0 to 5.1.0b. And it all Just Worked,
> surprisingly enough. :-) Every section said completed successfully. It
> does pay to do your homework - in my case, the SQL instance where I
> created my RSA Single Sign On database was on a separate server. Being
> a named instance (i.e., not default), the port number was 50977, not
> the standard 1433). I found that port by asking my head DBA. :-) I
> specified that when installing SSO, and it seemed to work. Also, when
> installing Syslog Collector and Dump Collector, I had to specify the
> username as "user@domain", not the "user" that the configuration
> screen pre-filled in for me.
>
> (to be extra safe, I made a local hosts file on my vCenter, just
> incase there were problems with my DNS. There wasn't - all my hosts
> properly resolved forward and backward in DNS; I'm a bit of a stickler
> for that - but it doesn't hurt just to be safe. Remember to do a
> "ipconfig /flushdns", to reload the hosts file)
>
> Other than that, I didn't have any problems. Took about 80 minutes (I
> went slowly, just in case). I also upgraded 2 vSphere clients on
> workstations (mine and my boss), and again that just worked, along
> with the Update Manager upgrade.
>
> So at this point, I just need to change my SQL Agent job that creates
> a nightly backup of my VirtualCenter DB to also make a backup of my
> RSA database. And then upgrade my hosts ...
>
> I will let it sit and percolate for another day, and start to upgrade
> the hosts to 5.1, by using the Update Manager.
>
> On Thu, Apr 11, 2013 at 10:23 AM, Michael Leone 
> wrote:
> > I realize this is more than a bit OT for this list. But I'm still
> > waiting to hear back from VMware Tech Support (they said they need to
> > contact their engineers), and I've had no response from the VMware
> > community yet. So I thought I would take a chance and ask here.
> >
> > I am about to upgrade from ESXi 5.0 U2 to 5.1. I am running the
> > vCenter Server Database Pre-Upgrade Checker as a pre-step, and it is
> > failing. Regardless of whether I run 32 or 64 bit checker, and
> > regardless of whether I choose the ODBC or Credentials type of check..
> >
> > vCenter OS=Win 2008 R2; DB = SQL 2008 R2 in a named instance, on a
> > remote server.
> >
> > I am using ODBC as connection type, and am using the name I see in
> > ODBC, and the correct SQL sa user and password. But it fails. Even if
> > I use the "Credentials" option, it still fails. Both complain about
> > failing to create a file.
> >
> > vCenter Server version = 5.0.0 Build 804277
> >
> >
> > The log shows: (snipped) - same error whether running an ODBC or
> > Credentials check
> >
> > ---
> > Signature file path:
> > C:\Users\admin\Documents\64bit-check.xml-signature20130410141806.xml
> > Message output file path:
> > C:\Users\admin\Documents\64bit-check.xml-message20130410141806.txt
> > Output archive file created.
> > Error: no such file
> > C:\Users\admin\Documents\64bit-check.xml-signature20130410141806.xml
> > ---
> >
> > And the Debug log:
> > C:\Users\admin\Documents\64bit-check.xml-signature20130410141806.xml
> > (The system cannot find the file specified)
> >
> > The KB (<
> http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2004286
> >>) says that the checker compares a signature file of what I am
> > running, against a "standard" signature file. From the looks of it,
> > it's not creating my signature file, even tho the log says it did.
> >
> > Anybody ever run this? Does it even work? Looks to me like an error in
> > the Java code that creates the signature, or the code that reads it
> > back in, it's the only thing I can think of.
> >
> > Mind you, the 5.1 Host Agent Pre-Upgrade check runs flawlessly. But I
> > am presuming that the Database PreCheck does a more comprehensive
> > check (else why does it exist?).
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_f

Re: Some interesting thoughts about network security

[Andrew S. Baker]

I don't disagree that security is a very important consideration, but many
of the people who fear the cloud or BYOD because of security aren't doing
all that hot with the security they should have control over today.

Implementing buzzwords *is* bad.  Failing to properly evaluate and
implement technologies that can help your business, because they are
associated with buzzwords, is also bad.

Look at the vast majority of security breaches that have taken place in the
past 3 years, and the attack vectors are often the supposedly tried and
true areas of the network. Just because the security of a technology is
better understood, that doesn't mean that people are actually implementing
it.







*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***




On Tue, Apr 16, 2013 at 7:36 AM,  wrote:

>  Don't implement a buzzword. Implement technology that has been tried and
> tested. Security is still a major concern with the cloud and with BYOD.
> There are definite gotchas that haven't been realized yet, but security is
> the most glaring concern that is getting glazed over. The Apple/Google
> generation of technology has zombified people over privacy and security. We
> are in dangerous waters, so tread carefully and cautiously. Don't implement
> something just because a case study somewhere said it worked for someone
> else. Remember, an organization may look similar to an organization in a
> case study, but as we all know, every environment is different and requires
> careful planning and testing.
>
> BYOD and the cloud will be a good fit for a lot of companies once the
> issues get worked out. To me, it seems like a game of Jenga. As we move
> tech from one place to another, its that one piece that will cause the
> whole stack to come crashing down.
>
> Sent from Microsoft Surface Pro
>
> *From:* Webster
> *Sent:* Tuesday, April 16, 2013 7:27 AM
>
> *To:* NT System Admin Issues
>
>
> Most of the projects I work on are in the financial and healthcare
> sectors.   100% of them are doing BYOD.  These are some of the largest
> companies in their respective industries.  One healthcare related company
> just bought 40,000 iPads for their sales force.  Where I am now they have
> 30,000 people using Citrix XenApp and are scaling up a XenDesktop project
> to 11,000 users.  They are supporting almost every kind of device
> imaginable: iPhone, iPad, Androids, Surface, Mac OSX, Win7, etc.
>
>
>
> Brian Madden is a recognized name and thought leader in this space.  But
> as a thought leader, his goal is to make you think.  Think about the ways
> users are getting around IT (I see it daily at my current project), think
> about how IT really does not and cannot control every device.
>
>
>
> Back when Brian was in the trenches doing designs and installs, he
> designed and built some of the world’s largest TS/RDS/XenApp environments.
> He does know his stuff.  I think he is trying to stretch IT’s way of
> thinking and can be considered more of a provocateur now.  What we did in
> IT 5 or 10 years ago may not work with today’s users and how they work and
> or want or need to access company data.
>
>
>
> Just my $0.02US worth
>
>
>
> Carl Webster
>
> Consultant and Citrix Technology Professional
>
> http://www.CarlWebster.com 
>
>
>
>
>
> *From:* Jon Harris [mailto:jk.har...@live.com]
> *Sent:* Monday, April 15, 2013 9:46 PM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Some interesting thoughts about network security
>
>
>
> One of the things I saw in the article was part of his reasoning on this
> was the BYOD movement.  I know a lot of places are looking at this and some
> have even gone for it but if it was a financial firm or a health care
> provider I don't know if I would want to do business with them.  BYOD just
> opens too many cans of worms for me to feel comfortable with those firms
> doing that.  IF they were using something like VDI or Citrix like work
> interface I would only be marginally comfortable.  I don't see that
> happening unless a company really looks at where the data is stored and the
> risk of that data getting "lost" to parties unknown.  From all that I am
> seeing it is more management wanting to push the cost of the workers
> hardware to the worker and little else is taken into account until they get
> bit hard and are faced with lawsuits due to their lack of use of their
> brains.
>
> Jon
>
>  --
>
> From: k...@adopenstatic.com
> To: ntsysadmin@lyris.sunbelt-software.com
> Subject: RE: Some interesting thoughts about network security
> Date: Tue, 16 Apr 2013 00:33:16 +
>
> My thoughts:
>
>
>
> a)  “One size fits all” solutions simply don’t fit most
> organisations. Some e.g.:
>
> a.(e.g. “you support users connecting from home today”, so
> obviously you can obviously scale to support the entire organisation doin

Re: Some interesting thoughts about network security

[Andrew S. Baker]

*>>This looks like just another “magic bullet” – simple solution to a
complex problem that only works in simple (i.e. small) environments.*

**

I would substitute the word "limited" for "small".   I've seen even small
organizations where this could not work as expressed.






*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***




On Mon, Apr 15, 2013 at 8:33 PM, Ken Schaefer  wrote:

>  My thoughts:
>
> ** **
>
> **a)  **“One size fits all” solutions simply don’t fit most
> organisations. Some e.g.:
>
> **a.   ** (e.g. “you support users connecting from home today”, so
> obviously you can obviously scale to support the entire organisation doing
> the same at work, or
>
> **b.  **“give each user their own VLAN” – yeah, we’ll create 100,000
> VLANs – imagine maintaining the FWs, routers, and how much more complex
> user provisioning and de-provisioning is going to be. What happens when
> users move between buildings? Telcos can make this happen, but telcos are
> in the networking business.
>
> **b)  **Treating wireless users as “external” and then making them
> VPN in isn’t new – that’s been the thinking for 20 years. It was “start of
> the art” maybe in 2000, but it’s not now
>
> **c)   **I know Microsoft was arguing for the “hard core” and “soft
> shell” since circa 2006 or so – so even that’s now new. However I disagree
> that there should be one boundary (around the data centre) and we ignore
> everything else. Obviously Brian doesn’t understand how large organisations
> (and I’m guessing other sizes as well – I don’t have that much experience)
> work. Most banks (for example) are stuffed full of “knowledge workers” that
> depend on data being on their client PCs. For example I’ve seen
> reconciliations in a large institutional bank being run on over 2,000 excel
> spreadsheets due to lack of straight through processing between diverse
> systems. You can treat them as being “on the internet”, but that’s too
> difficult to do in practise with granularity. If you make them VPN in, you
> end up giving them wide-open access anyway. So why not just use 802.1x to
> guard your physical (including WiFi) access? Surely 802.1x is easier and
> cheaper to deploy than catering for 100,000+ VPN connections?
>
> ** **
>
> This looks like just another “magic bullet” – simple solution to a complex
> problem that only works in simple (i.e. small) environments.
>
> ** **
>
> Cheers
>
> Ken 
>
> ** **
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* Monday, 15 April 2013 10:24 PM
>
> *To:* NT System Admin Issues
> *Subject:* Some interesting thoughts about network security
>
> ** **
>
>
> http://www.brianmadden.com/blogs/brianmadden/archive/2013/04/15/rethinking-network-security-all-your-on-premises-wifi-users-are-actually-quot-remote-quot-users.aspx
>
>
> --
> *James Rankin*
> Technical Consultant (ACA, CCA, MCTS)
> http://appsensebigot.blogspot.co.uk
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Some interesting thoughts about network security

[Andrew S. Baker]

The biggest problem I see with the "new perimeter" discussions is that
people keep advocating leaving the old perimeter.   That's the part that
always gets me.

Acknowledging that data protection is best done near the data container is
fine.   Abandoning all other posts, some of which contain other assets that
need to be protected is not wise.





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***




On Mon, Apr 15, 2013 at 3:28 PM, Michael B. Smith wrote:

> I've had several issues with his thinking in the last couple of years.
>
> Don't get me wrong - in his subject area (which I typically think of as
> VDI/RDS/Citrix) he's a really smart cookie. But he's been veering into the
> wild blue yonder on other things...
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Monday, April 15, 2013 3:19 PM
> To: NT System Admin Issues
> Subject: Re: Some interesting thoughts about network security
>
> On Mon, Apr 15, 2013 at 5:23 AM, James Rankin 
> wrote:
> > http://www.brianmadden.com/blogs/brianmadden/archive/2013/04/15/rethin
> > king-network-security-all-your-on-premises-wifi-users-are-actually-quo
> > t-remote-quot-users.aspx
> >
> > --
> > James Rankin
> > Technical Consultant (ACA, CCA, MCTS)
> > http://appsensebigot.blogspot.co.uk
>
> Yeah - he's wrong.
>
> --Begin Quote--
> "I can never allow non-trusted devices on the corporate network"
>
> You need to redefine your definition of "corporate network." Your
> corporate network is the tight boundary that's around your servers or
> whatever else you're actually trying to protect. There's no point to
> protecting your entire user-land network. Just make it "the internet"
> and move on.
> --End Quote--
>
> When I can keep all of the IP and other confidential data to the company
> off of  end user devices (and by this I mean "not stored to local
> non-volatile storage, encrypted or not"), I can consider that.
>
> In the meantime, the boundary extends well beyond my servers.
>
> Kurt
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Possible issue with this months patches, MS13-036 patches.

[Andrew S. Baker]

http://blogs.technet.com/b/msrc/archive/2013/04/11/kb2839011-released-to-address-security-bulletin-update-issue.aspx





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Fri, Apr 12, 2013 at 7:46 AM, Ziots, Edward  wrote:

>  The KB that provides guidance for the issue with the NTFS.SYS
> package(KB2823324) for MS13-036 is live!
>
> ** **
>
> * KB2839011 You receive a Stop 0xc00e startup error in
> Windows 7 after you install security update 2823324
>
> https://support.microsoft.com/kb/2839011
>
> ** **
>
> We will be revising the bulletin shortly.
>
> ** **
>
> Thanks,
>
> CSS Security Readiness & Response Team
>
> ** **
>
> EZ
>
> ** **
>
> Edward E. Ziots, CISSP, CISA, Security +, Network +
>
> Security Engineer
>
> Lifespan Organization
>
> ezi...@lifespan.org
>
> Work:401-444-9081
>
> ** **
>
> ** **
>
> This electronic message and any attachments may be privileged and
> confidential and protected from disclosure. If you are reading this
> message, but are not the intended recipient, nor an employee or agent
> responsible for delivering this message to the intended recipient, you are
> hereby notified that you are strictly prohibited from copying, printing,
> forwarding or otherwise disseminating this communication. If you have
> received this communication in error, please immediately notify the sender
> by replying to the message. Then, delete the message from your computer.
> Thank you.
>
> *[image: Description: Description: Lifespan]*
>
> ** **
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: Google Drive

[Andrew S. Baker]

I use DropBox (75%), Box.com (23%) and SkyDrive (2%) with encryption
provided by BoxCryptor.

Also check out nCryptedCloud.com

I do have SpiderOak, but I haven't really put too much up there.  Just some
testing...





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Thu, Apr 11, 2013 at 10:12 AM, James Rankin wrote:

> That sounds interestingthere are certainly a lot of providers jumping
> into this market now, I just picked on Google because my mail account and
> blog are hosted by them and it seemed natural to follow on with the storage.
>
> I was just going to use a DataNow appliance in my own house but I was
> conscious then that the "cloud" became my own home-based storage and
> something like a house fire would wipe out all my data whether it be client
> or storage-based :-(
>
> I think it's maybe time someone did one of those nice "smackdown" reviews
> based on all the cloud storage vendors.
>
> I may have a look at OxygenDrive anyway given my own obsession with
> portable apps :-)
>
> Cheers,
>
>
> JR
>
> On 11 April 2013 15:00, Steven M. Caesare  wrote:
>
>>  OxygenDrive is interesting in that it provides a virtual drive that
>> actually mounts. You can do standard explorer/command line options with it.
>> There still is a sync mechanism as well, but it’s about the most seamless
>> solution I’ve seen.
>>
>> ** **
>>
>> There’s also the standard web interface, as well as apps for iOS and
>> Android.
>>
>> ** **
>>
>> You can obtain cloud storage from them (free for personal, $$ for
>> commercial), or frontend your own storage with their solution.
>>
>> ** **
>>
>> As always, read the ToS with cloud storage providers.
>>
>> ** **
>>
>> -sc
>>
>> ** **
>>
>> *From:* Tobie Fysh [mailto:tobie.f...@freebridge.org.uk]
>> *Sent:* Wednesday, April 10, 2013 1:25 PM
>>
>> *To:* NT System Admin Issues
>> *Subject:* RE: Google Drive
>>
>> ** **
>>
>> If we are throwing out our fav syncing tools SkyDrive rocks, Windows,
>> Windows RT and Windows Phone all in sync.
>>
>> Sent from my Windows Phone
>>
>>  --
>>
>> *From: *Matthew W. Ross 
>>
>> *Sent: *10/04/2013 18:15
>>
>> *To: *NT System Admin Issues 
>> *Subject: *Re: Google Drive
>>
>>  I use Google Drive all the time, at least the online version. I have
>> been trying a lot of different "syncing" solutions as of late, as I also
>> have been using Dropbox and Cubby.
>>
>> I have the desktop client on my home PC, but it has not given me any
>> problems. It behaves a lot better than Dropbox for me, as Dropbox likes to
>> index every time I am forced to reboot, which seems to take an unusually
>> long time.
>>
>> The client at home I use to drop in PDFs of important mailers I get (Scan
>> to FTP, copy to Google Drive) so that I have is wherever I need them.
>>
>> Otherwise, it's a simple web-based word processor/spreadsheet/drawing
>> tool that works anywhere I go.
>>
>> 
>>
>> How are you trying to sync your Firefox bookmarks with Google drive? Are
>> you using the Portable Apps version of Firefox, and seeing the problems
>> when you are mixing the two together? (Very cool idea, BTW. I just wonder
>> how syncing would work if you had it open on multiple computers...)
>>
>> Doesn't Firefox now have a native bookmark syncing feature, much like
>> Google Chrome?
>>
>>
>> --Matt Ross
>> Ephrata School District
>>
>>
>> - Original Message -
>> From: James Rankin
>> [mailto:kz2...@googlemail.com ]
>> To: NT System Admin Issues
>> [mailto:ntsysadmin@lyris.sunbelt-software.com
>> ]
>> Sent: Wed, 10 Apr 2013
>> 03:37:57 -0800
>> Subject: Google Drive
>>
>>
>> > Anyone else using Google Drive and think it is a bit rubbish in
>> general? I
>> > regularly get sync failures, errors in the software, and if I go to the
>>
>> > online version and try to empty the Trash folder, everything simply
>> > reappears as soon as I delete it. I've been using it with Portable Apps
>> and
>> > recently all my Firefox bookmarks just disappeared, so I am beginning to
>> > think it might not be really fit for purpose.
>> >
>> > Anyone else had similar issues, or got any feedback to report?
>> >
>> > Cheers,
>> >
>> >
>> >
>> > --
>> > *James Rankin*
>>
>> > Technical Consultant (ACA, CCA, MCTS)
>> > http://appsensebigot.blogspot.co.uk
>> >
>> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> > ~  ~
>> >
>> > ---
>> > To manage subscriptions click here:
>> > http://lyris.sunbelt-software.com/read/my_forums/
>> > or send an email to listmana...@lyris.sunbeltsoftware.com
>> > with the body: unsubscribe ntsysadmin
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~  ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.su

Re: Datadomain / Exagrid - Backup Times over Cat5

[Andrew S. Baker]

If all of your backups are from Box A to Box B, then both will need to be
trunked for there to be any benefits in throughput.

However, if there are multiple concurrent backups at play from multiple
sources, then trunking on the backup device will still provide for more
throughput than a single network connection.

Of course, as Kevin points out, there are several other factors to consider
in a backup scenario.





*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Wed, Apr 10, 2013 at 10:58 AM, Bourque Daniel <
daniel.bour...@loto-quebec.com> wrote:

> **
> Not necessarily, don't mix capacity with speed.  A 2 link Port-Channel is
> still 2 x 1 Gbs link.  If the backup is between only 2 IP (not multiplexing
> backup from multiple sources), the Port-Channel algorithm will still give
> you only 1 Gbs per IP pairs or port pair, etc.  You have to check the
> load-balancing option of the Port-Channel in your system.  There is
> multiple algorithm available to load-balance in the Port-Channel.  You have
> to chose the correct one for your system.
>
>
>
>  --
> *De :* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Envoyé :* 10 avril 2013 10:27
> *À :* NT System Admin Issues
> *Objet :* Re: Datadomain / Exagrid - Backup Times over Cat5
>
>  A two-port trunk will reduce that significantly, of course...
>
>
>
>
>
> *ASB
> **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
> **Providing Virtual CIO Services (IT Operations & Information Security)
> for the SMB market.***
>
>
>
>
>
> On Wed, Apr 10, 2013 at 9:52 AM, Jon D  wrote:
>
>>  True. I'm trying to backup ~4TB in under 12 hours. 8 hours would be
>> nice...
>> I think a single 1Gig Cat5 cable is going to get me around 23 hours at
>> around 850Mbps
>>
>>
>>
>>
>>
>> On Tue, Apr 9, 2013 at 11:47 PM, Ben Scott  wrote:
>>
>>> On Tue, Apr 9, 2013 at 10:55 AM, Jon D  wrote:
>>> > I'm trying to wrap my head around the speed of backup appliances like
>>> Data
>>> > Domain and Exagrid.
>>> > The thing that doesn't make sense to me is the backups are going across
>>> > Cat5.
>>> > It seems like they would be really slow for a full backup.
>>>
>>>   That depends how fast the network you're running is, and how much
>>> data you've got to worry about, and maybe other things.
>>>
>>>   Gigabit Ethernet can stream 125,000,000 8-bit quantities per second.
>>>  Framing and protocol overhead rob significantly from that.  Let's
>>> assume 75% efficiency, just to have a number.  That's 93 megabytes per
>>> second, or 337 gigabytes in one hour.  If you're only backing up a
>>> terabyte, that might be just fine.  If you're backing up a petabyte,
>>> not so much.
>>>
>>> -- Ben
>>>
>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>>>
>>> ---
>>> To manage subscriptions click here:
>>> http://lyris.sunbelt-software.com/read/my_forums/
>>> or send an email to listmana...@lyris.sunbeltsoftware.com
>>> with the body: unsubscribe ntsysadmin
>>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> Mise en garde concernant la confidentialité : Le présent message,
> comprenant tout fichier qui y est joint, est envoyé à l'intention exclusive
> de son destinataire; il est de nature confidentielle et peut constituer une
> information protégée par le secret professionnel. Si vous n'êtes pas le
> destinataire, nous vous avisons que toute impression, copie, distribution
> ou autre utilisation de ce message est strictement interdite. Si vous avez
> reçu ce courr

Re: Google Drive

[Andrew S. Baker]

Especially the mouse-over...  :)





*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Wed, Apr 10, 2013 at 9:35 AM, Richard McClary
wrote:

> Well, today’s XKCD episode is just simply not funny!
>
> ** **
>
> --
>
> richard****
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Wednesday, April 10, 2013 8:02 AM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Google Drive
>
> ** **
>
> LOL
>
>
> 
>
>  
>
>  
>
> *ASB
> **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
> **Providing Virtual CIO Services (IT Operations & Information Security)
> for the SMB market…*
>
>  
>
> ** **
>
> On Wed, Apr 10, 2013 at 7:56 AM, Ben Scott  wrote:**
> **
>
> On Wed, Apr 10, 2013 at 6:37 AM, James Rankin 
> wrote:
> > Anyone else using Google Drive and think it is a bit rubbish in general?
> 
>
>   Wait for the next Service Pack... er, sorry, wrong vendor.
>
>
>   It must still be in "Beta".  Wait another few years.
>
>   ;-)
>
> -- Ben
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
> The information contained in this e-mail, and any attachments hereto, is
> from The American Society for the Prevention of Cruelty to Animals®
> (ASPCA®) and is intended only for use by the addressee(s) named herein and
> may contain legally privileged and/or confidential information. If you are
> not the intended recipient of this e-mail, you are hereby notified that any
> dissemination, distribution, copying or use of the contents of this e-mail,
> and any attachments hereto, is strictly prohibited. If you have received
> this e-mail in error, please immediately notify me by reply email and
> permanently delete the original and any copy of this e-mail and any
> printout thereof.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Google Drive

[Andrew S. Baker]

I haven't even tried it.  Thank you for making me feel even better about my
decision.





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Wed, Apr 10, 2013 at 6:37 AM, James Rankin  wrote:

> Anyone else using Google Drive and think it is a bit rubbish in general? I
> regularly get sync failures, errors in the software, and if I go to the
> online version and try to empty the Trash folder, everything simply
> reappears as soon as I delete it. I've been using it with Portable Apps and
> recently all my Firefox bookmarks just disappeared, so I am beginning to
> think it might not be really fit for purpose.
>
> Anyone else had similar issues, or got any feedback to report?
>
> Cheers,
>
>
>
> --
> *James Rankin*
> Technical Consultant (ACA, CCA, MCTS)
> http://appsensebigot.blogspot.co.uk
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: AD Simple LDAP authentication question

[Andrew S. Baker]

+1





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Tue, Apr 9, 2013 at 10:34 AM, Michael B. Smith wrote:

>  Absolutely nothing, unless you’ve done this:
>
> ** **
>
> http://support.microsoft.com/kb/935834
>
> ** **
>
> But if that third party application is running in your forest already, it
> doesn’t even need that.
>
> ** **
>
> *From:* Christopher Bodnar [mailto:christopher_bod...@glic.com]
> *Sent:* Tuesday, April 9, 2013 10:28 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: AD Simple LDAP authentication question
>
> ** **
>
> I'm looking into this:
>
> http://technet.microsoft.com/en-us/library/cc778124(v=ws.10).aspx
>
> Which I wasn't aware of before. Looks like what I was interested in, but
> then I read this:
>
> *"This setting does not have any impact on ldap_simple_bind or
> ldap_simple_bind_s. No Microsoft LDAP clients that are shipped with Windows
> XP Professional use ldap_simple_bind or ldap_simple_bind_s to talk to a
> domain controller."*
>
> So for example if you use LDP to do a simple bind, it will use
> ldap_simple_bind_s. So what is to stop a 3rd party application from sending
> a request like that?
>
> 
>
> *Christopher Bodnar*
> Enterprise Architect I, Corporate Office of Technology:Enterprise
> Architecture and Engineering Services 
>
> Tel 610-807-6459
> 3900 Burgess Place, Bethlehem, PA 18017
> christopher_bod...@glic.com 
>
>
> *
> The Guardian Life Insurance Company of America*
> *
> *www.guardianlife.com 
>
>
>
>
>
>
> From:"Michael B. Smith" 
> To:"NT System Admin Issues"  >
> Date:04/09/2013 09:58 AM
> Subject:RE: AD Simple LDAP authentication question 
>  --
>
>
>
>
> +1
>
> My question was directed more to the fact that any "Authenticated User"
> has pretty much full read-access to AD anyway.
>
> -Original Message-
> From: Ben Scott [mailto:mailvor...@gmail.com ]
> Sent: Monday, April 8, 2013 7:14 PM
> To: NT System Admin Issues
> Subject: Re: AD Simple LDAP authentication question
>
> On Mon, Apr 8, 2013 at 4:03 PM, Christopher Bodnar <
> christopher_bod...@glic.com> wrote:
> > I know that AD supports both Simple and SASL methods for LDAP binds:
> >
> > http://msdn.microsoft.com/en-us/library/cc223499.aspx
> >
> > What I was surprised is that there doesn't seem to be a way to disable
> > the Simple method. It supports SSL/TLS but does not require it. Is that
> correct?
>
>  I don't really know, but I do know that our Windows 2008 R2 domain
> controllers log the event below once a day.  I know what's causing it and
> haven't cared enough to do something about it.  The link takes you to a KB
> article which tells you how to require *signing*.  It talks a lot about
> simple binds but doesn't explicitly say that requiring signing also causes
> it to reject simple binds, but seems to imply it pretty strongly.
>
> Source: ActiveDirectory_DomainService
> Event ID: 2886
> -
> The security of this directory server can be significantly enhanced by
> configuring the server to reject SASL (Negotiate,  Kerberos, NTLM, or
> Digest) LDAP binds that do not request signing (integrity
> verification) and LDAP simple binds that  are performed on a cleartext
> (non-SSL/TLS-encrypted) connection.  Even if no clients are using such
> binds, configuring the server to reject them will improve the security of
> this server.
>
> Some clients may currently be relying on unsigned SASL binds or LDAP
> simple binds over a non-SSL/TLS connection, and will stop working if this
> configuration change is made.  To assist in identifying these clients, if
> such binds occur this  directory server will log a summary event once every
> 24 hours indicating how many such binds  occurred.
> You are encouraged to configure those clients to not use such binds.
> Once no such events are observed  for an extended period, it is
> recommended that you configure the server to reject such binds.
>
> For more details and information on how to make this configuration change
> to the server, please see http://go.microsoft.com/fwlink/?LinkID=87923.
>
> You can enable additional logging to log an event each time a client makes
> such a bind, including information on which client made the bind.  To do
> so, please raise the setting for the "LDAP Interface Events" event logging
> category to level 2 or higher.
> --
>
>  FWIW, YMMV, HTH, HAND, AT&T.
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with th

Re: POSH PtH - this is...

[Andrew S. Baker]

Check out PhoneFactor...





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Tue, Apr 9, 2013 at 12:20 AM, Kurt Buff  wrote:

> If I had one, I would.
>
> We're a small org, and a smartcard setup isn't gonna fly.
>
> Kurt
>
> On Mon, Apr 8, 2013 at 8:34 PM, Ken Schaefer  wrote:
> > Why don't you use smart card login instead?
> >
> > Security is about managing risk, and not about avoiding every possible
> risk. Work in a big enough org, and the risks are so numerous there's
> simply no way to avoid them all - some of them just have to be accepted as
> is.
> >
> > Cheers
> > Ken
> >
> > -Original Message-
> > From: Kurt Buff [mailto:kurt.b...@gmail.com]
> > Sent: Tuesday, 9 April 2013 1:29 PM
> > To: NT System Admin Issues
> > Subject: Re: POSH PtH - this is...
> >
> > On Mon, Apr 8, 2013 at 8:04 PM, Ben Scott  wrote:
> >> On Mon, Apr 8, 2013 at 8:01 PM, Kurt Buff  wrote:
> >>> Agree with MBS that other tools could stand in for PowerShell, but
> >>> WCE was actually new to me.
> >>
> >>   Well, then, you didn't say that, you seemed focused on PoSh.
> >>
> >>   WCE in particular is new to me, too, but I've certainly read of
> >> attacks on the running system to recover credentials before.  That's
> >> why trusting the computer you're logging into is really important.  :)
> >>
> >>   It's good to know there's an easy-to-use tool available, though.  :)
> >
> > Didn't make it clear, true - wrong subject line, I suppose.
> >
> > Trusting computers is not something that comes easily to me, any more,
> unless I'm the only one who has touched it. Too many folks don't understand
> the implications of their actions.
> >
> > Kurt
> >
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~   ~
> >
> > ---
> > To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> > or send an email to listmana...@lyris.sunbeltsoftware.com
> > with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: RESOLVED: Excel 2010 problem - can't quite figure it out

[Andrew S. Baker]

Social/Professional networking is key to mobility (upward or even
sideways)... Start using it judiciously. :)





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Mon, Apr 8, 2013 at 11:04 PM, Kurt Buff  wrote:

> It would not surprise me if it were true.
>
> I'm studying for the CISSP exam.
>
> I figure that will give me a better chance of finding a job  - one
> that pays well, anyway.
>
> Kurt
>
> On Mon, Apr 8, 2013 at 7:40 PM, Jon Harris  wrote:
> > It was on LinkedIn Today not something that Andrew post.
> >
> > Jon
> > 
> > From: jk.har...@live.com
> > To: ntsysadmin@lyris.sunbelt-software.com
> > Subject: RE: RESOLVED: Excel 2010 problem - can't quite figure it out
> > Date: Mon, 8 Apr 2013 22:38:56 -0400
> >
> >
> > Your manager maybe aware of your intention thus restricting your input
> into
> > hiring or he/she may just have an ego that is too large to fit in a
> > multistory warehouse.  Either way good luck getting out.  A recent
> article I
> > saw (I think it was Andrew that posted it) on LinkedIn seems to indicate
> the
> > job market may not be expanding much and may be getting tighter again
> > despite what the numbers the government is spouting.
> >
> > Jon
> >
> >> Date: Mon, 8 Apr 2013 19:30:54 -0700
> >> Subject: Re: RESOLVED: Excel 2010 problem - can't quite figure it out
> >> From: kurt.b...@gmail.com
> >> To: ntsysadmin@lyris.sunbelt-software.com
> >>
> >> I was told to interview him only for cultural/team fit, in a separate
> >> and shorter interview, and I had to push to get that.
> >>
> >> Manager wanted to be the one who interviewed for technical ability - all
> >> alone.
> >>
> >> New guy interviewed very well, and I liked him a lot.
> >>
> >> Just one more reason why I'm not happy with my manager, and will be
> >> leaving as soon as I find the right job...
> >>
> >> Kurt
> >>
> >> On Mon, Apr 8, 2013 at 7:17 PM, Jon Harris  wrote:
> >> > If you had anything to do with the hiring of the young pup then take
> >> > partial
> >> > credit for being smart enough to know talent when you see it. If not
> >> > then
> >> > watch your back he may be really good.
> >> >
> >> > Jon
> >> >> Date: Mon, 8 Apr 2013 18:57:39 -0700
> >> >> Subject: Re: RESOLVED: Excel 2010 problem - can't quite figure it out
> >> >> From: kurt.b...@gmail.com
> >> >> To: ntsysadmin@lyris.sunbelt-software.com
> >> >
> >> >>
> >> >> Absolutely - but I had to very unseriously threaten to kick his butt
> >> >> for showing me up in front of customers. :-o
> >> >>
> >> >> Kurt
> >> >>
> >> >> On Mon, Apr 8, 2013 at 6:32 PM, Robert Cato 
> >> >> wrote:
> >> >> >
> >> >> > That was a good hire and a big win for him on the first day.
> >> >> >
> >> >> >
> >> >> > On Mon, Apr 8, 2013 at 8:06 PM, Kurt Buff 
> >> >> > wrote:
> >> >> >>
> >> >> >> The young pup whose first day was today opened it in compatibility
> >> >> >> mode, did a Save As and it worked, then closed Excel and tried it
> in
> >> >> >> native mode, and it worked again.
> >> >> >>
> >> >> >> Gotta love having a new set of eyes on a problem.
> >> >> >>
> >> >> >> Don't know what root cause was, but it's a win, and I'll take it.
> >> >> >>
> >> >> >> Kurt
> >> >> >>
> >> >> >> On Mon, Apr 8, 2013 at 6:14 AM, Miller Bonnie L.
> >> >> >>  wrote:
> >> >> >> > Have you tried starting Excel with no add-ins as well
> (safemode)?
> >> >> >> > Should be a /s on the command line.
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> http://office.microsoft.com/en-us/excel-help/command-line-switches-for-excel-HA010158030.aspx
> >> >> >> >
> >> >> >> > -Original Message-
> >> >> >> > From: Kurt Buff [mailto:kurt.b...@gmail.com]
> >> >> >> > Sent: Saturday, April 06, 2013 4:28 PM
> >> >> >> > To: NT System Admin Issues
> >> >> >> > Subject: Re: Excel 2010 problem - can't quite figure it out
> >> >> >> >
> >> >> >> > I will try that, and let you know on Monday.
> >> >> >> >
> >> >> >> > Kurt
> >> >> >> >
> >> >> >> > On Sat, Apr 6, 2013 at 1:56 PM, Orland, Kathleen
> >> >> >> > 
> >> >> >> > wrote:
> >> >> >> >> Book.xltx is the name of the template. The location should be
> in
> >> >> >> >> the
> >> >> >> >> XLSTART folder in Office. If not, then try this in VBE
> >> >> >> >> :
> >> >> >> >>
> >> >> >> >> Press [Alt]+[F11] to launch the VBE.
> >> >> >> >> If the Immediate window isn’t visible, press [Ctrl]+g.
> >> >> >> >> In the Immediate window, type ? application.StartupPath and
> press
> >> >> >> >> Enter. VBA will display the path to XLStart.
> >> >> >> >>
> >> >> >> >> -Original Message-
> >> >> >> >> From: Terry Dickson [mailto:te...@treasurer.state.ks.us]
> >> >> >> >> Sent: Saturday, April 06, 2013 2:07 PM
> >> >> >> >> To: NT System Admin Issues
> >> >> >> >> Subject: Re: Excel 2010 problem - can't quite figure it out
> >> >> >> >>
> >> >> >> >> I forget what it is called in 20

Re: OT: Just A Bunch of Noise, or The Beginning of The End?

[Andrew S. Baker]

Let's face it: People are generally more interested in sensationalism than
in real news or real analysis.

So, the people pushing the info give them what they want and get money for
it.   Now, (almost) everyone is happy...





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Fri, Apr 5, 2013 at 2:31 PM, Tim Evans  wrote:

> Woody Leonhard was just commenting on the same thing:
> http://www.infoworld.com/t/microsoft-windows/gartner-and-idc-predictions-oops-forget-what-we-said-last-time-215830
>
> ...Tim
>
>
> -Original Message-
> From: Bill Humphries [mailto:nt...@hedgedigger.com]
> Sent: Friday, April 05, 2013 9:05 AM
> To: NT System Admin Issues
> Subject: Re: OT: Just A Bunch of Noise, or The Beginning of The End?
>
> I just wish the media would just ignore everything Gartner says.  I
> don't know why anyone takes their opinions seriously.  They also said
> that Apple should get out of the hardware business and partner with Dell
> at some point.  They predicted years ago that HP would be out of the PC
> business.
>
> Bill
>
> Roger Wright wrote:
> >
> http://usmarketbuzz.com/msft-microsoft-corporation-nasdaqmsft-will-grow-obsolete-by-2017-gartner-3206#
> >
> >
> > Roger Wright
> > ___
> >
> > "You can't believe most of the quotes you read on the internet." -
> > Abraham Lincoln
> >
> >
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~   ~
> >
> > ---
> > To manage subscriptions click here:
> > http://lyris.sunbelt-software.com/read/my_forums/
> > or send an email to listmana...@lyris.sunbeltsoftware.com
> > 
> > with the body: unsubscribe ntsysadmin
> >
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: OT: Just A Bunch of Noise, or The Beginning of The End?

[Andrew S. Baker]

If anyone has ever seen how they get the data for the analysis, they'd be
even more afraid of them than they are today.

Or, they *might* become afraid.   (The people who are willing to use them
don't show the same type of prudence that tends towards risk aversion)





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Fri, Apr 5, 2013 at 2:01 PM, David  wrote:

> I'll bet my Magic 8-Ball is at least as good.
> On Apr 5, 2013 10:18 AM, "David Lum"  wrote:
>
>> We have folks here that use Gartner magic quadrant info for decisions.
>>
>> -Original Message-
>> From: Bill Humphries [mailto:nt...@hedgedigger.com]
>> Sent: Friday, April 05, 2013 9:05 AM
>> To: NT System Admin Issues
>> Subject: Re: OT: Just A Bunch of Noise, or The Beginning of The End?
>>
>> I just wish the media would just ignore everything Gartner says.  I don't
>> know why anyone takes their opinions seriously.  They also said that Apple
>> should get out of the hardware business and partner with Dell at some
>> point.  They predicted years ago that HP would be out of the PC business.
>>
>> Bill
>>
>> Roger Wright wrote:
>> > http://usmarketbuzz.com/msft-microsoft-corporation-nasdaqmsft-will-gro
>> > w-obsolete-by-2017-gartner-3206#
>> >
>> >
>> > Roger Wright
>> > ___
>> >
>> > "You can't believe most of the quotes you read on the internet." -
>> > Abraham Lincoln
>> >
>> >
>> >
>> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>> >   ~
>> >
>> > ---
>> > To manage subscriptions click here:
>> > http://lyris.sunbelt-software.com/read/my_forums/
>> > or send an email to listmana...@lyris.sunbeltsoftware.com
>> > 
>> > with the body: unsubscribe ntsysadmin
>> >
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>>  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Just A Bunch of Noise, or The Beginning of The End?

[Andrew S. Baker]

Every year I get more and more tempted to build an app/service that tracks
Gartner's prognostications against what has really happened over time.

3 years is not a lot of time in one context, but it's an eternity in other
contexts.  So much can change with an acquisition, release of a new
product, change in the economy, change in management, death of a
competitor, global warming, all of the above...





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Fri, Apr 5, 2013 at 11:51 AM, Rod Trent  wrote:

> +1000
>
> ** **
>
> ** **
>
> *Rod Trent *
>
> [image: myITSMButton] [image: 
> TwitterButton][image:
> Facebookbutton] [image: 
> LinkedInButton]
> 
>
> ** **
>
> *From:* Webster [mailto:webs...@carlwebster.com]
> *Sent:* Friday, April 05, 2013 11:27 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Just A Bunch of Noise, or The Beginning of The End?
>
> ** **
>
> I remember people saying the same thing about IBM “back in the day”.  IBM
> reinvented itself and is, IMO, stronger (at least net income wise) than
> before.  Net Income trumps any stupid journalist or pundit.
>
> ** **
>
> Thanks
>
> ** **
>
> ** **
>
> Webster
>
> ** **
>
> *From:* Roger Wright [mailto:rhw...@gmail.com ]
> *Sent:* Friday, April 05, 2013 10:19 AM
> *To:* NT System Admin Issues
> *Subject:* OT: Just A Bunch of Noise, or The Beginning of The End?
>
> ** **
>
>
> http://usmarketbuzz.com/msft-microsoft-corporation-nasdaqmsft-will-grow-obsolete-by-2017-gartner-3206#
> 
>
>
>
> Roger Wright
> ___
>
> "You can't believe most of the quotes you read on the internet." - Abraham
> Lincoln
>
> ** **
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<><><><>

Re: Semi OT: Cisco versus Checkpoint & Juniper

[Andrew S. Baker]

Always welcome.





*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Wed, Mar 27, 2013 at 8:00 AM, Richard McClary
wrote:

> Thank you!
>
> ** **
>
> --
>
> richard****
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Tuesday, March 26, 2013 5:46 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Semi OT: Cisco versus Checkpoint & Juniper
>
> ** **
>
> The SRX line is Juniper's enterprise line.  The SSG is based on their
> Netscreen acquisition many moons ago.
>
> ** **
>
> The cost difference between those two platforms is not insignificant.   My
> personal experience is with the SSG family, and it will be the one that I
> would expect to be more applicable to the original post.
>
> ** **
>
> For the money of the SRX platform, I would go with one of the other
> vendors...
>
> ** **
>
> Compare the Fortigate 60C, for example, with the Juniper SRX210
>
> ** **
>
> http://www.fortinet.com/products/fortigate/60C.html (look at the specs
> tab)
>
>
> http://www.juniper.net/as/en/products-services/security/srx-series/srx210/#specs
> 
>
> ** **
>
> Similar pricing for the base models, but the Fortigate has a bit more
> functionality at that price point, IMO.
>
> ** **
>
> Regards,
>
> ** **
>
> ** **
>
>
> 
>
>  
>
>  
>
> *ASB
> **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
> **Providing Virtual CIO Services (IT Operations & Information Security)
> for the SMB market…*
>
>  
>
> ** **
>
> On Tue, Mar 26, 2013 at 12:18 PM, Richard McClary <
> richard.mccl...@aspca.org> wrote:
>
> Interesting, thanks!
>
>  ****
>
> As for Juniper, might you have any opinions on the Juniper SRX line (uses
> JunOS) vs the SSG line (uses ScreenOS)?  I know the SRX has about 4 times
> the throughput of the SSG line.
>
>  
>
> Thanks again…
>
> --
>
> richard
>
>  
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Tuesday, March 26, 2013 8:22 AM
> *To:* NT System Admin Issues
> *Subject:* Re: Semi OT: Cisco versus Checkpoint & Juniper
> 
>
>  
>
> At the low to mid-range, Juniper (with their SSG line) is more than
> price/feature competitive with CheckPoint, et al.  Things get dicier when
> you get up into the multi Gbit range, but for the scope of what was
> requested, they are a good fit.
>
>  
>
> Juniper messed up Netscreen from an organizational standpoint.  That's why
> some of them left (at the time of the acquisition) and formed Fortinet.***
> *
>
>  
>
> PA is more feature rich than the others, but the pricing is not for the
> faint of heart, especially at the lower-end of the scale.
>
>  
>
> Fortinet has a really good mix of feature and pricing, but I'm not happy
> with what they did at the low end with their last OS release -- allegedly
> in the name of performance/stability.  (Mind you, the features they took
> out of v5 all work with version 4 of their OS)
>
>  
>
> Sophos has done really well with their acquisition of Astaro, and their
> looking to take on the mid-market with their pricing and feature bundles.*
> ***
>
>  
>
> Cisco strength, IMO, remains in core switch networking.  If they had to
> sell the ASAs without the benefit of the Catalyst family as a tie-in,
> they'd have given up that business long ago.  Same for their load-balancing
> prowess.   Neither their pricing nor their feature set are appealing in
> areas outside of their core.
>
>  
>
> CheckPoint licensing has still not been simplified to the degree that I
> would like, and their strengths are more suited to large enterprises than
> SMB or the mid-market space.   Not a bad product by any stretch of the
> imagination, but you can get more for your money elsewhere.
>
>  
>
> That's just my view of the landscape...
>
>
> 
>
>  
>
>  
>
> *ASB
> *
> *http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
> **Providing Virtual CIO Services (IT Operations & Information Security)
> for the SMB market…*
>
>  
>
>  
>
> On Mon, Mar 25, 2013 at 10:47 PM, Patrick Salmon 
> wrote:
>
> Yes. YMMV but the last client I worked with who looked hard at the very
> compelling PA story changed their mind after the st

Re: Semi OT: Cisco versus Checkpoint & Juniper

[Andrew S. Baker]

The SRX line is Juniper's enterprise line.  The SSG is based on their
Netscreen acquisition many moons ago.

The cost difference between those two platforms is not insignificant.   My
personal experience is with the SSG family, and it will be the one that I
would expect to be more applicable to the original post.

For the money of the SRX platform, I would go with one of the other
vendors...

Compare the Fortigate 60C, for example, with the Juniper SRX210

http://www.fortinet.com/products/fortigate/60C.html (look at the specs tab)
http://www.juniper.net/as/en/products-services/security/srx-series/srx210/#specs

Similar pricing for the base models, but the Fortigate has a bit more
functionality at that price point, IMO.

Regards,







*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Tue, Mar 26, 2013 at 12:18 PM, Richard McClary  wrote:

> Interesting, thanks!
>
> ** **
>
> As for Juniper, might you have any opinions on the Juniper SRX line (uses
> JunOS) vs the SSG line (uses ScreenOS)?  I know the SRX has about 4 times
> the throughput of the SSG line.
>
> ** **
>
> Thanks again…
>
> --
>
> richard
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Tuesday, March 26, 2013 8:22 AM
> *To:* NT System Admin Issues
> *Subject:* Re: Semi OT: Cisco versus Checkpoint & Juniper
>
> ** **
>
> At the low to mid-range, Juniper (with their SSG line) is more than
> price/feature competitive with CheckPoint, et al.  Things get dicier when
> you get up into the multi Gbit range, but for the scope of what was
> requested, they are a good fit.
>
> ** **
>
> Juniper messed up Netscreen from an organizational standpoint.  That's why
> some of them left (at the time of the acquisition) and formed Fortinet.***
> *
>
> ** **
>
> PA is more feature rich than the others, but the pricing is not for the
> faint of heart, especially at the lower-end of the scale.
>
> ** **
>
> Fortinet has a really good mix of feature and pricing, but I'm not happy
> with what they did at the low end with their last OS release -- allegedly
> in the name of performance/stability.  (Mind you, the features they took
> out of v5 all work with version 4 of their OS)
>
> ** **
>
> Sophos has done really well with their acquisition of Astaro, and their
> looking to take on the mid-market with their pricing and feature bundles.*
> ***
>
> ** **
>
> Cisco strength, IMO, remains in core switch networking.  If they had to
> sell the ASAs without the benefit of the Catalyst family as a tie-in,
> they'd have given up that business long ago.  Same for their load-balancing
> prowess.   Neither their pricing nor their feature set are appealing in
> areas outside of their core.
>
> ** **
>
> CheckPoint licensing has still not been simplified to the degree that I
> would like, and their strengths are more suited to large enterprises than
> SMB or the mid-market space.   Not a bad product by any stretch of the
> imagination, but you can get more for your money elsewhere.
>
> ** **
>
> That's just my view of the landscape...
>
>
> 
>
>  
>
>  
>
> *ASB
> **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
> **Providing Virtual CIO Services (IT Operations & Information Security)
> for the SMB market…*
>
>  
>
> ** **
>
> On Mon, Mar 25, 2013 at 10:47 PM, Patrick Salmon 
> wrote:
>
> Yes. YMMV but the last client I worked with who looked hard at the very
> compelling PA story changed their mind after the sticker shock hit.
>
> ** **
>
> Oh and ASB, you quite sure about that? This came out last month at the MWC
> in Barcelona.
> http://www.reuters.com/article/2013/02/26/us-juniper-review-idUSBRE91P0S220130226?feedType=RSS&feedName=technologyNews&utm_source=dlvr.it&utm_medium=twitter&dlvrit=56505
> 
>
> ** **
>
> ** **
>
> On Mon, Mar 25, 2013 at 10:29 PM, Kurt Buff  wrote:**
> **
>
> I haven't priced the PA stuff, but I had somehow picked up the idea that
> they were less expensive than Cisco.
>
> Am I wrong about that?
>
> I hope not, because everything I've heard about their products is
> tantalizing...
>
> Kurt
>
> ** **
>
> On Mon, Mar 25, 2013 at 7:03 PM, Andrew S. Baker 
> wrote:
>
> I would have mentioned the PA devices, but Pierre did indicate some price
> sensitivity... :)
>
>
> 
>
>  
>
>  ****
>
> *ASB
> **http://Xe

Re: OT: Career and Social Media

[Andrew S. Baker]

Same here...





*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Fri, Mar 22, 2013 at 12:26 PM, Michael B. Smith wrote:

>  Most of my engagements today come because of social media. J
>
> ** **
>
> And then repeat business, of course.
>
> ** **
>
> *From:* Rod Trent [mailto:rodtr...@myitforum.com]
> *Sent:* Friday, March 22, 2013 11:39 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: OT: Career and Social Media
>
>  ** **
>
> My last two jobs have come about because of social media.
>
> ** **
>
> ** **
>
> *From:* Sam Cayze [mailto:sca...@gmail.com ]
> *Sent:* Friday, March 22, 2013 11:12 AM
> *To:* NT System Admin Issues
> *Subject:* RE: OT: Career and Social Media
>
> ** **
>
> “With social media you might not have to look for a new job, it might find
> you”
>
> ** **
>
> Spot on.  Lately I’m always having recruiters and companies reach out to
> me for hire.  I always ask how they find me, and they always say social
> media or internet presence.  I haven’t published my resume anywhere (Heck,
> hardly even active on LinkedIn and it’s not that up to date.  My Facebook
> is strictly personal – but I do keep a ‘clean’ presence on it).
>
> ** **
>
> Several great offers have come my way.
>
> ** **
>
> I take it as a sign the IT hiring is really picking up too.
>
> ** **
>
> Sam
>
> ** **
>
> ** **
>
> ** **
>
> *From:* David Lum [mailto:david@nwea.org ]
> *Sent:* Friday, March 22, 2013 8:43 AM
> *To:* NT System Admin Issues
> *Subject:* RE: OT: Career and Social Media
>
> ** **
>
> In case you haven’t noticed, privacy is becoming history. The current
> young generation by and large expects to be able to find out where there
> friends and family are, where they eat and shop, and where they work, and
> they also have no problems sharing their own information with people. As
> these people become older and enter the corporate world, they will expect
> to know quite a bit about you whether or not your resume is any good, and
> they will likely influence company rules…
>
> ** **
>
> The added twist is just by having family on social media, your information
> becomes public “I went to my dad’s 40th birthday party yesterday, not too
> far from the house he was born in”. Presto, your age, date and place of
> birth given up in one sentence by someone else.
>
> ** **
>
> In many ways I see keeping privacy in the same vein as not having a car or
> a phone. You can do it, but it takes a concerted effort and a specific
> lifestyle to pull it off. (Oddly, I didn’t have this view until I went to a
> lunch/seminar that was all about security yesterday!).
>
> ** **
>
> I’m sure when those first came out there were people who said “who needs
> such a thing!”. I went without a smartphone longer than many folks, but to
> be relevant/competitive in my field it became necessary to get one
> (although I still turn off location services except for the specific times
> I need them) and I am better off for it as it saves me a lot of time vs. if
> I were to be without it. 
>
> ** **
>
> Heck cellphones are now being used to inform different service providers
> traffic densities, average speeds, etc. so their mapping software can tell
> you how to avoid traffic. Big brother is here, the difference is it’s not
> like The Truman Show because the participants are also getting the benefits
> of said information.
>
> ** **
>
> With social media you might not have to look for a new job, it might find
> you. I can see in a few years the conversation being “Remember when we had
> so send resume’s out? How lame!”.
>
> ** **
>
> That Dilbert is spot-on whether we like it or not.
>
> ** **
>
> *From:* Kurt Buff [mailto:kurt.b...@gmail.com ]
> *Sent:* Thursday, March 21, 2013 7:51 PM
> *To:* NT System Admin Issues
> *Subject:* Re: OT: Career and Social Media
>
> ** **
>
> +1000
>
> I do not have a facebook account, nor any other social media account other
> than LinkedIn.
>
> Work and personal life are as separate as I can make them.
>
> Social media is a time stealer and a privacy invader.
>
> Kurt
>
> On Thu, Mar 21, 2013 at 5:47 PM, Jon Harris  wrote:***
> *
>
> I am glad I am getting close to the end of my career.  I really dislike
> using things like Facebook for anything more than keeping in touch with
> family/friends.  LinkedIN is about the only "social media" I use for
> business.  I lik

Re: Since we are on the subject of malware and hacking

[Andrew S. Baker]

Congrats, Z







*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Thu, Mar 21, 2013 at 5:22 PM, Ziots, Edward  wrote:

>  I just did a security presentation for NAISG Security Group last night
> which was well received and informative, it discusses incident response,
> malware analysis and traffic analysis of current malware trends so if you
> would like to have a copy of my presentation email me directly, and I will
> send you a copy. 
>
> ** **
>
> Sincerely,
>
> EZ
>
> ** **
>
> Edward E. Ziots, CISSP, CISA, Security +, Network +
>
> Security Engineer
>
> Lifespan Organization
>
> ezi...@lifespan.org
>
> Work:401-444-9081
>
> ** **
>
> ** **
>
> This electronic message and any attachments may be privileged and
> confidential and protected from disclosure. If you are reading this
> message, but are not the intended recipient, nor an employee or agent
> responsible for delivering this message to the intended recipient, you are
> hereby notified that you are strictly prohibited from copying, printing,
> forwarding or otherwise disseminating this communication. If you have
> received this communication in error, please immediately notify the sender
> by replying to the message. Then, delete the message from your computer.
> Thank you.
>
> *[image: Description: Description: Lifespan]*
>
> ** **
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: OT: Career and Social Media

[Andrew S. Baker]

Well said, Ken.

As much of a meritocracy as IT is believed to be, people generally get
jobs/work/contracts/opportunities because they know someone or because
someone knows about them.

These tools make the work of networking that much easier.

How you use the tools will dictate how much time they steal or what benefit
they facilitate.  (Any theft of time by social media requires you to be a
willing accomplice)

Privacy is certainly a concern, but that's pretty much an endemic problem
today across all facets of technology.  It's not getting better, that's for
sure -- at least not in the short term -- so everyone has to manage that
the best way they can without losing all the benefits of the tools
available.

Either way, people need to see where the trends are going so that they
aren't surprised when things shift on them.   I notice that many ignore all
of these avenues until after some employment unpleasantness takes place,
then they're hurrying to catch up.

No reason not to control your own destiny up front...





*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Thu, Mar 21, 2013 at 11:58 PM, Ken Schaefer  wrote:

>  Networking has always been important to finding work. You used to do it
> at work, user groups etc. Now you can also do it via LinkedIn or a blog etc.
> 
>
> ** **
>
> I think you’re confusing Facebook (a specific social media implementation)
> with digital networking/reputation (as a general concept)
>
> ** **
>
> Cheers
> Ken
>
> ** **
>
> *From:* Kurt Buff [mailto:kurt.b...@gmail.com]
> *Sent:* Friday, 22 March 2013 1:51 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: OT: Career and Social Media
>
> ** **
>
> +1000
>
> I do not have a facebook account, nor any other social media account other
> than LinkedIn.
>
> Work and personal life are as separate as I can make them.
>
> Social media is a time stealer and a privacy invader.
>
> Kurt
>
> On Thu, Mar 21, 2013 at 5:47 PM, Jon Harris  wrote:***
> *
>
>  I am glad I am getting close to the end of my career.  I really dislike
> using things like Facebook for anything more than keeping in touch with
> family/friends.  LinkedIN is about the only "social media" I use for
> business.  I like to keep the two very separate from each other.
>
> Jon
>  
>  --
>
> From: rodtr...@myitforum.com
> To: ntsysadmin@lyris.sunbelt-software.com
> Subject: RE: OT: Career and Social Media
> Date: Thu, 21 Mar 2013 22:49:52 +
>
> ** **
>
> I can attest to that.  My last two jobs have come because social media.***
> *
>
>  
>
> Sent from Microsoft Surface Pro
>
>  
>
> *From:* Andrew S. Baker
> *Sent:* March 21, 2013 6:38 PM
> *To:* NT System Admin Issues
> *Subject:* OT: Career and Social Media
>
>  
>
>  
>
> http://www.dilbert.com/fast/2013-03-21/
>
> ** **
>
> ** **
>
>  
>
> 
>
> ** **
>
> This is the new reality, folks.  You don't have to *embrace* it, but to
> fight it is
>
> going to be
>
> career limiting
>
>  
>
> .  
>
> Within 5 years, it will be a major factor in employment...
>
> ** **
>
> Who knows about you is becoming as important as what you know.
>
> ** **
>
>  ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: RT devices?

[Andrew S. Baker]

RT devices aren't intended to be business devices, so there's no focus on
business support options.

Not that they can't be used for business, if one is so inclined, but that's
not the intended market.





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Thu, Mar 21, 2013 at 9:42 PM, Ryan Finnesey  wrote:

>  The issue I have with managing RT devices is that they have changed the
> licensing- only offering per user licensing and that there is no system
> center on premise solution you have to go with a cloud solution.  I thought
> Microsoft’s strategy was to offer both an on premise and cloud offering and
> give the costumer the option 
>
> ** **
>
> *From:* Tobie Fysh [mailto:tobie.f...@freebridge.org.uk]
> *Sent:* Wednesday, March 20, 2013 12:47 PM
>
> *To:* NT System Admin Issues
> *Subject:* RE: RT devices?
>
>  ** **
>
> They are able to be managed via System Centre/Intune as far as I’m aware.*
> ***
>
> ** **
>
> Tobie
>
> ** **
>
> *From:* Michael B. Smith [mailto:mich...@smithcons.com]
>
> *Sent:* 20 March 2013 15:57
> *To:* NT System Admin Issues
> *Subject:* RE: RT devices?
>
>  ** **
>
> I’m very fond of GPOs and full application support.
>
> ** **
>
> *From:* Rod Trent [mailto:rodtr...@myitforum.com ]
>
> *Sent:* Wednesday, March 20, 2013 11:28 AM
> *To:* NT System Admin Issues
> *Subject:* RE: RT devices?
>
> ** **
>
> Why is the RT not appropriate for business? 
>
> ** **
>
> ** **
>
> *From:* Michael B. Smith [mailto:mich...@smithcons.com]
>
> *Sent:* Wednesday, March 20, 2013 11:01 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: RT devices?
>
>  ** **
>
> The Pro is very slick and I’ve got a hospital client that is testing them.
> So far, they are very happy with them.
>
> ** **
>
> I don’t think the RT is appropriate in a business environment. Just IMHO.*
> ***
>
> ** **
>
> *From:* Webster [mailto:webs...@carlwebster.com ]
>
> *Sent:* Wednesday, March 20, 2013 8:32 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: RT devices?
>
>  ** **
>
> Not RT but the project I am on, the IT virtual desktop team is testing the
> Pro device and they love them.  They prefer them to the iPads.  I can’t
> provide any specifics as that is not the part of the project I am working
> on.
>
> ** **
>
> ** **
>
> Carl Webster
>
> Consultant and Citrix Technology Professional
>
> http://www.CarlWebster.com 
>
> ** **
>
> ** **
>
> *From:* Ryan Finnesey [mailto:r...@finnesey.com ]
> *Sent:* Tuesday, March 19, 2013 11:42 PM
> *To:* NT System Admin Issues
> *Subject:* RT devices?
>
>  ** **
>
> I am curious to know if anyone is thinking or has deployed RT devices to
> their end users.  
>
> ** **
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ** **
>  --
>
> This message has been scanned by MimeCast on behalf of Freebridge
> Community Housing and found to be free of viruses and not SPAM. If you have
> any concerns about the message contents please contact the ICT ServiceDesk.
> 
>  --
>
> [image: Freebridge Community Housing Logo] *
> ***
>
> [image: twitter.com/Freebridge] 
>
> [image: Freebridge on 
> Facebook]
> 
>
>
> This e-mail (including any attachments), is confidential and intended only
> for the use of the addressee(s). It may contain information cover

Re: Advice on setting up a Win2012 RDS environment - Progress!

[Andrew S. Baker]

It is possible to overdo HA to the point of introducing fragility to a
system.

Too many moving pieces for not enough benefit.





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Thu, Mar 21, 2013 at 4:42 PM, Ken Cornetet wrote:

> With VMWare HA, your web server and broker will only be down for a minute
> or two - even if one physical host crashes.
>
> -Original Message-
> From: Michael Leone [mailto:oozerd...@gmail.com]
> Sent: Thursday, March 21, 2013 4:18 PM
> To: NT System Admin Issues
> Subject: Re: Advice on setting up a Win2012 RDS environment - Progress!
>
> On Thu, Mar 21, 2013 at 3:59 PM, Ken Cornetet 
> wrote:
> > The web server and broker are out of the picture after the RDP client
> session is established with the session host.
> >
> > If something goes wrong with a session host, the users have lost their
> sessions anyway - no way to prevent that.
>
> Right. Another reason why we will have 3-4 session hosts (also the vendor
> recommends approx 35 sessions per host, of their published app, and I will
> have somewhere around 100 users total possible users, altho probably not
> that many concurrently).
>
> But if the session hosts stay up and available, without the connection
> broker and web server, no one who doesn't already have an active connected
> session can connect. That would be the reason for multiple brokers/web
> servers.
> (because even if we push an RDP to the client desktops, it points to a
> connection broker, right, which then re-directs to a session host, as you
> pointed out? So even clicking on the RDP link would fail, if the connect
> broker wasn't there)
>
> >
> > -Original Message-
> > From: Michael Leone [mailto:oozerd...@gmail.com]
> > Sent: Thursday, March 21, 2013 3:19 PM
> > To: NT System Admin Issues
> > Subject: Re: Advice on setting up a Win2012 RDS environment - Progress!
> >
> > On Thu, Mar 21, 2013 at 2:26 PM, Ken Cornetet 
> wrote:
> >> I don't think you can have two connection brokers without complicating
> things (clustering and SQL server involved).
> >>
> >> If you have ESX clustering, you have your redundancy covered. No need
> for two web servers (or two brokers). ESX does HA with fewer headaches than
> any other way - use it.
> >
> > Yes, ESXi provides for HA, but with only 1 web server (or connection
> broker), what happens if something goes wrong with that machine? If I have
> to restart it for whatever reason (say it locks up, errors out, whatever),
> all users get kicked off the published app, don't they?.
> > That's what I am trying to avoid. Would that not be best practice?
> > Avoid a single point of failure at the various points - broker, web
> server, session host?
> >
> >> Here's the general traffic flow (I think...):
> >>
> >> 1. Client hits web server.
> >> 2. Web server shows available apps
> >> 3. User clicks on app
> >> 4. Web server downloads .RDP file for app. The .RDP file points to the
> broker as the server address.
> >> 5. User's RDP app attempts to launch app from broker.
> >> 6. The broker sends the client a RDP "redirect" to the appropriate
> session host.
> >> 7. The user's RDP then opens a connection to the session host and
> launches the app.
> >>
> >> It has been a while, but I think this is how it worked in 2008 R2 and
> RDP versions up through 7. I've just started looking at 2012. I think RDP
> version 8 changes this up a bit.
> >
> > Thanks
> >
> > So the web server only really is a hand off to connection broker. Once
> the client gets and opens the RDP file, the web server becomes unimportant
> to the situation. So I guess having multiple web servers would be just for
> redundancy - if the web server goes down, currently connected users
> shouldn't even notice anything. But it means new users wouldn't be able to
> connect, until the web server becomes available again.
> >
> > Similarly for connection brokers, if I understand correctly. I'm not
> sure how multiple connection brokers would coordinate between themselves,
> or load balance.
> >
> >
> >>
> >> -Original Message-
> >> From: Michael Leone [mailto:oozerd...@gmail.com]
> >> Sent: Thursday, March 21, 2013 2:04 PM
> >> To: NT System Admin Issues
> >> Subject: Re: Advice on setting up a Win2012 RDS environment - Progress!
> >>
> >> On Thu, Mar 21, 2013 at 1:24 PM, Ken Cornetet 
> wrote:
> >>> For traffic handling, you don't need two web servers for 4 session
> hosts. You don't need 2 web servers for 40 session hosts.
> >>
> >> Well, it's more for redundancy, than actual traffic balancing.
> >> Speaking of which ... does that mean for my situation I would want 2
> connection brokers, rather than 2 web servers?
> >>
> >> Am I correct in assuming that the user actually hits the connection
> broker, which then passes to the web server (since we would want our users
> to be able to access via web browser), which then communica

Re: Meraki

[Andrew S. Baker]

Yep, the free one.

The MR12





*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Thu, Mar 21, 2013 at 1:54 PM, Matthew W. Ross
wrote:

> Which model did you get? Was this the "free" one they offer?
>
>
> --Matt Ross
> Ephrata School District
>
>
> ----- Original Message -
> From: Andrew S. Baker
> [mailto:asbz...@gmail.com]
> To: NT System Admin Issues
> [mailto:ntsysadmin@lyris.sunbelt-software.com]
> Sent: Thu, 21 Mar 2013
> 10:45:55 -0800
> Subject: Re: Meraki
>
>
> > So, my device arrived today -- solid piece of hardware, so no complaints.
> >
> > As I review the setup instructions, I see a different concern than the
> ones
> > that have been voiced thus far.
> >
> > I'm really not worried about what might happen 3 years from now, but
> rather
> > how much information a cloud managed network device will provide about my
> > whole network, and not just the device itself.
> >
> > The basic instructions say to logon to the website and configure the
> > settings for the device, then put it on the network and have it download
> > all its settings.
> >
> > I'm going to pay close attention to the type of traffic that this device
> > sees fit to disclose. :)
> >
> > Not a complaint so much as an observation.  There's always OpenWRT...
> >
> >
> >
> >
> >
> >
> >
> >
> > *ASB
> > **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
> > **Providing Virtual CIO Services (IT Operations & Information Security)
> for
> > the SMB market…***
> >
> >
> >
> >
> >
> > On Mon, Mar 18, 2013 at 11:34 PM, Jon Harris  wrote:
> >
> > >  Here is the question and answer from Meraki about what happens when
> the
> > > license expires.
> > >
> > >
> > > 1.   What happens when or if the license for the Cloud Management
> of
> > > the device lapse?**
> > >
> > > ** **- Devices have a 90 day grace period for renewal. Beyond that,
> they
> > > will not be able to pass traffic.
> > >
> > >
> > >
> > > Jon
> > > --
> > > From: jk.har...@live.com
> > >
> > > To: ntsysadmin@lyris.sunbelt-software.com
> > > Subject: RE: Meraki
> > > Date: Mon, 18 Mar 2013 15:34:35 -0400
> > >
> > >
> > >  The actual response was at the end of the contract + 90 days is when
> the
> > > action would take place.  The action in this instance was that "it
> would
> > > stop passing traffic".  When I get to work later I will cut the
> > > actual question/answer from my email and send it to the list.
> > >
> > > I don't doubt that most larger businesses would keep this device
> > > under contract.  It would be very unwise to do otherwise, although I
> have
> > > seen other businesses that depend on their network, not keep their high
> > > dollar network devices under contract.
> > >
> > > Like I said earlier did find the fact that unlike a lot of other IT
> > > directed businesses they seemed to be more interested in allowing their
> > > hardware, in this case, to sell themselves rather than have some sales
> > > drone push it hard.  That in itself to me is a big plus for the
> company.
> > >
> > > Jon
> > >
> > > --
> > > From: gswe...@acts360.com
> > > To: ntsysadmin@lyris.sunbelt-software.com
> > > Subject: Re: Meraki
> > > Date: Sun, 17 Mar 2013 22:57:46 +
> > >
> > >  It doesn't stop passing traffic and right now that’s not a hard cut
> > off.
> > >  We have gone a few weeks past an expiration and we can still monitor
> and
> > > make changes.  I am sure at some point though you would lose ability to
> > > manage it.
> > >
> > >  That is the one part of the whole solution that I am concerned with,
> but
> > > in almost all of my clients they keep up the warranty on their devices,
> > > controllers, servers, etc because to have it fail and either the
> > > replacement cost or downtime exposure is pretty steep.   The renewal
> cost
> > > on the licenses is paying for the service.  If you factor the cost of a
> > > Rukus, Firetide, Cisco, etc by the time you pay for the AP's, the
> > &g

Re: Meraki

[Andrew S. Baker]

So, my device arrived today -- solid piece of hardware, so no complaints.

As I review the setup instructions, I see a different concern than the ones
that have been voiced thus far.

I'm really not worried about what might happen 3 years from now, but rather
how much information a cloud managed network device will provide about my
whole network, and not just the device itself.

The basic instructions say to logon to the website and configure the
settings for the device, then put it on the network and have it download
all its settings.

I'm going to pay close attention to the type of traffic that this device
sees fit to disclose. :)

Not a complaint so much as an observation.  There's always OpenWRT...








*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Mon, Mar 18, 2013 at 11:34 PM, Jon Harris  wrote:

>  Here is the question and answer from Meraki about what happens when the
> license expires.
>
>
> 1.   What happens when or if the license for the Cloud Management of
> the device lapse?**
>
> ** **- Devices have a 90 day grace period for renewal. Beyond that, they
> will not be able to pass traffic.
>
>
>
> Jon
> --
> From: jk.har...@live.com
>
> To: ntsysadmin@lyris.sunbelt-software.com
> Subject: RE: Meraki
> Date: Mon, 18 Mar 2013 15:34:35 -0400
>
>
>  The actual response was at the end of the contract + 90 days is when the
> action would take place.  The action in this instance was that "it would
> stop passing traffic".  When I get to work later I will cut the
> actual question/answer from my email and send it to the list.
>
> I don't doubt that most larger businesses would keep this device
> under contract.  It would be very unwise to do otherwise, although I have
> seen other businesses that depend on their network, not keep their high
> dollar network devices under contract.
>
> Like I said earlier did find the fact that unlike a lot of other IT
> directed businesses they seemed to be more interested in allowing their
> hardware, in this case, to sell themselves rather than have some sales
> drone push it hard.  That in itself to me is a big plus for the company.
>
> Jon
>
> --
> From: gswe...@acts360.com
> To: ntsysadmin@lyris.sunbelt-software.com
> Subject: Re: Meraki
> Date: Sun, 17 Mar 2013 22:57:46 +
>
>  It doesn't stop passing traffic and right now that’s not a hard cut off.
>  We have gone a few weeks past an expiration and we can still monitor and
> make changes.  I am sure at some point though you would lose ability to
> manage it.
>
>  That is the one part of the whole solution that I am concerned with, but
> in almost all of my clients they keep up the warranty on their devices,
> controllers, servers, etc because to have it fail and either the
> replacement cost or downtime exposure is pretty steep.   The renewal cost
> on the licenses is paying for the service.  If you factor the cost of a
> Rukus, Firetide, Cisco, etc by the time you pay for the AP's, the
> controller and license cost I am pretty sure you would be very close to the
> cost over 3 years.
>
>  At least we were when we checked it over Ruckus on 3 years.
>
>   *Greg Sweers*
>
> CEO
>
> *ACTS360.com ***
>
> *P.O. Box 1193*
>
> *Brandon, FL  33509*
>
> *813-657-0849 Office*
>
> *813-644-3479 Cell*
>
>
>   From: Adam Greene 
> Reply-To: "ntsysadmin@lyris.sunbelt-software.com" <
> ntsysadmin@lyris.sunbelt-software.com>
> Date: Saturday, March 16, 2013 9:27 AM
> To: "ntsysadmin@lyris.sunbelt-software.com" <
> ntsysadmin@lyris.sunbelt-software.com>
> Subject: RE: Meraki
>
>   I wonder if after 3 years you just lose the ability to manage it via
> the cloud. It seems pretty bad that the device itself would stop working if
> you don’t renew the license.
>
>
>
> *From:* Jon Harris [mailto:jk.har...@live.com ]
> *Sent:* Friday, March 15, 2013 7:57 PM
> *To:* NT System Admin Issues
> *Subject:* RE: Meraki
>
>
>
> Yes but at the end of 3 years you have to renew the license or the device
> will stop passing traffic.  At least that is what the sales drone told me.
> I still don't know a lot of homeowners or mom & pop SMB's that will buy
> into something that requires this type of commitment or yearly price.  I
> will know better after I do my evaluation but I don't see it happening long
> term.  Once I am finished with my evaluation I get the lovely chore of
> passing my findings to my boss here at work for him to think about.  We are
> not that commited to doing wireless except for BOD and certain officers at
> only certain locations.  This looked like something they would think about
> but with the yearly cost I don't know.
>
> Jon
>
>  --
>
> From: asbz...@gmail.com
> Date: Fri, 15 Mar 2013 09:03:56 -0400
> Subject: Re: Meraki
> To: ntsysadmin@lyris.sunbelt-software.com
>
> My understand

Re: Korean web attacks used

[Andrew S. Baker]

Yes, your conclusion appears valid.

But the contents of the article provide an even more enlightening comment:

*It is important to note that this attack worked only on computers with
disabled DEP ( data execution prevention ). If you run this attack on
computer with enabled DEP, the following message is displayed*






*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Thu, Mar 21, 2013 at 12:05 PM, David Lum  wrote:

>  Am I correct in reading this page:
>
>
> http://blog.avast.com/2013/03/19/analysis-of-chinese-attack-against-korean-banks/
> 
>
> ** **
>
> that “After further searching, we were able to determine that this attack
> uses the CVE-2012-1889 (
> http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1889 )
> vulnerability, which allows a remote attacker via a crafted web site to
> execute arbitrary code” 
>
> ** **
>
> where looking up 
>
> CVE-2012-1889 points to
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1889 which has a
> link to remediation at
> http://technet.microsoft.com/en-us/security/advisory/2719615 and thus
> http://technet.microsoft.com/en-us/security/bulletin/ms12-043 that this
> attack could have been prevented if MS12-043 had been applied? 
>
> *David Lum*
> Sr. Systems Engineer // NWEATM
> Office 503.548.5229 //* *Cell (voice/text) 503.267.9764
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Meraki

[Andrew S. Baker]

Such is life in the land of subscriptions and remote license checking.

I'll bet they have a backdoor that they're not willing to provide or
outline right now.

Also, I'll be keeping my eye out for alternative firmware as a hedge
against this particular issue.





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Tue, Mar 19, 2013 at 11:45 AM, Matthew W. Ross
wrote:

> If they changed that to a 90 day grace period, then they will limit
> themselves in another way (Maybe a single SSID, or limited bandwidth, or
> limited antenna power, something like that...) I would feel better about it.
>
> I just hate having to deal with anything that _depends_ on a service on
> the internet. What if that service is retired, or the company disappears?
> Does that mean the hardware becomes useless after 90 days?
>
>
> --Matt Ross
> Ephrata School District
>
>
> - Original Message -
> From: Jon Harris
> [mailto:jk.har...@live.com]
> To: NT System Admin Issues
> [mailto:ntsysadmin@lyris.sunbelt-software.com]
> Sent: Mon, 18 Mar 2013
> 20:34:33 -0800
> Subject: RE: Meraki
>
>
> >
> > Here is the question and answer from Meraki about what happens when the
> > license expires.
> >
> > 1.   What
> > happens when or if the license for the Cloud Management of the device
> lapse?
> >
> >  - Devices have a 90 day grace period for renewal. Beyond
> > that, they will not be able to pass traffic. JonFrom: jk.har...@live.com
> > To: ntsysadmin@lyris.sunbelt-software.com
> > Subject: RE: Meraki
> > Date: Mon, 18 Mar 2013 15:34:35 -0400
> >
> >
> >
> >
> >
> > The actual response was at the end of the contract + 90 days is when the
> > action would take place.  The action in this instance was that "it would
> > stop passing traffic".  When I get to work later I will cut the actual
> > question/answer from my email and send it to the list.
> >
> > I don't doubt that most larger businesses would keep this device under
> > contract.  It would be very unwise to do otherwise, although I have seen
> > other businesses that depend on their network, not keep their high dollar
> > network devices under contract.
> >
> > Like I said earlier did find the fact that unlike a lot of other IT
> directed
> > businesses they seemed to be more interested in allowing their hardware,
> in
> > this case, to sell themselves rather than have some sales drone push it
> > hard.  That in itself to me is a big plus for the company.
> >
> > Jon
> >
> > From: gswe...@acts360.com
> > To: ntsysadmin@lyris.sunbelt-software.com
> > Subject: Re: Meraki
> > Date: Sun, 17 Mar 2013 22:57:46 +
> >
> >
> >
> >
> >
> >
> >
> >
> > It doesn't stop passing traffic and right now that’s not a hard cut off.
> > We have gone a few weeks past an expiration and we can still monitor and
> > make changes.  I am sure at some point though you would lose ability to
> > manage it.
> >
> >
> >
> > That is the one part of the whole solution that I am concerned with, but
> in
> > almost all of my clients they keep up the warranty on their devices,
> > controllers, servers, etc because to have it fail and either the
> replacement
> > cost or downtime exposure is pretty
> >  steep.   The renewal cost on the licenses is paying for the service.  If
> > you factor the cost of a Rukus, Firetide, Cisco, etc by the time you pay
> for
> > the AP's, the controller and license cost I am pretty sure you would be
> very
> > close to the cost over 3 years.
> >
> >
> >
> > At least we were when we checked it over Ruckus on 3 years.
> >
> >
> >
> >
> >
> > Greg Sweers
> > CEO
> > ACTS360.com
> > P.O. Box 1193
> > Brandon, FL  33509
> > 813-657-0849 Office
> > 813-644-3479 Cell
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > From: Adam Greene 
> >
> > Reply-To: "ntsysadmin@lyris.sunbelt-software.com"
> > 
> >
> > Date: Saturday, March 16, 2013 9:27 AM
> >
> > To: "ntsysadmin@lyris.sunbelt-software.com"
> > 
> >
> > Subject: RE: Meraki
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > I wonder if after 3 years you just lose the ability to manage it via the
> > cloud. It seems pretty bad that the device itself would stop working if
> >  you don’t renew the license.
> >
> >
> >
> > From: Jon Harris [mailto:jk.har...@live.com]
> >
> >
> > Sent: Friday, March 15, 2013 7:57 PM
> >
> > To: NT System Admin Issues
> >
> > Subject: RE: Meraki
> >
> >
> >
> >
> > Yes but at the end of 3 years you have to renew the license or the device
> > will stop passing traffic.  At least that is what the sales drone told
> me.
> > I still don't know a
> >  lot of homeowners or mom & pop SMB's that will buy into something that
> > requires this type of commitment or yearly price.  I will know better
> after
> > I do my evaluation but I don't see it happening long term.  Once I am
> > finished with my evaluation I get the lovely
> >  chore of passing my findings to my boss here at work for him to think
> > ab

Re: Meraki

[Andrew S. Baker]

*>>Yes but at the end of 3 years you have to renew the license or the
device will stop passing traffic.  *

True, but 3 years is quite a bit of time.


*>>I still don't know a lot of homeowners or mom & pop SMB's that will buy
into something that requires this type of commitment or yearly price. *

Not only to many do it for antivirus, but everyone does it for telco
services.   It is becoming the new norm.

The software landscape is changing, and subscriptions are going to be the
predominant vehicle for commercial software, especially at the retail level
in a few years.

Oh, and this device isn't really being targeted at the average mom & pop or
homeowner.  It's an enterprise level device and its being offered for free
to IT professionals.  3 years use of it for zero dollars in outlay is
better than most other alternatives, and perhaps it will be eligible for an
opensource firmware within the 3 years.

(The limitation in functionality appears to be a management one rather than
a traffic-passing one)










*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Fri, Mar 15, 2013 at 7:56 PM, Jon Harris  wrote:

>  Yes but at the end of 3 years you have to renew the license or the device
> will stop passing traffic.  At least that is what the sales drone told me.
> I still don't know a lot of homeowners or mom & pop SMB's that will buy
> into something that requires this type of commitment or yearly price.  I
> will know better after I do my evaluation but I don't see it happening long
> term.  Once I am finished with my evaluation I get the lovely chore of
> passing my findings to my boss here at work for him to think about.  We are
> not that commited to doing wireless except for BOD and certain officers at
> only certain locations.  This looked like something they would think about
> but with the yearly cost I don't know.
>
> Jon
>
> --
> From: asbz...@gmail.com
> Date: Fri, 15 Mar 2013 09:03:56 -0400
> Subject: Re: Meraki
> To: ntsysadmin@lyris.sunbelt-software.com
>
>
> My understanding was that the devices came with a 3 YEAR cloud license...
>
>
>
>
>
>
>
>
>
>   *ASB
> **http://XeeMe.com/AndrewBaker* *
> **Providing Virtual CIO Services (IT Operations & Information Security)
> for the SMB market…***
>
>
>
>
>
> On Fri, Mar 15, 2013 at 12:02 AM, Jon Harris  wrote:
>
>  After a little talking to a sales drone (quite nice they let me initiate
> the conversation) I found out that if the Cloud Management License lapses
> by 90+ days then the AP will stop passing traffic.  I don't know yet if
> that would be good thing or bad.  I guess I will have to actually do some
> testing of the device they are shipping me to see if it is worth the MSRP
> of $150/AP/year.  I can't see this for homeowners or even a lot of mom &
> pop SMBs.  I don't think they will be willing to fork over the year fee.
>
> Jon
>
> --
> From: gswe...@acts360.com
> To: ntsysadmin@lyris.sunbelt-software.com
> Subject: RE: Meraki
> Date: Mon, 11 Mar 2013 21:23:41 +
>
>
>  I love the Meraki AP’s.  We have 40+ over multiple clients.  Easy
> management, great performance.  We had have replaced clients that were
> having horrible issues with Rukus, Firetide, Cisco, etc..  Not because the
> equipment was bad, but because the reseller sold it without the proper
> controllers, or told them they could manage multiple sites from a web page,
> when in fact they had to connect to the controller locally at each site to
> manage…. Fortunately almost all of them were able to return their products
> to reseller or direct.
>
> Setup the info on the dashboard.  SSID, policies, etc..
> Connect your laptop to the Meraki, set the IP/connection info, plug in to
> POE or injector and 2 mins later you are on and connected.  Seamless
> roaming across a 12000 sqft facility with multiple walls, offices, floors.
> We have had what we think was just a bad manufacturing batch because about
> 4 in a one month period arrived, plugged in and promptly (3 -4 mins)
> fried.  Different locations…  But since then no issues.  Prompt RMA service
> also..
>
> Now the Firewalls…Same interface, excellent performance.  Seriously
> lacking on features and granular controls.  Sonicwall, Watchguard have them
> beat hands down.  Needs polishing on the usability of the interface as
> well.  We are actively involved with their development team as we have some
> of their higher end stuff in our datacenter and I am unable to meet some
> client application needs, but I am hopeful for some resolutions.  In the
> meantime I had to install my old Sonicwall 2040 to get around it.
> If you are just looking for basic firewall and don’t need a lot of higher
> end firewall features the single management interface for everything is
> really nice.  Automatic Site to Site with WAN Acceleration, Fai

Re: Meraki

[Andrew S. Baker]

My understanding was that the devices came with a 3 YEAR cloud license...







*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Fri, Mar 15, 2013 at 12:02 AM, Jon Harris  wrote:

>  After a little talking to a sales drone (quite nice they let me initiate
> the conversation) I found out that if the Cloud Management License lapses
> by 90+ days then the AP will stop passing traffic.  I don't know yet if
> that would be good thing or bad.  I guess I will have to actually do some
> testing of the device they are shipping me to see if it is worth the MSRP
> of $150/AP/year.  I can't see this for homeowners or even a lot of mom &
> pop SMBs.  I don't think they will be willing to fork over the year fee.
>
> Jon
>
> --
> From: gswe...@acts360.com
> To: ntsysadmin@lyris.sunbelt-software.com
> Subject: RE: Meraki
> Date: Mon, 11 Mar 2013 21:23:41 +
>
>
>  I love the Meraki AP’s.  We have 40+ over multiple clients.  Easy
> management, great performance.  We had have replaced clients that were
> having horrible issues with Rukus, Firetide, Cisco, etc..  Not because the
> equipment was bad, but because the reseller sold it without the proper
> controllers, or told them they could manage multiple sites from a web page,
> when in fact they had to connect to the controller locally at each site to
> manage…. Fortunately almost all of them were able to return their products
> to reseller or direct.
>
>
>
> Setup the info on the dashboard.  SSID, policies, etc..
>
> Connect your laptop to the Meraki, set the IP/connection info, plug in to
> POE or injector and 2 mins later you are on and connected.  Seamless
> roaming across a 12000 sqft facility with multiple walls, offices, floors.
>
> We have had what we think was just a bad manufacturing batch because about
> 4 in a one month period arrived, plugged in and promptly (3 -4 mins)
> fried.  Different locations…  But since then no issues.  Prompt RMA service
> also..
>
>
>
> Now the Firewalls…Same interface, excellent performance.  Seriously
> lacking on features and granular controls.  Sonicwall, Watchguard have them
> beat hands down.  Needs polishing on the usability of the interface as
> well.  We are actively involved with their development team as we have some
> of their higher end stuff in our datacenter and I am unable to meet some
> client application needs, but I am hopeful for some resolutions.  In the
> meantime I had to install my old Sonicwall 2040 to get around it.
>
> If you are just looking for basic firewall and don’t need a lot of higher
> end firewall features the single management interface for everything is
> really nice.  Automatic Site to Site with WAN Acceleration, Failover, etc
> are all included.
>
>
>
> The switches have some huge promise too.  We only have one at a client due
> to price..  Definitely not the cheapest when you can get a 24 port HP 1910
> for 400 bucks vs 1100+…
>
>
>
> *Greg Sweers*
>
> CEO
>
> *ACTS360.com ***
>
> *P.O. Box 1193*
>
> *Brandon, FL  33509*
>
> *813-657-0849 Office*
>
> *813-644-3479 Cell*
>
> *813-644-3476 Fax*
>
>
>
> *From:* Tom Miller [mailto:tmil...@sfgtrust.com]
> *Sent:* Monday, March 11, 2013 8:56 AM
> *To:* NT System Admin Issues
> *Subject:* RE: Meraki
>
>
>
> We're looking at Meraki for our two manufacturing facilities.Here at
> HQ we installed Cisco wireless last year.  I've been trying to get Cisco to
> buy back the equipment so it would be Meraki everywhere.  So far no luck -
> seems like they are pretty much separate companies.   I'm still hopeful
> since I like the meraki management.
>
>
>
> *From:* Patrick Salmon [mailto:psal...@gmail.com]
> *Sent:* Friday, March 08, 2013 4:38 PM
> *To:* NT System Admin Issues
> *Subject:* OT: Meraki
>
>
>
> Since it came up the other week (and with full disclosure: I am a Cisco
> employee and Meraki is now a part of Cisco), anybody want a free AP? Yeah.
> Free.
>
>
>
> Follow link. sign up. Participate in webinar. Validate shipping details.
> Done. Before I get spanked, it is limited to NA and EU so apologies to
> anyone outside those geos.
>
>
>
> 802.11n, fully cloud-managed with a 3-yr subscription. Setup is a breeze.
>
>
>
> I did this a couple of months ago and was very happy with the MR16 they
> sent (I'm pretty certain that's the $699 one referenced in the link) and
> when I certified (SE's and Cisco partners only) they replaced it with the
> MR24 (more radios) added the NGFW and POE Switch. My home network is now
> entirely Meraki and while I have incentive to be somewhat biased have found
> it to be uber cool in its own right. Kinda harks back to the good old days
> when you could get Cisco t-shirts and books just by finding the right link;
> this is one such link, and you're welcome ;-)
>
>
>
> Link here: http://www.meraki.com/freeap
>
>
>
> Pat.
>   ~ Finally, powerful en

Re: apipa scripting?

[Andrew S. Baker]

This is seriously desirable, in case that wasn't obvious from everyone
else's agreement.





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Fri, Mar 8, 2013 at 5:34 PM, Ben Scott  wrote:

>   I'll add my voice to what everyone else is saying: You want to keep
> using DHCP.  Use DHCP to assign static addresses.  It makes so many
> things so much easier.  If you need to renumber your network (and some
> day, you will), it means you just change the DHCP config.  If you
> change something like a DNS server, that's easy, too.  If clients
> move, updates are easy, if not automatic.  Management is centralized.
> No scripting needed -- no headaches maintaining the scripted config.
>
> On Fri, Mar 8, 2013 at 4:07 PM, S Powell  wrote:
> > We are running DHCP now, we are just looking to get rid of it as we
> > change some things around.
> > We're looking to tie addresses together, so that we have static
> > ethernet addresses on the 192.168.0.x range where x = the machine ID
> > and have the static wifi addresses be in the 192.168.1.x range
> >
> > So if I see something on x.x.x.45 I know at a glance that it can only
> > be one computer.
> > It eliminates ambiguity.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Running Powershell script as scheduled task fails with 0x1

[Andrew S. Baker]

LOL





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Fri, Mar 8, 2013 at 3:19 PM, Michael B. Smith wrote:

> I'll always be younger than you.
>
> -Original Message-
> From: Webster [mailto:webs...@carlwebster.com]
> Sent: Friday, March 8, 2013 2:54 PM
> To: NT System Admin Issues
> Subject: RE: Running Powershell script as scheduled task fails with 0x1
>
> And old!
>
> Thanks
>
>
> Webster
>
>
> > -Original Message-
> > From: Michael B. Smith [mailto:mich...@smithcons.com]
> > Subject: RE: Running Powershell script as scheduled task fails with
> > 0x1
> >
> > Easier to change a BAT than change something in task scheduler. I'm lazy.
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: P2V DC/radius server - resolved [incl. troubleshooting steps]

[Andrew S. Baker]

These are the types of stories to remember for interview purposes --
regardless of which side of the table you are on.





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Fri, Mar 8, 2013 at 9:30 AM, David Lum  wrote:

>  We found the root cause of our wireless issues….turns out about 30-40%
> of our users were affected*, and the root cause had effectively nothing to
> do with the RADIUS P2V, it was (not surprising), self-inflicted. I had
> rebooted the Meru controller Monday morning as I was seeing some events in
> the event log of the RADIUS server that I wasn’t sure if it was due to the
> controller not picking up some change or another.
>
> ** **
>
> Turns out when I did that, the startup config didn’t match what had been
> the running config, so all the AP’s that had been using 5GHz were set to
> 2.4GHz, and we have so much interference here that 5GHz is necessary for
> wireless to be reliable. The fix of course was to return the AP settings to
> what they had been, and click SAVE to make the startup config the same as
> the running config.
>
> ** **
>
> Troubleshooting: 
>
> **· **Send out e-mail to the wireless users to get a grasp of who
> was impacted
>
> **· **List OS and hardware affected (clue: WinXP, Win7, and Mac
> OS, Dell and Mac hardware affected)
>
> **· **Note the location and floor of the affected users where
> they experienced the issue (clue: most users reported problems in the same
> areas, contingent on the next clue)
>
> **· **Note date/time of problem (clue, no problems ever happened
> before 8am)
>
> **· **Walk the floors with known good machine and a ping tool to
> find the problematic areas
>
> **· **Work with Meru to confirm there are no problems between the
> Meru controller and the RADIUS server
>
> **· **Check the controller to see load per AP. This screen shows
> which AP’s are on 2.4GHz and 5GHz and was how we realized it was the root
> cause
>
> ** **
>
> Sadly, it took a couple of days to get to the last step because we were
> concentrating on the RADIUS chase, and early on removing/re-adding the
> profile “fixed” one machine. For a while.
>
> ** **
>
> * Depending on time of day, as it later turned out.
>
> ** **
>
> Dave
>
> ** **
>
> *From:* Christopher Bodnar [mailto:christopher_bod...@glic.com]
> *Sent:* Wednesday, March 06, 2013 7:13 AM
> *To:* NT System Admin Issues
> *Subject:* Re: P2V DC/radius server
>
> ** **
>
> Can you point the controller to a different DC? Move the RADIUS server to
> a different machine to see if that resolves the issue? 
>
> *Christopher Bodnar*
> Enterprise Architect I, Corporate Office of Technology:Enterprise
> Architecture and Engineering Services 
>
> Tel 610-807-6459
> 3900 Burgess Place, Bethlehem, PA 18017
> christopher_bod...@glic.com 
>
>
> *
> The Guardian Life Insurance Company of America*
> *
> *www.guardianlife.com 
>
>
>
>
>
>
> From:David Lum 
> To:"NT System Admin Issues"  >
> Date:03/06/2013 08:52 AM
> Subject:P2V DC/radius server 
>  --
>
>
>
>
> This weekend we did a P2V of a DC that also handles RADIUS and DHCP
> duties. Before the P2V I did make sure it held no FSMO roles as well
> DCPROMO it out of being a DC, then P2V, then DCPROMO back up.
>
> Once it came up as a VM, I assigned the IP info to the “new” NIC, checked
> replication, DCDIAG, DHCP requests, etc. and it all came up good. Our
> wireless system (Meru) uses RADIUS and since the P2V we have had many
> clients now have connect/disconnect/reconnect/disconnect issues.
> 1.   We have 25 access points spread over six floors in our building
> 2.   Meru connected via GotoAssist and was able to confirm their
> controller and the RADIUS server are passing auth requests as expected
> 3.   Deleting and re-creating the wireless profile seems to fix this
> issue
> 4.   Not 100% of our users are affected, but probable 75% of them are
>
> Anyone see anything similar before?
> *David Lum*
> Sr. Systems Engineer // NWEATM
> Office 503.548.5229 //* *Cell (voice/text) 503.267.9764
>   
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin 
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsy

Re: USB3 External HD recommendation

[Andrew S. Baker]

+1





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Thu, Feb 28, 2013 at 1:42 PM, Free, Bob  wrote:

>  In the small form factor, I have had very good luck with the WD
> Passports over the years. Just got one of the 2TB USB3 models. 
>
> ** **
>
> Whenever I go to get a new one, I check and  Seagate is getting bashed in
> the reviews for reliability so I stick with what has worked for me.
>
> ** **
>
> ** **
>
> *From:* Webster [mailto:webs...@carlwebster.com]
> *Sent:* Thursday, February 28, 2013 10:10 AM
> *To:* NT System Admin Issues
> *Subject:* USB3 External HD recommendation
>
> ** **
>
> I have had seven Seagate external hard drives in my lab at various times
> in the last 4.5 years.  The last two appear to be failing.  They no longer
> work on my Win7 PC but work perfectly on my MacBook Pro with the Paragon
> NTFS for Max OS X driver.
>
> ** **
>
> Needless to say, I am a little gun shy about getting another Seagate
> external drive.  What drives do you recommend?  The two drives that fail in
> Win7 but work on my Mac are 1TB USB3 drives Seagate FreeAgent GoFlex.
>
> ** **
>
> Thanks
>
> ** **
>
> ** **
>
> Webster
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> --
> PG&E is committed to protecting our customers' privacy.
> To learn more, please visit
> http://www.pge.com/about/company/privacy/customer/
> --
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: [Bulk] RE: Remote control software

[Andrew S. Baker]

Well said, Ken.

The key is to ensure that management remembers what option they selected
(deliberately or by default) when things go wrong.  :)





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Wed, Feb 27, 2013 at 10:16 PM, Ken Schaefer  wrote:

> Mitigate, Transfer, Accept and Avoid are all legitimate risk management
> options.
>
> It's a management decision whether to avoid the risk (fork out a lot of
> money to upgrade), mitigate the risk through network isolation (but doing
> so may compromise the ability of the machine to work) or simply accept the
> risk (and cater for the consequences), or even to outsource the function to
> someone else (transfer the risk)
>
> Cheers
> Ken
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Thursday, 28 February 2013 1:59 PM
> To: NT System Admin Issues
> Subject: Re: [Bulk] RE: Remote control software
>
> So, it *was* possible - they just didn't want to pay the price.
>
> Let's hope they mitigated the risk somehow - perhaps by making sure it
> wasn't connected to a network and by making sure they had replacement
> hardware on the shelf.
>
> Kurt
>
> On Wed, Feb 27, 2013 at 5:35 PM, Jon Harris  wrote:
> > I hate to tell you this but sometimes it just is not possible to do
> > upgrades whether is it due to no budget or there is just no software
> > to run the attached hardware to run on newer systems.  I faced this at
> former $dayjob$.
> > Attached hardware was antique X-ray diffractmeter.  Last software
> > upgrade was to Windows 98, and I really mean Windows 98 not 98 SE, but
> > the company had managed to get it to function with XP.  $dayjob$ was
> > told to either replace hardware, $150k+ just for the hardware and
> > maybe $300k for the software, or pay them to custom write an upgrade
> > or patch to get it to run under Vista, and they would not even
> > estimate that price.  Needless to say no upgrades were done.
> >
> > Jon
> >
> >> From: korl...@rogers.com
> >> To: ntsysadmin@lyris.sunbelt-software.com
> >> Subject: RE: [Bulk] RE: Remote control software
> >> Date: Wed, 27 Feb 2013 08:49:36 -0500
> >>
> >> Some of us are constrained by budget. I still have W2K systems out
> >> there, but none of them have internet access or email. Some can't be
> >> upgraded because the software packages won't run on anything newer
> >> and the vendor does not offer it. I have no budget for new hardware.
> Zero.
> >>
> >> -Original Message-
> >> From: Paul Gordon [mailto:paul_gor...@hotmail.com]
> >> Sent: Wednesday, February 27, 2013 8:42 AM
> >> To: NT System Admin Issues
> >> Subject: [Bulk] RE: Remote control software
> >>
> >> Sorry... I really can't help it... I have to...
> >>
> >> HAHAHAHAHAHAHAHAHAHAHA!
> >>
> >> Laugh out loud... - you're running *PRODUCTION* systems on an 18 year
> >> old OS, that has been out of support for over a decade, and is about
> >> as secure as a whore's drawers...???
> >>
> >> Are these systems running on similarly ancient hardware, or have you
> >> at least managed to virtualise them so they can be run on kit that
> >> isn't likely to expire at any moment?
> >>
> >> Sorry if I sound unsympathetic... but I do quite occasionally come
> >> across a similar blinkered attitude in $dayjob, and I really do take
> >> a pretty dim view of it...
> >>
> >> No offence intended
> >>
> >> Paul G.
> >
> >>
> >>
> >> -Original Message-
> >> From: Nigel Parker [mailto:nigel.par...@ultraframe.co.uk]
> >> Sent: 27 February 2013 11:47
> >> To: NT System Admin Issues
> >> Subject: RE: Remote control software
> >>
> >> Hi tried vnc lite it didn't seem to work well on windows 7 I
> >> connected once then just had a a black screen, we tried various
> >> workarounds but none seemed to work!
> >> Will look at logmein
> >> And the group policy settings
> >>
> >> Upgrading 95 and nt4 isn't an option due to the expense
> >>
> >>
> >> Nigel Parker
> >> Systems Engineer
> >> Ultraframe (UK) Ltd
> >> Tel: 01200 452329
> >> Fax: 01200 452201
> >> Web:   www.ultraframe.com
> >> Email: mailto:nigel.par...@ultraframe.co.uk
> >>
> >>
> >>
> >>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Seagate STAR401 BlackArmor NAS 400

[Andrew S. Baker]

I have my home NAS in RAID5 (4x2TB), and let me tell you it takes a long
time to rebuild.

I'm willing to risk a larger rebuild window for more storage (at home), so
no RAID6 there -- this time, anyway.





*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Tue, Feb 26, 2013 at 3:24 PM, Richard Stovall  wrote:

> I have no experience with the Seagate NASes either.  Personally, for this
> use case, I wouldn't consider something that doesn't support some manner of
> dual disk failure protection such as RAID 6.*  I'd also be looking for
> something with a minimum of 5 bays so I could have at least one hot spare
> online.
>
> * I suppose I did drink the "RAID 5 is dead" Kool-Aid much discussed a
> while back.
>
>
> On Tue, Feb 26, 2013 at 2:51 PM, Andrew S. Baker wrote:
>
>> No personal experience, but those reviews give me pause.
>>
>>
>>
>>
>>
>> *ASB
>> **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
>> **Providing Virtual CIO Services (IT Operations & Information Security)
>> for the SMB market…***
>>
>>
>>
>>
>>
>> On Tue, Feb 26, 2013 at 11:34 AM, Glen Johnson  wrote:
>>
>>>  Speaking of storage and remote access to it, anyone have experience
>>> with one of these units?
>>>
>>> Newegg has what looks to me, like a pretty good deal.  12tb raw storage
>>> for $700.
>>>
>>> Our church is looking to replace/update a sbs2003 server.
>>>
>>> At present, they are only using it to share files and one printer among
>>> about 10 users.
>>>
>>> The printer is not usb, but sharing it directly over the network is
>>> doable.
>>>
>>> They have used exchange, but their email is hosted off site, so really
>>> no need for exchange.
>>>
>>> I think the deal, with 4 x 3tb drives should support them for quite some
>>> time, as they current server only have 160gig storage.
>>>
>>>
>>> http://www.newegg.com/Product/Product.aspx?Item=N82E16822148615&nm_mc=EMC-IGNEFL022613&cm_mmc=EMC-IGNEFL022613-_-EMC-022613-Index-_-NetworkStorageNAS-_-22148615-LM1A
>>> 
>>>
>>> ** **
>>>
>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>>>
>>> ---
>>> To manage subscriptions click here:
>>> http://lyris.sunbelt-software.com/read/my_forums/
>>> or send an email to listmana...@lyris.sunbeltsoftware.com
>>> with the body: unsubscribe ntsysadmin
>>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Seagate STAR401 BlackArmor NAS 400

[Andrew S. Baker]

No personal experience, but those reviews give me pause.





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Tue, Feb 26, 2013 at 11:34 AM, Glen Johnson  wrote:

>  Speaking of storage and remote access to it, anyone have experience with
> one of these units?
>
> Newegg has what looks to me, like a pretty good deal.  12tb raw storage
> for $700.
>
> Our church is looking to replace/update a sbs2003 server.
>
> At present, they are only using it to share files and one printer among
> about 10 users.
>
> The printer is not usb, but sharing it directly over the network is doable.
> 
>
> They have used exchange, but their email is hosted off site, so really no
> need for exchange.
>
> I think the deal, with 4 x 3tb drives should support them for quite some
> time, as they current server only have 160gig storage.
>
>
> http://www.newegg.com/Product/Product.aspx?Item=N82E16822148615&nm_mc=EMC-IGNEFL022613&cm_mmc=EMC-IGNEFL022613-_-EMC-022613-Index-_-NetworkStorageNAS-_-22148615-LM1A
> 
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Java 7-15 failures.

[Andrew S. Baker]

Have no fear: at the rate that Java exploits and vulnerabilities are being
found in Java, they'll be providing more updates shortly.  Maybe they'll
fix that problem, or maybe more people will get the impetus to work around
them.





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Mon, Feb 25, 2013 at 9:31 PM, Jon Harris  wrote:

>  I am having similar issues.  I just wish I did not need this crapware for
> work.
>
> Jon
>
> > From: kennedy...@elyriaschools.org
> > To: ntsysadmin@lyris.sunbelt-software.com
>
> > Subject: RE: Java 7-15 failures.
> > Date: Mon, 25 Feb 2013 17:23:12 +
>
> >
> > I am seeing the IE activation issue on multiple machines myself when I
> get the exe to work.
> >
> > -Original Message-
> > From: Sam Cayze [mailto:sca...@gmail.com]
> > Sent: Monday, February 25, 2013 12:20 PM
> > To: NT System Admin Issues
> > Subject: RE: Java 7-15 failures.
> >
> > No issues with the actual installer... But I'm having a heck of time
> having the IE pluggin actually work after an upgrade. It's getting tiresome
> trying to fix this after each update. IE says the add-on is enabled and all
> that jazz. But no Java will actually load in IE. Haven't pinpointed the
> actually fix yet, but it usually requires a mix of rebooting, disabling,
> re-enabling plugins, and re-installing java.
> >
> >
> > -Original Message-
> > From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
> > Sent: Friday, February 22, 2013 3:14 PM
> > To: NT System Admin Issues
> > Subject: RE: Java 7-15 failures.
> >
> > Not sure how to say this...but glad to hear that. So it isn't just me,
> there are others. So there is hope Java will release a fixed patch.
> >
> > -Original Message-
> > From: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
> > Sent: Friday, February 22, 2013 3:55 PM
> > To: NT System Admin Issues
> > Subject: RE: Java 7-15 failures.
> >
> > Ditto here, sigh...
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
> >
> > ---
> > To manage subscriptions click here:
> > http://lyris.sunbelt-software.com/read/my_forums/
> > or send an email to listmana...@lyris.sunbeltsoftware.com
> > with the body: unsubscribe ntsysadmin
> >
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
> >
> > ---
> > To manage subscriptions click here:
> > http://lyris.sunbelt-software.com/read/my_forums/
> > or send an email to listmana...@lyris.sunbeltsoftware.com
> > with the body: unsubscribe ntsysadmin
> >
> >
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
> >
> > ---
> > To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> > or send an email to listmana...@lyris.sunbeltsoftware.com
> > with the body: unsubscribe ntsysadmin
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~  ~
> >
> > ---
> > To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> > or send an email to listmana...@lyris.sunbeltsoftware.com
> > with the body: unsubscribe ntsysadmin
> >
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: File limitation error:updated

[Andrew S. Baker]

Thanks for the follow-up.

I would guess that 300K files is the min, and not the definitive cutoff...





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Mon, Feb 25, 2013 at 3:28 PM, Chinnery, Paul  wrote:

> We finally  got this resolved with the help of PSS.  They had to make a
> registry change per this KB:
> http://technet.microsoft.com/en-us/library/ff633453%28v=ws.10%29.aspx.
>
> From what the tech said, the problem may exhibit itself when more 300,000
> files have been placed.  Although, for us, I don't understand why it took
> so long since there are over 1M files there.  Oh well, vendor has verified
> files are transferring so this project may actually get done.
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Thursday, February 14, 2013 5:01 PM
> To: NT System Admin Issues
> Subject: Re: File limitation error:updated
>
> On Thu, Feb 14, 2013 at 1:41 PM, Chinnery, Paul  wrote:
> > I had a conference call with our vendor this afternoon.  Here is where
> > the error occurs:
> >
> > I open up a command prompt and go to this folder on the server:
> >
> > z:\\\\0
> >
> > I then type in :
> >
> > MD   (that's twelve digits) , it works.
> >
> > If I type in:
> >
> > MD 0011
> > it fails with that file limitation error.
> >
> > Right now there are approximately 4.5 million files.  This is one
> > Server
> > 2008 r2 sp1 server.
>
> That's awesome! Same number of digits, but it doesn't like the name.
> And, it's nowhere near the path length limitations we've discussed.
>
> MFT fragmentation perhaps?
>
> Is that Z: drive local to the machine, or is it mapped to a share on
> another machine? Just curious - it shouldn't make a difference...
>
> I am now officially consumed with curiousity - do keep posting updates.
>
> Kurt
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: MS Azure cloud evaporates

[Andrew S. Baker]

>>There’s just no simple solutions (in my experience) to avoid them
happening.

Indeed...

>>Maybe that means using more than one public cloud vendor…

Starts to eat away (or totally devour) the value proposition... :)






*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Sun, Feb 24, 2013 at 11:57 PM, Ken Schaefer  wrote:

>  I agree – these types of SNAFUs shouldn’t happen. There’s just no simple
> solutions (in my experience) to avoid them happening. 
>
> ** **
>
> So try to plan for the contingency that ‘bad stuff’ will happen, and work
> out what risks you are prepared to mitigate and what you are prepared to
> accept. Maybe that means using more than one public cloud vendor…
>
> ** **
>
> Cheers
>
> Ken
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Monday, 25 February 2013 3:32 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: MS Azure cloud evaporates
>
> ** **
>
> Hi Ken,
>
> ** **
>
> I hear you, and I don't disagree, for the most part.  I've suffered a
> number of these issues on my own network which I fully manage (so there is
> no one else to blame, etc), and having managed different sized
> environments, I do appreciate the exponential increase in complexity.
>
> ** **
>
> To Ben's point though, if you must fail in large and complex endeavors, at
> least try for different types of failures each time -- especially if you
> are tying more and more resources to the failure point.  
>
> ** **
>
> It's kind of dumb to have the same type of failure every few months, with
> the only change being the ever-increasing scope of impact from the failure.
> 
>
>
> 
>
>  
>
>  
>
> *ASB
> **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
> **Providing Virtual CIO Services (IT Operations & Information Security)
> for the SMB market…*
>
>  
>
> ** **
>
> On Sun, Feb 24, 2013 at 8:31 PM, Ken Schaefer 
> wrote:
>
> Sure.
>
> But Ford/GM/Toyota sell cars - they're affected by recalls. Boeing sells
> planes - they seem to have issues (as does the A380 from Airbus - like the
> engine that exploded over Singapore). The FDA requires extensive testing of
> drugs in the US market, but still some drugs have unintended consequences
> despite the billions spent.
>
> In large, complex environments, with lots of moving parts, things go
> wrong. Language barriers, changing regulations, ambiguous requirements,
> staff turnover, in-flight projects - all of these things (in my experience)
> make it difficult to develop a solid baseline of what should be in the
> environment and what's actually there.  Unfortunately, I don't know the
> answer to making it all work. Some people point to ITIL, but adding layers
> of process and documenting them just leads to lots of out-of-date
> documentation in my experience. The process writers can't keep up with the
> constant changes in the business. (I'm not saying "don't use ITIL" - that
> just leads to a huge mess - but it's not the panacea that some people make
> it out to be)
>
> Cheers
> Ken
>
>
>
> -Original Message-
> From: Tim Evans [mailto:tev...@sparling.com]
> Sent: Monday, 25 February 2013 12:13 PM
> To: NT System Admin Issues
> Subject: RE: MS Azure cloud evaporates
>
> I appreciate your thoughts from viewpoint of a large org, but if a company
> is selling these services, is it unreasonable to expect that they have this
> all worked out, at least as far as it affects the services they are selling?
>
> ...Tim
>
>
> -Original Message-
> From: Ken Schaefer [mailto:k...@adopenstatic.com]
> Sent: Sunday, February 24, 2013 3:36 PM
> To: NT System Admin Issues
> Subject: RE: MS Azure cloud evaporates
>
> Sure - asset lifecycle management is a core ITIL concept. It should be
> built into your CMDB.
>
> But large orgs have tens, if not hundreds of thousands (or millions) of
> assets. Everything from certs to software licenses to supplier contracts.
> It's a full time job, for probably a small army of people, to put all these
> things into a system, and respond to the  upcoming renewals.
>
> But alerting: that's just the first step: some alert comes up that says
> "xyz fire suppressant system needs to be re-certified". So what? You need
> to have a team to hand this off to, and they need to have a process to
> follow to get it done (you don't want Ops people maki

Re: MS Azure cloud evaporates

[Andrew S. Baker]

Hi Ken,

I hear you, and I don't disagree, for the most part.  I've suffered a
number of these issues on my own network which I fully manage (so there is
no one else to blame, etc), and having managed different sized
environments, I do appreciate the exponential increase in complexity.

To Ben's point though, if you must fail in large and complex endeavors, at
least try for different types of failures each time -- especially if you
are tying more and more resources to the failure point.

It's kind of dumb to have the same type of failure every few months, with
the only change being the ever-increasing scope of impact from the failure.





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Sun, Feb 24, 2013 at 8:31 PM, Ken Schaefer  wrote:

> Sure.
>
> But Ford/GM/Toyota sell cars - they're affected by recalls. Boeing sells
> planes - they seem to have issues (as does the A380 from Airbus - like the
> engine that exploded over Singapore). The FDA requires extensive testing of
> drugs in the US market, but still some drugs have unintended consequences
> despite the billions spent.
>
> In large, complex environments, with lots of moving parts, things go
> wrong. Language barriers, changing regulations, ambiguous requirements,
> staff turnover, in-flight projects - all of these things (in my experience)
> make it difficult to develop a solid baseline of what should be in the
> environment and what's actually there.  Unfortunately, I don't know the
> answer to making it all work. Some people point to ITIL, but adding layers
> of process and documenting them just leads to lots of out-of-date
> documentation in my experience. The process writers can't keep up with the
> constant changes in the business. (I'm not saying "don't use ITIL" - that
> just leads to a huge mess - but it's not the panacea that some people make
> it out to be)
>
> Cheers
> Ken
>
>
> -Original Message-
> From: Tim Evans [mailto:tev...@sparling.com]
> Sent: Monday, 25 February 2013 12:13 PM
> To: NT System Admin Issues
> Subject: RE: MS Azure cloud evaporates
>
> I appreciate your thoughts from viewpoint of a large org, but if a company
> is selling these services, is it unreasonable to expect that they have this
> all worked out, at least as far as it affects the services they are selling?
>
> ...Tim
>
>
> -Original Message-
> From: Ken Schaefer [mailto:k...@adopenstatic.com]
> Sent: Sunday, February 24, 2013 3:36 PM
> To: NT System Admin Issues
> Subject: RE: MS Azure cloud evaporates
>
> Sure - asset lifecycle management is a core ITIL concept. It should be
> built into your CMDB.
>
> But large orgs have tens, if not hundreds of thousands (or millions) of
> assets. Everything from certs to software licenses to supplier contracts.
> It's a full time job, for probably a small army of people, to put all these
> things into a system, and respond to the  upcoming renewals.
>
> But alerting: that's just the first step: some alert comes up that says
> "xyz fire suppressant system needs to be re-certified". So what? You need
> to have a team to hand this off to, and they need to have a process to
> follow to get it done (you don't want Ops people making up stuff on-the-fly
> - that leads to SEV1 as well). But the reality probably is, that in the 5
> years since the alert was created, the DCFM team's been through several
> re-organisations, several business mergers/demergers have occurred, and
> some functions have now been outsourced. So whatever team or position was
> responsible for this before is long gone, and no one ever went and updated
> this alert.
>
> So now someone has to go negotiate with various managers to see who should
> take this on, who R&R/OPEX budget this is coming out of, etc. And if that
> someone hasn't have the right understanding of the time criticality of
> getting this job done in time, then stuff will break.
>
> In large orgs, technology (like getting a warning about something ) is
> such a small part of actually getting anything working, or keeping it
> running. It's all the other stuff, which is mostly processes and human
> interaction where things are always breaking. Now, if you're lucky, then
> you never re-organise, and the same people hang around for a long time.
> Then you have a good understanding of responsibilities, and people have a
> lot of accumulated knowledge of the environment. But that's generally
> impossible to accomplish in a 100,000 user environment - statistically,
> people will always be coming and going.
>
> Cheers
> Ken
>
> -Original Message-
> From: Ben M. Schorr [mailto:b...@rolandschorr.com]
> Sent: Monday, 25 February 2013 10:05 AM
> To: NT System Admin Issues
> Subject: RE: MS Azure cloud evaporates
>
> I realize we're operating on a MUCH smaller basis but whenever we create a
> record or certificate that expires on a schedule we also create a ta

Re: MS Azure cloud evaporates

[Andrew S. Baker]

W.O.W.





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Fri, Feb 22, 2013 at 8:19 PM, Ben Scott  wrote:

>   Reports are that large portions of the Microsoft Windows Azure cloud
> infrastructure failed this evening.  Apparently MSFT let a critical
> security certificate expire.  This knocked out the Storage service
> *world wide*.  That in turn has caused cascade failures, since many
> other Azure services depend on the Storage service.  Service Bus, Web
> Sites, Access Control, and Compute are all impacted.
>
>   MSFT seems to have a problem with letting things expire.  They got
> nailed by a certificate boundary condition last year around this time,
> and then there was that time they let passport.com expire and knocked
> all their authentication systems offline.  You'd think they'd have
> this figured out by now.
>
>
> http://www.zdnet.com/windows-azure-storage-issue-expired-https-certificate-possibly-at-fault-711705/
>
>
> http://www.theregister.co.uk/2013/02/22/azure_problem_that_should_never_happen_ever/
>
>   "It is the opinion of /The Register/ that to have a core service
> fail in every data center across the world simultaneously is an
> extremely bad thing to happen to a cloud provider."
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: IIS security / Chrome Firefox / ADFS

[Andrew S. Baker]

If either solution will work effectively for you, and it seems to me that
either one would, IWA is a little bit more secure than Forms-based
authentication, and is the direction that I expect Microsoft to continue
with over the long-haul.

I don't see that there are very many security implications for you either
way, but I'd be inclined to go with IWA myself.






*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Fri, Feb 22, 2013 at 3:16 PM, David Lum  wrote:

>  I’ve been asked to use one of these two solutions to fix an ADFS/Chrome
> browser issue. I am not very ISS/security savvy, what are the security
> implications of each?
>
> ** **
>
>
> http://blogs.microsoft.co.il/blogs/applisec/archive/2012/07/16/chrome-support-for-acs-with-adfs-2-0-identity-provider.aspx
> 
>
> ** **
>
> *David Lum*
> Sr. Systems Engineer // NWEATM
> Office 503.548.5229 //* *Cell (voice/text) 503.267.9764
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: OT: MCM certification

[Andrew S. Baker]

I doubt that they get 1000s of applications a year, who then would be
ineligible or unwilling to meet the rest of the criteria





*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Mon, Feb 18, 2013 at 5:17 PM, ANDREW F OFALT  wrote:

> you guys did see these parts of the article, right?
>
> late June I paid the $135 application fee, they verified my MCSE/MCITP
> credentials
> submit my resume
> submit a current project summary doc
> I was accepted after Microsoft reviewed my application
> We coordinated a date/time for a phone interview to go over my application
> package
> A day or two after speaking with Ryan, I received an email stating that I
> had been accepted into the MCM Program and could schedule (and pay for)
> attending a session.
>
> Microsoft is probably cleaning up on the $135 application fee...
>
> Andy-0
>
> - Original Message -
>
>
> Most college degrees are some multiple of the number in question --
> usually 4x minimum.
>
>
> If people coming straight out of college can pass this test, or have the
> credentials for this level of work, then I could see your point.
>
>
> Again, Microsoft does not appear to be targeting this to "ye ol' admin"
> so, I'm not sure why the inability of ye ol' admin to get access to it is
> perceived as a negative.
>
>
> ASB
> http://XeeMe.com/AndrewBaker
> Providing Virtual CIO Services (IT Operations & Information Security) for
> the SMB market…
>
>
>
> On Fri, Feb 15, 2013 at 7:21 AM, Ray < rz...@qwest.net > wrote:
>
>
>
> If it’s going to be competing with the cost of a college degree it’s crazy.
>
>
> From: Ken Schaefer [mailto: k...@adopenstatic.com ]
> Sent: Thursday, February 14, 2013 3:28 PM
>
> To: NT System Admin Issues
> Subject: RE: OT: MCM certification
>
>
>
>
>
>
> I suppose one issue is that for every person that says “$20,000 is too
> much, it should be $10,000 and lots more people would do it”, there’s
> another person that will say “$10,000 is too much, it should be $5,000 and
> lots more people would do it”, and so on.
>
>
>
> Cheers
>
> Ken
>
>
>
> From: Christopher Bodnar [ mailto:christopher_bod...@glic.com ]
>
> Sent: Friday, 15 February 2013 7:45 AM
>
>
> To: NT System Admin Issues
> Subject: Re: OT: MCM certification
>
>
>
>
>
>
>
> Don't want to keep on this thread, it's obvious that most of you are in
> disagreement with me. I'm OK with that. But to your comment:
>
> I think I get who the certification is targeting. My point is that I think
> there is a larger population out there that might be interested in and
> possibly be valid candidates for, this certification in mid sized shops,
> but the cost is prohibitive. And I understand that there has to be a fee
> for this. And I even agree that MS isn't really making money off this. But
> just doing some basic numbers (I may be way off on these figures so don't
> crucify me on this). If there are 4 sessions a year in any given track
> (SQL, Messaging, DS, etc...)That's 100 people that need to pay for the
> course. Thats' $1.4milliion. Even say they cut this in half, they would
> only be reducing their revenue by $750K per track. In terms of MS, that is
> peanuts. This is not a revenue stream for MS, they are just trying to
> recoup some of the costs. But this would open it up to a much larger pool
> of potential candidates.
>
> Christopher Bodnar
> Enterprise Architect I, Corporate Office of Technology:Enterprise
> Architecture and Engineering Services
>
>
> Tel 610-807-6459
> 3900 Burgess Place, Bethlehem, PA 18017
> christopher_bod...@glic.com
>
>
>
>
> The Guardian Life Insurance Company of America
>
> www.guardianlife.com
>
>
>
>
>
>
>
> From: "Andrew S. Baker" < asbz...@gmail.com >
> To: "NT System Admin Issues" < ntsysadmin@lyris.sunbelt-software.com >
> Date: 02/14/2013 02:59 PM
> Subject: Re: OT: MCM certification
>
>
>
>
>
>
> Chris, if you look at who that certification is targeting, the ROI is
> very, very straightforward.
>
> Lowering the price wouldn't lower the barrier that much, and the cost of
> the overall process must come from somewhere.
>
>
>
>
>
> ASB
> http://XeeMe.com/AndrewBaker
> Providing Virtual CIO Services (IT Operations & Information Security) for
> the SMB market…
>
>
>
>
>
> On Wed, Feb 13, 2013 at 10:20 AM, Christopher Bodnar <
> christop

Re: Non-corp desktops and RDS

[Andrew S. Baker]

*>>Frustrating though. Any reasonably clean/patched/well maintained machine
connects and functions perfectly.*

**

I wouldn't be too quick to mention that, as that will become your new
mission...





*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Fri, Feb 15, 2013 at 11:33 AM, Kennedy, Jim  wrote:

>  We are getting that proposal on the 22nd from a reliable vendor.  The
> price tag will kill that portion of it, we just did 3 million in cuts
> yesterday. 60+ people out the door at the end of the school year. You bring
> up a valid point in a backhanded way.  The choices are write the check and
> do it correctly. Or have something that doesn’t work too well.
>
> ** **
>
> Frustrating though. Any reasonably clean/patched/well maintained machine
> connects and functions perfectly.****
>
> ** **
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Friday, February 15, 2013 11:30 AM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Non-corp desktops and RDS
>
> ** **
>
> I would recommend that you take the results of the testing, look at
> vendors that will help you with the security of such an approach, and then
> propose the full approach (with a suitable timeframe) for approval.
>
> ** **
>
> If you're fortunate, they'll approve the project with the proper tools.
>  If you're really fortunate, they'll kill it for now.   Either way, make
> sure you've researched the tools that you will need beforehand.  
>
>
> 
>
>  
>
>  
>
> *ASB
> **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
> **Providing Virtual CIO Services (IT Operations & Information Security)
> for the SMB market…*
>
>  
>
> ** **
>
> On Fri, Feb 15, 2013 at 10:03 AM, Kennedy, Jim <
> kennedy...@elyriaschools.org> wrote:
>
> How well is allowing non-corporate assets connect to a RDS session from
> home working for everyone. Using an SSL tunnel here. I am just starting
> initial testing with a few users and it is a nightmare.  Wrong Java,
> toolbars and popup blockers and layers and layers of crapware are causing
> tons of problems. And these are the alleged 'tech savy' users.
>
> It is beginning to feel like a giant fail coming my way.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: OT: MCM certification

[Andrew S. Baker]

Most college degrees are some multiple of the number in question -- usually
4x minimum.

If people coming straight out of college can pass this test, or have the
credentials for this level of work, then I could see your point.

Again, Microsoft does not appear to be targeting this to "ye ol' admin" so,
I'm not sure why the inability of ye ol' admin to get access to it is
perceived as a negative.





*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Fri, Feb 15, 2013 at 7:21 AM, Ray  wrote:

> If it’s going to be competing with the cost of a college degree it’s
> crazy.  
>
> ** **
>
> *From:* Ken Schaefer [mailto:k...@adopenstatic.com]
> *Sent:* Thursday, February 14, 2013 3:28 PM
>
> *To:* NT System Admin Issues
> *Subject:* RE: OT: MCM certification
>
> ** **
>
> I suppose one issue is that for every person that says “$20,000 is too
> much, it should be $10,000 and lots more people would do it”, there’s
> another person that will say “$10,000 is too much, it should be $5,000 and
> lots more people would do it”, and so on.
>
> ** **
>
> Cheers
>
> Ken
>
> ** **
>
> *From:* Christopher Bodnar 
> [mailto:christopher_bod...@glic.com]
>
> *Sent:* Friday, 15 February 2013 7:45 AM
> *To:* NT System Admin Issues
> *Subject:* Re: OT: MCM certification
>
> ** **
>
> Don't want to keep on this thread, it's obvious that most of you are in
> disagreement with me. I'm OK with that. But to your comment:
>
> I think I get who the certification is targeting. My point is that I think
> there is a larger population out there that might be interested in and
> possibly be valid candidates for, this  certification in mid sized shops,
> but the cost is prohibitive. And I understand that there has to be a fee
> for this. And I even agree that MS isn't really making money off this. But
> just doing some basic numbers (I may be way off on these figures so don't
> crucify me on this). If there are 4 sessions a year in any given track
> (SQL, Messaging, DS, etc...)That's 100 people that need to pay for the
> course. Thats' $1.4milliion. Even say they cut this in half, they would
> only be reducing their revenue by $750K per track. In terms of MS, that is
> peanuts. This is not a revenue stream for MS, they are just trying to
> recoup some of the costs. But this would open it up to a much larger pool
> of potential candidates. 
>
> *Christopher Bodnar*
> Enterprise Architect I, Corporate Office of Technology:Enterprise
> Architecture and Engineering Services ****
>
> Tel 610-807-6459
> 3900 Burgess Place, Bethlehem, PA 18017
> christopher_bod...@glic.com 
>
>
> *
> The Guardian Life Insurance Company of America*
> *
> *www.guardianlife.com 
>
>
>
>
>
>
> From:"Andrew S. Baker" 
> To:"NT System Admin Issues"  >
> Date:02/14/2013 02:59 PM
> Subject:Re: OT: MCM certification 
> --
>
>
>
>
> Chris, if you look at who that certification is targeting, the ROI is
> very, very straightforward.
>
> Lowering the price wouldn't lower the barrier that much, and the cost of
> the overall process must come from somewhere. 
>
>   
>
>   
>
> *ASB**
> **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
> Providing Virtual CIO Services (IT Operations & Information Security) for
> the SMB market…*
>
>   
>
>
>
> On Wed, Feb 13, 2013 at 10:20 AM, Christopher Bodnar <
> christopher_bod...@glic.com> wrote:
> Was reading this yesterday:
> *
> *http://blogs.metcorpconsulting.com/tech/?p=1101
>
> And got to thinking about this again. It still bothers me that the road to
> this certification is artificially blocked by monetary constraints. I think
> the certification is difficult enough without adding that as a factor to
> reduce the overall numbers just to increase the "value" of this
> certification. Maybe I'm in the minority, but I know I wont' even consider
> this certification, just based on the cost. Not that I think I would pass,
> or that I even think I'm ready for something like this. I don't work for MS
> and I'm not a consultant. Which from what I've seen are the 2 primary
> groups of people seeking this certification. My employer would never
> consider this strictly based on cost and ROI.
>
> Anyone else of the same opinion? Or am I way off base here? 
>
> Chris 
>
> ** **
&g

Re: Fortigate (was Guest network security)

[Andrew S. Baker]

*>>Fortinet probably removed some features because the lower-end machines
couldn’t handle the required workload, I’m guessing.*

**
We know that there will be tradeoffs with UTM.  If a device can't handle
it, then I'll make the decision to go with a larger device, or change the
priorities of my desired features.However, if you remove the features
from a device that *used* to support it, I'm going to consider a different
vendor, not a different device.





*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Fri, Feb 15, 2013 at 6:29 AM, Tom Miller  wrote:

>  You may wish to inquire with your reseller about a trade-back.  I had a
> number of 40C devices, upgraded the firmware per support’s recommendation,
> and it was a disaster.  Utilization skyrocketed on all of them and it
> turned out to be one of the core services that I could not disable, and it
> caused the VPN tunnel to constantly drop (this didn’t start until a few
> weeks after the firmware was upgraded).  I worked out a pretty good deal
> with my reseller for the next model up for a great price.  I only got this
> deal after I told the reseller (who was very helpful) that I’d be happy to
> dump Fortinet and go with a competitor.  
>
> ** **
>
> Fortinet probably removed some features because the lower-end machines
> couldn’t handle the required workload, I’m guessing. 
>
> ** **
>
> I didn’t see the issue on the higher models I used.
>
> ** **
>
> *From:* James Hill [mailto:falc...@gmail.com]
> *Sent:* Thursday, February 14, 2013 9:04 PM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Fortigate (was Guest network security)
>
>  ** **
>
> I came across the same issue with a recently purchased 40C and was also
> disappointed.
>
> ** **
>
> The 60C (soon to be 60D with 2 x the performance) has the traffic shaping
> option and pretty much everything else.
>
> ** **
>
> Maybe I didn’t look hard enough but it certainly isn’t made obvious on
> their website that the lower end models have features missing.
>
> ** **
>
> James.
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com ]
> *Sent:* Friday, 15 February 2013 2:27 AM
> *To:* NT System Admin Issues
> *Subject:* Re: Fortigate (was Guest network security)
>
> ** **
>
> One note:  It looks like Traffic Shaping and the Explicit Web Proxy option
> are no longer available under the new OS for certain pieces of hardware,
> including my 40C.   I suspect that anything in the SOHO range had it
> removed.
>
> ** **
>
> I'm going to downgrade to v4.0 MR3 patch 11, as advised by support.
>
> ** **
>
> That's not cool.  :(
>
> ** **
>
> I've asked to see if that functionality will be brought back into the
> device...
>
> (Actually, I found that MR3 patch 12 was released on the 13th, so I've
> downgraded to that)
>
>
> 
>
>  
>
>  
>
> *ASB
> **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
> **Providing Virtual CIO Services (IT Operations & Information Security)
> for the SMB market…*
>
>  
>
> ** **
>
> On Fri, Feb 8, 2013 at 12:57 PM, Sam Cayze  wrote:
>
>  Good to know, thanks!
>
>  
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Friday, February 08, 2013 8:10 AM
>
>
> *To:* NT System Admin Issues
>
> *Subject:* Re: Fortigate (was Guest network security)
>
>  
>
> Version 5.0 installed smoothly.  The visual changes are somewhat minimal
> for now, but the performance of the UI improved.  Can't say for the rest of
> the device (performance wise) as I haven't finished migrating to it.
>
> The backups are much smaller under 5.0 than under v4
>
>
> 
>
>  
>
>  
>
> *ASB
> **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
> **Providing Virtual CIO Services (IT Operations & Information Security)
> for the SMB market…*
>
>  
>
>  
>
> On Thu, Feb 7, 2013 at 12:46 PM, Andrew S. Baker 
> wrote:
>
> I will, as soon as I finish setting this device up today. :)
>
>
> 
>
>  ****
>
>  
>
> *ASB
> **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
> **Providing Virtual CIO Services (IT Operations & Information Security)
> for the SMB market…*
>
>  
>
>  
>
> On Thu, Feb 7, 2013 at 12:26 PM, Sam Ca

Re: Fortigate (was Guest network security)

[Andrew S. Baker]

Yes, they took out the functionality from firmware on some of the models.

I "downgraded" to v4.0, but only really lost some of the GUI ease, and the
device identification stuff.

I got back the web proxy, and the traffic shaping control, which is what I
cared about.

They suggested that it was because of performance issues why they removed
the features, but I'm still annoyed.  It's not like those features are
mandatory, or that it is so hard to get them working on even less hardware.
 I still have an 11-year old Netscreen 5XP that does traffic shaping.  If
it could support multiple WANs and had better than a 10mbit interface, I
would be inclined to use it still.  Yes, the UI was slow, but the
performance of the device itself was fine.

They're just hurting themselves if they cut out the low-end.   I've
downloaded the Sophos UTM appliance and will look at this for viability for
customers.

http://www.sophos.com/en-us/products/free-tools/sophos-utm-essential-firewall.aspx
 (Thanks, James!)

Another option that I looked at, although it's not *quite* there for SOHO
is ZyXel.  I had a USG-50 which is a very cool device, but the features are
a little quirky, and they tied some of what should be core (like traffic
shaping) to subscription services.

http://www.newegg.com/Product/Product.aspx?Item=N82E16833181137

I also saw lots of complaints about the SSL tunnels, although I didn't try
it myself.

If Fortinet stops bringing value to the low-end of the spectrum, they'll
lose in the end, because the SOHO and SMB market is ripe for a solid
product, and those people are going to be more inclined to go with a name
brand (like SonicWall) or with cost (like ZyXel) than play the feature
roulette.

There is no place on their website that clearly states which models are
lacking which functionality items under v5, and that's the worst part of
this whole ordeal.







*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Thu, Feb 14, 2013 at 9:03 PM, James Hill  wrote:

> I came across the same issue with a recently purchased 40C and was also
> disappointed.
>
> ** **
>
> The 60C (soon to be 60D with 2 x the performance) has the traffic shaping
> option and pretty much everything else.
>
> ** **
>
> Maybe I didn’t look hard enough but it certainly isn’t made obvious on
> their website that the lower end models have features missing.
>
> ** **
>
> James.
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Friday, 15 February 2013 2:27 AM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Fortigate (was Guest network security)
>
> ** **
>
> One note:  It looks like Traffic Shaping and the Explicit Web Proxy option
> are no longer available under the new OS for certain pieces of hardware,
> including my 40C.   I suspect that anything in the SOHO range had it
> removed.
>
> ** **
>
> I'm going to downgrade to v4.0 MR3 patch 11, as advised by support.
>
> ** **
>
> That's not cool.  :(
>
> ** **
>
> I've asked to see if that functionality will be brought back into the
> device...
>
> (Actually, I found that MR3 patch 12 was released on the 13th, so I've
> downgraded to that)
>
>
> 
>
>  
>
>  
>
> *ASB
> **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
> **Providing Virtual CIO Services (IT Operations & Information Security)
> for the SMB market…*
>
>  
>
> ** **
>
> On Fri, Feb 8, 2013 at 12:57 PM, Sam Cayze  wrote:
>
> Good to know, thanks!
>
>  
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Friday, February 08, 2013 8:10 AM
>
>
> *To:* NT System Admin Issues
>
> *Subject:* Re: Fortigate (was Guest network security)
>
>  
>
> Version 5.0 installed smoothly.  The visual changes are somewhat minimal
> for now, but the performance of the UI improved.  Can't say for the rest of
> the device (performance wise) as I haven't finished migrating to it.
>
> The backups are much smaller under 5.0 than under v4
>
>
> 
>
>  
>
>  
>
> *ASB
> **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
> **Providing Virtual CIO Services (IT Operations & Information Security)
> for the SMB market…*
>
>  
>
>  
>
> On Thu, Feb 7, 2013 at 12:46 PM, Andrew S. Baker 
> wrote:
>
> I will, as soon as I finish setting this device up today. :)
>
>
> 
>
>  
>
>  
>
> *ASB
> **http://XeeMe.com/

Re: Backup to cloud?

[Andrew S. Baker]

*>>I think that’s what’s meant by “perception of infinite capacity”.*



Fair enough, Ken.





*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Thu, Feb 14, 2013 at 8:47 PM, Ken Schaefer  wrote:

>  I’m not really familiar with SkyDrive and GoogleDrive – they’re more
> targeted at consumers right? What about the corporate offerings? Can you
> just get more and more storage as required?
>
> ** **
>
> For Amazon EC2 – the scalability is in the number of machines you can buy,
> not in the configuration of each individual machine. Whilst there must be
> some finite limit to the total number of server instances that Amazon could
> provision at a given time, as far as an individual purchaser is concerned,
> there isn’t “only 8 RU of rack space left, so you could put in 8 1U
> servers”, or “we only have cooling for XYZ more watt/hours”, or “we only
> have 10 more vCPUs we can commit’. Instead, the data centre doesn’t have a
> defined limit as far as the customer is concerned, and you can buy 1, 5 or
> 10 more servers without the need to evaluate against typical DC
> constraints. Now, much spare capacity (cloud design patterns call for
> “reserve” fault domains – i.e. extra capacity to cater for growth) is a
> capacity management issue. It’s always possible that someone turns up and
> says “I want to buy 1,000,000,000 server instances”, but it’s probably very
> unlikely. Based on what Amazon sees today, plus what they expect in the
> future, they pre-provision extra, spare, reserve capacity, so that
> customers can keep buying more capacity “on-demand”
>
> ** **
>
> I think that’s what’s meant by “perception of infinite capacity”.
>
> ** **
>
> I think Tom Shinder’s now working at MS as one of their cloud architects.
> If he’s still on the list, he could chime in, as Microsoft’s follows that
> design pattern.
>
> ** **
>
> Cheers
>
> Ken
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Friday, 15 February 2013 12:24 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Backup to cloud?
>
> ** **
>
> While I agree and support the NIST cloud definitions, I have to conclude
> that except for some private cloud configurations, no one is actually
> selling "Perception of infinite capacity," today -- and maybe not for a
> while, either.
>
> ** **
>
> Amazon EC2 is definitely cloud computing, but there are limits on how much
> computing you can get without instantiating a new server instance.
> DropBox is cloud storage, but the limit of space is not that fluid -- same
> for SkyDrive, GoogleDrive, Box.com, etc.
>
> ** **
>
> What the cloud provides today in reality, is self-service and major
> flexibility for expansion or reduction, as desired.  
>
> ** **
>
> The other definitions are legit, but there are no complete implementations
> of them out there today.
>
>
> 
>
>  
>
>  
>
> *ASB
> **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
> **Providing Virtual CIO Services (IT Operations & Information Security)
> for the SMB market…*
>
>  
>
> ** **
>
> On Thu, Feb 14, 2013 at 5:17 PM, Ken Schaefer 
> wrote:
>
> No – I disagree. Whilst, in IT, there is much marketing BS from vendors
> wanting to sell you stuff, the core cloud definitions are pretty well
> settled IMHO. Most people use a variation of what NIST has published:
>
>  
>
> *Features:*
>
> · Perception of infinite capacity, with rapid elasticity (as far
> as the user is concerned the capacity is available on-demand)
>
> · Ability for user to perform self-service
> provisioning/deprovisioning (no need to involve the vendor)
>
> · Broad network access: access via widely accepted protocols
> (like web services) thus accessible on a variety of devices and thick/thin
> client models
>
> · Resource Pooling: multiple end users may be mixed together and
> spread across the available physical resources and fault domains
>
> · Measured service: automated monitoring and capacity management
> (e.g. dynamic provisioning and resource usage levelling). Also provides
> transparent resource (and thus cost) accounting to the end user
>
> * *
>
> *Types:*
>
> · IAAS (you get some compute, storage etc.), 
>
> · PAAS (you get a platform, like SQL Server) or 
>
> · SAAS (you get to use an application e.g. like SalesForce)
>
>  *

Re: OT: MCM certification

[Andrew S. Baker]

Part of the allure, prestige and clout of the cert is that it *isn't* open
to more people.

Scarcity does have value, and to both Ken's and Scott's points, even a
$2500 cut-off would annoy many.

It's not like Microsoft doesn't have other, affordable yet valuable certs
out there to cover the scenarios you're talking about.

Oh, and don't think I don't see your point.  I hear you, but I also
understand theirs.





*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Thu, Feb 14, 2013 at 3:45 PM, Christopher Bodnar <
christopher_bod...@glic.com> wrote:

> Don't want to keep on this thread, it's obvious that most of you are in
> disagreement with me. I'm OK with that. But to your comment:
>
> I think I get who the certification is targeting. My point is that I think
> there is a larger population out there that might be interested in and
> possibly be valid candidates for, this  certification in mid sized shops,
> but the cost is prohibitive. And I understand that there has to be a fee
> for this. And I even agree that MS isn't really making money off this. But
> just doing some basic numbers (I may be way off on these figures so don't
> crucify me on this). If there are 4 sessions a year in any given track
> (SQL, Messaging, DS, etc...)That's 100 people that need to pay for the
> course. Thats' $1.4milliion. Even say they cut this in half, they would
> only be reducing their revenue by $750K per track. In terms of MS, that is
> peanuts. This is not a revenue stream for MS, they are just trying to
> recoup some of the costs. But this would open it up to a much larger pool
> of potential candidates.
>
>  *Christopher Bodnar*
> Enterprise Architect I, Corporate Office of Technology:Enterprise
> Architecture and Engineering Services  Tel 610-807-6459
> 3900 Burgess Place, Bethlehem, PA 18017
> christopher_bod...@glic.com
>
>
> *
> The Guardian Life Insurance Company of America*
> *
> **www.guardianlife.com* <http://www.guardianlife.com/>
>
>
>
>
>
>
> From:"Andrew S. Baker" 
> To:"NT System Admin Issues"  >
> Date:02/14/2013 02:59 PM
> Subject:Re: OT: MCM certification
> --
>
>
>
> Chris, if you look at who that certification is targeting, the ROI is
> very, very straightforward.
>
> Lowering the price wouldn't lower the barrier that much, and the cost of
> the overall process must come from somewhere.
>
>
>
>
>
>  *ASB**
> **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
> Providing Virtual CIO Services (IT Operations & Information Security) for
> the SMB market…*
>
>
>
>
>
> On Wed, Feb 13, 2013 at 10:20 AM, Christopher Bodnar <*
> christopher_bod...@glic.com* > wrote:
> Was reading this yesterday:
> *
> **http://blogs.metcorpconsulting.com/tech/?p=1101*<http://blogs.metcorpconsulting.com/tech/?p=1101>
>
> And got to thinking about this again. It still bothers me that the road to
> this certification is artificially blocked by monetary constraints. I think
> the certification is difficult enough without adding that as a factor to
> reduce the overall numbers just to increase the "value" of this
> certification. Maybe I'm in the minority, but I know I wont' even consider
> this certification, just based on the cost. Not that I think I would pass,
> or that I even think I'm ready for something like this. I don't work for MS
> and I'm not a consultant. Which from what I've seen are the 2 primary
> groups of people seeking this certification. My employer would never
> consider this strictly based on cost and ROI.
>
> Anyone else of the same opinion? Or am I way off base here?
> Chris
>
> - This message, and any
> attachments to it, may contain information that is privileged,
> confidential, and exempt from disclosure under applicable law. If the
> reader of this message is not the intended recipient, you are notified that
> any use, dissemination, distribution, copying, or communication of this
> message is strictly prohibited. If you have received this message in error,
> please notify the sender immediately by return e-mail and delete the
> message and any attachments. Thank you.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ 
> <*http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/*<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>>
> ~
>
> ---
> 

Re: OT: MCM certification

[Andrew S. Baker]

Chris, if you look at who that certification is targeting, the ROI is very,
very straightforward.

Lowering the price wouldn't lower the barrier that much, and the cost of
the overall process must come from somewhere.





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Wed, Feb 13, 2013 at 10:20 AM, Christopher Bodnar <
christopher_bod...@glic.com> wrote:

> Was reading this yesterday:
>
> http://blogs.metcorpconsulting.com/tech/?p=1101
>
> And got to thinking about this again. It still bothers me that the road to
> this certification is artificially blocked by monetary constraints. I think
> the certification is difficult enough without adding that as a factor to
> reduce the overall numbers just to increase the "value" of this
> certification. Maybe I'm in the minority, but I know I wont' even consider
> this certification, just based on the cost. Not that I think I would pass,
> or that I even think I'm ready for something like this. I don't work for MS
> and I'm not a consultant. Which from what I've seen are the 2 primary
> groups of people seeking this certification. My employer would never
> consider this strictly based on cost and ROI.
>
> Anyone else of the same opinion? Or am I way off base here?
>
>Chris
>
> - This message, and any
> attachments to it, may contain information that is privileged,
> confidential, and exempt from disclosure under applicable law. If the
> reader of this message is not the intended recipient, you are notified that
> any use, dissemination, distribution, copying, or communication of this
> message is strictly prohibited. If you have received this message in error,
> please notify the sender immediately by return e-mail and delete the
> message and any attachments. Thank you.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Fortigate (was Guest network security)

[Andrew S. Baker]

One note:  It looks like Traffic Shaping and the Explicit Web Proxy option
are no longer available under the new OS for certain pieces of hardware,
including my 40C.   I suspect that anything in the SOHO range had it
removed.

I'm going to downgrade to v4.0 MR3 patch 11, as advised by support.

That's not cool.  :(

I've asked to see if that functionality will be brought back into the
device...

(Actually, I found that MR3 patch 12 was released on the 13th, so I've
downgraded to that)





*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Fri, Feb 8, 2013 at 12:57 PM, Sam Cayze  wrote:

> Good to know, thanks!****
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Friday, February 08, 2013 8:10 AM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Fortigate (was Guest network security)
>
> ** **
>
> Version 5.0 installed smoothly.  The visual changes are somewhat minimal
> for now, but the performance of the UI improved.  Can't say for the rest of
> the device (performance wise) as I haven't finished migrating to it.
>
> The backups are much smaller under 5.0 than under v4
>
>
> 
>
>  
>
>  
>
> *ASB
> **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
> **Providing Virtual CIO Services (IT Operations & Information Security)
> for the SMB market…*
>
>  
>
> ** **
>
> On Thu, Feb 7, 2013 at 12:46 PM, Andrew S. Baker 
> wrote:
>
> I will, as soon as I finish setting this device up today. :)
>
>
> 
>
>  
>
>  
>
> *ASB
> **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
> **Providing Virtual CIO Services (IT Operations & Information Security)
> for the SMB market…*
>
>  
>
> ** **
>
> On Thu, Feb 7, 2013 at 12:26 PM, Sam Cayze  wrote:****
>
> Speaking of Fortigate… (Much love btw).
>
>  
>
> Has anyone taken the jump to V5 of the OS yet?  They’ve patched it once or
> twice already; should be stable.
>
>  
>
>  
>
>  
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Wednesday, February 06, 2013 8:06 PM
> *To:* NT System Admin Issues
> *Subject:* Re: OT: Guest network security
>
>  
>
> Whoa!!!  That looks awesome. Man, I could really have gone for that a
> few weeks back.
>
> My Fortigate 40C arrives tomorrow. :)
>
>
> 
>
>  
>
>  
>
> *ASB
> **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
> **Providing Virtual CIO Services (IT Operations & Information Security)
> for the SMB market…*
>
>  
>
>  
>
> On Wed, Feb 6, 2013 at 8:31 PM, Richard Stovall  wrote:
> 
>
> I chose to build a new system so it would be small and silent rather than
> use an old computer lying around the house.
>
>  
>
> I went with:
>
>  
>
> Intel D2500CCE fanless mini-ITX motherboard (Dual core 1.86 GHz Atom CPU
> with dual Intel NICs onboard)
>
>  
>
> 4 GB RAM
>
>  
>
> 128GB Vertex 4 SSD
>
>  
>
> It has been in 'production' for a couple of weeks now, and is stable and
> very fast.  I also really like having the content filtering and
> antivirus capabilities of a UTM firewall at home.
>
>  
>
> The management interface is a little weird at first, but you get used to
> it.
>
>  
>
> I demo'ed the software in a VirtualBox VM for a week or so before pulling
> the trigger on the hardware expense.
>
>  
>
> If anyone is interested, the page at Sophos describing the offering is:
> http://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx
> 
>
>  
>
>  
>
> On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff  wrote:
>
> Our Sidewinders are EOL at the end of April, and my manager doesn't like
> them.
>
> He's a Cisco bigot, and wants ASAs in here.
>
> I'm fighting him to at least take a look at the Palo Alto platform, or
> perhaps the newest iteration of the Sidewinders (which are now called
> McAfee Enteprise Firewalls).
>
> That's an interesting tip on the Sophos solution. What did you use for
> the hardware?
>
> Kurt
>
>
> On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall 
> wrote:
> > I was going to suggest using the SonicPoint solution from SonicWall, but
> > you've got Sidewinders, don't you?
> >
> >

Re: Backup to cloud?

[Andrew S. Baker]

I associated with a cloud backup provider that I've just started working
with (in that capacity), and everything is encrypted on the client end
before being shipped across the wire.





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Wed, Feb 13, 2013 at 12:36 PM, Steve Ens  wrote:

> Yep, I am considering backup to the cloud after a backup to disk locally
> just for disaster recovery sakethen the time doesn't matter as much.
>  I'd still consider a mail recovery site though like postini or something
> to keep mail going in case of tornado or fire.
>
>
> On Wed, Feb 13, 2013 at 11:27 AM, Rod Trent wrote:
>
>> Why would retrieval take that long?  Are you talking more about disaster
>> recovery?
>>
>> ** **
>>
>> ** **
>>
>> *From:* David Lum [mailto:david@nwea.org]
>> *Sent:* Wednesday, February 13, 2013 12:21 PM
>>
>> *To:* NT System Admin Issues
>> *Subject:* Backup to cloud?
>>
>> ** **
>>
>> Does backup to cloud even matter if the time to retrieve it spans 20+
>> hours? If I were to consider hosting a clients’ backups at my location,
>> where do I go to find what liabilities I need to worry about.
>> Coincidentally the client in mind is a law firm of all places… 
>>
>> *David Lum*
>> Sr. Systems Engineer // NWEATM
>> Office 503.548.5229 //* *Cell (voice/text) 503.267.9764
>>
>> ** **
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Office 2013 retail tied to single PCs

[Andrew S. Baker]

If you're using an enterprise license, then you're pretty much already
there.

And this is what all of the vendors are trying to do.   ChromeBooks, etc...





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Wed, Feb 13, 2013 at 1:34 PM, Mathew Shember  wrote:

> I wonder how long before the OS is subscription based?
>
>
> -Original Message-
> From: Sam Cayze [mailto:sca...@gmail.com]
> Sent: Wednesday, February 13, 2013 10:13 AM
> To: NT System Admin Issues
> Subject: RE: Office 2013 retail tied to single PCs
>
> It's pushing some people to a subscription based plan all right...
> Just not always Microsoft's.
>
> -Original Message-
> From: Ben M. Schorr [mailto:b...@rolandschorr.com]
> Sent: Wednesday, February 13, 2013 12:00 PM
> To: NT System Admin Issues
> Subject: RE: Office 2013 retail tied to single PCs
>
> It's true, the license is now non-transferrable.  Part of their efforts to
> push everybody to the subscription-based plans, no doubt.
>
> Ben M. Schorr
> Chief Executive Officer
> Roland Schorr & Tower
> www.rolandschorr.com
>
> -Original Message-
> From: Ben Scott [mailto:mailvor...@gmail.com]
> Sent: Wednesday, February 13, 2013 10:56 AM
> To: NT System Admin Issues
> Subject: Office 2013 retail tied to single PCs
>
>   Reportedly, the licensing for Office 2013 FPP (Full Packaged Product,
> AKA retail box) has changed.  Microsoft reportedly says it's only licensed
> for the first PC you install it on.  Old PC dies, you buy a new PC?  Better
> buy a new copy of Office, too.  So it's like OEM, but at retail pricing.
>
>
> http://www.theage.com.au/technology/technology-news/does-your-copy-of-office
> -2013-die-with-your-computer-20130208-2e3a1.html
>
>   In addition to being evil and rude, I think this may violate the
> doctrine of first sale, making it an illegal provision in some
> jurisdictions.  But if Microsoft won't activate your install, that leaves
> court as an alternative.
>
>   Maybe we'll switch to LibreOffice for 2020.
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Another Java Update to close in the wild exploits Feb 19, 2013

[Andrew S. Baker]

http://www.computerworld.com/s/article/9236657/Oracle_to_release_yet_more_patches_for_Java?taxonomyId=17





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Tue, Feb 12, 2013 at 11:05 AM, Ziots, Edward  wrote:

> This is supposed to be post Update 13, which happened about a week ago.
> This is to fix the other flaws that Security Explorations sent to
> Oracle and I am sure there will be more.
>
> Z
>
> Edward E. Ziots, CISSP, Security +, Network +
> Security Engineer
> Lifespan Organization
> ezi...@lifespan.org
>
> This electronic message and any attachments may be privileged and
> confidential and protected from disclosure. If you are reading this
> message, but are not the intended recipient, nor an employee or agent
> responsible for delivering this message to the intended recipient, you are
> hereby notified that you are strictly prohibited from copying, printing,
> forwarding or otherwise disseminating this communication. If you have
> received this communication in error, please immediately notify the sender
> by replying to the message. Then, delete the message from your computer.
> Thank you.
>
>
>
>
> -Original Message-
> From: Ben M. Schorr [mailto:b...@rolandschorr.com]
> Sent: Tuesday, February 12, 2013 10:52 AM
> To: NT System Admin Issues
> Subject: RE: Another Java Update to close in the wild exploits Feb 19, 2013
>
> That update was from a week ago wasn't it?
>
> Ben M. Schorr
> Chief Executive Officer
> Roland Schorr & Tower - Flagstaff Office
> 928-526-3970
> www.rolandschorr.com * www.twitter.com/bschorr *
> www.facebook.com/RolandSchorr
>
> -Original Message-
> From: Ziots, Edward [mailto:ezi...@lifespan.org]
> Sent: Tuesday, February 12, 2013 8:32 AM
> To: NT System Admin Issues
> Subject: RE: Another Java Update to close in the wild exploits Feb 19, 2013
>
> Sorry included an internal group on the email, that I fubbed when sending
> the email. But yes Java is going to be patched again, another 50 fixes,
> maybe that will take care of what Security Explorations has sent to oracle.
> I am sure this will not be end of this.
>
> Z
>
> Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan
> Organization ezi...@lifespan.org
>
> This electronic message and any attachments may be privileged and
> confidential and protected from disclosure. If you are reading this
> message, but are not the intended recipient, nor an employee or agent
> responsible for delivering this message to the intended recipient, you are
> hereby notified that you are strictly prohibited from copying, printing,
> forwarding or otherwise disseminating this communication. If you have
> received this communication in error, please immediately notify the sender
> by replying to the message. Then, delete the message from your computer.
> Thank you.
>
>
>
>
> -Original Message-
> From: Webster [mailto:webs...@carlwebster.com]
> Sent: Tuesday, February 12, 2013 9:06 AM
> To: NT System Admin Issues
> Subject: RE: Another Java Update to close in the wild exploits Feb 19, 2013
>
> Too late.
>
> Thanks
>
>
> Webster
>
> > -Original Message-
> > From: Ziots, Edward [mailto:ezi...@lifespan.org]
> > Subject: Recall: Another Java Update to close in the wild exploits Feb
> > 19, 2013
> >
> > Ziots, Edward would like to recall the message, "Another Java Update
> > to close in the wild exploits Feb 19, 2013".
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ 

Re: Dell/Quest Reporter

[Andrew S. Baker]

I used it back in the day.   Provided detailed reports that were useful.





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Fri, Feb 8, 2013 at 11:04 AM, Christopher Bodnar <
christopher_bod...@glic.com> wrote:

> Anyone using this?
>
> Looking for a canned package that can generate reports on Active
> Directory. Looks like this does it and a lot more.
>
> Would like to hear from anyone who has used it.
>
> Thanks
>
>  *Christopher Bodnar*
> Enterprise Architect I, Corporate Office of Technology:Enterprise
> Architecture and Engineering Services  Tel 610-807-6459
> 3900 Burgess Place, Bethlehem, PA 18017
> christopher_bod...@glic.com
>
>
> *
> The Guardian Life Insurance Company of America*
> *
> **www.guardianlife.com* 
>
>
> - This message, and any
> attachments to it, may contain information that is privileged,
> confidential, and exempt from disclosure under applicable law. If the
> reader of this message is not the intended recipient, you are notified that
> any use, dissemination, distribution, copying, or communication of this
> message is strictly prohibited. If you have received this message in error,
> please notify the sender immediately by return e-mail and delete the
> message and any attachments. Thank you.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: Exchange Server 2013: Not quite ready for the data center - Computerworld

[Andrew S. Baker]

:::hangs head:::



*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Thu, Feb 7, 2013 at 7:46 PM, Michael B. Smith wrote:

>  Tsk tsk tsk
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Thursday, February 7, 2013 7:38 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Exchange Server 2013: Not quite ready for the data center
> - Computerworld
>
> ** **
>
> Funny thing is, I remember him posting that article, and I bookmarked it,
> but I never got around to reading it.
>
> ** **
>
> ::shame::
>
>
> 
>
>  
>
>  
>
> *ASB
> **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
> **Providing Virtual CIO Services (IT Operations & Information Security)
> for the SMB market…*
>
>  
>
> ** **
>
> On Thu, Feb 7, 2013 at 2:20 PM, Free, Bob  wrote:
>
> Didn’t you get the memo ASB? J
>
>  
>
> He blogged on that a whole back. 
>
>  
>
> Short answer “In my personal opinion, Exchange 2013 RTM is not ready for
> prime time.”****
>
>  
>
>
> http://theessentialexchange.com/blogs/michael/archive/2013/01/06/exchange-server-2013-gotchas.aspx
> 
>
>  
>
>  
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Thursday, February 07, 2013 9:52 AM
> *To:* NT System Admin Issues
> *Subject:* [dkim-failure] Exchange Server 2013: Not quite ready for the
> data center - Computerworld
>
>  
>
> Hey, MBS
>
>  
>
> What's your take on this article?I haven't touched Exchange 2013 as
> yet...
>
>  
>
>
> http://www.computerworld.com/s/article/9236531/Exchange_Server_2013_Not_quite_ready_for_the_data_center?taxonomyId=18&pageNumber=1
> 
>
>  
>
> Regards,
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ** **
>  --
>
> PG&E is committed to protecting our customers' privacy.
> To learn more, please visit
> http://www.pge.com/about/company/privacy/customer/
>  --
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Passsword Meter

[Andrew S. Baker]

LOL





*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Thu, Feb 7, 2013 at 7:45 PM, Webster  wrote:

>  I use Internet Exploder and trust Microsoft to have a safe and secure
> browser that affords me plenty of security on the Internet.  What more do I
> need?
>
> ** **
>
> Thanks
>
> ** **
>
> ** **
>
> Webster
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Subject:* Re: Passsword Meter
>
> ** **
>
> It's not like they won't grab IP info...
>
> ** **
>
> Plus, are you *sure* your browser is not giving away username info?
>
>  
>
> ** **
>
> On Thu, Feb 7, 2013 at 6:24 PM, Crawford, Scott 
> wrote:
>
> Yeah, I'm not too crazy about it, but its not like you put a username in
> to match.
>
>
> -Original Message-
> From: S Powell [mailto:powe...@gmail.com]
> Subject: Re: Passsword Meter
>
> it says that mine, "qwerty123" is not very good... odd that...
>
> or
>
> what a great way to collect passwords...
>
>
> On Thu, Feb 7, 2013 at 2:56 PM, Crawford, Scott 
> wrote:
> > If you don't mind typing your password into a web form, this is a pretty
> nice indicator of strength.
> >
> > http://www.passwordmeter.com/
>
> 
>
>~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Fortigate (was Guest network security)

[Andrew S. Baker]

Version 5.0 installed smoothly.  The visual changes are somewhat minimal
for now, but the performance of the UI improved.  Can't say for the rest of
the device (performance wise) as I haven't finished migrating to it.

The backups are much smaller under 5.0 than under v4





*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Thu, Feb 7, 2013 at 12:46 PM, Andrew S. Baker  wrote:

> I will, as soon as I finish setting this device up today. :)
>
>
>
>
>
> *ASB
> **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
> **Providing Virtual CIO Services (IT Operations & Information Security)
> for the SMB market…***
>
>
>
>
>
> On Thu, Feb 7, 2013 at 12:26 PM, Sam Cayze  wrote:
>
>> Speaking of Fortigate… (Much love btw).
>>
>> ** **
>>
>> Has anyone taken the jump to V5 of the OS yet?  They’ve patched it once
>> or twice already; should be stable.
>>
>> ** **
>>
>> ** **
>>
>> ** **
>>
>> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
>> *Sent:* Wednesday, February 06, 2013 8:06 PM
>> *To:* NT System Admin Issues
>> *Subject:* Re: OT: Guest network security
>>
>> ** **
>>
>> Whoa!!!  That looks awesome. Man, I could really have gone for that a
>> few weeks back.
>>
>> My Fortigate 40C arrives tomorrow. :)
>>
>>
>> 
>>
>>  
>>
>>  
>>
>> *ASB
>> **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
>> **Providing Virtual CIO Services (IT Operations & Information Security)
>> for the SMB market…*
>>
>>  
>>
>> ** **
>>
>> On Wed, Feb 6, 2013 at 8:31 PM, Richard Stovall 
>> wrote:
>>
>> I chose to build a new system so it would be small and silent rather than
>> use an old computer lying around the house.
>>
>> ** **
>>
>> I went with:
>>
>> ** **
>>
>> Intel D2500CCE fanless mini-ITX motherboard (Dual core 1.86 GHz Atom CPU
>> with dual Intel NICs onboard)
>>
>> ** **
>>
>> 4 GB RAM
>>
>> ** **
>>
>> 128GB Vertex 4 SSD
>>
>> ** **
>>
>> It has been in 'production' for a couple of weeks now, and is stable and
>> very fast.  I also really like having the content filtering and
>> antivirus capabilities of a UTM firewall at home.
>>
>> ** **
>>
>> The management interface is a little weird at first, but you get used to
>> it.
>>
>> ** **
>>
>> I demo'ed the software in a VirtualBox VM for a week or so before pulling
>> the trigger on the hardware expense.
>>
>> ** **
>>
>> If anyone is interested, the page at Sophos describing the offering is:
>> http://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx
>> 
>>
>> ** **
>>
>> ** **
>>
>> On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff  wrote:***
>> *
>>
>> Our Sidewinders are EOL at the end of April, and my manager doesn't like
>> them.
>>
>> He's a Cisco bigot, and wants ASAs in here.
>>
>> I'm fighting him to at least take a look at the Palo Alto platform, or
>> perhaps the newest iteration of the Sidewinders (which are now called
>> McAfee Enteprise Firewalls).
>>
>> That's an interesting tip on the Sophos solution. What did you use for
>> the hardware?
>>
>> Kurt
>>
>>
>> On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall 
>> wrote:
>> > I was going to suggest using the SonicPoint solution from SonicWall, but
>> > you've got Sidewinders, don't you?
>> >
>> > Does McAfee have anything like SonicWall's wireless solution where it's
>> all
>> > managed from the firewall?
>> >
>> > PS  Sophos has this too, and they give their UTM firewall away free for
>> home
>> > use.  Just bring your own hardware.  I just switched to this the other
>> day
>> > and love it so far.  I should write a blog post about it.  (But then I'd
>> > have to create a blog...)
>> >
>> >
>> > On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff  wrote:
>> >>
>>
>> >> All,
>> >>
>> >> Quite some time ago, I set up an unsecured guest VLAN in our network,
>> >> providing wirel

Re: Domain upgrade: 2008 R2 or 2012 ?

[Andrew S. Baker]

Why should I waste words to concur with the right answer?  :)





*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Thu, Feb 7, 2013 at 6:57 PM, Webster  wrote:

>  Copycat! J
>
> ** **
>
> Thanks
>
> ** **
>
> ** **
>
> Webster
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Subject:* Re: Domain upgrade: 2008 R2 or 2012 ?
>
> ** **
>
> Seconded.
>
> * *
>
> *ASB
> **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
> **Providing Virtual CIO Services (IT Operations & Information Security)
> for the SMB market…*
>
>  
>
> ** **
>
> On Thu, Feb 7, 2013 at 4:43 PM, Brian Desmond 
> wrote:
>
> *I would go straight to WS2012.*
>
> * *
>
> *From an AD perspective, you can take advantage of new features like
> virtualization safeties, group managed service accounts, and dynamic access
> control. *
>
> * *
>
> *Thanks,*
>
> *Brian Desmond*
>
> *br...@briandesmond.com*
>
> * *
>
> *w – 312.625.1438 | c – 312.731.3132*
>
> * *
>
> *From:* Christopher Bodnar [mailto:christopher_bod...@glic.com]
> *Sent:* Thursday, February 7, 2013 3:34 PM
> *To:* NT System Admin Issues
> *Subject:* Domain upgrade: 2008 R2 or 2012 ?
>
>  
>
> Has anyone done this evaluation recently? We are a 2003 R2 shop. We were
> in the process of planning a migration to a 2008 R2 domain last year
> (hardware was bought and deployed), when the funds got cut. From what I
> hear, we will have funding and approval this year for the project. So the
> question is now, 2008 R2 or 2012. I've had very little time with 2012 so
> far. Hopefully that will change in the near future. The benefits of going
> from 2003 to 2008 R2 i've already captured. From what I've seen so far,
> 2012 seems stable and an incremental upgrade for our environment. Some of
> the things that might push me towards 2012 don't apply in our environment.
> for Example RDS and Hyper-V. We are a big Citrix and VMWare shop. So I
> don't really see us making use of those specific features, or the
> enhancements in them from previous versions. From my understanding 2012 is
> included in our EA agreement. So I don't think it will really be a
> licensing issue.
>
> Love to hear thoughts and comments from others who are going through this
> right now, or have done this evaluation recently.
>
> 
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Passsword Meter

[Andrew S. Baker]

It's not like they won't grab IP info...

Plus, are you *sure* your browser is not giving away username info?





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Thu, Feb 7, 2013 at 6:24 PM, Crawford, Scott wrote:

> Yeah, I'm not too crazy about it, but its not like you put a username in
> to match.
>
> -Original Message-
> From: S Powell [mailto:powe...@gmail.com]
> Sent: Thursday, February 7, 2013 5:22 PM
> To: NT System Admin Issues
> Subject: Re: Passsword Meter
>
> it says that mine, "qwerty123" is not very good... odd that...
>
> or
>
> what a great way to collect passwords...
>
>
> -
> Sub ubi semper ubi
>
>
> On Thu, Feb 7, 2013 at 2:56 PM, Crawford, Scott 
> wrote:
> > If you don't mind typing your password into a web form, this is a pretty
> nice indicator of strength.
> >
> > http://www.passwordmeter.com/
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> >   ~
> >
> > ---
> > To manage subscriptions click here:
> > http://lyris.sunbelt-software.com/read/my_forums/
> > or send an email to listmana...@lyris.sunbeltsoftware.com
> > with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Highly recommended - I have a paper copy

[Andrew S. Baker]

Thanks!





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Thu, Feb 7, 2013 at 5:20 PM, Kurt Buff  wrote:

> -- Forwarded message --
> From: InfoSec News 
> Date: Wed, Feb 6, 2013 at 11:41 PM
> Subject: [ISN] Security Engineering -- The Book - For Free!
> To: i...@infosecnews.org
>
>
> http://www.cl.cam.ac.uk/~rja14/book.html
>
> Security Engineering -- The Book
>
> ‘I'm incredibly impressed that one person could produce such a
> thorough coverage. Moreover, you make the stuff easy and enjoyable to
> read. I find it just as entertaining - and far more useful - than
> novels (and my normal science fiction). When I first got it in the
> mail, I said to myself "I'm never going to read all of that." But once
> I started reading I just kept going and going. Fantastic: well done.
> Now, let's hope that all those in charge of security for information
> technology will also read the book and heed the lessons.’ Don Norman
>
> ‘The book that you MUST READ RIGHT NOW is the second edition of Ross
> Anderson's Security Engineering book. Ross did a complete pass on his
> classic tome and somehow made it even better...’ Gary McGraw
>
> ‘It's beautiful. This is the best book on the topic there is’
> Bruce Schneier
>
> All chapters from the second edition now available free online!
>
> Table of contents
> Preface
> Acknowledgements
> Chapter 1: What is Security Engineering?
> Chapter 2: Usability and Psychology
> Chapter 3: Protocols
> Chapter 4: Access Control
> Chapter 5: Cryptography
> Chapter 6: Distributed Systems
> Chapter 7: Economics
> Chapter 8: Multilevel Security
> Chapter 9: Multilateral Security
> Chapter 10: Banking and Bookkeeping
> Chapter 11: Physical Protection
> Chapter 12: Monitoring and Metering
> Chapter 13: Nuclear Command and Control
> Chapter 14: Security Printing and Seals
> Chapter 15: Biometrics
> Chapter 16: Physical Tamper Resistance
> Chapter 17: Emission Security
> Chapter 18: API Security
> Chapter 19: Electronic and Information Warfare
> Chapter 20: Telecom System Security
> Chapter 21: Network Attack and Defence
> Chapter 22: Copyright and DRM
> Chapter 23: The Bleeding Edge
> Chapter 24: Terror, Justice and Freedom
> Chapter 25: Managing the Development of Secure Systems
> Chapter 26: System Evaluation and Assurance
> Chapter 27: Conclusions
> Bibliography
> Index
>
> When I wrote the first edition, we put the chapters online free after
> four years and found that this boosted sales of the paper edition.
> People would find a useful chapter online and then buy the book to
> have it as a reference. Wiley and I agreed to do the same with the
> second edition, and now, four years after publication, I am putting
> all the chapters online for free. Enjoy them – and I hope you'll buy
> the paper version to have as a conveient shelf reference:
>
> Buy from Amazon.com
> Buy from Wiley
> Buy from Amazon.co.uk (Kindle version)
>
> Here are the errata for the second edition, and here's a page of notes
> and links concerning relevant topics that I've come across since
> publication.
>
> Supplementary materials: If you're a college professor thinking of
> using my book in class, note that we use my book in three courses at
> Cambridge:
>
> * the first part in second-year Introduction to Security (course
>   material and past exam questions)
>
> * the second in third-year Security (course material and questions), and
>
> * the third part in our second-year Software Engineering (course,
>   questions and still more questions).
>
> I hope you find these useful. You're welcome to use and adapt any of
> my slides if you wish under this Creative Commons license. Also, if
> you're an instructor at an accredited institution, you can request an
> evaluation copy via Wiley's website.
>
>
> __
> Visit the InfoSec News Security Bookstore
> Best Selling Security Books and More!
> http://www.shopinfosecnews.org
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Domain upgrade: 2008 R2 or 2012 ?

[Andrew S. Baker]

Seconded.





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Thu, Feb 7, 2013 at 4:43 PM, Brian Desmond wrote:

>  *I would go straight to WS2012.*
>
> * *
>
> *From an AD perspective, you can take advantage of new features like
> virtualization safeties, group managed service accounts, and dynamic access
> control. *
>
> * *
>
> *Thanks,*
>
> *Brian Desmond*
>
> *br...@briandesmond.com*
>
> * *
>
> *w – 312.625.1438 | c – 312.731.3132*
>
> * *
>
> *From:* Christopher Bodnar [mailto:christopher_bod...@glic.com]
> *Sent:* Thursday, February 7, 2013 3:34 PM
> *To:* NT System Admin Issues
> *Subject:* Domain upgrade: 2008 R2 or 2012 ?
>
> ** **
>
> Has anyone done this evaluation recently? We are a 2003 R2 shop. We were
> in the process of planning a migration to a 2008 R2 domain last year
> (hardware was bought and deployed), when the funds got cut. From what I
> hear, we will have funding and approval this year for the project. So the
> question is now, 2008 R2 or 2012. I've had very little time with 2012 so
> far. Hopefully that will change in the near future. The benefits of going
> from 2003 to 2008 R2 i've already captured. From what I've seen so far,
> 2012 seems stable and an incremental upgrade for our environment. Some of
> the things that might push me towards 2012 don't apply in our environment.
> for Example RDS and Hyper-V. We are a big Citrix and VMWare shop. So I
> don't really see us making use of those specific features, or the
> enhancements in them from previous versions. From my understanding 2012 is
> included in our EA agreement. So I don't think it will really be a
> licensing issue.
>
> Love to hear thoughts and comments from others who are going through this
> right now, or have done this evaluation recently.
>
> Thanks, ** **
>
> *Christopher Bodnar*
> Enterprise Architect I, Corporate Office of Technology:Enterprise
> Architecture and Engineering Services 
>
> Tel 610-807-6459
> 3900 Burgess Place, Bethlehem, PA 18017
> christopher_bod...@glic.com 
>
>
> *
> The Guardian Life Insurance Company of America*
> *
> *www.guardianlife.com 
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: Registry entries to set a WSUS client

[Andrew S. Baker]

LOL.  Hey, I did give anonymous attributions. :)





*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Thu, Feb 7, 2013 at 12:17 PM, Kennedy, Jim
wrote:

> First and foremost I suggested that before Andrew did. He just copied off
> me.
>
> http://support.microsoft.com/kb/2734608
>
> Then reregister the server. Also that update needs to be on your console
> machine if that is how you are doing it.
>
> Andrew is going to copy, I just know it.
>
> -Original Message-
> From: Michael Leone [mailto:oozerd...@gmail.com]
> Sent: Thursday, February 07, 2013 11:59 AM
> To: NT System Admin Issues
> Subject: Re: Registry entries to set a WSUS client
>
> On Wed, Feb 6, 2013 at 12:51 PM, Andrew S. Baker 
> wrote:
> >
> > Yes, it still does work if you change the registry manually, but having
> a separate OU for testing (like everyone else is saying) is the best path.
>
> Yes, you're right. So I did this - set up a test OU, and a test GPO,
> pointing at my new WSUS server. I rolled out some new VMs - Win7, Win2003,
> Win2008, Win2012, put them in that OU, added them to the group that links
> to that new GPO. All are showing up in the new WSUS server (yay!). However,
> the 2012 server is showing up as OS Win2003 STD x64, and not Win2012.
> What's up with that? :-) I am up to date on the WSUS updates, apparently.
> Is this just a display bug? It shows I need 14 updates (which I suppose is
> correct),
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Fortigate (was Guest network security)

[Andrew S. Baker]

I will, as soon as I finish setting this device up today. :)





*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Thu, Feb 7, 2013 at 12:26 PM, Sam Cayze  wrote:

> Speaking of Fortigate… (Much love btw).
>
> ** **
>
> Has anyone taken the jump to V5 of the OS yet?  They’ve patched it once or
> twice already; should be stable.
>
> ** **
>
> ** **
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Wednesday, February 06, 2013 8:06 PM
> *To:* NT System Admin Issues
> *Subject:* Re: OT: Guest network security
>
> ** **
>
> Whoa!!!  That looks awesome. Man, I could really have gone for that a
> few weeks back.
>
> My Fortigate 40C arrives tomorrow. :)
>
>
> 
>
>  
>
>  
>
> *ASB
> **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
> **Providing Virtual CIO Services (IT Operations & Information Security)
> for the SMB market…*
>
>  
>
> ** **
>
> On Wed, Feb 6, 2013 at 8:31 PM, Richard Stovall  wrote:
> 
>
> I chose to build a new system so it would be small and silent rather than
> use an old computer lying around the house.
>
> ** **
>
> I went with:
>
> ** **
>
> Intel D2500CCE fanless mini-ITX motherboard (Dual core 1.86 GHz Atom CPU
> with dual Intel NICs onboard)
>
> ** **
>
> 4 GB RAM
>
> ** **
>
> 128GB Vertex 4 SSD
>
> ** **
>
> It has been in 'production' for a couple of weeks now, and is stable and
> very fast.  I also really like having the content filtering and
> antivirus capabilities of a UTM firewall at home.
>
> ** **
>
> The management interface is a little weird at first, but you get used to
> it.
>
> ** **
>
> I demo'ed the software in a VirtualBox VM for a week or so before pulling
> the trigger on the hardware expense.
>
> ** **
>
> If anyone is interested, the page at Sophos describing the offering is:
> http://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx
> 
>
> ** **
>
> ** **
>
> On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff  wrote:
>
> Our Sidewinders are EOL at the end of April, and my manager doesn't like
> them.
>
> He's a Cisco bigot, and wants ASAs in here.
>
> I'm fighting him to at least take a look at the Palo Alto platform, or
> perhaps the newest iteration of the Sidewinders (which are now called
> McAfee Enteprise Firewalls).
>
> That's an interesting tip on the Sophos solution. What did you use for
> the hardware?
>
> Kurt
>
>
> On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall 
> wrote:
> > I was going to suggest using the SonicPoint solution from SonicWall, but
> > you've got Sidewinders, don't you?
> >
> > Does McAfee have anything like SonicWall's wireless solution where it's
> all
> > managed from the firewall?
> >
> > PS  Sophos has this too, and they give their UTM firewall away free for
> home
> > use.  Just bring your own hardware.  I just switched to this the other
> day
> > and love it so far.  I should write a blog post about it.  (But then I'd
> > have to create a blog...)
> >
> >
> > On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff  wrote:
> >>
>
> >> All,
> >>
> >> Quite some time ago, I set up an unsecured guest VLAN in our network,
> >> providing wireless access to all of the sundry devices that staff and
> >> visitors carry. I set up a small FreeBSD machine to serve IP addresses
> >> via DHCP, and that was dead simple.
> >>
> >> It is a layer2 VLAN, traversing our backbone, and terminating on our
> >> corporate firewall.
> >>
> >> However, there are now other tenants in our building, and the subnet
> >> is getting too much bandwidth and address consumption - the range I
> >> set up is completely filled, and the VLAN is consuming about half of
> >> our Internet pipe, which is far too much for my comfort.
> >>
> >> I suspect the other tenants are leeching.
> >>
> >> What I've read of captive portals seems to indicate that the portal is
> >> part of the firewall. I could be wrong about that, though. Regardless,
> the
> >> corporate firewall will not be allowed to be part of this solution.
> >>
> >> The only other alternative I see right now is to set up a password on
> >> the SSID, and have

Re: Wow. Just what we need

[Andrew S. Baker]

Yes, thanks.  This was an awesome read.





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Thu, Feb 7, 2013 at 11:30 AM, Steven M. Caesare wrote:

> Great read, and indeed an interesting compliment to Wireshark... good
> stuff thanks Kurt.
>
> -sc
>
> > -Original Message-
> > From: Kurt Buff [mailto:kurt.b...@gmail.com]
> > Sent: Wednesday, February 6, 2013 8:24 PM
> > To: NT System Admin Issues
> > Subject: Wow. Just what we need
> >
> > A limited threat, but a good one:
> >
> > Packet of death
> > http://blog.krisk.org/2013/02/packets-of-death.html
> >
> > Also,
> > https://isc.sans.edu/diary/Intel+Network+Card+%2882574L%29+Packet+of+
> > Death/15109
> > - see the comment...
> >
> > What a brilliant sleuthing job, though, and a mention of a tool that's
> new to
> > me and possibly quite promising.
> >
> > Kurt
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> >   ~
> >
> > ---
> > To manage subscriptions click here: http://lyris.sunbelt-
> > software.com/read/my_forums/
> > or send an email to listmana...@lyris.sunbeltsoftware.com
> > with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: OT: Guest network security

[Andrew S. Baker]

They bought Astaro a few years back...





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Thu, Feb 7, 2013 at 1:21 AM, Kurt Buff  wrote:

> I didn't know that Sophos had gotten into the hardware world.
>
> That's very interesting, and I'll have to take a look at it.
>
> Just as an aside - I think that wired end-point connectivity is going
> the way of the dodo, except for the most demanding loads, so it make a
> deal of sense for them to do that.
>
> Kurt
>
> On Wed, Feb 6, 2013 at 6:04 PM, Richard Stovall  wrote:
> > My bad.  I bought a Sophos AP 30 to go along with the firewall hardware.
> > This AP alone was about 45% of the total cost of the project, but I still
> > saved a good chunk of change over the SonicWall TZ + SonicPoint solution
> > that I had been planning on buying before finding the Sophos home
> license.
> >
> >
> > On Wed, Feb 6, 2013 at 8:42 PM, Kurt Buff  wrote:
> >>
> >> So your wireless is served elsewise?
> >>
> >> Kurt
> >>
> >> On Wed, Feb 6, 2013 at 5:31 PM, Richard Stovall 
> wrote:
> >> > I chose to build a new system so it would be small and silent rather
> >> > than
> >> > use an old computer lying around the house.
> >> >
> >> > I went with:
> >> >
> >> > Intel D2500CCE fanless mini-ITX motherboard (Dual core 1.86 GHz Atom
> CPU
> >> > with dual Intel NICs onboard)
> >> >
> >> > 4 GB RAM
> >> >
> >> > 128GB Vertex 4 SSD
> >> >
> >> > It has been in 'production' for a couple of weeks now, and is stable
> and
> >> > very fast.  I also really like having the content filtering and
> >> > antivirus
> >> > capabilities of a UTM firewall at home.
> >> >
> >> > The management interface is a little weird at first, but you get used
> to
> >> > it.
> >> >
> >> > I demo'ed the software in a VirtualBox VM for a week or so before
> >> > pulling
> >> > the trigger on the hardware expense.
> >> >
> >> > If anyone is interested, the page at Sophos describing the offering
> is:
> >> >
> >> >
> http://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx
> >> >
> >> >
> >> >
> >> > On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff 
> wrote:
> >> >>
> >> >> Our Sidewinders are EOL at the end of April, and my manager doesn't
> >> >> like
> >> >> them.
> >> >>
> >> >> He's a Cisco bigot, and wants ASAs in here.
> >> >>
> >> >> I'm fighting him to at least take a look at the Palo Alto platform,
> or
> >> >> perhaps the newest iteration of the Sidewinders (which are now called
> >> >> McAfee Enteprise Firewalls).
> >> >>
> >> >> That's an interesting tip on the Sophos solution. What did you use
> for
> >> >> the hardware?
> >> >>
> >> >> Kurt
> >> >>
> >> >> On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall 
> >> >> wrote:
> >> >> > I was going to suggest using the SonicPoint solution from
> SonicWall,
> >> >> > but
> >> >> > you've got Sidewinders, don't you?
> >> >> >
> >> >> > Does McAfee have anything like SonicWall's wireless solution where
> >> >> > it's
> >> >> > all
> >> >> > managed from the firewall?
> >> >> >
> >> >> > PS  Sophos has this too, and they give their UTM firewall away free
> >> >> > for
> >> >> > home
> >> >> > use.  Just bring your own hardware.  I just switched to this the
> >> >> > other
> >> >> > day
> >> >> > and love it so far.  I should write a blog post about it.  (But
> then
> >> >> > I'd
> >> >> > have to create a blog...)
> >> >> >
> >> >> >
> >> >> > On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff 
> >> >> > wrote:
> >> >> >>
> >> >> >> All,
> >> >> >>
> >> >> >> Quite some time ago, I set up an unsecured guest VLAN in our
> >> >> >> network,
> >> >> >> providing wireless access to all of the sundry devices that staff
> >> >> >> and
> >> >> >> visitors carry. I set up a small FreeBSD machine to serve IP
> >> >> >> addresses
> >> >> >> via DHCP, and that was dead simple.
> >> >> >>
> >> >> >> It is a layer2 VLAN, traversing our backbone, and terminating on
> our
> >> >> >> corporate firewall.
> >> >> >>
> >> >> >> However, there are now other tenants in our building, and the
> subnet
> >> >> >> is getting too much bandwidth and address consumption - the range
> I
> >> >> >> set up is completely filled, and the VLAN is consuming about half
> of
> >> >> >> our Internet pipe, which is far too much for my comfort.
> >> >> >>
> >> >> >> I suspect the other tenants are leeching.
> >> >> >>
> >> >> >> What I've read of captive portals seems to indicate that the
> portal
> >> >> >> is
> >> >> >> part of the firewall. I could be wrong about that, though.
> >> >> >> Regardless,
> >> >> >> the
> >> >> >> corporate firewall will not be allowed to be part of this
> solution.
> >> >> >>
> >> >> >> The only other alternative I see right now is to set up a password
> >> >> >> on
> >> >> >> the SSID, and have the front desk hand it out to guests, after
> >> >> >> mailing
> >> >> >> it to staff, and I'm getting pushback on that from my manager.
> >> >> >>
> 

Re: OT: Guest network security

[Andrew S. Baker]

LOL

It looks pretty good, but I need some more stuff.   This will be helpful
for me with smaller clients, though.  Rich!





*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Wed, Feb 6, 2013 at 9:36 PM, Richard Stovall  wrote:

> I have to say, it is pretty cool to have basically the same features at
> home that I have at work, even if the two user interfaces are completely
> different.  I dropped a good chunk of change up front, but I'll come out
> way ahead over a period of 4+ years.  (At least compared to SonicWall
> pricing from a really good reseller.)
>
> Now, if the hardware dies, or Sophos drops the program, I'll be calling
> you for the name of your Fortinet vendor...  :)
>
>
>
>
>  On Wed, Feb 6, 2013 at 9:05 PM, Andrew S. Baker wrote:
>
>>  Whoa!!!  That looks awesome. Man, I could really have gone for that
>> a few weeks back.
>>
>> My Fortigate 40C arrives tomorrow. :)
>>
>>
>>
>>
>>
>> *ASB
>> **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
>> **Providing Virtual CIO Services (IT Operations & Information Security)
>> for the SMB market…***
>>
>>
>>
>>
>>
>> On Wed, Feb 6, 2013 at 8:31 PM, Richard Stovall wrote:
>>
>>> I chose to build a new system so it would be small and silent rather
>>> than use an old computer lying around the house.
>>>
>>> I went with:
>>>
>>> Intel D2500CCE fanless mini-ITX motherboard (Dual core 1.86 GHz Atom CPU
>>> with dual Intel NICs onboard)
>>>
>>> 4 GB RAM
>>>
>>> 128GB Vertex 4 SSD
>>>
>>> It has been in 'production' for a couple of weeks now, and is stable and
>>> very fast.  I also really like having the content filtering and
>>> antivirus capabilities of a UTM firewall at home.
>>>
>>> The management interface is a little weird at first, but you get used to
>>> it.
>>>
>>> I demo'ed the software in a VirtualBox VM for a week or so before
>>> pulling the trigger on the hardware expense.
>>>
>>> If anyone is interested, the page at Sophos describing the offering is:
>>> http://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx
>>>
>>>
>>>
>>> On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff  wrote:
>>>
>>>> Our Sidewinders are EOL at the end of April, and my manager doesn't
>>>> like them.
>>>>
>>>> He's a Cisco bigot, and wants ASAs in here.
>>>>
>>>> I'm fighting him to at least take a look at the Palo Alto platform, or
>>>> perhaps the newest iteration of the Sidewinders (which are now called
>>>> McAfee Enteprise Firewalls).
>>>>
>>>> That's an interesting tip on the Sophos solution. What did you use for
>>>> the hardware?
>>>>
>>>> Kurt
>>>>
>>>> On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall 
>>>> wrote:
>>>> > I was going to suggest using the SonicPoint solution from SonicWall,
>>>> but
>>>> > you've got Sidewinders, don't you?
>>>> >
>>>> > Does McAfee have anything like SonicWall's wireless solution where
>>>> it's all
>>>> > managed from the firewall?
>>>> >
>>>> > PS  Sophos has this too, and they give their UTM firewall away free
>>>> for home
>>>> > use.  Just bring your own hardware.  I just switched to this the
>>>> other day
>>>> > and love it so far.  I should write a blog post about it.  (But then
>>>> I'd
>>>> > have to create a blog...)
>>>> >
>>>> >
>>>> > On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff 
>>>> wrote:
>>>> >>
>>>> >> All,
>>>> >>
>>>> >> Quite some time ago, I set up an unsecured guest VLAN in our network,
>>>> >> providing wireless access to all of the sundry devices that staff and
>>>> >> visitors carry. I set up a small FreeBSD machine to serve IP
>>>> addresses
>>>> >> via DHCP, and that was dead simple.
>>>> >>
>>>> >> It is a layer2 VLAN, traversing our backbone, and terminating on our
>>>> >> corporate firewall.

Re: OT: Guest network security

[Andrew S. Baker]

Yes.  You can contact me off-line...





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Wed, Feb 6, 2013 at 4:59 PM, Pete Howard  wrote:

> Anyone have a favorite VAR to work with for PA's ? A few of
> my usual vendors dont carry them
>
>   --
> *From:* "Ziots, Edward" 
> *To:* NT System Admin Issues 
> *Sent:* Wednesday, February 6, 2013 4:08 PM
> *Subject:* RE: OT: Guest network security
>
>   If you mean PA=Palo Alto, they are dead on (scary CCIE would say that
> being from the CISCO house) I work on Palo Alto Daily, and its sick how
> much these things can do.  Been finding a lot that I wouldn’t have been
> able to obtain but regular firewall log parsing, and being able to
> quantifiy you own applications and make traffic rules based on them is
> pretty killer.
>
> Z
>
> Edward E. Ziots, CISSP, Security +, Network +
> Security Engineer
> Lifespan Organization
> ezi...@lifespan.org
>
> This electronic message and any attachments may be privileged and
> confidential and protected from disclosure. If you are reading this
> message, but are not the intended recipient, nor an employee or agent
> responsible for delivering this message to the intended recipient, you are
> hereby notified that you are strictly prohibited from copying, printing,
> forwarding or otherwise disseminating this communication. If you have
> received this communication in error, please immediately notify the sender
> by replying to the message. Then, delete the message from your computer.
> Thank you.
> *[image: Description: Description: Lifespan]*
>
>
>  *From:* Kevin Lundy [mailto:klu...@gmail.com]
> *Sent:* Wednesday, February 06, 2013 3:48 PM
> *To:* NT System Admin Issues
> *Subject:* Re: OT: Guest network security
>
>  I have two CCIE's that work for me.  Both also used to work for a Cisco
> VAR - so obviously Cisco bigots.  They both recommended PA to me over the
> ASA.  From a security perspective, the PA do so much more than ASAs.  We
> still use ASAs for some intranet firewalls.
>
>  Are you using the Cisco controllers with your WAPs?  If so, they have
> captive portal capability.  They call it Lobby Ambassador.
>  On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff  wrote:
> Our Sidewinders are EOL at the end of April, and my manager doesn't like
> them.
>
> He's a Cisco bigot, and wants ASAs in here.
>
> I'm fighting him to at least take a look at the Palo Alto platform, or
> perhaps the newest iteration of the Sidewinders (which are now called
> McAfee Enteprise Firewalls).
>
> That's an interesting tip on the Sophos solution. What did you use for
> the hardware?
>
> Kurt
>
> On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall 
> wrote:
> > I was going to suggest using the SonicPoint solution from SonicWall, but
> > you've got Sidewinders, don't you?
> >
> > Does McAfee have anything like SonicWall's wireless solution where it's
> all
> > managed from the firewall?
> >
> > PS  Sophos has this too, and they give their UTM firewall away free for
> home
> > use.  Just bring your own hardware.  I just switched to this the other
> day
> > and love it so far.  I should write a blog post about it.  (But then I'd
> > have to create a blog...)
> >
> >
> > On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff  wrote:
> >>
>   >> All,
> >>
> >> Quite some time ago, I set up an unsecured guest VLAN in our network,
> >> providing wireless access to all of the sundry devices that staff and
> >> visitors carry. I set up a small FreeBSD machine to serve IP addresses
> >> via DHCP, and that was dead simple.
> >>
> >> It is a layer2 VLAN, traversing our backbone, and terminating on our
> >> corporate firewall.
> >>
> >> However, there are now other tenants in our building, and the subnet
> >> is getting too much bandwidth and address consumption - the range I
> >> set up is completely filled, and the VLAN is consuming about half of
> >> our Internet pipe, which is far too much for my comfort.
> >>
> >> I suspect the other tenants are leeching.
> >>
> >> What I've read of captive portals seems to indicate that the portal is
> >> part of the firewall. I could be wrong about that, though. Regardless,
> the
> >> corporate firewall will not be allowed to be part of this solution.
> >>
> >> The only other alternative I see right now is to set up a password on
> >> the SSID, and have the front desk hand it out to guests, after mailing
> >> it to staff, and I'm getting pushback on that from my manager.
> >>
> >> Does anyone have some ideas I could pursue on this?
> >>
> >> Thanks,
> >>
> >> Kurt
> >>
> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> >> ~   ~
> >>
> >> ---
> >> To manage subscriptions click here:
> >> http://lyris.sunbelt-software.com/read/my_forums/
> >> or send an email to listmana...@lyris.sunbeltsoftware.com
> >> with 

Re: OT: Guest network security

[Andrew S. Baker]

I'll choose a Fortinet over an ASA every day of the week...





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Wed, Feb 6, 2013 at 3:44 PM, Ziots, Edward  wrote:

> LOL Cisco bigot... why is that sooo familiar. He would probably like
> Fortinet better if he knew the price and performance was way better than
> ASA's. ( Found those to be clugy)_
>
> Z
>
> Edward E. Ziots, CISSP, Security +, Network +
> Security Engineer
> Lifespan Organization
> ezi...@lifespan.org
>
> This electronic message and any attachments may be privileged and
> confidential and protected from disclosure. If you are reading this
> message, but are not the intended recipient, nor an employee or agent
> responsible for delivering this message to the intended recipient, you are
> hereby notified that you are strictly prohibited from copying, printing,
> forwarding or otherwise disseminating this communication. If you have
> received this communication in error, please immediately notify the sender
> by replying to the message. Then, delete the message from your computer.
> Thank you.
>
>
>
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Wednesday, February 06, 2013 3:21 PM
> To: NT System Admin Issues
> Subject: Re: OT: Guest network security
>
> Our Sidewinders are EOL at the end of April, and my manager doesn't like
> them.
>
> He's a Cisco bigot, and wants ASAs in here.
>
> I'm fighting him to at least take a look at the Palo Alto platform, or
> perhaps the newest iteration of the Sidewinders (which are now called
> McAfee Enteprise Firewalls).
>
> That's an interesting tip on the Sophos solution. What did you use for the
> hardware?
>
> Kurt
>
> On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall 
> wrote:
> > I was going to suggest using the SonicPoint solution from SonicWall,
> > but you've got Sidewinders, don't you?
> >
> > Does McAfee have anything like SonicWall's wireless solution where
> > it's all managed from the firewall?
> >
> > PS  Sophos has this too, and they give their UTM firewall away free
> > for home use.  Just bring your own hardware.  I just switched to this
> > the other day and love it so far.  I should write a blog post about
> > it.  (But then I'd have to create a blog...)
> >
> >
> > On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff  wrote:
> >>
> >> All,
> >>
> >> Quite some time ago, I set up an unsecured guest VLAN in our network,
> >> providing wireless access to all of the sundry devices that staff and
> >> visitors carry. I set up a small FreeBSD machine to serve IP
> >> addresses via DHCP, and that was dead simple.
> >>
> >> It is a layer2 VLAN, traversing our backbone, and terminating on our
> >> corporate firewall.
> >>
> >> However, there are now other tenants in our building, and the subnet
> >> is getting too much bandwidth and address consumption - the range I
> >> set up is completely filled, and the VLAN is consuming about half of
> >> our Internet pipe, which is far too much for my comfort.
> >>
> >> I suspect the other tenants are leeching.
> >>
> >> What I've read of captive portals seems to indicate that the portal
> >> is part of the firewall. I could be wrong about that, though.
> >> Regardless, the corporate firewall will not be allowed to be part of
> this solution.
> >>
> >> The only other alternative I see right now is to set up a password on
> >> the SSID, and have the front desk hand it out to guests, after
> >> mailing it to staff, and I'm getting pushback on that from my manager.
> >>
> >> Does anyone have some ideas I could pursue on this?
> >>
> >> Thanks,
> >>
> >> Kurt
> >>
> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> >>   ~
> >>
> >> ---
> >> To manage subscriptions click here:
> >> http://lyris.sunbelt-software.com/read/my_forums/
> >> or send an email to listmana...@lyris.sunbeltsoftware.com
> >> with the body: unsubscribe ntsysadmin
> >
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> >   ~
> >
> > ---
> > To manage subscriptions click here:
> > http://lyris.sunbelt-software.com/read/my_forums/
> > or send an email to listmana...@lyris.sunbeltsoftware.com
> > with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/

Re: Anyone heard of Meraki?

[Andrew S. Baker]

Thanks for that feedback, MBS...





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Wed, Feb 6, 2013 at 2:13 PM, Michael B. Smith wrote:

> My company doesn't do hardware (we are a software and services shop), but
> one of the partner organizations we work with is a Ruckus reseller and the
> products are very impressive. They installed it in a large soccer stadium
> that wanted to offer free WiFi to attendees, with about 30,000 active
> connections at a time.
>
> Worked flawlessly, first time out of the box; at less than half the cost
> of a corresponding Cisco solution.
>
> -Original Message-
> From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
> Sent: Wednesday, February 6, 2013 1:32 PM
> To: NT System Admin Issues
> Subject: Re: Anyone heard of Meraki?
>
> Last year, we did a comparison of Meraki, Ruckus, Aerohive, Aruba and
> Cisco.
>
> Meraki to be very on-par with Aerohive, as they have similar features and
> are both cloud managed. We figured the math, and if you wanted only a few
> APs, the cloud-managed solutions where very cost effective. But, as you
> increased your AP count, the controller based solutions started to make
> more sense.
>
> We ended up choosing Ruckus. Factors in our choice were: Price (When
> including the year-over-year costs of controllers), wifi range
> (beamforming, which we find very impressive), AP load (airtime fairness),
> and ease of use.
>
> We are using the Meraki MDM solution for our iPads, as it's free and
> better than a sharp stick in they eye.
>
>
> --Matt Ross
> Ephrata School District
>
>
> - Original Message -
> From: Tom Miller
> [mailto:tmil...@sfgtrust.com]
> To: NT System Admin Issues
> [mailto:ntsysadmin@lyris.sunbelt-software.com]
> Sent: Wed, 06 Feb 2013
> 06:02:21 -0800
> Subject: Anyone heard of Meraki?
>
>
> > Anyone heard of or use Meraki wireless?  It's part of Cisco, not sure
> > if it is a recent acquisition though.  One of our consultants who the
> > IT Director here listens to recommended it.  We already have "regular"
> > Cisco wireless here at HQ and at one of our plants.  The other plant
> > is scheduled for wireless this year.
> >
> > http://www.meraki.com/  Cloud managed wireless.  There's that overused
> > word again.
> >
> > Comments or thoughts welcome.
> >
> > Tom
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> >   ~
> >
> > ---
> > To manage subscriptions click here:
> > http://lyris.sunbelt-software.com/read/my_forums/
> > or send an email to listmana...@lyris.sunbeltsoftware.com
> > with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Rename 2003 domain

[Andrew S. Baker]

There's only so much genuflecting I can take in a single thread, so cut it
out, or i'll send both of you to your rooms (Citrix and
Microsoft, respectively)





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Tue, Feb 5, 2013 at 4:29 PM, Michael B. Smith wrote:

>  Pffft. You are known world-wide (literally) as the Citrix AD Expert.
>
> ** **
>
> If there is any name that doesn’t belong on that list, it is mine.
>
> ** **
>
> *From:* Webster [mailto:webs...@carlwebster.com]
> *Sent:* Tuesday, February 5, 2013 3:33 PM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Rename 2003 domain
>
>  ** **
>
> My name doesn’t belong in the same sentence as “Desmond and MBS”.  My name
> should have appeared in subscript! J
>
> ** **
>
> Carl Webster
>
> Consultant and Citrix Technology Professional
>
> http://www.CarlWebster.com 
>
> ** **
>
> ** **
>
> *From:* David Lum [mailto:david@nwea.org ]
> *Sent:* Tuesday, February 05, 2013 1:46 PM
> *To:* NT System Admin Issues
> *Subject:* RE: Rename 2003 domain
>
> ** **
>
> Wow, Webster Desmond and MBS recommend against it.
>
> ** **
>
> …and I thought  a couple of SBS swings were high on the “things could go
> horribly wrong” scale…
>
> ** **
>
> *From:* Michael B. Smith [mailto:mich...@smithcons.com]
>
> *Sent:* Tuesday, February 05, 2013 10:36 AM
> *To:* NT System Admin Issues
> *Subject:* RE: Rename 2003 domain
>
> ** **
>
> To the OP: you already know your domain is broken. 
>
> ** **
>
> Good luck. You are going to need it.
>
> ** **
>
> *From:* Brian Desmond [mailto:br...@briandesmond.com]
>
> *Sent:* Tuesday, February 5, 2013 1:29 PM
> *To:* NT System Admin Issues
> *Subject:* RE: Rename 2003 domain
>
> ** **
>
> *To add to Michael’s point, this wasn’t necessary and probably wasn’t the
> best idea. The consultant obviously messed something up given you had to
> rejoin clients. The simple fact that the consultant was happy to (and
> possibly recommended) this domain rename tells me a lot. *
>
> * *
>
> *Thanks,*
>
> *Brian Desmond*
>
> *br...@briandesmond.com*
>
> * *
>
> *w – 312.625.1438 | c – 312.731.3132*
>
> * *
>
> *From:* David Mazzaccaro 
> [mailto:david.mazzacc...@hudsonmobility.com]
>
> *Sent:* Tuesday, February 5, 2013 9:55 AM
> *To:* NT System Admin Issues
> *Subject:* RE: Rename 2003 domain
>
> ** **
>
> We hired a consultant to move us to AD 2008 R2 and E2010.
>
> He renamed the domain to company.net this past weekend.
>
> We did have to manually rejoin the clients to the new domain (rebooting
> twice did not make the clients auto-join), but everything appears to be
> working fine.  We have just extended the schema and have our first 2008 R2
> domain controller up and running.
>
> ** **
>
> Anything in particular I should check to verify that all is well?
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> *From:* Michael B. Smith [mailto:mich...@smithcons.com]
>
> *Sent:* Tuesday, February 05, 2013 9:50 AM
> *To:* NT System Admin Issues
> *Subject:* RE: Rename 2003 domain
>
> ** **
>
> Don't rename the domain. Just Say No. There is no need.
>
> Sent from my Windows Phone
>   --
>
> *From: *David Mazzaccaro
> *Sent: *2/1/2013 9:50 PM
> *To: *NT System Admin Issues
> *Subject: *RE: Rename 2003 domain
>
> Thx
>
> I Just read through that thread.
>
> One comment was that you never need to register an internal name on a
> certificate…. 
>
> But it doesn’t go into detail as to why.
>
>  
>
> The other bigger headache (which I understand) is to NOT use an internal
> name that will also be used externally. 
>
> We only use “company.com” on in the internet.  So if we never use
> “company.NET” on the outside, why couldn’t/shouldn’t I rename the domain to
> that?
>
>  
>
> Thx
>
>  
>
>  
>
>  
>
>  
>
> *From:* Webster [mailto:webs...@carlwebster.com ]
>
> *Sent:* Friday, February 01, 2013 12:23 PM
> *To:* NT System Admin Issues
> *Subject:* RE: Rename 2003 domain
>
>  
>
> Go to the archives and read the “SSL and the new no internal names ruling”
> thread.  I think you are going in the wrong direction.
>
>  
>
> Thanks
>
>  
>
>  
>
> Webster
>
>  
>
> *From:* David Mazzaccaro 
> [mailto:david.mazzacc...@hudsonmobility.com]
>
> *Sent:* Friday, February 01, 2013 9:48 AM
> *To:* NT System Admin Issues
> *Subject:* Rename 2003 domain
>
>  
>
> I will be upgrading my domain from 2003 to 2008 R2 and Exchange 2003 >
> 2010.
>
> Apparently E2010 does not like my current domain name “company.town.main”*
> ***
>
> It wants (needs?) a name that can be registered w/ an internet registrar
> in order to obtain a certificate.
>
> So… I will be renaming the domain to “company.net” this weekend

Re: Java 7 patch 13 out...

[Andrew S. Baker]

You'll notice that no one took you up on your bet...

There's a reason for that. :)





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Tue, Feb 5, 2013 at 9:05 AM, Ziots, Edward  wrote:

> Did I not say like 1-2 days after Java updated to version 7.0 update 13
> that the Security explorations folks would post what is still broken in
> java security wise, expect a update 14 or even 15 soon enough.
>
> Cross post from Bugtraq
>
> Hello All,
>
> Below, we are providing you with technical details regarding security
> issues reported by us to Oracle and addressed by the company in a recent
> Feb 2013 Java SE CPU [1].
>
> [Issue 29]
> This issue allows for the creation of arbitrary Proxy objects for
> interfaces defined in restricted packages. Proxy objects defined in a NULL
> class loader namespaces are of a particular interest here. Such objects can
> be used to manipulate instances of certain restricted classes.
>
> In our Proof of Concept code we create such a proxy object for the
> com.sun.xml.internal.bind.v2.model.nav.Navigator interface.
> In order to use the aforementioned proxy object, we need an instance of
> that interface too. We obtain it with the help of Issue 28, which allows to
> access arbitrary field objects from restricted classes and interfaces. As a
> result, by combining Issue 27-29, one can use Navigator interface and make
> use of its sensitive Reflection API functionality such as obtaining access
> to methods of arbitrary classes. That condition can be further leveraged to
> obtain a complete JVM security bypass.
>
> Please, note that our Proof of Concept code for Issues 27-29 was reported
> to Oracle in Apr 2012 and depending Issues 27-28 were addressed by the
> company sooner than Issue 29. Testing of the PoC will thus give best
> results on older versions of Java SE 7.
>
> [Issue 50]
> Issue 50 allows to violate a fundamental security constraint of Java VM,
> which is type safety. This vulnerability is another instance of the problem
> related to the unsafe deserialization implemented by
> com.sun.corba.se.impl.io.ObjectStreamClass class.
> Its first instance was fixed by Oracle in Oct 2011 [2] and it stemmed from
> the fact that during deserialization insufficient type checks were done
> with respect to object references that were written to target object
> instance created by the means of deserialization. Such a reference writing
> was accomplished with the use of a native functionality of sun.corba.Bridge
> class.
>
> The problem that we found back in Sep 2012 was very similar to the first
> one. It was located in the same code (class) and was also exploiting direct
> writing of object references to memory with the use of putObject method.
> While the first type confusion issue allowed to write object references of
> incompatible types to correct field offsets, Issue 50 relied on the
> possibility to write object references of incompatible types to...invalid
> field offsets.
>
> It might be also worth to mention that Issue 50 was found to be present in
> Java SE Embedded [3]. That is Java version that is based on desktop Java SE
> and is used in today's most powerful embedded systems such as aircraft and
> medical systems [4]. We verified that Oracle Java SE Embedded ver. 7 Update
> 6 from 10 Aug 2012 for ARM / Linux contained vulnerable implementation of
> ObjectStreamClass class.
>
> Unfortunately, we don't know any details regarding the impact of Issue 50
> in the embedded space (which embedded systems are vulnerable to it, whether
> any feasible attack vectors exist, etc.). So, it's up to Oracle to clarify
> any potential concerns in that area.
>
> [Issue 52]
> Issue 52 relies on the possibility to call no-argument methods on
> arbitrary objects or classes. The vulnerability has its origin in
> com.sun.jmx.mbeanserver.Introspector class which is located in the same
> package as the infamous MBeanInstantiator bug found in the wild in early
> Jan 2013. The flaw stems from insecure call to invoke method of
> java.lang.reflect.Method class:
>
>  if (method != null)
>return method.invoke(obj, new Object[0]);
>
> In our Proof of Concept code we exploit the above implementation by making
> a call to getDeclaredMethods method of java.lang.Class class to gain access
> to methods of restricted classes. This is accomplished with the use of the
> following code sequence:
>
> Introspector.elementFromComplex((Object)clazz,"declaredMethods")
>
> Access to public method objects of arbitrary restricted classes is
> sufficient to achieve a complete Java VM security sandbox compromise. We
> make use of DefiningClassLoader exploit vector for that purpose.
>
> [Issue 53]
> Issue 53 stems from the fact that Oracle's implementation of new security
> levels introduced by the company in Java SE 7 Update 10 did not take into
> account the fact that Applet

Re: Robocopy reliability

[Andrew S. Baker]

Indeed®





*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Mon, Feb 4, 2013 at 5:31 PM, Michael B. Smith wrote:

>  You are new around here aren’t you? J
>
> ** **
>
> He’s been saying that since at least 1998 or 1999…
>
> ** **
>
> *From:* Crawford, Scott [mailto:crawfo...@evangel.edu]
> *Sent:* Monday, February 4, 2013 5:06 PM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Robocopy reliability
>
>  ** **
>
> And I think I need to trademark your new slogan: “There’s a bat for that.”
> 
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Monday, February 4, 2013 2:27 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Robocopy reliability
>
> ** **
>
> Not nearly as flexible.
>
> ** **
>
> Try to use COPY to copy only the new files of a multi GB/TB share...
>
>
> 
>
>  
>
>  
>
> *ASB
> **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
> **Providing Virtual CIO Services (IT Operations & Information Security)
> for the SMB market…*
>
>  
>
> ** **
>
> On Mon, Feb 4, 2013 at 1:49 PM, Tigran K  wrote:
>
> He was saying we should use just plain old copy.
>
> ** **
>
> -T
>
> ** **
>
> On Mon, Feb 4, 2013 at 10:11 AM, Matthew W. Ross 
> wrote:
>
>  I have never had a problem with Robocopy. It did exactly what I told it
> to do and gave me detailed information on what it did. I could not ask for
> more from a command line copy utility.
>
> I'm sensing that your Boss has a bias, perhaps due to a bad experience he
> had previously. If so, what does _he_ recommend?
>
> Maybe he has some awesome software I've never heard of. (It wouldn't be
> the first time!)
>
>
> --Matt Ross
> Ephrata School District
>
>
> - Original Message -
>
> From: Tom Miller
> [mailto:tmil...@sfgtrust.com]
>
> To: NT System Admin Issues
>
> [mailto:ntsysadmin@lyris.sunbelt-software.com]
>
> Sent: Mon, 04 Feb 2013
> 09:08:33 -0800
> Subject: RE: Robocopy reliability
>
>  > I've used it many times for file migration moves and even for
> permissions
>
> > copies.  Just this past weekend I migrated a pretty complex old Windows
> 2008
> > server shared to Windows 2008 R2 this past weekend.  I didn't copy
> > permissions since they were a mess.
> >
> > The only errors I've seen were my own, usually syntax or spelling.
> >
> > What are you trying to do?
> >
> > From: Tigran K [mailto:tigr...@gmail.com]
> > Sent: Monday, February 04, 2013 11:34 AM
> > To: NT System Admin Issues
> > Subject: Robocopy reliability
> >
> > Having a discussion with the boss on how we should do something I
> suggested
> > robocopy. His reply was a strict "NO". Reasoning was that it's not
> reliable.
> > He said "I've seen it break".
> >
> > So my question is have you seen it break? Is robocopy any more or less
> > reliable than built in copy? I did point out that robocopy is built in to
> > windows as well at least for Windows7. Didn't seem to help.
> >
>
>  > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> >
> > ---
> > To manage subscriptions click here:
> > http://lyris.sunbelt-software.com/read/my_forums/
> > or send an email to
>
> > listmana...@lyris.sunbeltsoftware.com listmana...@lyris.sunbeltsoftware.com>
>
>
> > with the body: unsubscribe ntsysadmin
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> >
> > ---
> > To manage subscriptions click here:
> > http://lyris.sunbelt-software.com/read/my_forums/
> > or send an email to listmana...@lyris.sunbeltsoftware.com
> > with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>  ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resourc

Re: Robocopy reliability

[Andrew S. Baker]

LOL


  *ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Mon, Feb 4, 2013 at 5:05 PM, Crawford, Scott wrote:

>  And I think I need to trademark your new slogan: “There’s a bat for
> that.”
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Monday, February 4, 2013 2:27 PM
> *To:* NT System Admin Issues
> *Subject:* Re: Robocopy reliability
>
> ** **
>
> Not nearly as flexible.
>
> ** **
>
> Try to use COPY to copy only the new files of a multi GB/TB share...
>
>
> 
>
>  
>
>  
>
> *ASB
> **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
> **Providing Virtual CIO Services (IT Operations & Information Security)
> for the SMB market…*
>
>  
>
> ** **
>
> On Mon, Feb 4, 2013 at 1:49 PM, Tigran K  wrote:
>
> He was saying we should use just plain old copy.
>
> ** **
>
> -T
>
> ** **
>
> On Mon, Feb 4, 2013 at 10:11 AM, Matthew W. Ross 
> wrote:
>
>  I have never had a problem with Robocopy. It did exactly what I told it
> to do and gave me detailed information on what it did. I could not ask for
> more from a command line copy utility.
>
> I'm sensing that your Boss has a bias, perhaps due to a bad experience he
> had previously. If so, what does _he_ recommend?
>
> Maybe he has some awesome software I've never heard of. (It wouldn't be
> the first time!)
>
>
> --Matt Ross
> Ephrata School District
>
>
> - Original Message -
>
> From: Tom Miller
> [mailto:tmil...@sfgtrust.com]
>
> To: NT System Admin Issues
>
> [mailto:ntsysadmin@lyris.sunbelt-software.com]
> Sent: Mon, 04 Feb 2013
> 09:08:33 -0800
> Subject: RE: Robocopy reliability
>
> 
>
> > I've used it many times for file migration moves and even for permissions
> > copies.  Just this past weekend I migrated a pretty complex old Windows
> 2008
> > server shared to Windows 2008 R2 this past weekend.  I didn't copy
> > permissions since they were a mess.
> >
> > The only errors I've seen were my own, usually syntax or spelling.
> >
> > What are you trying to do?
> >
> > From: Tigran K [mailto:tigr...@gmail.com]
> > Sent: Monday, February 04, 2013 11:34 AM
> > To: NT System Admin Issues
> > Subject: Robocopy reliability
> >
> > Having a discussion with the boss on how we should do something I
> suggested
> > robocopy. His reply was a strict "NO". Reasoning was that it's not
> reliable.
> > He said "I've seen it break".
> >
> > So my question is have you seen it break? Is robocopy any more or less
> > reliable than built in copy? I did point out that robocopy is built in to
> > windows as well at least for Windows7. Didn't seem to help.
> >
>
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> >
> > ---
> > To manage subscriptions click here:
> > http://lyris.sunbelt-software.com/read/my_forums/
> > or send an email to
>
> > listmana...@lyris.sunbeltsoftware.com listmana...@lyris.sunbeltsoftware.com>
>
>
> > with the body: unsubscribe ntsysadmin
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> >
> > ---
> > To manage subscriptions click here:
> > http://lyris.sunbelt-software.com/read/my_forums/
> > or send an email to listmana...@lyris.sunbeltsoftware.com
> > with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>  ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a 

Re: SMB IT provider Q

[Andrew S. Baker]

If you get them to buy into the $25/mo peace of mind, then start with a
single server, but add another for every 4-7 clients that buys into the
service (use a number that works to minimize your risk here).   If you had
4 or 5 customers buying into this, the servers would pay for themselves in
about a year.





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Sun, Feb 3, 2013 at 12:31 PM, Ben M. Schorr wrote:

>  I’d probably offer it as a service for a nominal fee – maybe $25 a month
> per customer? Of course you run the risk of having multiple customers
> suffer failures at the same time and they’ll be rightfully upset if you
> don’t have the spare hardware available to get them back up when that
> happens…
>
> ** **
>
> Ben M. Schorr
> Chief Executive Officer
> *Roland Schorr & Tower – Flagstaff Office
> *928-526-3970
> www.rolandschorr.com * www.twitter.com/bschorr *
> www.facebook.com/RolandSchorr 
>
> ** **
>
> *From:* David Lum [mailto:david@nwea.org]
> *Sent:* Sunday, February 3, 2013 10:11 AM
> *To:* NT System Admin Issues
> *Subject:* SMB IT provider Q
>
> ** **
>
> I have a couple of clients and they both run SBS2011 Premium in their
> environments and in both cases I have them on Dell hardware and on top of
> Hyper-V hosts.
>
> ** **
>
> It makes sense to me to have “ready spare” hardware, and it seems to me if
> I had one server in my lab ready to go as a temporary stand-in Hyper-V host
> I could offer this as a cheaper alternative as to asking them to have a
> full 2nd server onsite in a cluster. My thinking is: 
>
> ** **
>
> **· **Have one server, just powerful enough to work as a
> “stand-in” server in either environment (16GB RAM, enough SAS disk space to
> cover the biggest Hyper-V host) with an IT Garage licensed 2008 R2 Host OS
> (both my clients are running this). 
>
> **· **If either client has a hard server failure, I run my
> hardware out and restore their backups to this hardware. This gets them up
> and running while I resolve whatever the issue might be on their production
> server
>
> **· **Once their primary system is back up, bring this hardware
> back to my lab
>
> ** **
>
> It looks like I can get some hardware in the $1000 range for this, but the
> catch is I’d like to have my clients offset some if not all of the cost.
> Would it make sense to offer them this “spare server available” service
> with a monthly fee associated, or a one-time cost? Surely other IT shops
> offer the same thing in some fashion.
>
> ** **
>
> I did a proof-of-concept of this this weekend, I grabbed a client’s
> SBS2011 backup and restored it to my own ITG server (has just 8GB RAM
> through and SATA not SAS, so not enough oomph to run both SBS2011 and the
> 2008R2 server that comes with Premium) and restored to it and it worked
> beautifully.
>
> ** **
>
> It’s possible of course that both clients could have an outage on the same
> day, in which case I’d totally screwed in many ways, so not sure how to
> handle not being able to deliver something they’ve been paying for, except
> maybe a “if this service can’t be delivered then ” as they do
> know that I am a one-man shop with a day job to boot.
>
> ** **
>
> I may be overlooking some other options here as well, so I am open to
> suggestions.
>
> *David Lum*
> Sr. Systems Engineer // NWEATM
> Office 503.548.5229 //* *Cell (voice/text) 503.267.9764
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: On a lighter note for a Friday, Passed my CISA exam (UNCLASSIFIED)

[Andrew S. Baker]

Congrats, Z...





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Fri, Feb 1, 2013 at 4:09 PM, Kent, Larry J CTR (US) <
larry.j.kent2@mail.mil> wrote:

> Classification: UNCLASSIFIED
> Caveats: NONE
>
> Congrats!
>
> -Original Message-
> From: Ziots, Edward [mailto:ezi...@lifespan.org]
> Sent: Friday, February 01, 2013 2:54 PM
> To: NT System Admin Issues
> Subject: On a lighter note for a Friday, Passed my CISA exam
>
> Just got the official email that I passed my CISA exam, so I guess another
> Certification on the title and looking forward to the auditing work that
> comes with it.
>
>
>
> Z
>
>
>
> Edward E. Ziots, CISSP, Security +, Network +
>
> Security Engineer
>
> Lifespan Organization
>
> ezi...@lifespan.org
>
>
>
> This electronic message and any attachments may be privileged and
> confidential and protected from disclosure. If you are reading this
> message, but are not the intended recipient, nor an employee or agent
> responsible for delivering this message to the intended recipient, you are
> hereby notified that you are strictly prohibited from copying, printing,
> forwarding or otherwise disseminating this communication. If you have
> received this communication in error, please immediately notify the sender
> by replying to the message. Then, delete the message from your computer.
> Thank you.
>
> Description: Description: Lifespan
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
> Classification: UNCLASSIFIED
> Caveats: NONE
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: MS site?

[Andrew S. Baker]

Yesterday it was Amazon's turn.

Maybe we can blame Chinese hackers again?





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Fri, Feb 1, 2013 at 10:31 AM, David Mazzaccaro <
david.mazzacc...@hudsonmobility.com> wrote:

> Reports coming into Twitter now… office365 down, outlook.com down,
> support site down… 
>
> Ut oh…
>
> ** **
>
> ** **
>
> *From:* Guyer, Don [mailto:dgu...@che.org]
> *Sent:* Friday, February 01, 2013 10:02 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: MS site?
>
> ** **
>
> Not working from here.
>
> ** **
>
> Regards,
>
> * *
>
> *Don Guyer**
> **Catholic Health East - Information Technology*
>
> Enterprise Directory & Messaging Services
> 3805 West Chester Pike, Suite 100, Newtown Square, Pa  19073
>
> email: *dgu...@che.org*
>
> Office:  610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440
>
> *For immediate assistance, please open a Service Desk ticket or call the
> helpdesk @ 610-492-3839.*
>
> [image: Description: Description: Description: InfoService-Logo240]
>
> ** **
>
> *From:* Christopher Bodnar [mailto:christopher_bod...@glic.com]
> *Sent:* Friday, February 01, 2013 9:54 AM
> *To:* NT System Admin Issues
> *Subject:* MS site?
>
> ** **
>
> Anyone else having trouble getting to this link?
>
> *http://support.microsoft.com*  
>
> *Christopher Bodnar*
> Enterprise Architect I, Corporate Office of Technology:Enterprise
> Architecture and Engineering Services 
>
> Tel 610-807-6459
> 3900 Burgess Place, Bethlehem, PA 18017
> christopher_bod...@glic.com 
>
>
> *
> The Guardian Life Insurance Company of America*
> *
> *www.guardianlife.com 
>
>
> - This message, and any
> attachments to it, may contain information that is privileged,
> confidential, and exempt from disclosure under applicable law. If the
> reader of this message is not the intended recipient, you are notified that
> any use, dissemination, distribution, copying, or communication of this
> message is strictly prohibited. If you have received this message in error,
> please notify the sender immediately by return e-mail and delete the
> message and any attachments. Thank you. 
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> Confidentiality Notice:
>
> This e-mail, including any attachments is the
> property of Catholic Health East and is intended
> for the sole use of the intended recipient(s).
> It may contain information that is privileged and
> confidential.  Any unauthorized review, use,
> disclosure, or distribution is prohibited. If you are
> not the intended recipient, please delete this message, and
> reply to the sender regarding the error in a separate email.
> 
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
> .
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<><>

Re: MS site?

[Andrew S. Baker]

It finally came up, but it took a looong time (60+ seconds).   I didn't
have to refresh.





*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Fri, Feb 1, 2013 at 10:41 AM, Andrew S. Baker  wrote:

> It's stalling for me...
>
> The initial redirect works, so I'm not sure where the problem lies.
>
>
>
>
>
> *ASB
> **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
> **Providing Virtual CIO Services (IT Operations & Information Security)
> for the SMB market…***
>
>
>
>
>
> On Fri, Feb 1, 2013 at 9:54 AM, Christopher Bodnar <
> christopher_bod...@glic.com> wrote:
>
>> Anyone else having trouble getting to this link?
>>
>> *http://support.microsoft.com* <http://support.microsoft.com/>
>>
>>  *Christopher Bodnar*
>> Enterprise Architect I, Corporate Office of Technology:Enterprise
>> Architecture and Engineering Services  Tel 610-807-6459
>> 3900 Burgess Place, Bethlehem, PA 18017
>> christopher_bod...@glic.com
>>
>>
>> *
>> The Guardian Life Insurance Company of America*
>> *
>> **www.guardianlife.com* <http://www.guardianlife.com/>
>>
>>
>> - This message, and any
>> attachments to it, may contain information that is privileged,
>> confidential, and exempt from disclosure under applicable law. If the
>> reader of this message is not the intended recipient, you are notified that
>> any use, dissemination, distribution, copying, or communication of this
>> message is strictly prohibited. If you have received this message in error,
>> please notify the sender immediately by return e-mail and delete the
>> message and any attachments. Thank you.
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: MS site?

[Andrew S. Baker]

It's stalling for me...

The initial redirect works, so I'm not sure where the problem lies.





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Fri, Feb 1, 2013 at 9:54 AM, Christopher Bodnar <
christopher_bod...@glic.com> wrote:

> Anyone else having trouble getting to this link?
>
> *http://support.microsoft.com* 
>
>  *Christopher Bodnar*
> Enterprise Architect I, Corporate Office of Technology:Enterprise
> Architecture and Engineering Services  Tel 610-807-6459
> 3900 Burgess Place, Bethlehem, PA 18017
> christopher_bod...@glic.com
>
>
> *
> The Guardian Life Insurance Company of America*
> *
> **www.guardianlife.com* 
>
>
> - This message, and any
> attachments to it, may contain information that is privileged,
> confidential, and exempt from disclosure under applicable law. If the
> reader of this message is not the intended recipient, you are notified that
> any use, dissemination, distribution, copying, or communication of this
> message is strictly prohibited. If you have received this message in error,
> please notify the sender immediately by return e-mail and delete the
> message and any attachments. Thank you.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: Ouch - UPnP

[Andrew S. Baker]

The Java requirement is to run it, not download it.   My bad on the
ambiguity.

If I had known that, I wouldn't have bothered either. :)

Perhaps my machine instinctively knew this and was trying to protect me...





*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Fri, Feb 1, 2013 at 9:09 AM,  wrote:

> That would have been enough to stop me, you getting brave in your old
> age.
>
> Regards,
> joeuser - Still looking for the 'any' key...
>
> "...now these points of data make a beautiful line..."
>
> >  Original Message 
> > Subject: Re: Ouch - UPnP
> > From: "Andrew S. Baker" 
> > Date: Fri, February 01, 2013 8:04 am
> > To: "NT System Admin Issues" 
> >
> >
> > I was able to download it eventually with IE10
> >
> > Annoyingly, they want a Java runtime environment in which to run the
> app...
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Ouch - UPnP

[Andrew S. Baker]

I was able to download it eventually with IE10

Annoyingly, they want a Java runtime environment in which to run the app...





*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Fri, Feb 1, 2013 at 8:11 AM, Ziots, Edward  wrote:

>  Same here and IE 8/9
>
> ** **
>
> Z
>
> ** **
>
> Edward E. Ziots, CISSP, Security +, Network +
>
> Security Engineer
>
> Lifespan Organization
>
> ezi...@lifespan.org
>
> ** **
>
> This electronic message and any attachments may be privileged and
> confidential and protected from disclosure. If you are reading this
> message, but are not the intended recipient, nor an employee or agent
> responsible for delivering this message to the intended recipient, you are
> hereby notified that you are strictly prohibited from copying, printing,
> forwarding or otherwise disseminating this communication. If you have
> received this communication in error, please immediately notify the sender
> by replying to the message. Then, delete the message from your computer.
> Thank you.
>
> *[image: Description: Description: Lifespan]*
>
> ** **
>
> ** **
>
> *From:* Kurt Buff [mailto:kurt.b...@gmail.com]
> *Sent:* Thursday, January 31, 2013 8:11 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Ouch - UPnP
>
>  ** **
>
> Worked for me in FF.
>
> On Thu, Jan 31, 2013 at 4:47 PM, Andrew S. Baker 
> wrote:
>
> Yes, but so far, it's not cooperating in Chrome or FF...
>
>
> 
>
>  
>
>  
>
> *ASB
> **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
> **Providing Virtual CIO Services (IT Operations & Information Security)
> for the SMB market…*
>
>  
>
> ** **
>
> On Thu, Jan 31, 2013 at 6:35 PM, Kurt Buff  wrote:***
> *
>
> That page has the download link on it.
>
> ** **
>
> On Thu, Jan 31, 2013 at 3:24 PM, Andrew S. Baker 
> wrote:
>
> Are you actually able to download via that link?
>
>
> 
>
>  
>
>  
>
> *ASB
> **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
> **Providing Virtual CIO Services (IT Operations & Information Security)
> for the SMB market…*
>
>  
>
> ** **
>
> On Thu, Jan 31, 2013 at 4:07 PM, Ziots, Edward 
> wrote:
>
>
> http://www.rapid7.com/resources/free-security-software-downloads/universal-plug-and-play-jan-2013.jsp
> 
>
>  
>
> Nice detection utility which will help out the home users. 
>
>  
>
> Z
>
>  
>
> Edward E. Ziots, CISSP, Security +, Network +
>
> Security Engineer
>
> Lifespan Organization
>
> ezi...@lifespan.org
>
>  
>
> This electronic message and any attachments may be privileged and
> confidential and protected from disclosure. If you are reading this
> message, but are not the intended recipient, nor an employee or agent
> responsible for delivering this message to the intended recipient, you are
> hereby notified that you are strictly prohibited from copying, printing,
> forwarding or otherwise disseminating this communication. If you have
> received this communication in error, please immediately notify the sender
> by replying to the message. Then, delete the message from your computer.
> Thank you.
>
> *[image: Description: Description: Lifespan]*
>
>  
>
>  
>
> *From:* Ziots, Edward [mailto:ezi...@lifespan.org]
> *Sent:* Thursday, January 31, 2013 1:04 PM
>
>
> *To:* NT System Admin Issues
> *Subject:* RE: Ouch - UPnP
>
> *Importance:* High
>
>  
>
> Cross post from Bugtraq, 
>
>  
>
> DefenseCode Security Advisory
>
> http://www.defensecode.com/
>
>  
>
>  
>
> Broadcom UPnP Remote Preauth Root Code Execution Vulnerability
>
>  
>
>  
>
> Advisory ID: DC-2013-01-003
>
> Advisory Title: Broadcom UPnP Remote Preauth Root Code Execution
> Vulnerability Advisory URL:
> http://www.defensecode.com/subcategory/advisories-28
>
> Software: Broadcom UPnP software
>
> Vulnerable: Multiple router manufacturers Vendor Status: Vendors contacted
> Initial Release Date: 2013-01-15 Release Date Postponed To: 2013-01-31
>
> Risk: Critical
>
>  
>
>  
>
>  
>
> 1. General Overview
>
> ===
>
>  
>
> During the security evaluation of Cisco Linksys routers 

Re: Ouch - UPnP

[Andrew S. Baker]

Yes, but so far, it's not cooperating in Chrome or FF...





*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Thu, Jan 31, 2013 at 6:35 PM, Kurt Buff  wrote:

> That page has the download link on it.
>
>
> On Thu, Jan 31, 2013 at 3:24 PM, Andrew S. Baker wrote:
>
>> Are you actually able to download via that link?
>>
>>
>>
>>
>>
>> *ASB
>> **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
>> **Providing Virtual CIO Services (IT Operations & Information Security)
>> for the SMB market…***
>>
>>
>>
>>
>>
>> On Thu, Jan 31, 2013 at 4:07 PM, Ziots, Edward wrote:
>>
>>>
>>> http://www.rapid7.com/resources/free-security-software-downloads/universal-plug-and-play-jan-2013.jsp
>>> 
>>>
>>> ** **
>>>
>>> Nice detection utility which will help out the home users. 
>>>
>>> ** **
>>>
>>> Z
>>>
>>> ** **
>>>
>>> Edward E. Ziots, CISSP, Security +, Network +
>>>
>>> Security Engineer
>>>
>>> Lifespan Organization
>>>
>>> ezi...@lifespan.org
>>>
>>> ** **
>>>
>>> This electronic message and any attachments may be privileged and
>>> confidential and protected from disclosure. If you are reading this
>>> message, but are not the intended recipient, nor an employee or agent
>>> responsible for delivering this message to the intended recipient, you are
>>> hereby notified that you are strictly prohibited from copying, printing,
>>> forwarding or otherwise disseminating this communication. If you have
>>> received this communication in error, please immediately notify the sender
>>> by replying to the message. Then, delete the message from your computer.
>>> Thank you.
>>>
>>> *[image: Description: Description: Lifespan]*
>>>
>>> ** **
>>>
>>> ** **
>>>
>>> *From:* Ziots, Edward [mailto:ezi...@lifespan.org]
>>> *Sent:* Thursday, January 31, 2013 1:04 PM
>>>
>>> *To:* NT System Admin Issues
>>> *Subject:* RE: Ouch - UPnP
>>> *Importance:* High
>>>
>>>  ** **
>>>
>>> Cross post from Bugtraq, 
>>>
>>> ** **
>>>
>>> DefenseCode Security Advisory
>>>
>>> http://www.defensecode.com/
>>>
>>> ** **
>>>
>>> ** **
>>>
>>> Broadcom UPnP Remote Preauth Root Code Execution Vulnerability
>>>
>>> ** **
>>>
>>> ** **
>>>
>>> Advisory ID: DC-2013-01-003
>>>
>>> Advisory Title: Broadcom UPnP Remote Preauth Root Code Execution
>>> Vulnerability Advisory URL:
>>> http://www.defensecode.com/subcategory/advisories-28
>>>
>>> Software: Broadcom UPnP software
>>>
>>> Vulnerable: Multiple router manufacturers Vendor Status: Vendors
>>> contacted Initial Release Date: 2013-01-15 Release Date Postponed To:
>>> 2013-01-31
>>>
>>> Risk: Critical
>>>
>>> ** **
>>>
>>> ** **
>>>
>>> ** **
>>>
>>> 1. General Overview
>>>
>>> ===
>>>
>>> ** **
>>>
>>> During the security evaluation of Cisco Linksys routers for a client, we
>>> have discovered a critical security vulnerability that allows remote
>>> unauthenticated attacker to remotely execute arbitrary code under root
>>> privileges.
>>>
>>> Upon initial vulnerability announcement a few weeks ago Cisco spokesman
>>> stated that only one router model is vulnerable - WRT54GL.
>>>
>>> We have continued with our research and found that, in fact, same
>>> vulnerable firmware component is also used in at least two other Cisco
>>> Linksys models - WRT54G3G and probably WRT310N. Could be others.
>>>
>>> ** **
>>>
>>> Moreover, vulnerability turns out even more dangerous, since we have
>>> discovered that same vulnerable firmware component is also used across many
>>> other big-brand router manufacturers and many smaller vendors.
>>>
>>> ** **
>>>
>>> Vulnerability itself is located in Broadcom UPnP stack, which is used b

Re: Ouch - UPnP

[Andrew S. Baker]

Are you actually able to download via that link?





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Thu, Jan 31, 2013 at 4:07 PM, Ziots, Edward  wrote:

>
> http://www.rapid7.com/resources/free-security-software-downloads/universal-plug-and-play-jan-2013.jsp
> 
>
> ** **
>
> Nice detection utility which will help out the home users. 
>
> ** **
>
> Z
>
> ** **
>
> Edward E. Ziots, CISSP, Security +, Network +
>
> Security Engineer
>
> Lifespan Organization
>
> ezi...@lifespan.org
>
> ** **
>
> This electronic message and any attachments may be privileged and
> confidential and protected from disclosure. If you are reading this
> message, but are not the intended recipient, nor an employee or agent
> responsible for delivering this message to the intended recipient, you are
> hereby notified that you are strictly prohibited from copying, printing,
> forwarding or otherwise disseminating this communication. If you have
> received this communication in error, please immediately notify the sender
> by replying to the message. Then, delete the message from your computer.
> Thank you.
>
> *[image: Description: Description: Lifespan]*
>
> ** **
>
> ** **
>
> *From:* Ziots, Edward [mailto:ezi...@lifespan.org]
> *Sent:* Thursday, January 31, 2013 1:04 PM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Ouch - UPnP
> *Importance:* High
>
>  ** **
>
> Cross post from Bugtraq, 
>
> ** **
>
> DefenseCode Security Advisory
>
> http://www.defensecode.com/
>
> ** **
>
> ** **
>
> Broadcom UPnP Remote Preauth Root Code Execution Vulnerability
>
> ** **
>
> ** **
>
> Advisory ID: DC-2013-01-003
>
> Advisory Title: Broadcom UPnP Remote Preauth Root Code Execution
> Vulnerability Advisory URL:
> http://www.defensecode.com/subcategory/advisories-28
>
> Software: Broadcom UPnP software
>
> Vulnerable: Multiple router manufacturers Vendor Status: Vendors contacted
> Initial Release Date: 2013-01-15 Release Date Postponed To: 2013-01-31
>
> Risk: Critical
>
> ** **
>
> ** **
>
> ** **
>
> 1. General Overview
>
> ===
>
> ** **
>
> During the security evaluation of Cisco Linksys routers for a client, we
> have discovered a critical security vulnerability that allows remote
> unauthenticated attacker to remotely execute arbitrary code under root
> privileges.
>
> Upon initial vulnerability announcement a few weeks ago Cisco spokesman
> stated that only one router model is vulnerable - WRT54GL.
>
> We have continued with our research and found that, in fact, same
> vulnerable firmware component is also used in at least two other Cisco
> Linksys models - WRT54G3G and probably WRT310N. Could be others.
>
> ** **
>
> Moreover, vulnerability turns out even more dangerous, since we have
> discovered that same vulnerable firmware component is also used across many
> other big-brand router manufacturers and many smaller vendors.
>
> ** **
>
> Vulnerability itself is located in Broadcom UPnP stack, which is used by
> many router manufacturers that produce or produced routers based on
> Broadcom chipset.
>
> We have contacted them with vulnerability details and we expect patches
> soon. However, we would like to point out that we have sent more than 200
> e-mails to various router manufacturers and various people, without much
> success.
>
> ** **
>
> Some of the manufacturers contacted regarding this vulnerability are
> Broadcom, Asus, Cisco, TP-Link, Zyxel, D-Link, Netgear, US Robotics, and so
> on.
>
> Routers with vulnerable Broadcom UPnP stack are mostly based on Broadcom
> UPnP chipset. You can check how many manufacturers use Broadcom chipset***
> *
>
> here: http://wiki.openwrt.org/toh/start  (search for Broadcom, brcm or
> bcm).
>
> ** **
>
> We don't know exactly how many of them are affected, since we were unable
> to contact all of them, but we suspect there are probably tens of millions
> vulnerable routers out there.
>
> ** **
>
> ** **
>
> Edward E. Ziots, CISSP, Security +, Network +
>
> Security Engineer
>
> Lifespan Organization
>
> ezi...@lifespan.org
>
> ** **
>
> This electronic message and any attachments may be privileged and
> confidential and protected from disclosure. If you are reading this
> message, but are not the intended recipient, nor an employee or agent
> responsible for delivering this message to the intended recipient, you are
> hereby notified that you are strictly prohibited from copying, printing,
> forwarding or otherwise disseminating this communication. If you have
> received this communication in error, please immediately notify the sender
> by replying to the message. Then, delete the message from your computer.
> Thank you.
>
> *[image: Description: Description: Lifespan]*
>
> ** **
>
> ** **
>
> *From:* David Lum [mailto:da

Re: Shocking? Somehow, not...

[Andrew S. Baker]

I love it when security tools wage battle against one another :)





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Wed, Jan 30, 2013 at 10:28 AM, Ziots, Edward  wrote:

>  Just tried to run it on my systems and sure enough since I have totally
> disabled java it barfs. That and Zero Vulnerability Exploitshield catches
> its .dll being invoked into java as an exploit and stops it. 
>
> ** **
>
> Z
>
> ** **
>
> Edward E. Ziots, CISSP, Security +, Network +
>
> Security Engineer
>
> Lifespan Organization
>
> ezi...@lifespan.org
>
> ** **
>
> This electronic message and any attachments may be privileged and
> confidential and protected from disclosure. If you are reading this
> message, but are not the intended recipient, nor an employee or agent
> responsible for delivering this message to the intended recipient, you are
> hereby notified that you are strictly prohibited from copying, printing,
> forwarding or otherwise disseminating this communication. If you have
> received this communication in error, please immediately notify the sender
> by replying to the message. Then, delete the message from your computer.
> Thank you.
>
> *[image: Description: Description: Lifespan]*
>
> ** **
>
> ** **
>
> *From:* David Lum [mailto:david@nwea.org]
> *Sent:* Wednesday, January 30, 2013 9:27 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Shocking? Somehow, not...
>
>  ** **
>
> Rapid7 has a tool to scan for this vulnerability, it does require Java(!)
> and registration, but is otherwise free. 
>
> ** **
>
> *From:* Patrick Salmon [mailto:psal...@gmail.com ]
> *Sent:* Tuesday, January 29, 2013 1:01 PM
> *To:* NT System Admin Issues
> *Subject:* Re: Shocking? Somehow, not...
>
> ** **
>
> Not surprisingly, you're going to see a lot of alerts coming out on this
> subject. Here's the Cisco one:
> http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnpwhich
>  you can expect to be updated as more is learned about which products
> are affected.
>
> On Tue, Jan 29, 2013 at 9:44 AM, David Lum  wrote:
>
>
> http://news.cnet.com/8301-1009_3-57566366-83/upnp-networking-flaw-puts-millions-of-pcs-at-risk/
> 
>
> *David Lum*
> Sr. Systems Engineer // NWEATM
> Office 503.548.5229 //* *Cell (voice/text) 503.267.9764
>
>  
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: Favorite VPN solution?

[Andrew S. Baker]

I knew someone would say it before too long. :)





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Tue, Jan 29, 2013 at 2:19 PM, Webster  wrote:

> So Java and Barracuda?  Two exploited products in one.  Sweet! :)
>
> Thanks
>
>
> Webster
>
> > -Original Message-
> > From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
> > Subject: Re: Favorite VPN solution?
> >
> > We use Barracuda's SSLVPN. It is based off the old sslExplorer open
> source
> > product, and does the Java-based install of their vpn client. In many
> ways, I
> > think this is similar to the Sonicwall SSLVPN.
> >
> > The barracuda didn't have any per-user license fees. This was a major
> factor
> > in our choice of VPN solutions.
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Java 7 0day actively exploited in the wild | BeyondTrust

[Andrew S. Baker]

Good mitigation...





*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Fri, Jan 25, 2013 at 11:09 AM, Kennedy, Jim  wrote:

>  If it is over the internet…add that site to trusted and disable java in
> the ‘internet zone’.
>
> ** **
>
>
> http://blogs.msdn.com/b/ieinternals/archive/2011/05/15/controlling-java-in-internet-explorer.aspx
> ****
>
> ** **
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Friday, January 25, 2013 11:04 AM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Java 7 0day actively exploited in the wild | BeyondTrust***
> *
>
> ** **
>
> Be advised that the primary vector for Java exploits into an organization
> is via the web browser plugin.   So, unless your B2B app is over the public
> network, or requires that the browser plugin be operational, you have some
> measure of risk reduction.
>
>
> 
>
>  
>
>  
>
> *ASB
> **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
> **Providing Virtual CIO Services (IT Operations & Information Security)
> for the SMB market…*
>
>  
>
> ** **
>
> On Tue, Jan 15, 2013 at 1:21 PM, Sam Cayze  wrote:
>
> >>>Does the reward outweigh the risk?
>
> The reward is we get to stay in business :)
>
> We have a major partner that requires us to run it for a B2B app.  So, we
> have to use it.  But I've made it so just one user uses that app.
> That and the occasional WebEx stuff, but I uninstall it from people's PCs
> right afterwards.
>
> So looks like 6 is now the flavor of the month.  Hard to keep track.
> Speaking of months, v6 is EOL in FEB.  We'll no longer have the options
> between 6 and 7 going forward to sidestep all these issues :(
>
> Sam
>
>
>
>
> -Original Message-
> From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
>
> Sent: Tuesday, January 15, 2013 12:10 PM
> To: NT System Admin Issues
> Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust
>
> Correct, but 6 is vulnerable to it's own set of exploits that were never
> fixed and they are well known. Arguably the bad guys are paying more
> attention to attacking 7 now so theoretically you are safer with 6. Bottom
> line, java is insecure no matter what you do and will be that way for
> several years to come, imho.
>
> Risk vs reward. What is the reward for your org for continuing to allow
> java
> to run? Does the reward outweigh the risk?
>
> -Original Message-
> From: Sam Cayze [mailto:sca...@gmail.com]
> Sent: Tuesday, January 15, 2013 12:24 PM
> To: NT System Admin Issues
> Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust
>
> Am I right in assuming that the latest version of version 6 is, or was, NOT
> affected by this?
> Can't find anything out there that suggests it was...
>
> -Original Message-
> From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
> Sent: Friday, January 11, 2013 1:34 PM
> To: NT System Admin Issues
> Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust
>
>
>
>
> http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-f
> law-709713/<http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-flaw-709713/>
>
> 
> From: Mark Boeck [netadmin...@gmail.com]
> Sent: Friday, January 11, 2013 12:15 PM
> To: NT System Admin Issues
> Subject: Re: Java 7 0day actively exploited in the wild | BeyondTrust
>
> lol - a friend of mine, a microsoft security mvp, starts her blog off like
> this:
> how to uninstall java!
> http://securitygarden.blogspot.com/2013/01/java-zero-day-again-time-to.html
> only after that does she post some links about the threat
>
> -
> >
> -
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to
> listmana...@lyris.sunbeltsoftware.com listmanager@lyris.sunbeltsoftwa
> re.com>
> with the body: unsubscribe ntsysadmin
>
>
>
>
>
>
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forum

Re: Java 7 0day actively exploited in the wild | BeyondTrust

[Andrew S. Baker]

Be advised that the primary vector for Java exploits into an organization
is via the web browser plugin.   So, unless your B2B app is over the public
network, or requires that the browser plugin be operational, you have some
measure of risk reduction.





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Tue, Jan 15, 2013 at 1:21 PM, Sam Cayze  wrote:

> >>>Does the reward outweigh the risk?
>
> The reward is we get to stay in business :)
>
> We have a major partner that requires us to run it for a B2B app.  So, we
> have to use it.  But I've made it so just one user uses that app.
> That and the occasional WebEx stuff, but I uninstall it from people's PCs
> right afterwards.
>
> So looks like 6 is now the flavor of the month.  Hard to keep track.
> Speaking of months, v6 is EOL in FEB.  We'll no longer have the options
> between 6 and 7 going forward to sidestep all these issues :(
>
> Sam
>
>
>
> -Original Message-
> From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
> Sent: Tuesday, January 15, 2013 12:10 PM
> To: NT System Admin Issues
> Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust
>
> Correct, but 6 is vulnerable to it's own set of exploits that were never
> fixed and they are well known. Arguably the bad guys are paying more
> attention to attacking 7 now so theoretically you are safer with 6. Bottom
> line, java is insecure no matter what you do and will be that way for
> several years to come, imho.
>
> Risk vs reward. What is the reward for your org for continuing to allow
> java
> to run? Does the reward outweigh the risk?
>
> -Original Message-
> From: Sam Cayze [mailto:sca...@gmail.com]
> Sent: Tuesday, January 15, 2013 12:24 PM
> To: NT System Admin Issues
> Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust
>
> Am I right in assuming that the latest version of version 6 is, or was, NOT
> affected by this?
> Can't find anything out there that suggests it was...
>
> -Original Message-
> From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
> Sent: Friday, January 11, 2013 1:34 PM
> To: NT System Admin Issues
> Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust
>
>
>
>
> http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-f
> law-709713/
>
> 
> From: Mark Boeck [netadmin...@gmail.com]
> Sent: Friday, January 11, 2013 12:15 PM
> To: NT System Admin Issues
> Subject: Re: Java 7 0day actively exploited in the wild | BeyondTrust
>
> lol - a friend of mine, a microsoft security mvp, starts her blog off like
> this:
> how to uninstall java!
> http://securitygarden.blogspot.com/2013/01/java-zero-day-again-time-to.html
> only after that does she post some links about the threat
>
> -
> >
> -
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to
> listmana...@lyris.sunbeltsoftware.com listmanager@lyris.sunbeltsoftwa
> re.com>
> with the body: unsubscribe ntsysadmin
>
>
>
>
>
>
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysad

Re: Limiting who can send all-staff e-mails

[Andrew S. Baker]

There's no link to cure that problem.

I wouldn't worry about solving it if they aren't interested in solving it.
Just calculate the space consumption that is involved and see if that
is significant enough for discussion.

It will change as soon as someone in management is impacted.





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Fri, Jan 25, 2013 at 7:11 AM, James Rankin  wrote:

> If they can't see why it's a bad idea from that sort of thing,
> thenyou're up against it
>
>
> On 25 January 2013 11:56, David Lum  wrote:
>
>>  Nope, that already happens, and we have employees that REPLY ALL to
>> those..
>>
>> ** **
>>
>> *From:* kz2...@googlemail.com [mailto:kz2...@googlemail.com]
>> *Sent:* Friday, January 25, 2013 3:43 AM
>>
>> *To:* NT System Admin Issues
>> *Subject:* Re: Limiting who can send all-staff e-mails
>>
>>  ** **
>>
>> Just wait till someone forwards a joke or scam report to your entire
>> staff, or asks for someone to move their car. That should do it.
>>
>> Sent from my Blackberry, which may be an antique but delivers email
>> RELIABLY
>>  --
>>
>> *From: *David Lum  
>>
>> *Date: *Fri, 25 Jan 2013 11:14:36 +
>>
>> *To: *NT System Admin Issues
>>
>> *ReplyTo: *"NT System Admin Issues" <
>> ntsysadmin@lyris.sunbelt-software.com>
>>
>> *Subject: *Limiting who can send all-staff e-mails
>>
>> ** **
>>
>> Does anyone have some links I can use to demonstrate to management why
>> it’s a bad idea to allow any of our 600 employees to send e-mails to “all
>> staff”? 
>>
>> *David Lum*
>> Sr. Systems Engineer // NWEATM
>> Office 503.548.5229 //* *Cell (voice/text) 503.267.9764
>>
>> ** **
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
>
>
> --
> *James Rankin*
> Technical Consultant (ACA, CCA, MCTS)
> http://appsensebigot.blogspot.co.uk
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: DNS concerns - Server 2003 R2 SP2 Domain Controllers

[Andrew S. Baker]

Indeed...





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Thu, Jan 24, 2013 at 8:15 AM, Kennedy, Jim
wrote:

> The one that amazes me is the smtp fixup on Cisco. That one has been an
> issue for 10 years or so.
>
> -Original Message-
> From: Ben Scott [mailto:mailvor...@gmail.com]
> Sent: Wednesday, January 23, 2013 5:44 PM
> To: NT System Admin Issues
> Subject: Re: DNS concerns - Server 2003 R2 SP2 Domain Controllers
>
> On Wed, Jan 23, 2013 at 2:48 PM, Kennedy, Jim <
> kennedy...@elyriaschools.org> wrote:
> > To clarify...the dns fixup refers to Cisco firewalls/asa's.
>
>   I've noticed that Cisco's "fixup" features tend to break things.
>
> -- Ben
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Patch management recommendations

[Andrew S. Baker]

Was that a Symantec-inspired upgrade?



*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Thu, Jan 17, 2013 at 9:35 AM, Glen Johnson  wrote:

>  Almost all the Virginia Community colleges, dumped Altiris in favor of
> KACE.
>
> The latest update to Altiris was a disaster for everyone that attempted it.
> 
>
> We were not one of the brave colleges to try, but from what I heard, the
> system requirements were huge, a dual socket, quad core server with 24gig
> ram was barely adequate to serve 3 to 400 client workstations.
>
> Ouch.
>
> We currently run both the K1000 and K2000 on a HP/Compaq dl-380 dual
> socket, quad core with 16gig ram under vmware 5 and it is very responsive.
> 
>
> Also two other windows virtuals on the same host.
>
> The instructor led training was very good also.
>
> ** **
>
> *From:* Rod Trent [mailto:rodtr...@myitforum.com]
> *Sent:* Thursday, January 17, 2013 9:08 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Patch management recommendations
>
>  ** **
>
> I’d take a step back to wait and see on Altiris with yesterday’s news. ***
> *
>
> ** **
>
>
> http://myitforum.com/myitforumwp/2013/01/16/altiris-to-become-altiris-again-symantec-dumping-it-for-less-than-it-paid/
> 
>
> ** **
>
> *From:* Christopher Bodnar 
> [mailto:christopher_bod...@glic.com]
>
> *Sent:* Thursday, January 17, 2013 8:40 AM
> *To:* NT System Admin Issues
> *Subject:* Re: Patch management recommendations
>
> ** **
>
> Kace
> Altiris
> SCCM with SCUP
>
> One of these should fit most of your clients needs. 
>
>   *Christopher Bodnar*
> Enterprise Architect I, Corporate Office of Technology:Enterprise
> Architecture and Engineering Services 
>
> Tel 610-807-6459
> 3900 Burgess Place, Bethlehem, PA 18017
> christopher_bod...@glic.com 
>
> [image: cid:image001.jpg@01CDF492.11CAAC30]
>
> *
> The Guardian Life Insurance Company of America*
> *
> *www.guardianlife.com 
>
>
>
>
>
>
> From:"Charlie Kaiser" 
> To:"NT System Admin Issues"  >
> Date:01/16/2013 06:04 PM
> Subject:Patch management recommendations 
>  --
>
>
>
>
> I work for a consulting firm that manages a variety of SMB clients. As we
> increase our client load and the size of the clients (moving from the 3-10
> seat to the 50-1000 seat clients) we are implementing more advanced
> products
> for a variety of tasks.
>
> We are currently looking at patch management solutions. Our current
> paradigm
> is a mix of WSUS and manual intervention, but it's not enough, obviously. I
> haven't used a centralized patch management system for around 5-6 years
> (used to use early versions of Shavlik) so I haven't been keeping up with
> the market. We're now looking for something that does 3rd party apps, not
> just MS stuff, so WSUS is off the table. Our clients are all on MS
> platforms, though; almost no *nix or Apple.
>
> I don't envision a one-size-fits-all product. I expect that we'll want a
> variety of solutions tailored to the size and complexity of the client. And
> I have no illusions about the "ease" of patch management given any product.
> :-)
> My boss would love an MSP-style of centrally managed product that can
> handle
> all our clients, but my belief is that trying to go that route is much more
> difficult than doing per-client implementations, especially without
> dedicated patch management admins.
>
> Having said all that, is anyone working with patch management systems that
> they really like for this space? Also, any you really DON'T like?
>
> Thanks!
>
> ***
> Charlie Kaiser
> charl...@golden-eagle.org
> Kingman, AZ
> ***
>
>



  *ASB*

*http://XeeMe.com/AndrewBaker* **

*Providing Expert Technology Consulting Services for the SMB market…*

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: Out of band IE patch issued

[Andrew S. Baker]

Thanks, Z





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Mon, Jan 14, 2013 at 3:52 PM, Ziots, Edward  wrote:

> This alert is to provide you with an overview of one new security bulletin
> being released (out of band) on January 14, 2013, for a new vulnerability
> in Internet Explorer.
>
> Microsoft Security Bulletin MS13-008 Security Update for Internet Explorer
> (2799329)
>
> Full Details: http://technet.microsoft.com/security/bulletin/MS13-008.
>
> Regards,
>
> Microsoft CSS Security
>
> Edward E. Ziots, CISSP, Security +, Network +
> Security Engineer
> Lifespan Organization
> ezi...@lifespan.org
>
>



  *ASB*

*http://XeeMe.com/AndrewBaker* **

*Providing Expert Technology Consulting Services for the SMB market…*

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Time sync

[Andrew S. Baker]

http://technet.microsoft.com/en-us/systemcenter/hh278293Well, I wouldn't
use a 1TB as the range, but let's use your example and say we doubled all
of our expected minimums.

Then you have all the flexibility that you pointed out before.



*>>Now, in order to know the max my virtuals might take, I have to look at
each host store, find all of the virtual machines with VHD files on that
store, then figure out each virtual’s drive letter for that VHD (is that
even possible?), then add up all the file system sizes. *

Why do you have to do that?

I'd expect that you'd be using something like System Center VM
Manager<http://technet.microsoft.com/en-us/systemcenter/hh278293>to
manage your virtual hosts and give you a comprehensive view of storage
consumption, utilization, etc.

Right?



*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Mon, Jan 7, 2013 at 3:33 PM, Ken Cornetet wrote:

> How do you “manage your capacity properly”? I’m not being facetious – I
> really want to know since it looks like we are switching to HyperV.
>
> ** **
>
> Microsoft’s recommendation is to create thin disks for more than you ever
> think you need. Then, when creating the OS, use disk manager to create the
> file system with the minimum you can get by with. This allows the VHD file
> to only grow up to the size of the file system it contains.
>
> ** **
>
> Then, if a virtual’s file system runs out of space, you can use storage
> management to extend the disk into some the free space you allocated in the
> VHD file.  This allows you to have room for expansion, but keeps any one
> virtual from exhausting free physical disk.
>
> ** **
>
> For example: Let’s say we need a SQL server. We think we can get by with
> the following disks:
>
> C: - 40GB (os)
>
> D: - 30GB (logs)
>
> E: - 100GB (data)
>
> ** **
>
> Microsoft is telling us to create thin disks of, say,  1TB each. However,
> when we install the OS, we create NTFS file systems on each disk with the
> desired sizes of 40GB, 30GB, and 100GB. We now know that in the current
> state, this virtual can only grow its thin disks to a total of 170GB.  If
> the E:  runs out of space, we can use disk manager to extend the NTFS file
> system, which will grow the thin disk up to the new NTFS file system size.
> This gives you the ability to easily grow disks at will, but prevents any
> one virtual from hogging all the free host disk.
>
> ** **
>
> This sort of seems reasonable, but it complicates disk management
> immensely. Now, in order to know the max my virtuals might take, I have to
> look at each host store, find all of the virtual machines with VHD files on
> that store, then figure out each virtual’s drive letter for that VHD (is
> that even possible?), then add up all the file system sizes. Seems like a
> lot of work, even if you script it up.
>
> ** **
>
> 
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Monday, January 07, 2013 12:08 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Time sync
>
> ** **
>
> Yes, over subscribing can be an issue if you don't manage your capacity
> properly.
>
> ** **
>
> It hasn't proved to be an issue in any of the environments where I have
> been.
>
>  
>
>  
>
> *ASB
> **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
> **Providing Virtual CIO Services (IT Operations & Information Security)
> for the SMB market…*
>
>  
>
> ** **
>
> On Mon, Jan 7, 2013 at 11:35 AM, Ken Cornetet 
> wrote:
>
> Thin provisioning seems risky to me. Seems like you are always in danger
> of non-critical virtuals deciding to use more disk space thus exhausting
>  physical space which would cause critical VMs to pause if they happen to
> need more space.
>
> We tried thin provisioning  back in the old VirtualServer days, and I ran
> into this problem a few times.
>
>
> -Original Message-
> From: Michael B. Smith [mailto:mich...@smithcons.com]
> Sent: Monday, January 07, 2013 10:28 AM
> To: NT System Admin Issues
>
> Subject: RE: Time sync
>
> Because the overhead associated with dynamic disks in Hyper-V v3 is in the
> very low single digits. We don't spend any time on this process, thin
> provisioning still works seamlessly, and we get on with our lives.
>
> :)
>
> -Original Message-
> From: Ken Cornetet [mailto:ken.corne...@kimball.com]
>
> Sent: Monday, January 7, 2013 10:06 AM
> To: NT System Admin Issues
>
> 

Re: Time sync

[Andrew S. Baker]

Yes, over subscribing can be an issue if you don't manage your capacity
properly.

It hasn't proved to be an issue in any of the environments where I have
been.





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Mon, Jan 7, 2013 at 11:35 AM, Ken Cornetet wrote:

> Thin provisioning seems risky to me. Seems like you are always in danger
> of non-critical virtuals deciding to use more disk space thus exhausting
>  physical space which would cause critical VMs to pause if they happen to
> need more space.
>
> We tried thin provisioning  back in the old VirtualServer days, and I ran
> into this problem a few times.
>
> -Original Message-
> From: Michael B. Smith [mailto:mich...@smithcons.com]
> Sent: Monday, January 07, 2013 10:28 AM
> To: NT System Admin Issues
> Subject: RE: Time sync
>
> Because the overhead associated with dynamic disks in Hyper-V v3 is in the
> very low single digits. We don't spend any time on this process, thin
> provisioning still works seamlessly, and we get on with our lives.
>
> :)
>
> -Original Message-
> From: Ken Cornetet [mailto:ken.corne...@kimball.com]
> Sent: Monday, January 7, 2013 10:06 AM
> To: NT System Admin Issues
> Subject: RE: Time sync
>
> We are running ESX 5. To conserve SAN storage, we provision virtuals with
> the bare minimum needed disk space because it is so easy to extend disks
> later (extend the VMDK in VMWare, extend in Windows, done). No down time,
> and no wasted disk. We don't have to spend a lot of time trying to
> anticipate how big the disks will get and wasting disk if we guess too high.
>
> In HyperV, you can't extend disks without shutting down the virtual -
> seriously.
>
> I can't for the life of me figure out why MS isn't fixing this instead of
> adding silly features like 4TB of guest RAM. And, I also wonder why HyperV
> users aren't howling about this.
>
> -Original Message-
> From: Michael Leone [mailto:oozerd...@gmail.com]
> Sent: Monday, January 07, 2013 9:43 AM
> To: NT System Admin Issues
> Subject: Re: Time sync
>
> On Mon, Jan 7, 2013 at 8:31 AM, Ken Cornetet 
> wrote:
> > Lol, how many times do you need 64 vCPUs or 4TB of guest Ram versus
> > needing to extend a disk?
>
> I run VMware ESXi 5.0, and I know I have had to extend a disk any number
> of times. And Win2008 makes extending the boot disk so much easier, too.
>
> My largest VM has 16G of RAM, and I was even leery of that. And I have
> 6 hosts with 512G RAM each ...
>
>



  *ASB*

*http://XeeMe.com/AndrewBaker* **

*Providing Expert Technology Consulting Services for the SMB market…*

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Time sync

[Andrew S. Baker]

You do know you can thin provision in both VMWare and HyperV, right?

Thus, you can stipulate that a disk have a max size of 200GB, but if you're
only using 50GB, it will only be 50GB in size.

Thus, no reason for Windows users to howl.

Plus, Windows doesn't mind extending non-boot disks, but it's not all that
happy about having its boot disk extended, no matter what the underlying
hypervisor.





*ASB
**http://XeeMe.com/AndrewBaker* *
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Mon, Jan 7, 2013 at 10:05 AM, Ken Cornetet wrote:

> We are running ESX 5. To conserve SAN storage, we provision virtuals with
> the bare minimum needed disk space because it is so easy to extend disks
> later (extend the VMDK in VMWare, extend in Windows, done). No down time,
> and no wasted disk. We don't have to spend a lot of time trying to
> anticipate how big the disks will get and wasting disk if we guess too high.
>
> In HyperV, you can't extend disks without shutting down the virtual -
> seriously.
>
> I can't for the life of me figure out why MS isn't fixing this instead of
> adding silly features like 4TB of guest RAM. And, I also wonder why HyperV
> users aren't howling about this.
>
> -Original Message-
> From: Michael Leone [mailto:oozerd...@gmail.com]
> Sent: Monday, January 07, 2013 9:43 AM
> To: NT System Admin Issues
> Subject: Re: Time sync
>
> On Mon, Jan 7, 2013 at 8:31 AM, Ken Cornetet 
> wrote:
> > Lol, how many times do you need 64 vCPUs or 4TB of guest Ram versus
> > needing to extend a disk?
>
> I run VMware ESXi 5.0, and I know I have had to extend a disk any number
> of times. And Win2008 makes extending the boot disk so much easier, too.
>
> My largest VM has 16G of RAM, and I was even leery of that. And I have
> 6 hosts with 512G RAM each ...
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>



  *ASB*

*http://XeeMe.com/AndrewBaker* **

*Providing Expert Technology Consulting Services for the SMB market…*

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin