RE: WS12 disable printer mapping
I always do this with Group Policy. Make sure you exclude your Terminal Servers from the policy, though. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu] Sent: Tuesday, April 16, 2013 8:44 AM To: NT System Admin Issues Subject: RE: WS12 disable printer mapping I started thinking, how would someone do this with server core? Found this, which says to use the GPO method, and also appears to be a very nice checklist for 2012 Hyper-V config. I'll be trying the GPO out: http://blogs.technet.com/b/askpfeplat/archive/2013/03/10/windows-server-2012-hyper-v-best-practices-in-easy-checklist-form.aspx -Bonnie From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu] Sent: Tuesday, April 16, 2013 7:15 AM To: NT System Admin Issues Subject: WS12 disable printer mapping For a long time now, I've disabled Windows printer mapping on most servers (minus actual TS/RDS servers), as when admins connect via RDS, it will otherwise load their printer drivers. On print servers in particular, this is a really big issue, but I find it's cleaner to keep things off that aren't needed in general. I've typically done this manually by going to RDS Session Host configuration, properties of RDS-TCP, Client settings tab, then check the box to disable. So, how does one do the same thing in Windows Server 2012, especially where the RDS role is not actually installed? If there is not a way to do this manually, would enabling this GPO do the trick? http://blogs.technet.com/b/yongrhee/archive/2011/10/09/how-to-disable-printer-redirection-on-windows-server-2008-or-a-windows-server-2008-r2-print-server.aspx Or, is it no longer necessary and I'm worrying for no reason? I know there have been some changes to the print subsystem again for W8/WS2012, but most client machines connecting via RDS are still Win7. Thanks! Bonnie ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Office 365 Email Migration steps - is there a better way?
This is very well documented on the O365 site and Technet. There are a number of options Microsoft supports for doing this - I'd use one. In your case, a Simple Exchange Migration would likely work. You could use the Staged or full-on Hybrid options too. For an SBS sized environment that seems overkill to me. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Don Kuhlman [mailto:drkuhl...@yahoo.com] Sent: Monday, April 8, 2013 10:19 AM To: NT System Admin Issues Subject: Office 365 Email Migration steps - is there a better way? Since we've been on the subject of Office 365, I was wondering if anyone has a high level set of steps they use for migrating user email from on premise to Office 365 - on premise outllook client is XP or up. On Premise Exchange server is 2008 SBS. I've done a few and have some steps that require manual changes to the user's outlook profile on their in house computers. Basically - 1) Verify the on-premise AD account is synced and enabled through the portal 2) Connect to user's system and login to office 365 portal to verify their local software is good 3) Setup the migration script 4) Run the migration/verify all good 5) Go back to user's system and create a new Outlook profile (in case of problems) that points to Office 365 6) Login using new Outlook profile and verify mail is working 7) Delete old Profile 8) Advise user how to login to portal, help them setup their mobile phone, etc for Outlook Is there an easier/better way ? Don K ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Windows DNS scavenging..
It should be turned on. I generally enable it on a couple of DCs. Remember, you have to enable it on the zone and then the DNS Server(s) that will perform the scavenging. First time you do this you might find some record gets cleaned up that was dynamically registered but the registrar is long gone yet something is depending on it. Take an ldifde dump of your DNS storage in AD in case you need to bring back any records. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: David Lum [mailto:david@nwea.org] Sent: Monday, April 8, 2013 9:33 AM To: NT System Admin Issues Subject: Windows DNS scavenging.. Do you guys have it turned on? Have you seen any issues from it, any caveats? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Powershell - match up user accounts from two ADs
I would switch to Export-Csv and then you can use Excel to do some of your munging. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Don Kuhlman [mailto:drkuhl...@yahoo.com] Sent: Tuesday, April 2, 2013 10:22 AM To: NT System Admin Issues Subject: Powershell - match up user accounts from two ADs Hi folks. I was asked to take a list of users from one AD and match them up to possible users in another AD. The source and target Accounts were different in some cases so I couldn't search on the account value. I thought using the last name was my best shot to get a match so that's what I searched on. I needed their account from the target AD. The source list had their firstname, lastname, and AD account. I needed to take the resulting list from the new AD and match those accounts to the source list of names to make sure I had the right user. This script worked, but when I used it, I had to do some manual manipulation to pair up the results with the source users. I also had to use notepad to clean up my output file and get rid of some extra format characters. Anyone have any tips on a better way to do the search and limit the results ? Thanks Don K Contents of my SourceUserlist.csv was just a subset with the last names - example: kuhlman smith jones ... .. Contents of the newuserlist.csv @{SamAccountName=drkuhlman; Name=Don Kuhlman} @{SamAccountName=jsmith; Name=John Smith} @{SamAccountName=bsmith; Name=Bob Smith} @{SamAccountName=rjones; Name=Bob Jones} @{SamAccountName=djones; Name=Dick Jones} SCRIPT is here: # This script reads a list of surnames from a csv file \downloads\sourceuserlist.csv # It then searches the current attached AD for any surnames matching # And will write output to screen and newuserlist.csv the list of accounts and names found that match the searchstring $path = c:\downloads\sourceuserlist.csv $csv = import-csv -path $path $table | set-content c:\downloads\newuserlist.csv foreach($line in $csv) ` { write-host $line.sn $searchname = $line.sn get-aduser -filter sn -like '$searchname' | select SamAccountName,Name| Add-Content c:\downloads\newuserlist.csv } ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DPM and LTO6?
I haven’t a clue, but, isn't the specific tape media/type abstracted to the backup program via the driver? Thanks, Brian Desmond br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, March 21, 2013 4:28 PM To: NT System Admin Issues Subject: DPM and LTO6? Anyone know if it's supported? The last notes I see on the MSFT site don't show any references to it, just LTO5, and I've got an opportunity to buy a new tape unit before the end of the month/FY, so have to make a decision today... Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Automate DCDIAG and e-mail results
Doesn't really scale beyond a couple DCs. I would generally recommend a monitoring tool that has AD specific monitoring capabilities. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: David Lum [mailto:david@nwea.org] Sent: Monday, March 18, 2013 11:53 AM To: NT System Admin Issues Subject: Automate DCDIAG and e-mail results Are any of you guys doing anything similar to this? http://scriptzilla.blogspot.com/2010/02/automate-dcdiag-on-your-domain.html Would be nice to patch/reboot my DC's and have DCDIAG and REPADMIN run 30 mins later and e-mail the results. This looks like a good base but am curious what others do. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Cross Domain authentication - brain freeze
Don- You might refactor this code to use S.DS.AccountManagement. It abstracts all this stuff for you. You’re going to start needing to think about global catalogs also with multiple domains, universal groups, etc. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 From: Don Kuhlman [mailto:drkuhl...@yahoo.com] Sent: Friday, March 15, 2013 4:07 PM To: NT System Admin Issues Subject: Cross Domain authentication - brain freeze Hi guys. It's getting near quitting time here, and they just announced that the bar is open for some St Patti's libations - :) Anyway, our corp team deployed a new domain in our forest - like dom2.co.com We have service accounts and groups for an app in dom1.co.com Users in dom2.co.com can't get into the app by being in universal groups in dom1.co.com Users in dom1.co.com can get into app by being in universal groups in dom1.co.com Here is a snip from the dev about how he is doing the lookup - Yes, I can authenticate the user on the dom2 domain, but no groups are returned from my GetGroups() function. When I debug the process: The DirectorySearch object in the GetGroups() function uses the following path: LDAP://dom2.co.com/CN=username,OU=Users,OU=Business,OU=Customers,DC=dom2,DC=co,DC=com. I set the PropertiesToLoad property to “memberOf”, then I get a create a result object using the FindOne() method. My result object is set to nothing. This works fine in the DOM1 domain, but dies in the DOM2 domain. When I try to get the number of results, it throws an error, because it’s not even zero, it’s nothing. I found a few links, but they don't seem to apply. Cross domain security group lookups - http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/96a697df-2d00-4edd-993f-632d7e8e1043 Group enum between trusted domains does not perform as expected - http://networkadminkb.com/kb/Knowledge%20Base/ActiveDirectory/Group%20Enumeration%20between%20Trusted%20Domains%http://networkadminkb.com/kb/Knowledge%20Base/ActiveDirectory/Group%20Enumeration%20between%20Trusted%20Domains%25 Any thoughts appreciated! Thanks Don K ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Running Powershell script as scheduled task fails with 0x1
Really? I run all mine natively with powershell.exe in the task scheduler. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, March 7, 2013 1:40 PM To: NT System Admin Issues Subject: RE: Running Powershell script as scheduled task fails with 0x1 I always wrap powershell in a BAT and schedule the BAT. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, March 7, 2013 2:34 PM To: NT System Admin Issues Subject: Re: Running Powershell script as scheduled task fails with 0x1 Sorry; this is Win 2008 R2. On Thu, Mar 7, 2013 at 2:30 PM, Michael Leone oozerd...@gmail.com wrote: I can't understand why my script is failing. I can run it from a Powershell prompt (I have to Run as administrator, because the script is deleting some files in a backup directory). But it works perfectly when I do it that way. But when I create a Scheduled Task to do it, it fails with 0x1. I create a Task, tell it to use an account with domain admin privileges. Tell it to run whether the user is logged on or not, and to run with highest privileges The action calls a program (C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe). In Add arguments, I have -Command C:\Scripts\myscript.ps1 And it always fails with 0x1. And I can't figure out why, if it is running as a user with highest privileges and that works interactively, from an elevated PS prompt. What part am I doing wrong? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Recommendations for DNS/SSL provider
DigiCert for certs hands down. I can't comment on DNS providers. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Damien Solodow [mailto:damien.solo...@harrison.edu] Sent: Monday, February 25, 2013 2:25 PM To: NT System Admin Issues Subject: Recommendations for DNS/SSL provider Currently we are using GoDaddy for our SSL certs, domain registration and parking/forwarding of some domains. Our main DNS zones are hosted internally, but we use them to point/redirect various domains to our main ones. There is currently some discussion about moving away from them due to various concerns around them (not just technical issues). I wanted to see of anyone had suggestions/recommendations on alternatives that aren't going to trigger a huge price jump. Are we going to be better off having a provider/company for SSL and another for DNS, or are there good options that provide both? As far as certificates, so far I'm liking the looks of DigiCert and RapidSSL but am open to options. DAMIEN SOLODOW Systems Engineer 317.447.6033 (office) 317.447.6014 (fax) HARRISON COLLEGE 500 North Meridian St Suite 500 Indianapolis, IN 46204-1213 www.harrison.eduhttp://www.harrison.edu/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Replacing a print server - publishing printers in directory?
Bulk reply here. - Printers are just an object in the directory of class printQueue. There is no SID or anything like that attached to them. - The printer object needs to go away, eventually because it has the UNC path to the share on it - If you go to ViewShow Objects as Containers (or something like that) in ADUC, and browse to your print server, you'll find all the printQueue objects under there. - Mapping printers for people via GPO is completely unrelated to this publishing functionality. - FWIW, I usually argue against the concierge approach with GPOs - Old printQueue objects will automatically get pruned over time by AD. - Since you're republishing the printers on a new server, and it sounds like your customer population is leveraging this feature, I would use the above mentioned ADUC feature to go and just shift-click all the old printQueue objects and delete them once your old server is offline - In the event you bring your old server back up, the objects will be recreated Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Wednesday, February 13, 2013 8:06 AM To: NT System Admin Issues Subject: Replacing a print server - publishing printers in directory? So I need to replace one of my current print servers (Win2003, 32bit) with a new VM (Win2008 R2, 64bit). Some of you may recall my emails about this recently. Anyway, I have the new server ready, all printers defined on it (with the same names as the current production printers). My question is about actually cutting over to the new server. Before I do that, do I need to unlist the printers from the directory on the old production print server and unshare the printers *before* changing it's name and IP? That's a bit of a pain, because there are 93 printers, and I haven't found a way to do that as a batch, so I'd have to change each printer definition manually.I don't know how printers are treated in the directory - do they have a unique SID like a computer object, and so just creating a new printer with the same name on a server with the same name does not mean that it will just work? Once I unlist and unshare, I should be able to change the name and IP of the old server; re-assign them to the new printer; list all the new printers in the directory. And then all should Just Work. Is that right? Am I missing a step? Do I have a step wrong? Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: OT: MCM certification
As others have noted, it costs a good bit of money just to put these classes on – both the delivery and all of the background work (courseware dev, exam dev, management overhead, etc.). Your dollar figure may be little in the grand scheme of a company of Microsoft’s scale, but, at the end of the day, someone’s budget has to cover this. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Thursday, February 14, 2013 12:45 PM To: NT System Admin Issues Subject: Re: OT: MCM certification Don't want to keep on this thread, it's obvious that most of you are in disagreement with me. I'm OK with that. But to your comment: I think I get who the certification is targeting. My point is that I think there is a larger population out there that might be interested in and possibly be valid candidates for, this certification in mid sized shops, but the cost is prohibitive. And I understand that there has to be a fee for this. And I even agree that MS isn't really making money off this. But just doing some basic numbers (I may be way off on these figures so don't crucify me on this). If there are 4 sessions a year in any given track (SQL, Messaging, DS, etc...)That's 100 people that need to pay for the course. Thats' $1.4milliion. Even say they cut this in half, they would only be reducing their revenue by $750K per track. In terms of MS, that is peanuts. This is not a revenue stream for MS, they are just trying to recoup some of the costs. But this would open it up to a much larger pool of potential candidates. Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto: [cid:image001.jpg@01CE0ACA.C1AB8CC0] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ From:Andrew S. Baker asbz...@gmail.commailto:asbz...@gmail.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date:02/14/2013 02:59 PM Subject:Re: OT: MCM certification Chris, if you look at who that certification is targeting, the ROI is very, very straightforward. Lowering the price wouldn't lower the barrier that much, and the cost of the overall process must come from somewhere. ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market… On Wed, Feb 13, 2013 at 10:20 AM, Christopher Bodnar christopher_bod...@glic.commailto:christopher_bod...@glic.com wrote: Was reading this yesterday: http://blogs.metcorpconsulting.com/tech/?p=1101 And got to thinking about this again. It still bothers me that the road to this certification is artificially blocked by monetary constraints. I think the certification is difficult enough without adding that as a factor to reduce the overall numbers just to increase the value of this certification. Maybe I'm in the minority, but I know I wont' even consider this certification, just based on the cost. Not that I think I would pass, or that I even think I'm ready for something like this. I don't work for MS and I'm not a consultant. Which from what I've seen are the 2 primary groups of people seeking this certification. My employer would never consider this strictly based on cost and ROI. Anyone else of the same opinion? Or am I way off base here? Chris - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security
RE: Domain upgrade: 2008 R2 or 2012 ?
I would go straight to WS2012. From an AD perspective, you can take advantage of new features like virtualization safeties, group managed service accounts, and dynamic access control. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Thursday, February 7, 2013 3:34 PM To: NT System Admin Issues Subject: Domain upgrade: 2008 R2 or 2012 ? Has anyone done this evaluation recently? We are a 2003 R2 shop. We were in the process of planning a migration to a 2008 R2 domain last year (hardware was bought and deployed), when the funds got cut. From what I hear, we will have funding and approval this year for the project. So the question is now, 2008 R2 or 2012. I've had very little time with 2012 so far. Hopefully that will change in the near future. The benefits of going from 2003 to 2008 R2 i've already captured. From what I've seen so far, 2012 seems stable and an incremental upgrade for our environment. Some of the things that might push me towards 2012 don't apply in our environment. for Example RDS and Hyper-V. We are a big Citrix and VMWare shop. So I don't really see us making use of those specific features, or the enhancements in them from previous versions. From my understanding 2012 is included in our EA agreement. So I don't think it will really be a licensing issue. Love to hear thoughts and comments from others who are going through this right now, or have done this evaluation recently. Thanks, Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto: [cid:image001.jpg@01CE0549.D101CA30] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: DFSR question regarding RDC
Yes it's block level. IIRC down to like 64KB blocks that it does the diff at. Once you put the first image out there, you should only expect to replicate the diffs in all the other images. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Wednesday, February 6, 2013 10:41 AM To: NT System Admin Issues Subject: DFSR question regarding RDC Got a question about this: http://msdn.microsoft.com/en-us/library/windows/desktop/bb540025(v=vs.85).aspx Replicating data to multiple servers increases data availability and gives users in remote sites fast, reliable access to files. DFSR uses a new compression algorithm called Remote Differential Compression (RDC). RDC is a diff over the wire protocol that can be used to efficiently update files over a limited-bandwidth network. RDC detects insertions, removals, and rearrangements of data in files, enabling DFSR to replicate only the deltas (changes) when files are updated. Just curious if anyone has really looked at this in regards to the RDC feature in larger files. Got a replication set we are going to setup. These will be larger files (17-25G), they will be images for Citrix Provisioning server. Wanted to know if it's really doing delta's in larger images files as they change, or replicating the whole thing. Thanks Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto: [cid:image001.jpg@01CE0475.2B21E750] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: Rename 2003 domain
To add to Michael's point, this wasn't necessary and probably wasn't the best idea. The consultant obviously messed something up given you had to rejoin clients. The simple fact that the consultant was happy to (and possibly recommended) this domain rename tells me a lot. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: David Mazzaccaro [mailto:david.mazzacc...@hudsonmobility.com] Sent: Tuesday, February 5, 2013 9:55 AM To: NT System Admin Issues Subject: RE: Rename 2003 domain We hired a consultant to move us to AD 2008 R2 and E2010. He renamed the domain to company.net this past weekend. We did have to manually rejoin the clients to the new domain (rebooting twice did not make the clients auto-join), but everything appears to be working fine. We have just extended the schema and have our first 2008 R2 domain controller up and running. Anything in particular I should check to verify that all is well? From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Tuesday, February 05, 2013 9:50 AM To: NT System Admin Issues Subject: RE: Rename 2003 domain Don't rename the domain. Just Say No. There is no need. Sent from my Windows Phone From: David Mazzaccaro Sent: 2/1/2013 9:50 PM To: NT System Admin Issues Subject: RE: Rename 2003 domain Thx I Just read through that thread. One comment was that you never need to register an internal name on a certificate But it doesn't go into detail as to why. The other bigger headache (which I understand) is to NOT use an internal name that will also be used externally. We only use company.com on in the internet. So if we never use company.NET on the outside, why couldn't/shouldn't I rename the domain to that? Thx From: Webster [mailto:webs...@carlwebster.com] Sent: Friday, February 01, 2013 12:23 PM To: NT System Admin Issues Subject: RE: Rename 2003 domain Go to the archives and read the SSL and the new no internal names ruling thread. I think you are going in the wrong direction. Thanks Webster From: David Mazzaccaro [mailto:david.mazzacc...@hudsonmobility.com] Sent: Friday, February 01, 2013 9:48 AM To: NT System Admin Issues Subject: Rename 2003 domain I will be upgrading my domain from 2003 to 2008 R2 and Exchange 2003 2010. Apparently E2010 does not like my current domain name company.town.main It wants (needs?) a name that can be registered w/ an internet registrar in order to obtain a certificate. So... I will be renaming the domain to company.net this weekend. I have already registered the company.net name. From what I have read, it is fairly (?) straightforward: http://technet.microsoft.com/en-us/library/cc738208(v=ws.10).aspx Then there are specific Exchange changes: XDR-fixup Then it seems EVERY computer needs to reboot twice for them to see the new domain. I do have a script for this and a txt file w/ all the machines in it: for /f %%i in (machines.txt) do shutdown -m \\%%ifile:///\\%25%25i -f -r -t 05 My question is... has anyone here successfully renamed a 2003 domain (especially w/ Exchange 2003 in it)? Care to share your experience and any gotcha's that came up? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe
RE: SMB IT provider Q
How does the cost of this compare to simply putting the actual server under a warranty with Dell that has an SLA on parts? You can get 4 hour turnaround 24x7 if you ask. At $25/mo, that's $300 a year, IIRC a 3 year warranty for this type of turnaround is in the $1000-$1500 range, so, you're looking at $900 versus whatever for the actual guarantee. If I was the customer I'd simply pay Dell. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Sunday, February 3, 2013 3:01 PM To: NT System Admin Issues Subject: Re: SMB IT provider Q If you get them to buy into the $25/mo peace of mind, then start with a single server, but add another for every 4-7 clients that buys into the service (use a number that works to minimize your risk here). If you had 4 or 5 customers buying into this, the servers would pay for themselves in about a year. ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Sun, Feb 3, 2013 at 12:31 PM, Ben M. Schorr b...@rolandschorr.commailto:b...@rolandschorr.com wrote: I'd probably offer it as a service for a nominal fee - maybe $25 a month per customer? Of course you run the risk of having multiple customers suffer failures at the same time and they'll be rightfully upset if you don't have the spare hardware available to get them back up when that happens... Ben M. Schorr Chief Executive Officer Roland Schorr Tower - Flagstaff Office 928-526-3970tel:928-526-3970 www.rolandschorr.comhttp://www.rolandschorr.com/ * www.twitter.com/bschorrhttp://www.twitter.com/bschorr * www.facebook.com/RolandSchorrhttp://www.facebook.com/RolandSchorr From: David Lum [mailto:david@nwea.orgmailto:david@nwea.org] Sent: Sunday, February 3, 2013 10:11 AM To: NT System Admin Issues Subject: SMB IT provider Q I have a couple of clients and they both run SBS2011 Premium in their environments and in both cases I have them on Dell hardware and on top of Hyper-V hosts. It makes sense to me to have ready spare hardware, and it seems to me if I had one server in my lab ready to go as a temporary stand-in Hyper-V host I could offer this as a cheaper alternative as to asking them to have a full 2nd server onsite in a cluster. My thinking is: * Have one server, just powerful enough to work as a stand-in server in either environment (16GB RAM, enough SAS disk space to cover the biggest Hyper-V host) with an IT Garage licensed 2008 R2 Host OS (both my clients are running this). * If either client has a hard server failure, I run my hardware out and restore their backups to this hardware. This gets them up and running while I resolve whatever the issue might be on their production server * Once their primary system is back up, bring this hardware back to my lab It looks like I can get some hardware in the $1000 range for this, but the catch is I'd like to have my clients offset some if not all of the cost. Would it make sense to offer them this spare server available service with a monthly fee associated, or a one-time cost? Surely other IT shops offer the same thing in some fashion. I did a proof-of-concept of this this weekend, I grabbed a client's SBS2011 backup and restored it to my own ITG server (has just 8GB RAM through and SATA not SAS, so not enough oomph to run both SBS2011 and the 2008R2 server that comes with Premium) and restored to it and it worked beautifully. It's possible of course that both clients could have an outage on the same day, in which case I'd totally screwed in many ways, so not sure how to handle not being able to deliver something they've been paying for, except maybe a if this service can't be delivered then something as they do know that I am a one-man shop with a day job to boot. I may be overlooking some other options here as well, so I am open to suggestions. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229tel:503.548.5229 // Cell (voice/text) 503.267.9764tel:503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http
RE: SMB IT provider Q
Ask your insurance agent about what your liability coverage looks like for storing a customer’s data in your office/home office. I certainly would not want to carry this risk. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 From: Bill Humphries [mailto:nt...@hedgedigger.com] Sent: Sunday, February 3, 2013 7:27 PM To: NT System Admin Issues Subject: Re: SMB IT provider Q There is some value in having it offsite in case of disaster or equipment gets stolen. You could be snazzy and do both onsite and charge the $25 for an offsite option. Bill From: David Lummailto:david@nwea.org Sent: Sunday, February 03, 2013 2:46 PM To: NT System Admin Issuesmailto:ntsysadmin@lyris.sunbelt-software.com Subject: RE: SMB IT provider Q This is actually the other idea I was considering, have this 2nd server host the patching/anti-virus, etc stuff on a VM and the host could also store the backup images and be leveraged in an emergency. From: Mike Hoffman [mailto:m...@drumbrae.net] Sent: Sunday, February 03, 2013 10:56 AM To: NT System Admin Issues Subject: RE: SMB IT provider Q Why not give the clients each a server which can be re-tasked at short notice? If you store the backup images on a device that you can hyper-v up if necessary then it has great value for the client to have available for themselves. We have a few servers running Hyper-v which we are reconfiguring to do some failover – the plan is that if we need a server at short notice we simply sacrifice the failovers and move the box. The licensing is taken care via a SPLA license or the clients existing licenses. It is very rate to actually need to deploy a spare server, think of recovery objectives. If the server is down they can still work, emails can back-up with the ISP, individual files can be recovered and any server repairs (e.g. new backplane) can be scheduled to minimise disruption. If a client really needs that level of redundancy then they can afford to pay fully for it. 25 users, $4 per user per month = $1200 per year. Don’t promise what you can’t deliver, but you know the clients well. It might be worth getting involved with a local IT company just to cover your back just in case. Mike From: Ben M. Schorr [mailto:b...@rolandschorr.com] Sent: 03 February 2013 17:31 To: NT System Admin Issues Subject: RE: SMB IT provider Q I’d probably offer it as a service for a nominal fee – maybe $25 a month per customer? Of course you run the risk of having multiple customers suffer failures at the same time and they’ll be rightfully upset if you don’t have the spare hardware available to get them back up when that happens… Ben M. Schorr Chief Executive Officer Roland Schorr Tower – Flagstaff Office 928-526-3970 www.rolandschorr.comhttp://www.rolandschorr.com/ * www.twitter.com/bschorrhttp://www.twitter.com/bschorr * www.facebook.com/RolandSchorrhttp://www.facebook.com/RolandSchorr From: David Lum [mailto:david@nwea.org] Sent: Sunday, February 3, 2013 10:11 AM To: NT System Admin Issues Subject: SMB IT provider Q I have a couple of clients and they both run SBS2011 Premium in their environments and in both cases I have them on Dell hardware and on top of Hyper-V hosts. It makes sense to me to have “ready spare” hardware, and it seems to me if I had one server in my lab ready to go as a temporary stand-in Hyper-V host I could offer this as a cheaper alternative as to asking them to have a full 2nd server onsite in a cluster. My thinking is: • Have one server, just powerful enough to work as a “stand-in” server in either environment (16GB RAM, enough SAS disk space to cover the biggest Hyper-V host) with an IT Garage licensed 2008 R2 Host OS (both my clients are running this). • If either client has a hard server failure, I run my hardware out and restore their backups to this hardware. This gets them up and running while I resolve whatever the issue might be on their production server • Once their primary system is back up, bring this hardware back to my lab It looks like I can get some hardware in the $1000 range for this, but the catch is I’d like to have my clients offset some if not all of the cost. Would it make sense to offer them this “spare server available” service with a monthly fee associated, or a one-time cost? Surely other IT shops offer the same thing in some fashion. I did a proof-of-concept of this this weekend, I grabbed a client’s SBS2011 backup and restored it to my own ITG server (has just 8GB RAM through and SATA not SAS, so not enough oomph to run both SBS2011 and the 2008R2 server that comes with Premium) and restored to it and it worked beautifully. It’s possible of course that both clients could have an outage on the same day, in which case I’d totally screwed in many ways, so not sure how to handle not being able to deliver something they’ve been paying for, except maybe
RE: Multi-tenant campus security
I would do some research on how this is done in university dorms and such. Search on ResNet - the usual term for that type of setup. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 -Original Message- From: Charlie Kaiser [mailto:charl...@golden-eagle.org] Sent: Thursday, January 31, 2013 8:38 AM To: NT System Admin Issues Subject: Multi-tenant campus security Hi all. Working with a client that runs a variety of real estate locations, leasing space to tenants. Locations are large. The new one that's being built out covers close to 50 acres. There will be a bunch of tenants, ranging from small (2-10) to large (1,000-2,000) users per tenant. Building management will be providing networking as a service, with Avaya phones, IP, and internet for clients. All clients will be logically isolated from all others but will be on the same switch fabric and use the same internet pipe. I lose sleep over these types of implementations. I seem to be the only one who is highly concerned about security threats. We have some very good networking guys doing the routing/switching/firewall stuff, but there are still obviously significant security concerns. It's trivial for a tenant on the inside to set up bad guy stuff and start pounding on the internal network. The Cisco guys are much more focused on outside-to-inside security. I'm looking for good info on internal networking security in this sort of implementation. My google-fu isn't working. Most of the multi-tenancy stuff I'm finding is geared towards virtualization, cloud services, and the like. My AOO will include providing DHCP for the VoIP phone system and all the data VLANs. I also need to advise on internal security and isolation. So I'm trying to find good resources on those sorts of thing. I'm also thinking we should have some sort of IDS/IPS on the internal network to stop or at least flag the internal hacker. Any recommendations along those lines? One more thing if that's not enough... As management is selling per-port networking services, is there any way to identify or prevent someone from plugging in router inside their subnet and adding ports? TIA *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Replacement for SteadyState
Yeah ... For all the universities I've worked at and had this discussion, this perceived problem has never morphed into an actual issue. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Monday, January 7, 2013 9:09 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState how do you handle situations where students don't logout before they leave.. then student 2 has access to student 1's account. Self-correcting problem. Student 2 deletes all of Students 1's stuff and Student 1 never does it again. With 7,000 students we have very little trouble with this issue actually. Also we set inactivity timeouts so they auto log out. I would not go with generic accounts. There is no accountability, no tracking of what they do From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, January 07, 2013 10:04 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState No on the student login. We use a generic account per classroom. We've talked about moving to a individual student login, but I'm not sure we need or want that. For others that have gone that route, how do you handle situations where students don't logout before they leave. You either have a locked computer, logged on as said student or if not locked, then student 2 has access to student 1's account. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Monday, January 07, 2013 9:32 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Sure so scenarios where you're teaching classes that require changes to the OS to accomplish the class makes good sense and I'd not argue against a solution like DeepFreeze in that case. In the case of things like wallpaper and user profile stuff, are you not using named user accounts for your students? That solves a bunch of this on the spot. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, January 7, 2013 7:42 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState We teach classes and let the students make any and all changes to the desktop environment. Here's one example. Student comes in and sets the desktop wallpaper to his favorite pinup gal. Next student doesn't like it, but is a beginner and doesn't know how to change it to something else. Reboot and the pin up gal is gone. Also, I've seen some programs/apps that can now be installed without admin rights, Google Chrome for example. Not a problem with Deep Freeze. I'm sure there are other ways to do this, but DeepFreeze works great in our environment. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Sunday, January 06, 2013 4:36 PM To: NT System Admin Issues Subject: RE: Replacement for SteadyState I've worked at a lot of customers that use DeepFreeze and similar products and I'm not a huge fan of the concept in general. It makes the overall lifecycle maintenance of a desktop environment a heck of a lot more complicated. The question I always pose (and usually don't get much of a response to), is what problems/issues is DeepFreeze protecting you from that running as a local user wouldn't solve? Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Friday, January 4, 2013 11:33 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Not free, but we could not function at the school without DeepFreeze. From: Bambi J Saastad [mailto:bambi.j.saas...@seagate.com] Sent: Friday, January 04, 2013 11:36 AM To: NT System Admin Issues Subject: Replacement for SteadyState Hello I was wondering if any of you could suggest a replacement for SteadyState. I have a roomful of pc's that the factory users use for browsing etc that I am replacing with Windows 7 Pro that need to be locked down. Can anyone suggest a product that does the same thing, wipe out any changes on reboot? TIA B ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http
RE: Replacement for SteadyState
When I worked for a K-12 (~450K students), we issued accounts to all students at any school that was using our central AD. I've seen the same practice at the other K-12 districts I've worked at. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Monday, January 7, 2013 10:12 AM To: NT System Admin Issues Subject: Re: Replacement for SteadyState Universities are a much different beast than primary and secondary schools. 1) Logging out was part of the Acceptable Use Policy, meaning it is the student's responsibility to log out. 2) Teachers were taught to double check that students logged out. 3) Teachers in labs, put it on their syllabus, and those who used labs regularly but were not actually in a lab, did so, as well, to remind students that not logging off could result in a loss of work. 4) Make sure that you give teachers some mechanism for resetting student passwords to some default password, and unlocking the account. This became a huge problem in the school I worked at previously. I had to roll my own solution at the time. Having a solution for this in place before you switch over will make life so much easier. 5) Disable locking of the computer for student accounts. I'm probably missing something, but it's been 7 years since I left that job. On Mon, Jan 7, 2013 at 10:31 AM, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com wrote: Yeah ... For all the universities I've worked at and had this discussion, this perceived problem has never morphed into an actual issue. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438tel:312.625.1438 | c - 312.731.3132tel:312.731.3132 From: Kennedy, Jim [mailto:kennedy...@elyriaschools.orgmailto:kennedy...@elyriaschools.org] Sent: Monday, January 7, 2013 9:09 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState how do you handle situations where students don't logout before they leave.. then student 2 has access to student 1's account. Self-correcting problem. Student 2 deletes all of Students 1's stuff and Student 1 never does it again. With 7,000 students we have very little trouble with this issue actually. Also we set inactivity timeouts so they auto log out. I would not go with generic accounts. There is no accountability, no tracking of what they do From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, January 07, 2013 10:04 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState No on the student login. We use a generic account per classroom. We've talked about moving to a individual student login, but I'm not sure we need or want that. For others that have gone that route, how do you handle situations where students don't logout before they leave. You either have a locked computer, logged on as said student or if not locked, then student 2 has access to student 1's account. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Monday, January 07, 2013 9:32 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Sure so scenarios where you're teaching classes that require changes to the OS to accomplish the class makes good sense and I'd not argue against a solution like DeepFreeze in that case. In the case of things like wallpaper and user profile stuff, are you not using named user accounts for your students? That solves a bunch of this on the spot. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438tel:312.625.1438 | c - 312.731.3132tel:312.731.3132 From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, January 7, 2013 7:42 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState We teach classes and let the students make any and all changes to the desktop environment. Here's one example. Student comes in and sets the desktop wallpaper to his favorite pinup gal. Next student doesn't like it, but is a beginner and doesn't know how to change it to something else. Reboot and the pin up gal is gone. Also, I've seen some programs/apps that can now be installed without admin rights, Google Chrome for example. Not a problem with Deep Freeze. I'm sure there are other ways to do this, but DeepFreeze works great in our environment. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Sunday, January 06, 2013 4:36 PM To: NT System Admin Issues Subject: RE: Replacement for SteadyState I've worked at a lot of customers that use DeepFreeze and similar products and I'm not a huge fan of the concept in general. It makes the overall lifecycle maintenance of a desktop environment a heck of a lot more complicated. The question I always pose (and usually don't get much of a response to), is what problems/issues is DeepFreeze protecting you from that running as a local user wouldn't solve? Thanks
RE: Replacement for SteadyState
FIM is dirt cheap for EDU. The services cost of an implementation to simply sync HR and SIS with AD is not a whole lot. If you want to do it quick and dirty, a PowerShell or VB Script that reads a flat file or view off your ERP system each night and syncs it with AD would be straight forward to write. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, January 7, 2013 11:13 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Good to know. Now, the other biggie for use, user account management. We don't yet have an automated way to create/delete the accounts. Richmond is working on a system for that, but the vendor they contracted wants mega bucks to set up our server to sync with their domain. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Monday, January 07, 2013 10:32 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Yeah ... For all the universities I've worked at and had this discussion, this perceived problem has never morphed into an actual issue. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Monday, January 7, 2013 9:09 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState how do you handle situations where students don't logout before they leave.. then student 2 has access to student 1's account. Self-correcting problem. Student 2 deletes all of Students 1's stuff and Student 1 never does it again. With 7,000 students we have very little trouble with this issue actually. Also we set inactivity timeouts so they auto log out. I would not go with generic accounts. There is no accountability, no tracking of what they do From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, January 07, 2013 10:04 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState No on the student login. We use a generic account per classroom. We've talked about moving to a individual student login, but I'm not sure we need or want that. For others that have gone that route, how do you handle situations where students don't logout before they leave. You either have a locked computer, logged on as said student or if not locked, then student 2 has access to student 1's account. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Monday, January 07, 2013 9:32 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Sure so scenarios where you're teaching classes that require changes to the OS to accomplish the class makes good sense and I'd not argue against a solution like DeepFreeze in that case. In the case of things like wallpaper and user profile stuff, are you not using named user accounts for your students? That solves a bunch of this on the spot. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, January 7, 2013 7:42 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState We teach classes and let the students make any and all changes to the desktop environment. Here's one example. Student comes in and sets the desktop wallpaper to his favorite pinup gal. Next student doesn't like it, but is a beginner and doesn't know how to change it to something else. Reboot and the pin up gal is gone. Also, I've seen some programs/apps that can now be installed without admin rights, Google Chrome for example. Not a problem with Deep Freeze. I'm sure there are other ways to do this, but DeepFreeze works great in our environment. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Sunday, January 06, 2013 4:36 PM To: NT System Admin Issues Subject: RE: Replacement for SteadyState I've worked at a lot of customers that use DeepFreeze and similar products and I'm not a huge fan of the concept in general. It makes the overall lifecycle maintenance of a desktop environment a heck of a lot more complicated. The question I always pose (and usually don't get much of a response to), is what problems/issues is DeepFreeze protecting you from that running as a local user wouldn't solve? Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Friday, January 4, 2013 11:33 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Not free, but we could not function at the school without DeepFreeze. From: Bambi J Saastad [mailto:bambi.j.saas...@seagate.com] Sent: Friday, January 04, 2013 11:36 AM To: NT System Admin Issues Subject: Replacement for SteadyState Hello I was wondering if any of you could suggest a replacement for SteadyState. I have a roomful of pc's
RE: Replacement for SteadyState
I could take it a step further and do an auto export every night from the student information system and script deletions and new users but for the few we get it is not worth it. At the end of the school year I mass delete and start over fresh. If you added that nightly sync, you wouldn't have to do the mass cleanup. A student's identity could persist throughout their relationship with your district. As long as you have the SIS primary key in AD (e.g. the student/empl ID), that sync should be really easy. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Monday, January 7, 2013 11:33 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState I am K-12 so a different setup probably..but just to get you thinking. Do you have your own student information system? That contains everything you need I would think. Ours lists all the students, grade, school and student ID number. It is maintained in part by the State, our enrollment office and administrative staff. But it is complete and ready to go. We just export that info and powershell create the accounts. During the school year as students transfer in Media Techs (librarians) have a limited ADUC to create new student login accounts. Their home folders self-create. Media Techs can also change passwords, reset lockouts. I transitioned us to this about 4 years ago. It was a non-event and works well. I could take it a step further and do an auto export every night from the student information system and script deletions and new users but for the few we get it is not worth it. At the end of the school year I mass delete and start over fresh. From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, January 07, 2013 12:20 PM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Good to know. Now, the other biggie for use, user account management. We don't yet have an automated way to create/delete the accounts. Richmond is working on a system for that, but the vendor they contracted wants mega bucks to set up our server to sync with their domain. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Monday, January 07, 2013 10:32 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Yeah ... For all the universities I've worked at and had this discussion, this perceived problem has never morphed into an actual issue. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Monday, January 7, 2013 9:09 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState how do you handle situations where students don't logout before they leave.. then student 2 has access to student 1's account. Self-correcting problem. Student 2 deletes all of Students 1's stuff and Student 1 never does it again. With 7,000 students we have very little trouble with this issue actually. Also we set inactivity timeouts so they auto log out. I would not go with generic accounts. There is no accountability, no tracking of what they do From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, January 07, 2013 10:04 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState No on the student login. We use a generic account per classroom. We've talked about moving to a individual student login, but I'm not sure we need or want that. For others that have gone that route, how do you handle situations where students don't logout before they leave. You either have a locked computer, logged on as said student or if not locked, then student 2 has access to student 1's account. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Monday, January 07, 2013 9:32 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Sure so scenarios where you're teaching classes that require changes to the OS to accomplish the class makes good sense and I'd not argue against a solution like DeepFreeze in that case. In the case of things like wallpaper and user profile stuff, are you not using named user accounts for your students? That solves a bunch of this on the spot. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, January 7, 2013 7:42 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState We teach classes and let the students make any and all changes to the desktop environment. Here's one example. Student comes in and sets the desktop wallpaper to his favorite pinup gal. Next student doesn't like it, but is a beginner and doesn't know how to change it to something else. Reboot and the pin up gal is gone. Also, I've seen some programs/apps that can now be installed
RE: Replacement for SteadyState
I've worked at a lot of customers that use DeepFreeze and similar products and I'm not a huge fan of the concept in general. It makes the overall lifecycle maintenance of a desktop environment a heck of a lot more complicated. The question I always pose (and usually don't get much of a response to), is what problems/issues is DeepFreeze protecting you from that running as a local user wouldn't solve? Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Friday, January 4, 2013 11:33 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Not free, but we could not function at the school without DeepFreeze. From: Bambi J Saastad [mailto:bambi.j.saas...@seagate.com] Sent: Friday, January 04, 2013 11:36 AM To: NT System Admin Issues Subject: Replacement for SteadyState Hello I was wondering if any of you could suggest a replacement for SteadyState. I have a roomful of pc's that the factory users use for browsing etc that I am replacing with Windows 7 Pro that need to be locked down. Can anyone suggest a product that does the same thing, wipe out any changes on reboot? TIA B ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Occasional local admin needed
How about you create an AD Group, nest the AD group in local admins, and add the relevant users? GPOs and extra accounts for a dev box like this sounds like substantial unnecessary overhead. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: David Lum [mailto:david@nwea.org] Sent: Friday, January 4, 2013 9:40 AM To: NT System Admin Issues Subject: Occasional local admin needed How would you guys handle this? I have a server that the developers use that they occasionally (once a month or so) need local admin access for to install/upgrade an app or feature they use. This is a new-ish server that previously I have just added a user (it's the same one each time) to the local admin group then a week later took them out, but that's cumbersome and I become the single point of failure on remembering to back them out. I could 1. create a special AD account for this user to be local admin, or 2. create an AD group, put this person in it, then GPO that group into local admins on that server. Suggestions? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: SSL and the new no internal names ruling
Just to close the loop on this, thanks to the feedback on this alias, the friendly folks at DigiCert have removed the page in question as well as made a number of additional enhancements to their pages that discuss internal names. Let me know if anything else jumps out and I'll connect you to the right people. Thanks, Brian Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 -Original Message- From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Monday, December 10, 2012 12:00 PM To: NT System Admin Issues Subject: RE: SSL and the new no internal names ruling I reached out to DigiCert about this. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 -Original Message- From: Steve Kradel [mailto:skra...@zetetic.net] Sent: Monday, December 10, 2012 11:48 AM To: NT System Admin Issues Subject: Re: SSL and the new no internal names ruling Well, this is certainly a terrible article from Digicert. Rename or migrate your domain in order to get certs that match your AD FQDN? Links to ADMT?? Utter madness. Just use an internal CA for an intranet site, as nobody else will be able to resolve those names anyhow. Buy certs from a public CA for external-facing boxes and don't even worry about the internal name, it doesn't matter. As for the advice of using the AD domain name foo.com for your business that receives mail as u...@foo.com and has a website at foo.com, this is awful advice too and causes tons of DNS headaches. Do not do this. --Steve On Mon, Dec 10, 2012 at 10:12 AM, Rick Berry rbe...@elevativenetworks.com wrote: Presuming this has been discussed a bit ... but ran into it personally for the first time today, when a customer asked me to renew an Exchange certificate and sent me their CSR with a NetBIOS name in it ... it tripped the November 2015 rule on me for the first time as I was trying to renew something with an internal name past that implementation date of 11.1.2015 ... Via Digicert, although we all have the issue on any given SSL provider including Simon's @ (shameless plug) www.certificatesforexchange.com ... What concerned me was Digicert's page about 'what to do', which basically takes one down the path of 'rendom' or directory migration just to do a name change in the event you made your forest '.local' or similar ... http://www.digicert.com/ssl-support/reconfigure-internal-dns-names-iis -7.htm Curious how people are approaching this. I'm loathe to rename domains, and not looking forward to hearing back from all the people I've told over the years to make sure that they name their internal domains '.local'. Rick ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: SemiOT: They finally pulled the trigger...
I definitely wouldn't introduce this thing into an existing domain/forest and risk what might replicate out of one of these. Interesting for sure, but, practical - not so much IMO. Thanks, Brian Desmond br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, December 11, 2012 10:33 AM To: NT System Admin Issues Subject: SemiOT: They finally pulled the trigger... And it looks like it has a lot of really rough edges, but it *is* quite a milestone. I'd say it's for testing and the truly adventurous only at this point. Kurt -- Forwarded message -- From: Karolin Seeger ksee...@samba.org Date: Tue, Dec 11, 2012 at 9:40 AM Subject: [Announce] Samba 4.0.0 Available for Download! To: samba-annou...@samba.org, sa...@samba.org, samba-techni...@samba.org == Nothing is impossible, the word itself says 'I'm possible'! Audrey Hepburn == Release Announcements - This is is the first stable release of Samba 4.0. This release contains the best of all of Samba's technology parts, both a file server (that you can reasonably expect to upgrade existing Samba 3.x releases to) and the AD domain controller work previously known as 'Samba4'. Major enhancements in Samba 4.0.0 include: Active Directory services = Samba 4.0 supports the server-side of the Active Directory logon environment used by Windows 2000 and later, so we can do full domain join and domain logon operations with these clients. Our Domain Controller (DC) implementation includes our own built-in LDAP server and Kerberos Key Distribution Center (KDC) as well as the Samba3-like logon services provided over CIFS. We correctly generate the infamous Kerberos PAC, and include it with the Kerberos tickets we issue. When running an AD DC, you only need to run 'samba' (not smbd/nmbd/winbindd), as the required services are co-coordinated by this master binary. The tool to administer the Active Directory services is called 'samba-tool'. A short guide to setting up Samba 4 as an AD DC can be found on the wiki: http://wiki.samba.org/index.php/Samba4/HOWTO File Services = Samba 4.0.0 ships with two distinct file servers. We now use the file server from the Samba 3.x series 'smbd' for all file serving by default. Samba 4.0 also ships with the 'NTVFS' file server. This file server is what was used prior to the beta2 release of Samba 4.0, and is tuned to match the requirements of an AD domain controller. We continue to support this, not only to provide continuity to installations that have deployed it as part of an AD DC, but also as a running example of the NT-FSA architecture we expect to move smbd to in the longer term. For pure file server work, the binaries users would expect from that series (smbd, nmbd, winbindd, smbpasswd) continue to be available. DNS === As DNS is an integral part of Active Directory, we also provide two DNS solutions, a simple internal DNS server for 'out of the box' configurations and a more elaborate BIND plugin using the BIND DLZ mechanism in versions 9.8 and 9.9. During the provision, you can select which backend to use. With the internal backend, your DNS server is good to go. If you chose the BIND_DLZ backend, a configuration file will be generated for bind to make it use this plugin, as well as a file explaining how to set up bind. NTP === To provide accurate timestamps to Windows clients, we integrate with the NTP project to provide secured NTP replies. To use you need to start ntpd and configure it with the 'restrict ... ms-sntp' and ntpsigndsocket options. Python Scripting Interface == A new scripting interface has been added to Samba 4, allowing Python programs to interface to Samba's internals, and many tools and internal workings of the DC code is now implemented in python. Known Issues - Replication of DNS data from one AD server to another may not work. The DNS data used by the internal DNS server and bind9_dlz is stored in an application partition in our directory. The replication of this partition is not yet reliable. - Replication may fail on FreeBSD due to getaddrinfo() rejecting names containing _. A workaround will be in a future release. - samba_upgradeprovision should not be run when upgrading to this release from a recent release. No important database format changes have been made since alpha16. - Installation on systems without a system iconv (and developer headers at compile time) is known to cause errors when dealing with non-ASCII characters
RE: Dead DC cleanup via GUI in 2008+
You have to manually enable scavenging for that zone (and on a server to do it) which folks often don't do. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Tuesday, December 11, 2012 8:53 AM To: NT System Admin Issues Subject: RE: Dead DC cleanup via GUI in 2008+ I almost always see extra entries hanging around in _msdcs that need to be manually cleaned up. From: Webster [mailto:webs...@carlwebster.com] Sent: Tuesday, December 11, 2012 10:17 AM To: NT System Admin Issues Subject: RE: Dead DC cleanup via GUI in 2008+ It is that easy. Right-click the dead DC in ADUC, select delete and you are done. I, personally, would still verify the DNS stuff for the dead DC is gone. Thanks Webster From: David Lum [mailto:david@nwea.org] Subject: Dead DC cleanup via GUI in 2008+ You can clean up dead DC metadata from a GUI in 2008 and later? Just use ADUC and Sites and Services per this article: http://technet.microsoft.com/en-us/library/cc816907(WS.10).aspx I have a dead DC that held no FSMO roles or anything else (DHCP, etc.), has anyone used this GUI method and still had to resort to command-line? Seems too easy...lol ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Dead DC cleanup via GUI in 2008+
Correct - records with a timestamp of 0 (GUI calls them static records) never get cleaned up. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Webster [mailto:webs...@carlwebster.com] Sent: Tuesday, December 11, 2012 8:04 AM To: NT System Admin Issues Subject: RE: Dead DC cleanup via GUI in 2008+ IIRC from what Brian Desmond told me, static DNS entries get flagged as untouchable. At least as far as Aging Scavenging is concerned but I think that would apply to any process that wants to do automated cleanup. Thanks Webster From: David Lum [mailto:david@nwea.org] Subject: RE: Dead DC cleanup via GUI in 2008+ Good point and yes I did check DNS and found only a static entry. Sites and Services showed a it a as replication partner but it had additional stuff behind the name that made me think at next replication it might get removed, but I manually killed the entry. That's so much easier it's almost scary. DCDIAG on the other DC's come up good! Dave From: Webster [mailto:webs...@carlwebster.com] Subject: RE: Dead DC cleanup via GUI in 2008+ It is that easy. Right-click the dead DC in ADUC, select delete and you are done. I, personally, would still verify the DNS stuff for the dead DC is gone. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: SSL and the new no internal names ruling
I reached out to DigiCert about this. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 -Original Message- From: Steve Kradel [mailto:skra...@zetetic.net] Sent: Monday, December 10, 2012 11:48 AM To: NT System Admin Issues Subject: Re: SSL and the new no internal names ruling Well, this is certainly a terrible article from Digicert. Rename or migrate your domain in order to get certs that match your AD FQDN? Links to ADMT?? Utter madness. Just use an internal CA for an intranet site, as nobody else will be able to resolve those names anyhow. Buy certs from a public CA for external-facing boxes and don't even worry about the internal name, it doesn't matter. As for the advice of using the AD domain name foo.com for your business that receives mail as u...@foo.com and has a website at foo.com, this is awful advice too and causes tons of DNS headaches. Do not do this. --Steve On Mon, Dec 10, 2012 at 10:12 AM, Rick Berry rbe...@elevativenetworks.com wrote: Presuming this has been discussed a bit ... but ran into it personally for the first time today, when a customer asked me to renew an Exchange certificate and sent me their CSR with a NetBIOS name in it ... it tripped the November 2015 rule on me for the first time as I was trying to renew something with an internal name past that implementation date of 11.1.2015 ... Via Digicert, although we all have the issue on any given SSL provider including Simon's @ (shameless plug) www.certificatesforexchange.com ... What concerned me was Digicert's page about 'what to do', which basically takes one down the path of 'rendom' or directory migration just to do a name change in the event you made your forest '.local' or similar ... http://www.digicert.com/ssl-support/reconfigure-internal-dns-names-iis -7.htm Curious how people are approaching this. I'm loathe to rename domains, and not looking forward to hearing back from all the people I've told over the years to make sure that they name their internal domains '.local'. Rick ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Amazon Web Services continues Windows push with PowerShell - Computerworld
They have the Windows Azure Websites which also has a free tier. I started working on moving my site there. The PoC I did seems to work. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Steven Peck [mailto:sep...@gmail.com] Sent: Thursday, December 6, 2012 5:55 PM To: NT System Admin Issues Subject: Re: Amazon Web Services continues Windows push with PowerShell - Computerworld This reminds me. I need to see If Azure is viable for hosting my website. /me ads one more thing to task list. On Thu, Dec 6, 2012 at 9:17 AM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: Widely expected. :) And required for AWS to be a full-fledged client with Microsoft's private cloud push. From: Sam Cayze [mailto:sca...@gmail.commailto:sca...@gmail.com] Sent: Thursday, December 6, 2012 10:20 AM To: NT System Admin Issues Subject: Amazon Web Services continues Windows push with PowerShell - Computerworld Interesting move. Thought some of the PS gurus here might enjoy this. http://m.computerworld.com/s/article/9234421/Amazon_Web_Services_continues_Windows_push_with_PowerShell?source=rss_latest_contentutm_source=feedburnerutm_medium=feedutm_campaign=Feed%3A+computerworld%2Fnews%2Ffeed+%28Latest+from+Computerworld%29 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: File Services Clustering in Server 2012
Windows clustering has changed substantially since Windows 2000. Give it a try with 2008R2 or 2012. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Thursday, December 6, 2012 11:20 AM To: NT System Admin Issues Subject: RE: File Services Clustering in Server 2012 I've tried the windows clustering services... years ago with Windows 2000. I never had any success with the failover. The concept is excellent: If a server fails, hardware or software, you have another server ready to pick up the services and go. VMs don't help if there is a software failure. Our problem was that when the service failed (in our case, file sharing services) the nodes did not correctly recognize the failure and promote the active server on the cluster. After a lot of failed attempts to get it to work, we abandoned all hope on windows clustering and we never looked back. My recommendation: If you want clustering, test it thoroughly before you implement it. Don't trust it until you've seen it work flawlessly. --Matt Ross Ephrata School District - Original Message - From: Ken Cornetet [mailto:ken.corne...@kimball.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Thu, 06 Dec 2012 08:40:32 -0800 Subject: RE: File Services Clustering in Server 2012 If the service doesn't start on one server, what makes you think it would start on the other server? If the service wouldn't start on the original server, it is probably because either the data is whacked, or there is some external resource that isn't available (user ID locked, database server not available, etc). When the service tries to start on the failover node, it is going to see the same problems. -Original Message- From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Thursday, December 06, 2012 10:29 AM To: NT System Admin Issues Subject: RE: File Services Clustering in Server 2012 Yep setting up a cluster just to protect against a service dying is overkill. I think that statement might be a bit to general. What if that service doesn't simply restart and 2500 people have their work impacted for 4 hours while its resolved? 2500*$30*4=$300,000.00 as an example... Does that application cluster investment still sound unrealistic? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: VDI in a Box?
You'd want the account manager or their attached ATS to help there - TAMs are for premier support and PAM is for partners. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Sunday, November 11, 2012 3:22 PM To: NT System Admin Issues Subject: RE: VDI in a Box? You shouldn't have to worry about that. Seriously. Get your TAM or PAM to quote it to you. Licensing for VDI with SC2012SP1 should be simpler, but I think it's still NDA, so I can't say anything. -Original Message- From: Ryan Finnesey [mailto:r...@finnesey.com] Sent: Friday, November 9, 2012 5:20 PM To: NT System Admin Issues Subject: RE: VDI in a Box? I am really keen to implement a bring your own device model and offer hosted desktops but I am having a hell of a time working out the licensing requirements. -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, November 7, 2012 9:52 AM To: NT System Admin Issues Subject: RE: VDI in a Box? No, sorry. Within 90 days after GA for Windows Server 2012 was the official word, I believe. But if you want to deploy a live environment on Day 1, you need to be using the software now. -Original Message- From: Ryan Finnesey [mailto:r...@finnesey.com] Sent: Tuesday, November 6, 2012 8:28 PM To: NT System Admin Issues Subject: RE: VDI in a Box? SP1 has been released? -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Tuesday, November 6, 2012 2:11 PM To: NT System Admin Issues Subject: RE: VDI in a Box? You should also take a look at System Center 2012 VMM (with SP1). It's very slick! -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Tuesday, November 6, 2012 12:00 PM To: NT System Admin Issues Subject: VDI in a Box? Hey list. We're just starting to re-visit desktop virtualization. Here's a simple question for you: What the difference between Citrix's VDI-in-a-Box vs traditional VDI solutions? Opinions on where it fits in Desktop Virtualization are welcome. --Matt Ross Ephrata School District ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Standing up 2K8DC - finally. Opinions?
That's more of a function of the GPOs though. You can start taking advantage of that independent of the AD upgrade itself. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Jimmy Tran [mailto:jt...@teachtci.com] Sent: Thursday, November 8, 2012 9:35 AM To: NT System Admin Issues Subject: RE: Standing up 2K8DC - finally. Opinions? May I add Client Side Extensions for GPO's if you still have XP boxes? Some GPO's may or may not work because XP doesn't know about the new GPO's. Then again, I'm not sure if that matters if you don't up change your FFL or DFL. From: David Lum [mailto:david@nwea.org] Sent: Thursday, November 08, 2012 7:00 AM To: NT System Admin Issues Subject: Standing up 2K8DC - finally. Opinions? So, the slow waters here finally have us standing up our first W2K8 DC in our employee domain on Saturday. * We have already extended the schema * Have already gone through this list: http://blogs.technet.com/b/glennl/archive/2009/08/21/w2k3-to-w2k8-active-directory-upgrade-considerations.aspx * We have GPO's that already implement the LM Hash, older cryptology and the SMB-signing change, some others on that list don't apply. * We have confirmed with Microsoft (they were here a few months ago) that our AD infrastructure is healthy and configured as they'd recommend. * Exchange is hosted, not onsite I think this will be a no-brainer upgrade, but I am still going to have folks text VPN, Windows, Linux and Mac client logins and file accesses. Has anyone ever seen a crippling issue when adding the first 2008 DC to their 2003 domain? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: A question about Virtualization
It’s included in some EAs too – pseudo free. Thanks, Brian Desmond br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, November 07, 2012 9:51 AM To: NT System Admin Issues Subject: RE: A question about Virtualization Tight AD integration, for one. Lots of GP control, for another. From: Harry Singh [mailto:hbo...@gmail.com] Sent: Tuesday, November 6, 2012 8:34 PM To: NT System Admin Issues Subject: Re: A question about Virtualization Hopping on here late, but there isn't a local software client needed to get APP-V to deliver apps? What's the benefit of deploying an App-V application vs a published App via XenApp? I feel like I'm missing a key difference here because if you're a Citrix shop what are you missing by not using App-V ? On Tue, Nov 6, 2012 at 11:58 AM, James Rankin kz2...@googlemail.commailto:kz2...@googlemail.com wrote: I haven't done much ThinApp, to be fair. How easy is it to package stuff up? I find App-V dead easy, but then again it was the first thing I used for it. My other main packaging experience was with Citrix Streaming, and that ain't great at all. One thing I will say for App-V is that it's dead easy to deliver it through Citrix if you've got that kind of layered infrastructure. You don't even need the App-V streaming conduit - you just point a published app to the App-V client and add the right switches, and you can deliver the App-V stuff right through the Citrix plugins like an normal installed app. App-V also integrates nicely with AppSense and particularly their Personalization Server piece, which makes it another popular choice for the kind of deployments I do. I was just wondering how far the OP is wanting to take their entire virtualization strategy? Certainly once you get into the deeper parts of profile and application virtualization you can put together a solution based around a vast amount of different combinations of technologies rather than the more limited options available on a server or desktop virtualization level. Cheers, JR On 6 November 2012 16:39, John Cook john.c...@pfsf.orgmailto:john.c...@pfsf.org wrote: I mostly agree with James with the exception of App-V, VMWare Thinapp requires no local client to run packages so IMHO it’s a cleaner distribution package. John W. Cook Network Operations Manager Partnership For Strong Families 5950 NW 1st Place Gainesville, Fl 32607 Office (352) 244-1610tel:%28352%29%20244-1610 Cell (352) 215-6944tel:%28352%29%20215-6944 MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4 From: James Rankin [mailto:kz2...@googlemail.commailto:kz2...@googlemail.com] Sent: Tuesday, November 06, 2012 11:35 AM To: NT System Admin Issues Subject: Re: A question about Virtualization Server virtualization? Desktop virtualization? Application virtualization? Profile/user virtualization? All different parts of the virtualization tree. If you are talking server, VMWare and Microsoft are probably the biggest players Desktops - I wouldn't look any further than Citrix Application - Microsoft App-V is the best IMHO Profile/user - AppSense On 6 November 2012 16:28, itli...@imcu.commailto:itli...@imcu.com itli...@imcu.commailto:itli...@imcu.com wrote: I have no experience with Virtualized anything. I have read VMware is better than Citrix. What kind of hardware do I put all of this on? A Blade server with a SAN back end? I really have no opinions or experience on any of this. Please don’t flame me to badly. Thanks David ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- James Rankin Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.uk ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability
RE: Multi Account Outlook sent items
There's a registry setting you have to set to change the behavior to what you want. I'm on a plane back from Munich right now, but, if you poke around the MS knowledge base with Google, you'll find it documented there (there's an article). If you can't find the article ping back and I'll dig it up. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 -Original Message- From: Gavin Wilby [mailto:gavin.wi...@gmail.com] Sent: Tuesday, October 23, 2012 1:00 PM To: NT System Admin Issues Subject: Re: Multi Account Outlook sent items Correct, the email gets saved to the default sent items folder. Gavin. On Tue, Oct 23, 2012 at 11:46 AM, Ken Schaefer k...@adopenstatic.com wrote: Just to clarify: In Outlook 2010, you have added both mailboxes for the user's profile. When the user's compose mail there is a drop-down option for the From field which allows them to select the appropriate from: address. Despite selecting the appropriate From: address, the mail still gets saved in the wrong Sent Items folder? Cheers Ken -Original Message- From: Gavin Wilby [mailto:gavin.wi...@gmail.com] Sent: Tuesday, 23 October 2012 9:21 PM To: NT System Admin Issues Subject: Re: Multi Account Outlook sent items Hi, Sorry, Outlook 2010. Gavin. On Tue, Oct 23, 2012 at 11:18 AM, Ken Schaefer k...@adopenstatic.com wrote: What version of Outlook? -Original Message- From: Gavin Wilby [mailto:gavin.wi...@gmail.com] Sent: Tuesday, 23 October 2012 8:36 PM To: NT System Admin Issues Subject: Multi Account Outlook sent items Hi, II have an odd issue that I cant seem to get to the bottom of. I have an Exchange 2010 SP2 server, that handles email for two external domains. Every user has a mailbox on the net work that reflects the main domain. There are also other mailboxes on the second domain that certain users have full access to, and they send emails as the user of that mailbox. What should happene is that when they send as themselves, that sent items go to the sent items of their email account (which it does), if they send asa the other account, it should save the sent mail to the sent items of the second account, it doesnt, it saves it in the sent of the main one. Can someone tell me how to make this work as described, iv only seen this on a 2010 setup. I have created the Full Access permisions through both the EMC and also through PowerShell using the follwing command: Add-MailboxPermission alias -User the user -AccessRights FullAccess -AutoMapping:$false, to prevent it advertising the mailbox. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- Gavin Wilby, Twitter: http://twitter.com/gavin_wilby GSXR Blog: http://www.stoof.co.uk ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- Gavin Wilby, Twitter: http://twitter.com/gavin_wilby GSXR Blog: http://www.stoof.co.uk ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: System Center 2012 Endpoint Protection
Same here - multiple happy customers. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, September 19, 2012 4:57 PM To: NT System Admin Issues Subject: RE: System Center 2012 Endpoint Protection It's a very good solution. I've got it deployed with several different clients and it gets positive reviews all 'way round. -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Wednesday, September 19, 2012 5:23 PM To: NT System Admin Issues Subject: System Center 2012 Endpoint Protection Hey Guys. I'm looking at System Center 2012 Endpoint Protection (What a mouthful). Anybody using this? Anybody like/dislike it compared to other solutions? --Matt Ross Ephrata School District ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Servers - Cisco UCS C220 M3 instead of HP DL360?
They’re Cisco native hardware now Thanks, Brian Desmond br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 From: John Cook [mailto:john.c...@pfsf.org] Sent: Thursday, September 06, 2012 3:40 PM To: NT System Admin Issues Subject: Re: Servers - Cisco UCS C220 M3 instead of HP DL360? IIRC the Cisco boxes used to be rebadged QNAP boxes and if that's still the case I'd be going HP (or Dell if that's an option) John W. Cook Network Operations Manager Partnership for Strong Families From: David Mazzaccaro [mailto:david.mazzacc...@hudsonmobility.com] Sent: Thursday, September 06, 2012 04:19 PM To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: Servers - Cisco UCS C220 M3 instead of HP DL360? I am getting a few quotes for VMware hosts. 3 vendors quoted me DL360 Gen8 servers, but one other is pushing Cisco UCS C220 M3 servers instead. Anyone have any good/bad opinions on the Cisco offering? . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Windows InTune
It’s actually reasonably straight forward. All of the System Center licensing is now rolled together into one big “management license [ML]”. You either license it for servers or clients. In the case of servers, for virtualization, you would likely want the Datacenter ML on a processor basis based on how many physical VM host CPUs you have. Each Datacenter ML gets you two physical CPUs. So if you have 3 dual socket hosts, you need 6 Datacenter MLs. See http://download.microsoft.com/download/8/7/0/870B5D9B-ACF1-4192-BD0A-543AF551B7AE/System%20Center%202012%20Licensing%20FAQ.pdf You’ll want to stand up an SCVMM server to manage HyperV and/or ESX. I found the install and figuring it out to be pretty painless. It includes its own SQL license of sort so you don’t have to pay extra for that. Thanks, Brian Desmond br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 From: Richard Stovall [mailto:rich...@gmail.com] Sent: Thursday, August 23, 2012 10:42 PM To: NT System Admin Issues Subject: Re: Windows InTune Which, apropos of nothing, reminds me of a recent conversation with the boss. We were talking about our virtualization infrastructure since our VMware licenses are up for renewal at the end of this month. He asked me if we should go with MS and the newest version of Hyper-V on Server 2012 instead of VMware. Long story short, I can't get a conversion done in a week, and Server 2012 isn't going to be generally available until September 4th anyway, so it's a non-starter for the moment. Next year, however... The question I have is how in the heck do I compare the direct costs of licensing ESX(i) and Hyper-V 2012. Obviously I know my annual VMware costs, and I think the Hyper-V bits are actually 'free'[1] in that they are baked into the OS, but it's the System Center licensing that I really don't understand. SCVMM? SCThis? SCThat? SCEssentials? SCWTF_Do_I really_need? If there is a concise guide out there about licensing this stuff for a pure Hyper-V-only environment, I would definitely appreciate a pointer. Thanks, as always, RS [1] I've got current VL versions of Server 2012 Datacenter that I could/will use if moving away from VMware. On Thu, Aug 23, 2012 at 10:50 PM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: Maintaining full capabilities without internet connectivity. Full capabilities without additional Internet-based licensing. From: Rod Trent [mailto:rodtr...@myitforum.commailto:rodtr...@myitforum.com] Sent: Thursday, August 23, 2012 6:11 PM To: NT System Admin Issues Subject: RE: Windows InTune Yeah…I have my reasons for some level of concern, but what’s yours? From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, August 23, 2012 5:54 PM To: NT System Admin Issues Subject: RE: Windows InTune Which scares the crap outta me. From: Rod Trent [mailto:rodtr...@myitforum.com]mailto:[mailto:rodtr...@myitforum.com] Sent: Thursday, August 23, 2012 5:30 PM To: NT System Admin Issues Subject: RE: Windows InTune What exactly do you want to know? InTune has come a long way in a short time and does a great job. And, Microsoft is investing heavily in the future of InTune, and will eventually marry ConfigMgr and InTune. From: Roger Wright [mailto:rhw...@gmail.com] Sent: Thursday, August 23, 2012 4:48 PM To: NT System Admin Issues Subject: Windows InTune We're seeing a greater need for something like Windows InTune for about 10-15 machines that rarely touch our network. Currently, we have no way to manage these machines and assure they're receiving Microsoft, Adobe, Java, or other updates. VIPRE does report home, however, so at least that aspect is covered. Any comments regarding InTune usage results or evaluations would be helpful. TIA... Roger Wright ___ Geocaching: Hide, Hunt, Find Repeat - It's FUN! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful
RE: Windows InTune
Yeah – good catch. My Chicago Public Schools math… Thanks, Brian Desmond br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 From: Art DeKneef [mailto:art.dekn...@cox.net] Sent: Friday, August 24, 2012 12:59 PM To: NT System Admin Issues Subject: RE: Windows InTune Brian, Don’t you mean you need 3 Datacenter MLs? One for each of the dual socket hosts. Art DeKneef Avanti Computers Mesa, AZ 480-649-4430 Office 480-529-4430 Mobile From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Friday, August 24, 2012 7:50 AM To: NT System Admin Issues Subject: RE: Windows InTune It’s actually reasonably straight forward. All of the System Center licensing is now rolled together into one big “management license [ML]”. You either license it for servers or clients. In the case of servers, for virtualization, you would likely want the Datacenter ML on a processor basis based on how many physical VM host CPUs you have. Each Datacenter ML gets you two physical CPUs. So if you have 3 dual socket hosts, you need 6 Datacenter MLs. See http://download.microsoft.com/download/8/7/0/870B5D9B-ACF1-4192-BD0A-543AF551B7AE/System%20Center%202012%20Licensing%20FAQ.pdf You’ll want to stand up an SCVMM server to manage HyperV and/or ESX. I found the install and figuring it out to be pretty painless. It includes its own SQL license of sort so you don’t have to pay extra for that. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 From: Richard Stovall [mailto:rich...@gmail.com]mailto:[mailto:rich...@gmail.com] Sent: Thursday, August 23, 2012 10:42 PM To: NT System Admin Issues Subject: Re: Windows InTune Which, apropos of nothing, reminds me of a recent conversation with the boss. We were talking about our virtualization infrastructure since our VMware licenses are up for renewal at the end of this month. He asked me if we should go with MS and the newest version of Hyper-V on Server 2012 instead of VMware. Long story short, I can't get a conversion done in a week, and Server 2012 isn't going to be generally available until September 4th anyway, so it's a non-starter for the moment. Next year, however... The question I have is how in the heck do I compare the direct costs of licensing ESX(i) and Hyper-V 2012. Obviously I know my annual VMware costs, and I think the Hyper-V bits are actually 'free'[1] in that they are baked into the OS, but it's the System Center licensing that I really don't understand. SCVMM? SCThis? SCThat? SCEssentials? SCWTF_Do_I really_need? If there is a concise guide out there about licensing this stuff for a pure Hyper-V-only environment, I would definitely appreciate a pointer. Thanks, as always, RS [1] I've got current VL versions of Server 2012 Datacenter that I could/will use if moving away from VMware. On Thu, Aug 23, 2012 at 10:50 PM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: Maintaining full capabilities without internet connectivity. Full capabilities without additional Internet-based licensing. From: Rod Trent [mailto:rodtr...@myitforum.commailto:rodtr...@myitforum.com] Sent: Thursday, August 23, 2012 6:11 PM To: NT System Admin Issues Subject: RE: Windows InTune Yeah…I have my reasons for some level of concern, but what’s yours? From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, August 23, 2012 5:54 PM To: NT System Admin Issues Subject: RE: Windows InTune Which scares the crap outta me. From: Rod Trent [mailto:rodtr...@myitforum.com]mailto:[mailto:rodtr...@myitforum.com] Sent: Thursday, August 23, 2012 5:30 PM To: NT System Admin Issues Subject: RE: Windows InTune What exactly do you want to know? InTune has come a long way in a short time and does a great job. And, Microsoft is investing heavily in the future of InTune, and will eventually marry ConfigMgr and InTune. From: Roger Wright [mailto:rhw...@gmail.com] Sent: Thursday, August 23, 2012 4:48 PM To: NT System Admin Issues Subject: Windows InTune We're seeing a greater need for something like Windows InTune for about 10-15 machines that rarely touch our network. Currently, we have no way to manage these machines and assure they're receiving Microsoft, Adobe, Java, or other updates. VIPRE does report home, however, so at least that aspect is covered. Any comments regarding InTune usage results or evaluations would be helpful. TIA... Roger Wright ___ Geocaching: Hide, Hunt, Find Repeat - It's FUN! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http
RE: Laptop with Serial Port?
I have a 15.4” Elitebook that I carry in my backpack anytime I’m on the road. It’s really not that bad and I can actually get some work done on it. For me at least, the tiny keyboards and low res screens are really annoying. Thanks, Brian Desmond br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 From: Daniel Rodriguez [mailto:drod...@gmail.com] Sent: Friday, August 24, 2012 3:18 PM To: NT System Admin Issues Subject: RE: Laptop with Serial Port? Might as well have one of those old Compaq II's to lug around. On Aug 24, 2012 3:49 PM, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com wrote: The HP EliteBooks usually have them. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w – 312.625.1438tel:312.625.1438 | c – 312.731.3132tel:312.731.3132 From: Roger Wright [mailto:rhw...@gmail.commailto:rhw...@gmail.com] Sent: Friday, August 24, 2012 11:42 AM To: NT System Admin Issues Subject: Laptop with Serial Port? Anyone have a recommendation for a 12-14 laptop with a serial port? We have some field staff who require serial connections for monitoring equipment, and the USB/serial adapters don't always work. Roger Wright ___ Geocaching: Hide, Hunt, Find Repeat - It's FUN! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: PKI big picture?
My understanding is that you're likely looking at a high five figure to mid six figure annual cost to have your CA signed so you are issuing publicly trusted certs as you describe. If this is something you want to do, you need to hire a consultant to help you - there's a ton of work involved. I think SCCM expects a trusted cert on each device for the Internet client scenario so that's why you need the internal PKI infrastructure. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 -Original Message- From: Stephen Wimberly [mailto:riverside...@gmail.com] Sent: Thursday, August 23, 2012 1:06 PM To: NT System Admin Issues Subject: PKI big picture? I want to use PKI for SCCM 2012, and it's a nice to have for other servers. QUESTION: If I were to purchase a certificate from an outside trusted vendor like Verisign, could I skip the internal Enterprise server CA and import the purchased certificate directly to my SCCM server? From what I have read so far it looks best to purchase a cert, import it to your Enterprise CA and then create certificates from the Enterprise CA but it just sounds redundant. Am I really seeing this 'right'? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: 2003 R2 hotfix, but I think it's the wrong one...
That fix is included in SP2... Thanks, Brian Desmond br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, August 13, 2012 6:34 PM To: NT System Admin Issues Subject: 2003 R2 hotfix, but I think it's the wrong one... I'm running into this exact issue: The permissions on Folder_name are incorrectly ordered, which may cause some entries to be ineffective described here: http://support.microsoft.com/kb/925332 That page as a hotfix for dfsr.exe, but it's dated 2006-10-03, and on this machine the timestamp for the file is 2007-02-17. My googling reveals nothing further - the server is fully patched, too. These are manually created subdirectories, and clicking on OK to reorder the ACLs does work, but I'd like to get this fixed - I've got end-users creating subdirectories and complaining about it. Has anyone run into this and have a fix for it? Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DCs in saperate OU
Two things: 1. Leave the DCs in the default OU. You can technically move them but all sorts of stuff tends to break and it's a rather grey support zone. 2. You shouldn't have random people in random offices accessing DCs. They should all be managed centrally by a single AD team. The only exception where you can do this securely is with RODCs. In this case, you can grant a group local administrative access to the RODC with the manager attribute on the RODC's computer account. Thanks, Brian Desmond br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 -Original Message- From: Juned Shaikh [mailto:jsha...@gmail.com] Sent: Monday, August 13, 2012 9:17 AM To: NT System Admin Issues Subject: DCs in saperate OU Greetings: Trying to find out: If there are 10 regional offices with 25 odd staff, is there a need to 1) create Regional Domain Contoller OUs and 2) move the Regional Domain Controllers to that OU and 3) apply the Domain Controller GPO. OT should we leave domain controllers alone in their natural GPO and control the acccess using Sites and services? Thanks, ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Active Directory and Group Policy inheritance
Just make sure you don't write an inefficient filter that takes forever to process... Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, July 26, 2012 10:50 AM To: NT System Admin Issues Subject: RE: Active Directory and Group Policy inheritance I would use WMI filtering. -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Thursday, July 26, 2012 11:36 AM To: NT System Admin Issues Subject: Active Directory and Group Policy inheritance Greetings. Is it possible to block a single group policy from being inheritance, or is my only choice to block all inheritance at the OU level? I want one policy blocked (A software installation policy, so I don't think I can override it somehow) in a Sub-OU, but I want everything else through. Thanks. --Matt Ross Ephrata School District ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Rant: local ISP and DNS entries for Office365
There is a free level of DNS with GoDaddy if you need like 100 records. That's what I use for most of my domains. It works just fine and supports O365 records. I've used DynDns' pay service in the past too. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Friday, July 20, 2012 9:49 AM To: NT System Admin Issues Subject: Rant: local ISP and DNS entries for Office365 Ugh. Been battling with the local ISP who hosts the clients DNS zone. Took over a week for them to finally create the TXT record for verification. And it wasn't that they were too busy. First they said they had no idea how to create it. Then said it was created and wasn't. Lots of back and forth. Now that we have verified, we need to crate 6 more records, and they are telling us they can't. That they are getting errors when doing it. So I ended up creating a zone file for them to import the entries. Horrible, horrible service. Really need to move the zone to another hosting provider. I would have crated the entries myself, but their DNS tool only allows a user to create A and CNAME records. So for everything else (TXT, SRV, MX), I'm at their mercy. Sorry just wanted to vent. Anyone like GoDaddy for DNS hosting? This is a small client with a single domain, and only a few DNS records. The GoDaddy DNS tools look decent and I think it's only $36/year. Thanks, Christopher Bodnar Enterprise Achitect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto: [cid:image001.jpg@01CD665D.7EEE23A0] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: chagne AD p/w option
Setting adminCount to 0 wont independently do anything - you need to also mark the object to inherit security permissions again also. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: David Lum [mailto:david@nwea.org] Sent: Friday, July 20, 2012 10:33 AM To: NT System Admin Issues Subject: RE: chagne AD p/w option Our own Michael B Smith has an article as well: http://theessentialexchange.com/blogs/michael/archive/2008/10/22/admincount-adminsdholder-sdprop-and-you.aspx I thought you had this for every account? My bad for not asking that clarifying question...Unless they were all members at one time of one of the AdminSDHolder groups at one time it shouldn't be affecting everyone. But yes if it's just specifc accounts, you need to fire up ADSIEdit and set the adminCount attribute to 0. This need to be done to any account that was say, Domain Admins that you later removed from Domain Admins (or any other AdminSDHolder group). For me it's SOP if I remove someone from Domain Admins that I fire up ADSIEdit and set the adminCount to zero. This behavior is by design, because that's the feedback Microsoft got from us admins... Dave From: hotmail_2d1f874cdc16f...@live.commailto:hotmail_2d1f874cdc16f...@live.com [mailto:hotmail_2d1f874cdc16f...@live.com] On Behalf Of pa...@mmcwm.commailto:pa...@mmcwm.com Sent: Friday, July 20, 2012 8:10 AM To: NT System Admin Issues Subject: chagne AD p/w option I posted a question regarding that to the MS forums and it looks like they've seen it before. They posted this link: http://technet.microsoft.com/en-us/magazine/2009.09.sdadminholder.aspx Some days I long for the simplicity of NT 3.51 and MS Mail. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: moving to virtual
That rate is fine, but, IMO (and from other folks chiming in) the actual hours count seems high Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: David Mazzaccaro [mailto:david.mazzacc...@hudsonmobility.com] Sent: Wednesday, July 18, 2012 5:47 AM To: NT System Admin Issues Subject: RE: moving to virtual In this area (Connecticut), $175 is pretty standard. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Tuesday, July 17, 2012 5:24 PM To: NT System Admin Issues Subject: RE: moving to virtual So: $38K @ $150 = 253 hours, or, 6 weeks of work for one resource $38K @ $175 = 217 hours, or about 5 weeks of work for one resource Both labor estimates seem a bit on the high side to me. What's the vendor's rate? Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: David Mazzaccaro [mailto:david.mazzacc...@hudsonmobility.com] Sent: Monday, July 16, 2012 3:52 PM To: NT System Admin Issues Subject: RE: moving to virtual Here is the SOW (for $38k) * Hold a kickoff meeting (one hour; online; 2 resources) * Review and assess Exchange Environment * Confirm Active Directory readiness * Create Discovery documentation (approx.. 4 pages) * Prepare the Exchange 2010 design * Provide recommendations for network planning, coexistence planning, and policy planning * Provide recommendations for auxiliary pieces of the architecture, such as faxing and mobile devices * Install and configure 3 VM hosts running VMWare vSphere 5 * Install Server 2008 R2 on physical server for Domain Controller functionality * Build 6 new Virtual Machines * Install Server 2008 R2 on new VM's * Update firmware on Dell Equallogic SAN * Create Volumes and connect vSphere hosts to volumes * Upgrade AD to 2008 R2 forest and domain levels * Install and Configure AD 2008 R2 on one VM * Install vCenter Server and configure HA on one VM * Install Server 2008 R2 on three VM's for Citrix XenApp * Install Citrix XenApp on three VM's * Install up to 4 applications * Publish up to 4 Applications * Procure and install 1 UCC Certificate for the Exchange 2010 environment * Implement the necessary prerequisites for Exchange 2010 installation * Perform pre-implementation configuration of Exchange 2010 environment * Storage setup for new environment (up to 2 Mail Databases) * CAS/HT/MB Role Installation for 1 Multi-role server * Modify Exchange 2003 to allow proxying from 2010 * Functionality testing * Provide implementation issue remediation (up to 4 hours) * Provide one 2-hour training session to CLIENT Exchange Admin for MB/Public Folder migration * Provide migration issue remediation (up to 2 hours) * Physical to Virtual (P2V) existing servers in environment * Retire the Exchange 2003 environment * Retire 2003 Domain controllers (power down) * Provide knowledge transfer to CLIENT Exchange/VM Admin (up to 4 hours) * Provide Post-Implementation Support (up to 8 hours) * Configure backups for all new machines * Install anti-virus on all new VM's * Provide As-Built Documentation of the environment (up to 4 pages) * Planned onsite visit(s): 1 From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Monday, July 16, 2012 4:23 PM To: NT System Admin Issues Subject: RE: moving to virtual I can't comment on the AD/Exchange services costs without knowing what's in the scope of work. As to the storage, the NetApp frame is going to offer you *substantially* more functionality than the competing solution, IMO. I'd strongly lean towards NetApp's offering especially looking at it as a long term investment. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: David Mazzaccaro [mailto:david.mazzacc...@hudsonmobility.com] Sent: Monday, July 16, 2012 2:36 PM To: NT System Admin Issues Subject: moving to virtual Greetings, Getting very close to moving into the VM world, and have a couple of questions... 1) I am trying to figure out if I should go with 8 core or 6 core processors in my 3 hosts for my upcoming VMware environment. The price is about double. And I'm not sure I need 8 cores. The layout that has been quoted is as follows: 3 hosts connected to a PS4100XV SAN running VMware Essentials Plus Kit. The host servers I am looking at are either: HP DL360 G8 2x Intel(r) Xeon(r) E5-2640 (6 core, 2.50 GHz, 15MB, 95W) $5356 each HP DL360 G8 2x Intel(r) Xeon(r) E5-2690 (8 core, 2.90 GHz, 20MB, 135W) $10,061 each I currently have 8 physical servers (Win2003, E2003, Citrix 4.0) that we will be P2V'd. After I P2V the servers, the plan is to begin creating new Windows 2008 R2 VMs and migrating each server's role (2008R2 domain, Exchange 2010, and Citrix XenApp 6.5). I want enough power to be able to run my existing 8 servers in a virtual environment and migrate them to AD2008/E2010/XenApp as well as leave some room for testing and growth. 2 of the vendors said 6 core
RE: moving to virtual
So: $38K @ $150 = 253 hours, or, 6 weeks of work for one resource $38K @ $175 = 217 hours, or about 5 weeks of work for one resource Both labor estimates seem a bit on the high side to me. What's the vendor's rate? Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: David Mazzaccaro [mailto:david.mazzacc...@hudsonmobility.com] Sent: Monday, July 16, 2012 3:52 PM To: NT System Admin Issues Subject: RE: moving to virtual Here is the SOW (for $38k) * Hold a kickoff meeting (one hour; online; 2 resources) * Review and assess Exchange Environment * Confirm Active Directory readiness * Create Discovery documentation (approx.. 4 pages) * Prepare the Exchange 2010 design * Provide recommendations for network planning, coexistence planning, and policy planning * Provide recommendations for auxiliary pieces of the architecture, such as faxing and mobile devices * Install and configure 3 VM hosts running VMWare vSphere 5 * Install Server 2008 R2 on physical server for Domain Controller functionality * Build 6 new Virtual Machines * Install Server 2008 R2 on new VM's * Update firmware on Dell Equallogic SAN * Create Volumes and connect vSphere hosts to volumes * Upgrade AD to 2008 R2 forest and domain levels * Install and Configure AD 2008 R2 on one VM * Install vCenter Server and configure HA on one VM * Install Server 2008 R2 on three VM's for Citrix XenApp * Install Citrix XenApp on three VM's * Install up to 4 applications * Publish up to 4 Applications * Procure and install 1 UCC Certificate for the Exchange 2010 environment * Implement the necessary prerequisites for Exchange 2010 installation * Perform pre-implementation configuration of Exchange 2010 environment * Storage setup for new environment (up to 2 Mail Databases) * CAS/HT/MB Role Installation for 1 Multi-role server * Modify Exchange 2003 to allow proxying from 2010 * Functionality testing * Provide implementation issue remediation (up to 4 hours) * Provide one 2-hour training session to CLIENT Exchange Admin for MB/Public Folder migration * Provide migration issue remediation (up to 2 hours) * Physical to Virtual (P2V) existing servers in environment * Retire the Exchange 2003 environment * Retire 2003 Domain controllers (power down) * Provide knowledge transfer to CLIENT Exchange/VM Admin (up to 4 hours) * Provide Post-Implementation Support (up to 8 hours) * Configure backups for all new machines * Install anti-virus on all new VM's * Provide As-Built Documentation of the environment (up to 4 pages) * Planned onsite visit(s): 1 From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Monday, July 16, 2012 4:23 PM To: NT System Admin Issues Subject: RE: moving to virtual I can't comment on the AD/Exchange services costs without knowing what's in the scope of work. As to the storage, the NetApp frame is going to offer you *substantially* more functionality than the competing solution, IMO. I'd strongly lean towards NetApp's offering especially looking at it as a long term investment. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: David Mazzaccaro [mailto:david.mazzacc...@hudsonmobility.com] Sent: Monday, July 16, 2012 2:36 PM To: NT System Admin Issues Subject: moving to virtual Greetings, Getting very close to moving into the VM world, and have a couple of questions... 1) I am trying to figure out if I should go with 8 core or 6 core processors in my 3 hosts for my upcoming VMware environment. The price is about double. And I'm not sure I need 8 cores. The layout that has been quoted is as follows: 3 hosts connected to a PS4100XV SAN running VMware Essentials Plus Kit. The host servers I am looking at are either: HP DL360 G8 2x Intel(r) Xeon(r) E5-2640 (6 core, 2.50 GHz, 15MB, 95W) $5356 each HP DL360 G8 2x Intel(r) Xeon(r) E5-2690 (8 core, 2.90 GHz, 20MB, 135W) $10,061 each I currently have 8 physical servers (Win2003, E2003, Citrix 4.0) that we will be P2V'd. After I P2V the servers, the plan is to begin creating new Windows 2008 R2 VMs and migrating each server's role (2008R2 domain, Exchange 2010, and Citrix XenApp 6.5). I want enough power to be able to run my existing 8 servers in a virtual environment and migrate them to AD2008/E2010/XenApp as well as leave some room for testing and growth. 2 of the vendors said 6 core is fine, another vendor is quoting 8 core processors. 2) The quotes I have for the services part of this are: $40,000 ($12k for AD/Exch, $8k for XenApp 20k for VMware) $38,000 (not itemized) $28,000 ($11k for AD/Ex, $6k XenApp, $11k for VM) Do these sound legit? I have ~190 users if that helps. I really think 28k is either too aggressive or simply not realistic. This is the same vendor who quoted me (3) single processor servers, so I have to go back to them and tell them I want dual proc. 3) For the SAN, I have 2 options: PS4100XV (12 600GB 15k SAS) $23,000
RE: Certificate authority
Why does installing Lync necessitate a CA? Just get the certs from a commercial CA. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: jwalt...@specservices.com [mailto:jwalt...@specservices.com] Sent: Tuesday, July 03, 2012 5:49 PM To: NT System Admin Issues Subject: Certificate authority We will be installing Microsoft Lync here very soon and I need to have a certificate authority running. To date, we've not had a need to stand one up and from the research I've done, it seems there are a number of ways to go - three tier, two, standalone. Our needs are for Lync, maybe some certs for some smart phones and some internal software we've written so it's not a complicated system from our perspective. At least not for the short term. I obviously don't want to do something that I'll regret later and was looking for some advice from other who have traveled these roads and learned what to do, and what not to do. From my research, I think a two tier system will work but I'm not real clear at this point how you have an offline CA (for security purposes) and subordinate CA's to hand our certs. Still reading up on all that. Am I overthinking all this as my Lync installer suggests? He said that I should just install the certificate role on a DC and that would be that. I think they might be better at installing and configuring Lync than they are at designing certificate authorities as my research indicates doing that is not the best way to go. Can anyone share their experiences as time is short and I need to decide what CA to stand up. Any advice would be appreciated. Thanks Jim ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Anyone see this
I agree with Ken that this should be irrelevant. I would use Fiddler and figure out what's going on at the HTTP level. There was an issue around this with cert based auth enabled on the IIS end and a recent (April or May ?) Outlook 2010 rollup in place. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Cameron Cooper [mailto:ccoo...@aurico.com] Sent: Tuesday, July 03, 2012 6:17 AM To: NT System Admin Issues Subject: RE: Anyone see this From our experience, those that were prompted for user credentials had Outlook Anywhere enabled and ActiveSync disabled. Once we disabled Outlook Anywhere, via GPO, the users were no longer prompted for a user name and password. One user was still having issues with the credentials prompt and found out that they had a stored credentials for Outlook. Once we removed them, they no longer received the prompt. Regards, Cameron _ Cameron Cooper | IT Manager | Aurico Direct: 847.890.4021 | Cell: 224.688.2854 | Fax: 847.255.1896 ccoo...@aurico.commailto:ccoo...@aurico.com | www.aurico.comhttp://www.aurico.com From: Ken Schaefer [mailto:k...@adopenstatic.com]mailto:[mailto:k...@adopenstatic.com] Sent: Monday, July 02, 2012 10:55 PM To: NT System Admin Issues Subject: RE: Anyone see this Why would that make a difference? Cheers Ken From: Cameron Cooper [mailto:ccoo...@aurico.com]mailto:[mailto:ccoo...@aurico.com] Sent: Tuesday, 3 July 2012 3:12 AM To: NT System Admin Issues Subject: RE: Anyone see this Does the user have 'ActiveSync' disabled and Outlook anywhere enabled? We've had that issue before with several users that didn't have activesync enabled (only certain users have this enabled) and Outlook anywhere enabled. Regards, Cameron _ Cameron Cooper | IT Manager | Aurico Direct: 847.890.4021 | Cell: 224.688.2854 | Fax: 847.255.1896 ccoo...@aurico.commailto:ccoo...@aurico.com | www.aurico.comhttp://www.aurico.com From: David Lum [mailto:david@nwea.org]mailto:[mailto:david@nwea.org] Sent: Monday, July 02, 2012 9:04 AM To: NT System Admin Issues Subject: Anyone see this Upgraded a client from E2K3 to E2K10, I have one Win7/Outlook 2010 user who repeatedly gets prompted to log in, starting sometime AFTER they're opened Outlook and received e-mail. Sometimes it will go a couple of hours before prompting Google-Fu has shown this is not unheard of. I have tried clearing the credential manager stuff but that has had no effect. David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE: This email message is intended only for the person or entity to which it is addressed and may contain confidential material. Any unauthorized review, use, disclosure, downloading, copying or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and permanently delete all copies of the original message. If you are the intended recipient but do not wish to receive communications through this medium, please advise the sender immediately. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Schema upgrade/rollback
Yes - that is the only back out plan. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: David Lum [mailto:david@nwea.org] Sent: Friday, June 08, 2012 11:48 PM To: NT System Admin Issues Subject: RE: Schema upgrade/rollback I'm not worried in the least, my fellow non-AD educated folks have paranoia about what happens if something breaks so I have to give them an answer. I told them simply a forest restore. From: Brian Desmond [mailto:br...@briandesmond.com]mailto:[mailto:br...@briandesmond.com] Sent: Friday, June 08, 2012 2:56 PM To: NT System Admin Issues Subject: RE: Schema upgrade/rollback What is it that you fear will happen that this proposed process will protect you from? Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: David Lum [mailto:david@nwea.org] Sent: Friday, June 08, 2012 2:32 PM To: NT System Admin Issues Subject: Schema upgrade/rollback In this day and age of VM's, what would be the simplest way to test and possibly roll back a schema extension? Would this work? 1. Power down all DC's 2. Snapshot schema master 3. Power up schema master 4. Extend schema 5. Smoke test a. If there are failures revert to snapshot b. If all checks out OK power up remaining DC's David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Office 365 and AD synchronization
I think 99.99% is overdoing it. I'm pretty sure there is more than .01% of customers who want HA for their AuthN to email, IM, SharePoint, partner apps, etc. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, June 27, 2012 4:29 PM To: NT System Admin Issues Subject: RE: Office 365 and AD synchronization You don't need a separate machine for either dirsync or adfs. It is, indeed, recommended. It's also recommend to have a load-balanced adfs proxy, but for 99.99% of clients, that is just bollocks. From: Christopher Bodnar [mailto:christopher_bod...@glic.com]mailto:[mailto:christopher_bod...@glic.com] Sent: Wednesday, June 27, 2012 10:28 AM To: NT System Admin Issues Subject: Office 365 and AD synchronization Getting ready to migrate a small office environment to office 365. Domain is 2008 R2, only 10 users. I'm reading through all the documentation and specifically looking at the requirement for a separate machine to host the Directory Synchronization tool. Anyone here do this yet with a small office? Just curious as to the load on the box. I'm going to create a VM for this but see that the minimum requirements are 4G RAM and 70G of disk space. That seems high to me for something like this in a very small environment. Curious to hear what others have seen after doing this in a similar environment. Also just starting to read about single sign-on. So using the AD Sync tool doesn't give you single-sign on? It just gets your users and groups up to Office 365? For what purpose, if the credentials are synched? That's what I don't understand yet, but I'm not done reading yet, so maybe that will come. So if you need AD FS for single sign-on, how was the process? Thanks, Christopher Bodnar Enterprise Achitect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto: [cid:image001.jpg@01CD551C.102248E0] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: Re-cabling
The labeling I agree is far more important. Get a good label printer that's designed for cable labeling. Rather than pulling cable all the way down in to the racks, you might want to think about putting a 24 or 48 port panel in the top (back) of each rack and then running short patch cables from there. Then on the other end you can cross connect to the switch or whatever. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Steven Peck [mailto:sep...@gmail.com] Sent: Wednesday, June 20, 2012 10:50 AM To: NT System Admin Issues Subject: Re: Re-cabling As we have a redundant switched network our network team uses color coding religiously. Off the top of my head it's something like: Blue for primary network, green for the secondary (for the teamed networks) Orange for backup Red for rILO They also label all connections, both ends. They are not so concerned with what the system name is, as switch/port it is connected to. Steven Peck http://www.blkmtn.org On Wed, Jun 20, 2012 at 7:20 AM, Ben Scott mailvor...@gmail.commailto:mailvor...@gmail.com wrote: On Wed, Jun 20, 2012 at 9:27 AM, Tom Miller tmil...@hnncsb.orgmailto:tmil...@hnncsb.org wrote: What are your preferences? Cable color by rack, system, type, etc? It's just aesthetics but I'm looking for ideas. If you want it to look pretty, use the same color for each rack/switch. Otherwise that's more confusing than helpful. Categorizing by VLAN or type of traffic makes some sense. E.g., yellow is DMZ, blue is main LAN, green is SAN, etc. Using a rainbow spread to each rack makes some sense. Makes it easier to tell cables apart when you're hunting for or tracing a particular cable. There are some standards for cable sheath color coding, but the ones I'm aware of are all facility-wide in scope. Most of your in-datacenter cabling would be the same color under such schemes. So I wouldn't call those helpful for this. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: How many in your company can join systems to domain
Joining personal assets to the domain seems like a dicey move. You're right, they'll get policy and all that, but, they also lose control of the asset. If you were going to do this, I'd be making them sign something that basically says so long as they're doing P, Q, and R (e.g. domain join), they agree to IT policies X, Y, and Z (patching, a/v, etc.). Also factor in how you’re a/v in particular is licensed. Thanks, Brian Desmond br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Wednesday, June 20, 2012 12:32 PM To: NT System Admin Issues Subject: RE: How many in your company can join systems to domain I have thought about this before...so I am going to toss it out there and see how it gets swatted down. If a staff member brings in a home laptop and joins it to the domain is it more of a threat or less of a threat than not being in the domain and just plugged into the network. I ask because here after they reboot they will get all the patches, up to date AV software and no-one except IT Staff will be a local admin. Most won't even be able to get to a command prompt. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, June 20, 2012 1:17 PM To: NT System Admin Issues Subject: Re: How many in your company can join systems to domain By default yes, unless you turn it off, which, IMHO, is the sane thing to do... On Wed, Jun 20, 2012 at 8:30 AM, Webster webs...@carlwebster.com wrote: I haven't had to deal with this in a long time but IIRC anyone who is in Domain Users can join up to 10 computers to your domain. http://support.microsoft.com/kb/243327 Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.com From: David Lum david@nwea.org Reply-To: NT Issues ntsysadmin@lyris.sunbelt-software.com Date: Wednesday, June 20, 2012 8:19 AM To: NT Issues ntsysadmin@lyris.sunbelt-software.com Subject: How many in your company can join systems to domain Subject line pretty much says it. We have 600 employees and an IT staff of 50-ish (including developers) and I swear all 50 can join systems to the domain. Certainly 10 of them can and that seems like a lot. Brought up because these guys drive me crazy by loosely following naming standards, not moving to the appropriate OU, and not putting descriptions in AD. David Lum Systems Engineer // NWEATM Office 503.548.5229//Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: in-depth AD
I use this as well, or a NetApp ONTAP simulator. Windows Server 2012 has an in-box iSCSI target. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Saturday, June 16, 2012 7:02 AM To: NT System Admin Issues Subject: RE: in-depth AD I have one VM, running the Starwind iSCSI target, as a small scale iSCSI NAS, and a QNAP SS-429 as another iSCSI target (with bulkier storage) Cheers Ken From: Steven Peck [mailto:sep...@gmail.com] Sent: Saturday, 16 June 2012 3:29 AM To: NT System Admin Issues Subject: Re: in-depth AD I am setting up one of those for my storage. I was thinking of getting one or two of the Shuttle SZ68r5 and i5 (maybe i7 but probably i5) and a 4 port NIC card to play with and connect to the backend via iSCSI. Easy enough to get a second when I can afford it and have more options. On Fri, Jun 15, 2012 at 3:17 AM, Ken Schaefer k...@adopenstatic.commailto:k...@adopenstatic.com wrote: To be honest, when HP N40L Microservers are $350 each, everyone should be able to afford a lab. The HP specs say that they only take 8GB of RAM each, but you can run them at 16GB of RAM. They have 4 built-in 3.5 drive bays, and space for 2 more drives. They are really quiet and compact. And you can install a remote access card if you want (about $80) I run 2 of these now: both with 16GB of RAM, 2 x 128GB SSD + 2 x 2TB drives, remote access cards, plus an additional add-in NIC. You can run a lot of VMs on that Disclaimer: I work for HP. Cheers Ken ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: in-depth AD
That's on a 2xDual Core Xeon 5160 box w/ 28GB RAM and 4x1T SATA RAID10. Box is about 5 years old. I have a newer dual QC i7 box with 48GB that I haven't really started using yet due to lack of time. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 -Original Message- From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Saturday, June 16, 2012 12:21 PM To: NT System Admin Issues Subject: RE: in-depth AD I have most stuff at home - this is what the one ESX box looks like right now: What specs do you run that long list on at home? Thanks! jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Schema upgrade/rollback
What is it that you fear will happen that this proposed process will protect you from? Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: David Lum [mailto:david@nwea.org] Sent: Friday, June 08, 2012 2:32 PM To: NT System Admin Issues Subject: Schema upgrade/rollback In this day and age of VM's, what would be the simplest way to test and possibly roll back a schema extension? Would this work? 1. Power down all DC's 2. Snapshot schema master 3. Power up schema master 4. Extend schema 5. Smoke test a. If there are failures revert to snapshot b. If all checks out OK power up remaining DC's David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Powershell and dos batch
You can pass session level execution policy by adding a -ExecutionPolicy argument to your powershell.exe call. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Wednesday, June 06, 2012 9:49 AM To: NT System Admin Issues Subject: RE: Powershell and dos batch From a DOS shell, type `powershell.exe -?` and you'll see how to invoke a session with a script and all the other options which may need to apply. jlc From: itli...@imcu.commailto:itli...@imcu.com [itli...@imcu.com] Sent: Wednesday, June 06, 2012 10:07 AM To: NT System Admin Issues Subject: Powershell and dos batch I have need to running a powershell script for Backup Exec 2012 through a DOS batch file. Here is what I have so far: ::Batch File ::powershell C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe 'e:\in01\oper\task\BackupJob.ps1' exit ___ BackupJob.ps1 Import-Module BEMCLI | Get-BEJob -Name BackupJob-Full | Start-BEJob | exit Where the BackupJob is already set up in the GUI library on the server. I get nothing. The batch file just finishes. I put a pause after it and I see no errors? So what am I doing wrong and how do I make it work? Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: SQL Cluster Disk IO issues
Have you collected some performance data during the slow downs to see what is bottlenecking? Firmware bugs do happen so this could help, but, it's also possible that you're simply overloading the storage. This tool - http://pal.codeplex.com/ - is very good for getting the right log set built and then analyzing it. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Mark Robinson [mailto:mark.robin...@cips.org] Sent: Wednesday, May 30, 2012 10:31 AM To: NT System Admin Issues Subject: SQL Cluster Disk IO issues Hi all, I'm looking for some advice please.I have an aging SQL 2000 cluster running on 2 x HP DL360's, each with dual fibre HBA's, connected to an MSA 1000 storage array via dual fibre channel switches. Of late database performance is poor, and during these bouts of poor performance, the SQL logs report that SQL Server has encountered 'X' occurrence(s) of IO requests taking longer than 15 seconds to complete During Additionally, Perfmon reports very high average disk queues n the disk that hosts the SQL database(s). Having researched this it seems that the most common advice is to focus on the disk subsystem, and to upgrade the firmware of the MSA controllers. I provided our developers with a list of the process ID's that were flagged alongside each of the IO entries in the logs, and I was told that there is no reason why these queries should cause bottlenecks and the issue is most likely with the disk subsystem. I understand the need to keep up to date with firmware releases, however I am failing to understand why the firmware would suddenly be at fault, when up until now there have been no issues. Another suggestion is to migrate resources from the existing MSA to a second MSA to lighten the load. However moving SQL cluster resources from one SAN to another and configuring the SQL cluster so that is still functions as before is a daunting prospect. So I guess my questions are: 1) Have anyone experienced similar issues in the past? 2) Does firmware 'just give up'?! I suspect not but worth asking!! 3) Is there any advice for introducing a second MSA and migrating resources from the existing SAN to the second? I would like to avoid this option if possible - I would much prefer to build up a parallel environment - but time is against me. Any advice very gratefully received. Many thanks, Mark -- Scanned by iCritical. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: http://fqdn/owa works interally but not externally
Does the request show up in the IIS log? What's the status code? What's between the CAS server and the user - firewalls, load balancers, reverse proxies, etc? Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: David Lum [mailto:david@nwea.org] Sent: Wednesday, May 30, 2012 5:38 PM To: NT System Admin Issues Subject: http://fqdn/owa works interally but not externally 1. Inside the network, http://webmail.mydomain.com/owa works 2. From the Internet that URL does not However, http://webmail.mydomain.com gets me to the IIS7 landing page on the server, so I know the server is available in some fashion via Internet, but adding /owa doesn't even get me a 404 error, simple a Internet Explorer cannot display this page. Putting /Exchange instead of /owa I get a runtime error page. Anyone have ideas on what to look for? I have tried HTTP redirect and the IIS7 redirect but those give me the same non-result. David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Microsoft Office 2010 KMS Host License Pack
That is my understanding and recollection as well... Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Thursday, May 17, 2012 4:55 PM To: NT System Admin Issues Subject: Microsoft Office 2010 KMS Host License Pack Can anyone here confirm or deny that this won't install on a Windows 2008 server? http://www.microsoft.com/en-us/download/details.aspx?id=25095 My KMS host systems are 2008, not 2008 R2, and the way the System Requirements read, that isn't supported. Thanks, Christopher Bodnar Enterprise Achitect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto: [cid:image001.jpg@01CD344F.2DB21A40] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: Windows Server Backup BSOD
Did they have you enable driver verifier with 'Force IRQL Checking' enabled? Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 -Original Message- From: Charlie Kaiser [mailto:charl...@golden-eagle.org] Sent: Monday, May 14, 2012 12:14 PM To: NT System Admin Issues Subject: Windows Server Backup BSOD Windows 2008 R2 SP1, running on VMWare ESX1 5.0. Exchange 2010 installed, single server Exchange org. Server hdw is a dell R710. 2 datastores; one is DAS for OS and transaction logs, other is iSCSI on an iomega PX12 for the Exchange DB. DB is ~100g. NIC on VM is the E1000, not the VMXnet. This is a new install in the last month. Once we installed exchange and moved mailboxes, we tried backing up the server using Windows Server Backup. Backup is to another local disk on secondary DAS (not the same as OS/logs) Quickly got a BSOD, irq not less than or equal in netio.sys. Nominal troubleshooting did not lead to an obvious fix. Opened a case with PSS. Dump analysis led to recommendation of installing KB 2664888 and updating network driver. We installed the hotfix and performed VMware updates via update manager. No change. When running WSB, we see the initial exchange consistency check and during that time the server bogs down. Task manager shows eseutil taking 100% CPU and after maybe 10 minutes or so the BSOD occurs. MS' recommendation for our next maintenance window is to run msconfig and disable all 3rd party services/processes. We will try this. My question is this; anyone seen this issue with WSB? If we try running another backup app (i.e., backup exec) might this be better? Or is it an underlying server issue? *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Windows Server Backup BSOD
Generally without that flag, the dumps are pretty useless for this particular crash. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 -Original Message- From: Charlie Kaiser [mailto:charl...@golden-eagle.org] Sent: Monday, May 14, 2012 1:56 PM To: NT System Admin Issues Subject: RE: Windows Server Backup BSOD Not yet. I can ask them about that once they bring me the next dump analysis... *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Monday, May 14, 2012 10:33 AM To: NT System Admin Issues Subject: RE: Windows Server Backup BSOD Did they have you enable driver verifier with 'Force IRQL Checking' enabled? Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 -Original Message- From: Charlie Kaiser [mailto:charl...@golden-eagle.org] Sent: Monday, May 14, 2012 12:14 PM To: NT System Admin Issues Subject: Windows Server Backup BSOD Windows 2008 R2 SP1, running on VMWare ESX1 5.0. Exchange 2010 installed, single server Exchange org. Server hdw is a dell R710. 2 datastores; one is DAS for OS and transaction logs, other is iSCSI on an iomega PX12 for the Exchange DB. DB is ~100g. NIC on VM is the E1000, not the VMXnet. This is a new install in the last month. Once we installed exchange and moved mailboxes, we tried backing up the server using Windows Server Backup. Backup is to another local disk on secondary DAS (not the same as OS/logs) Quickly got a BSOD, irq not less than or equal in netio.sys. Nominal troubleshooting did not lead to an obvious fix. Opened a case with PSS. Dump analysis led to recommendation of installing KB 2664888 and updating network driver. We installed the hotfix and performed VMware updates via update manager. No change. When running WSB, we see the initial exchange consistency check and during that time the server bogs down. Task manager shows eseutil taking 100% CPU and after maybe 10 minutes or so the BSOD occurs. MS' recommendation for our next maintenance window is to run msconfig and disable all 3rd party services/processes. We will try this. My question is this; anyone seen this issue with WSB? If we try running another backup app (i.e., backup exec) might this be better? Or is it an underlying server issue? *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: PCounter Print Management
I've seen it before at customers. Also seen one called Pharos. I don't recall hearing anything positive or negative about the PCounter solution. The Pharos one I've heard some complaining. I've seen a number of places that are moving to universal print queue style solutions where you print and then swipe your badge on any machine to release the job. In the process it goes on your tab. I know Canon has a solution here. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] Sent: Saturday, April 28, 2012 7:11 AM To: NT System Admin Issues Subject: PCounter Print Management Are any of you using PCounter to do print auditing/management please? We're in the process of reviewing our MFP/print contract and beyond the physical hardware there's the question of how we could be a little smarter in tracking and controlling what is printed. One of the vendors mentioned this product and from a quick look on YouTube it looks interesting and worth trying the free demo, but I thought I'd see if there are any users our there first and if so what you think of it (or any of the similar products if you got beyond the subject line and read on). Thanks, Paul MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 100 1464 84 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: PCounter Print Management
My experience is that many customers who implement these managed print solutions see some sort of savings but hate the resultant end user and IT experiences. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] Sent: Monday, April 30, 2012 12:57 PM To: NT System Admin Issues Subject: RE: PCounter Print Management Follow-Me is something we're looking at. It may be a step too far for the moment though. The politics of all of these management solution is interesting - printers seem to be incredibly emotive considering they're just lumps of plastic and metal. I'd be interested to hear any tales from those of you who've implemented any sort of print management where previously there was non - if you're still alive to tell the tale :) From: Brian Desmond [br...@briandesmond.com] Sent: 30 April 2012 3:38 PM To: NT System Admin Issues Subject: RE: PCounter Print Management I've seen it before at customers. Also seen one called Pharos. I don't recall hearing anything positive or negative about the PCounter solution. The Pharos one I've heard some complaining. I've seen a number of places that are moving to universal print queue style solutions where you print and then swipe your badge on any machine to release the job. In the process it goes on your tab. I know Canon has a solution here. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk]mailto:[mailto:paul.hutchi...@mira.co.uk] Sent: Saturday, April 28, 2012 7:11 AM To: NT System Admin Issues Subject: PCounter Print Management Are any of you using PCounter to do print auditing/management please? We're in the process of reviewing our MFP/print contract and beyond the physical hardware there's the question of how we could be a little smarter in tracking and controlling what is printed. One of the vendors mentioned this product and from a quick look on YouTube it looks interesting and worth trying the free demo, but I thought I'd see if there are any users our there first and if so what you think of it (or any of the similar products if you got beyond the subject line and read on). Thanks, Paul MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 100 1464 84 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: BPOS to Exchange on-premise
MigrationWiz might be able to do this for you. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Benjamin Zachary [mailto:li...@levelfive.us] Sent: Thursday, April 19, 2012 2:39 PM To: NT System Admin Issues Subject: RE: BPOS to Exchange on-premise We had someone who asked us to do this for them manually but then found a company who polled the rpc/https with all accounts and peeled off the data in one swoop ... I didn't ask them but most likely a tool they purchased in house , they needed the admin account to see all mailboxes and that was it. YMMV From: Doug Hampshire [mailto:dhampsh...@gmail.com] Sent: Thursday, April 19, 2012 10:32 AM To: NT System Admin Issues Subject: Re: BPOS to Exchange on-premise During this migration phase (Live to 365) you can pretty much migrate when you want IIRC. On Wed, Apr 18, 2012 at 4:13 PM, Daniel Chenault dchena...@lgnetworksinc.commailto:dchena...@lgnetworksinc.com wrote: Not an option. My customer wants to do this within four weeks at the most. Daniel Chenault dchena...@lgnetworksinc.commailto:dchena...@lgnetworksinc.com [Description: Description: cid:image001.jpg@01CCF24C.F9B05160] From: Brian Desmond [mailto:br...@briandesmond.commailto:br...@briandesmond.com] Sent: Wednesday, April 18, 2012 3:06 PM To: NT System Admin Issues Subject: RE: BPOS to Exchange on-premise If you wait to migrate the tenant to Office365, it will be easy to do with the in-box tools. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438tel:312.625.1438 | c - 312.731.3132tel:312.731.3132 From: Daniel Chenault [mailto:dchena...@lgnetworksinc.com]mailto:[mailto:dchena...@lgnetworksinc.com] Sent: Wednesday, April 18, 2012 3:02 PM To: NT System Admin Issues Subject: BPOS to Exchange on-premise I have a found a wealth of information on moving FROM on-premise Exchange (and other systems) to BPOS but only one link about the reverse (from a company with a product to sell). Is this because there just is no easy path or because the information is being hidden? At this point all I can see is to manually recreate the user accounts (there is no export in the BPOS control panel that I can see) and have the users be sure all their mail is moved to a PST. Yech... Anyone have a better idea or experience? Daniel Chenault dchena...@lgnetworksinc.commailto:dchena...@lgnetworksinc.com Office: 972-528-6546 x 1002tel:972-528-6546%20x%201002 Fax: 972-982-0054tel:972-982-0054 9550 Skillman Road Suite 514 Dallas, TX 75243 [Description: Description: cid:image001.jpg@01CCF24C.F9B05160] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: MS DPM Opinions
The IronMountain DPM stuff was pricey when I talked to them three years ago. Would be curious to hear if it's come down at all. Thanks, Brian Desmond br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, April 19, 2012 5:01 PM To: NT System Admin Issues Subject: Re: MS DPM Opinions I understand that there's a paradumb shift [sic], and that we'll have some re-thinking to do. We had TSM in-house, and it's a lot closer to DPM than it is to Ultrabac. So, generally speaking, how does one achieve monthly/quarterly/yearly offsite backups using DPM? Is there a method to synthesize a point-in-time archive for archival and/or DR/BC purposes? Depending on price, we might also look at sending data over the wire to someone like Iron Mountain, rather than using tapes, though that could be problematic in a true DR/BC incident. Kurt On Thu, Apr 19, 2012 at 13:03, Michael B. Smith mich...@smithcons.com wrote: That's not the way it works. :-P DPM originally makes a bit-for-bit copy of the thing to be backed up. After that, only changed blocks are backed up. That's on disk. Generally, I see 50-60 generations of files being kept by clients. You can do a tape dump of the full image but that's not really the way DPM is designed to work. It takes a slightly different perspective than traditional backup products. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, April 19, 2012 3:08 PM To: NT System Admin Issues Subject: Re: MS DPM Opinions To further this conversation - what multiple of disk space does DPM have available vs. the disk consumed in production, and what kind of history do you keep? We're contemplating moving from Ultrabac and a tape robot to DPM, and are currently doing a standard Grandparent/Parent/Child tape rotation with a 5 year retention for the archive. Kurt On Thu, Apr 19, 2012 at 11:26, Bob Fronk b...@btrfronk.com wrote: I have been using DPM for about two years now. No complaints. I do not use removable media, so I cannot comment on those posts. (I use a secondary DPM server at another geographic site to assure offsite backup of the primary DPM server) If you have specific questions, you know a couple ways to contact me J BF From: James Kerr [mailto:cluster...@gmail.com] Sent: Thursday, April 19, 2012 1:33 PM To: NT System Admin Issues Subject: MS DPM Opinions Heh, any of you guys have any opinions good or bad about DPM? Any gotchas I should know about, etc? I'm ordering a server today to be the backup repository for the VMs and physical machines that DPM will be backing up. Thanks, James ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Wireless controller for 2 APs?
That's an interesting idea - I haven't. Do you still need to put a special breaker in to isolate it? Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Tuesday, April 17, 2012 10:26 PM To: NT System Admin Issues Subject: RE: Wireless controller for 2 APs? Have you looked at the Powerline adapters? I have a few of these, and they are fantastic. Some even have basic APs built in, if you need to extend your Wifi network, but without Wifi bridging. I use there to get media from the Windows Home Server to the media center. I've also put an airport express+speakers in the bedroom hooked up to another powerline adapter and I can stream music from the Home Serve (all controlled by an iPad) Cheers Ken From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Wednesday, 18 April 2012 8:06 AM To: NT System Admin Issues Subject: RE: Wireless controller for 2 APs? At some point I might just replace the Cisco WAP in the basement with another DLINK as it looks like they can do the bridging plus give me N into my office network as well. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: BPOS to Exchange on-premise
If you wait to migrate the tenant to Office365, it will be easy to do with the in-box tools. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Daniel Chenault [mailto:dchena...@lgnetworksinc.com] Sent: Wednesday, April 18, 2012 3:02 PM To: NT System Admin Issues Subject: BPOS to Exchange on-premise I have a found a wealth of information on moving FROM on-premise Exchange (and other systems) to BPOS but only one link about the reverse (from a company with a product to sell). Is this because there just is no easy path or because the information is being hidden? At this point all I can see is to manually recreate the user accounts (there is no export in the BPOS control panel that I can see) and have the users be sure all their mail is moved to a PST. Yech... Anyone have a better idea or experience? Daniel Chenault dchena...@lgnetworksinc.commailto:dchena...@lgnetworksinc.com Office: 972-528-6546 x 1002 Fax: 972-982-0054 9550 Skillman Road Suite 514 Dallas, TX 75243 [Description: Description: cid:image001.jpg@01CCF24C.F9B05160] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: Wireless controller for 2 APs?
Sounds overkill. I just bought a D-Link WAP for my house a couple weeks ago that's out of their SMB type line and it even has a little basic wireless controller function built into it. Got it for perhaps 120 bucks on Amazon. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 -Original Message- From: Jon D [mailto:rekcahp...@gmail.com] Sent: Tuesday, April 17, 2012 10:14 AM To: NT System Admin Issues Subject: Wireless controller for 2 APs? I'm new to enterprise wireless. I'm setting up 2 APs to share out a fios connection for our conference rooms. 100% seperate from our corporate network. Our IT consultants is trying to sell a cisco wireless controller to manage the APs. Does this sound like overkill to anyone? Do you really need a wireless controller to manage 2 APs? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Wireless controller for 2 APs?
I picked one of these up - http://www.dlink.com/products/?pid=DAP-2553. Seems featureful, works well (so far), and was reasonably easy to configure. Make sure you flash the firmware as there's a bunch of new functionality. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Kevin Lundy [mailto:klu...@gmail.com] Sent: Tuesday, April 17, 2012 2:29 PM To: NT System Admin Issues Subject: Re: Wireless controller for 2 APs? Brian - which D-Link model? I'm in the market for a new AP. On Tue, Apr 17, 2012 at 2:25 PM, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com wrote: Sounds overkill. I just bought a D-Link WAP for my house a couple weeks ago that's out of their SMB type line and it even has a little basic wireless controller function built into it. Got it for perhaps 120 bucks on Amazon. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438tel:312.625.1438 | c - 312.731.3132tel:312.731.3132 -Original Message- From: Jon D [mailto:rekcahp...@gmail.commailto:rekcahp...@gmail.com] Sent: Tuesday, April 17, 2012 10:14 AM To: NT System Admin Issues Subject: Wireless controller for 2 APs? I'm new to enterprise wireless. I'm setting up 2 APs to share out a fios connection for our conference rooms. 100% seperate from our corporate network. Our IT consultants is trying to sell a cisco wireless controller to manage the APs. Does this sound like overkill to anyone? Do you really need a wireless controller to manage 2 APs? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Wireless controller for 2 APs?
btw the reason I picked that one over other competing or cheaper models is that the Ethernet port on it is GigE. Many of these N-band APs have 100meg ports and I wanted to make sure that I could push 100mbps over the air down to the switch it's plugged into. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Tuesday, April 17, 2012 5:14 PM To: NT System Admin Issues Subject: RE: Wireless controller for 2 APs? I picked one of these up - http://www.dlink.com/products/?pid=DAP-2553. Seems featureful, works well (so far), and was reasonably easy to configure. Make sure you flash the firmware as there's a bunch of new functionality. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Kevin Lundy [mailto:klu...@gmail.com] Sent: Tuesday, April 17, 2012 2:29 PM To: NT System Admin Issues Subject: Re: Wireless controller for 2 APs? Brian - which D-Link model? I'm in the market for a new AP. On Tue, Apr 17, 2012 at 2:25 PM, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com wrote: Sounds overkill. I just bought a D-Link WAP for my house a couple weeks ago that's out of their SMB type line and it even has a little basic wireless controller function built into it. Got it for perhaps 120 bucks on Amazon. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438tel:312.625.1438 | c - 312.731.3132tel:312.731.3132 -Original Message- From: Jon D [mailto:rekcahp...@gmail.commailto:rekcahp...@gmail.com] Sent: Tuesday, April 17, 2012 10:14 AM To: NT System Admin Issues Subject: Wireless controller for 2 APs? I'm new to enterprise wireless. I'm setting up 2 APs to share out a fios connection for our conference rooms. 100% seperate from our corporate network. Our IT consultants is trying to sell a cisco wireless controller to manage the APs. Does this sound like overkill to anyone? Do you really need a wireless controller to manage 2 APs? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Wireless controller for 2 APs?
Yeah I'm probably spending $75+ a month on electric for this. That said I can run 50-75 VMs concurrently with no sweat. It is nice to be able to pull up any version of windows or exchange or whatever and look at something, but, the forest all this stuff is in is also screwed up on an epic level. Nice for real world testing but also obnoxious when you just want something to work quickly. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: William Robbins [mailto:dangerw...@gmail.com] Sent: Tuesday, April 17, 2012 7:25 PM To: NT System Admin Issues Subject: Re: Wireless controller for 2 APs? ... I absolutely hate having to play SysAdmin at home... This reminds me of why I finally dumped all my servers and routers at home, and try to stick with virtual labs when the occasion arises. That said I'm certain you do simulations of client environments that I just don't have to do any longer that requires hardware to manipulate. Some days I miss the sounds of all those fans, but I don't miss the utility bill that went along with them. :) - Will On Tue, Apr 17, 2012 at 19:06, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com wrote: I don't have a wireless router. Essentially what I have is a bit complicated but very manageable: * My Comcast comes into my home office in the basement. There's a Cisco 1741 I acquired which the Internet and Wireless hang off of. * I have a pair of Dell 8 port GigE managed switches (like 75 bucks each) that all my stuff (PCs, phone, printer, MFP, etc.) plugs into in the basement o The management interface on these things is craptastic, but the price/functionality ratio was right and they are fan-less * Said switches have a Cisco 11something WAP attached which I acquired several of at a somewhat questionably exceedingly low price on ebay - general WiFi SSID is hosted here * Upstairs in my living room, I have another one of the Dell switches under the TV - a second Cisco 11something WAP is bridging the network up to there from the basement, and my Media Center, XBOX, etc. are all plugged in * The new DLink is hanging off the living room switch with a different SSID and is really dedicated to servicing my media center extender xbox in the bedroom as I was getting poor perf for HD over 802.11G. At some point I might just replace the Cisco WAP in the basement with another DLINK as it looks like they can do the bridging plus give me N into my office network as well. The Cisco router needs to go one of these days as it's loud and sucking power but it hasn't yet become a priority after 2 years of me complaining that it's loud. I need throughput on the router as my lab environment is on a separate VLAN so that passes through the router. I tend to just spend the extra money on the low-end (or older mid-range) commercial gear as while I absolutely hate having to play SysAdmin at home, on the odd occasion that I have a need to do something strange, the capability is there. For example I had to mess with some multicast settings to get the media center extender working when I got it. Likewise my VOIP company was recently alleging that my phone issues were my fault and I mirrored the phone's port off the switch and produced a trace proving otherwise. I will caution that the flipside of buying commercial wireless gear in particular requires that you have some semblance of a clue about WiFi and RF and so forth. Mine is really limited to what I read on Wikipedia, ownership of a full roll of tin foil, and the occasional favor from someone who actually understands this stuff. I've had some challenges getting my WiFi to work correctly and perform, especially in a dense urban residential neighborhood where everybody and their brother has some form of Linksys wifi broadcasting. Finally, I also invested some money on a couple APC UPS' (~$175/ea range) that can sustain everything for more than 2 or 3 minutes and that have little LCD readouts on them that show load and power info. Even living in a major city, the power gets a little screwy sometimes, especially during summer storms (this weekend in fact). It doesn't always go out but it gets dirty enough to get out of the tolerances on the UPS'. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438tel:312.625.1438 | c - 312.731.3132tel:312.731.3132 From: Webster [mailto:webs...@carlwebster.commailto:webs...@carlwebster.com] Sent: Tuesday, April 17, 2012 6:06 PM To: NT System Admin Issues Subject: RE: Wireless controller for 2 APs? Brian, What wireless router do you have this matched up with? I have a Linksys E3200 and haven't found anything yet (from OfficeMax [for easy returns]) that works with it. Thanks Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.comhttp://www.carlwebster.com/ From: Brian Desmond [mailto:br
RE: code signing certificate ?
I haven't used these formats before, but, three general thoughts: * Will the certs MMC solve this for you? * What about certutil.exe? * The OpenSSL Windows command line utility is a great resource for converting all manner of certificate formats. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Monday, April 16, 2012 9:27 AM To: NT System Admin Issues Subject: Re: code signing certificate ? Yes, and are great, but I'm not importing directly from the web site like he was able to. I've got the SPC and PVK files and now need to somehow import them into the certificate store. That is where I'm stuck. I've just found this link which seems to be promising: http://ellisweb.net/2008/08/signing-code-using-pvk-and-spc-files/ But isn't taking the password that I was given by our security guys. I'll have to check on that. Christopher Bodnar Enterprise Achitect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto: [cid:image001.jpg@01CD1BB9.B1F29FE0] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ From:Mack Bolan mack.bola...@gmail.commailto:mack.bola...@gmail.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date:04/16/2012 10:05 AM Subject:Re: code signing certificate ? Have you looked at Webster's instructions yet? Mack S. Bolan On Mon, Apr 16, 2012 at 8:58 AM, Christopher Bodnar christopher_bod...@glic.commailto:christopher_bod...@glic.com wrote: OK, the Security team has now provided me the SPC file. What I'm looking for is how to install the certificate with these 2 files (SPC, and PVK). According to the information I've found online you should be able to do this: pvkimprt -import 1.spc myprivatekey.pvk Which will them launch a wizard, or you can export directly to the PFX file by using this: pvkimprt -PFX 1.spc myprivatekey.pvk ISDCert.pfx Neither seems to be working for me. I get this error: Command line option syntax error: I'm doing this from a W7 machine Thanks Christopher Bodnar Enterprise Achitect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459tel:610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto:christopher_bod...@glic.com [cid:image001.jpg@01CD1BB9.B1F29FE0] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ From:Lora Cates lora.ca...@rocketmail.commailto:lora.ca...@rocketmail.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date:04/16/2012 09:42 AM Subject:Re: code signing certificate ? I found this in the NTSys Archives: http://carlwebster.com/how-to-digitally-sign-a-microsoft-powershell-script-with-a-third-party-code-signing-certificate/ -lc From: Christopher Bodnar christopher_bod...@glic.commailto:christopher_bod...@glic.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Monday, April 16, 2012 8:21 AM Subject: code signing certificate ? All help is appreciated , have never done this before. We are going to start signing our scripts. I requested a code signing certificate from our Security group, we use Verisign. They handle all the Verisign certificates. They gave me back a *.PVK file. Shouldn't there also be a *SPC file as well? I've been looking at this for documentation on how to import the certificate: http://support.godaddy.com/help/5087 Wanted to verify this first, before I go back to our Security group. Thanks Christopher Bodnar Enterprise Achitect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459tel:610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto:christopher_bod...@glic.com The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security
RE: Hooray, I'm moving to VMware!
The documentation currently says #1, but, I expect in the next 6-12 months you will see that shift to #2. I don't have a problem personally with #1. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: David Mazzaccaro [mailto:david.mazzacc...@hudsonmobility.com] Sent: Monday, April 16, 2012 11:30 AM To: NT System Admin Issues Subject: RE: Hooray, I'm moving to VMware! Speaking of domain controllers, I am being told 2 different things... 1) ALWAYS keep a single DC physical. You can certainly have virtual DCs, but you must have at least 1 physical. 2) Virtualize everything you can. You don't need any physical boxes at all. Period. Thoughts? From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Monday, April 16, 2012 11:55 AM To: NT System Admin Issues Subject: Re: Hooray, I'm moving to VMware! Single thing to point backups at - I believe you have to backup Hyper-V boxes individually? No, you don't have to back them up individually. Lots of 3rd party options here. No dependency on the domain being present which can put you in a fun situation if you have to power everything off and on again. Your Hyper-V server need not be a domain member. ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market... On Mon, Apr 16, 2012 at 11:41 AM, Paul Hutchings paul.hutchi...@mira.co.ukmailto:paul.hutchi...@mira.co.uk wrote: I've only used VMware so I'm more than happy to be corrected here, but in no particular order: Single ISO takes you from bare metal to working server. No third party drivers needed for things like MPIO and NIC teaming. Single management tool. Single management server (vCenter) gives visibility to your entire VMware infrastructure. Single thing to point backups at - I believe you have to backup Hyper-V boxes individually? No dependency on the domain being present which can put you in a fun situation if you have to power everything off and on again. Outside of usability you then have: Pretty much any virtual appliance you care to name will come natively in VMDK/OVF format Tons of vCenter add-ins I'm very interested in Hyper-V with Windows Server 8 and for us the timing falls nicely with our SAN and server refresh, but honestly the only reason I can see for looking at moving would be license costs - VMware works out expensive if you have more than a few hosts and want more than the basics. From: John Hornbuckle [john.hornbuc...@taylor.k12.fl.usmailto:john.hornbuc...@taylor.k12.fl.us] Sent: 16 April 2012 3:39 PM To: NT System Admin Issues Subject: RE: Hooray, I'm moving to VMware! Is the consensus that VMware is easier to use than Hyper-V? I've only used the latter, so I can't judge. John -Original Message- From: Paul Hutchings [mailto:paul.hutchi...@mira.co.ukmailto:paul.hutchi...@mira.co.uk] Sent: Monday, April 16, 2012 9:36 AM To: NT System Admin Issues Subject: RE: Hooray, I'm moving to VMware! I'd assume ease of use and market leader. -Original Message- From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.usmailto:john.hornbuc...@taylor.k12.fl.us] Sent: 16 April 2012 14:16 To: NT System Admin Issues Subject: RE: Hooray, I'm moving to VMware! Someone else asked about this, but I didn't see a reply (although Postini frequently blocks messages from this list)... What factors led to you choosing VMware over Hyper-V? John Hornbuckle, MSMIS, PMP MIS Department Taylor County School District www.taylor.k12.fl.ushttp://www.taylor.k12.fl.us - Original Message - From: David Mazzaccaro [mailto:david.mazzacc...@hudsonmobility.commailto:david.mazzacc...@hudsonmobility.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Fri, 13 Apr 2012 08:38:47 -0700 Subject: Hooray, I'm moving to VMware! Just got the ok to move forward with VMware/Citrix/Domain upgrade. I have 10 physical servers, and it looks like this will be the solution: 3 hosts: ($21k each) HP DL380 G7 E5660 Pair of 146 15k drives mirrored 196 G RAM - this was $45k alone Quad port gig adapter 2 Switches: ($1,800 each) HP 2910 1 SAN ($22,700) NetApp 2240 12 x 600GB VSphere Essentials Plus ($5,200) 6 Windows licenses ($13,600): Server 2008 Datacenter Windows/Xenapp licenses ($26,000) $40k services Install/config SAN, switches, hosts, VMware, new Citrix farm, 2008 Domain upgrade, P2V existing servers Total: $185,000 Sound good? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin . ~ Finally, powerful endpoint security that ISN'T a resource
RE: code signing certificate ?
Do you have root cert auto updating enabled? Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Monday, April 16, 2012 11:02 AM To: NT System Admin Issues Subject: Re: code signing certificate ? OK, got past that hurdle. i was also able to successfully sign a script using SignTool. Just trying to figure out the process to verify the signature, getting this: SignTool Error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. But if I look at the path, it looks OK. Christopher Bodnar Enterprise Achitect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto: [cid:image001.jpg@01CD1BC7.FCC12290] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ From:Christopher Bodnar christopher_bod...@glic.commailto:christopher_bod...@glic.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date:04/16/2012 10:40 AM Subject:Re: code signing certificate ? Yes, and are great, but I'm not importing directly from the web site like he was able to. I've got the SPC and PVK files and now need to somehow import them into the certificate store. That is where I'm stuck. I've just found this link which seems to be promising: http://ellisweb.net/2008/08/signing-code-using-pvk-and-spc-files/ But isn't taking the password that I was given by our security guys. I'll have to check on that. Christopher Bodnar Enterprise Achitect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto: [cid:image001.jpg@01CD1BC7.FCC12290] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ From:Mack Bolan mack.bola...@gmail.commailto:mack.bola...@gmail.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date:04/16/2012 10:05 AM Subject:Re: code signing certificate ? Have you looked at Webster's instructions yet? Mack S. Bolan On Mon, Apr 16, 2012 at 8:58 AM, Christopher Bodnar christopher_bod...@glic.commailto:christopher_bod...@glic.com wrote: OK, the Security team has now provided me the SPC file. What I'm looking for is how to install the certificate with these 2 files (SPC, and PVK). According to the information I've found online you should be able to do this: pvkimprt -import 1.spc myprivatekey.pvk Which will them launch a wizard, or you can export directly to the PFX file by using this: pvkimprt -PFX 1.spc myprivatekey.pvk ISDCert.pfx Neither seems to be working for me. I get this error: Command line option syntax error: I'm doing this from a W7 machine Thanks Christopher Bodnar Enterprise Achitect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459tel:610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto:christopher_bod...@glic.com [cid:image001.jpg@01CD1BC7.FCC12290] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ From:Lora Cates lora.ca...@rocketmail.commailto:lora.ca...@rocketmail.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date:04/16/2012 09:42 AM Subject:Re: code signing certificate ? I found this in the NTSys Archives: http://carlwebster.com/how-to-digitally-sign-a-microsoft-powershell-script-with-a-third-party-code-signing-certificate/ -lc From: Christopher Bodnar christopher_bod...@glic.commailto:christopher_bod...@glic.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Monday, April 16, 2012 8:21 AM Subject: code signing certificate ? All help is appreciated , have never done this before. We are going to start signing our scripts. I requested a code signing certificate from our Security group, we use Verisign. They handle all the Verisign certificates. They gave me back a *.PVK file. Shouldn't there also be a *SPC file as well? I've been looking at this for documentation on how to import the certificate: http://support.godaddy.com/help/5087 Wanted to verify this first, before I go back to our Security group. Thanks Christopher Bodnar Enterprise Achitect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459tel
RE: Hooray, I'm moving to VMware!
5-6 guests per host? How tiny are these hosts? Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: John Cook [mailto:john.c...@pfsf.org] Sent: Monday, April 16, 2012 1:37 PM To: NT System Admin Issues Subject: RE: Hooray, I'm moving to VMware! We average 5-6 per Host with 3 ESXi5 hosts. That being said any host failure and subsequent failover to the other two hosts will not impact the performance of the guest machines. It depends on what you are trying to accomplish - the least possible number of physical boxes or some resiliency. John W. Cook Network Operations Manager Partnership For Strong Families 5950 NW 1st Place Gainesville, Fl 32607 Office (352) 244-1610 Cell (352) 215-6944 MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4 From: David Mazzaccaro [mailto:david.mazzacc...@hudsonmobility.com] Sent: Monday, April 16, 2012 2:24 PM To: NT System Admin Issues Subject: RE: Hooray, I'm moving to VMware! How many VMs are you able to run on each of your 3 hosts? With only 10 physical servers now.. I am wondering if 3 hosts are going to be overkill. Even with a play/test environment of another 10 servers Are 3 hosts a waste? From: Jonathan Link [mailto:jonathan.l...@gmail.com]mailto:[mailto:jonathan.l...@gmail.com] Sent: Monday, April 16, 2012 1:05 PM To: NT System Admin Issues Subject: Re: Hooray, I'm moving to VMware! Yes! By physical boxes, we'll presume a box that's running as a DC, and not your hosts as Scott pithily responded... :-) And you may as well run a physical box for your vCenter if you're going to maintain a solid box for DC. The idea behind physical boxes, is it gives you something to authenticate against and bring your environment back online. At your size (three hosts, which is what I'm running) you probably don't need it, and can authenticate into the hosts and then start the guests that way. On Mon, Apr 16, 2012 at 12:30 PM, David Mazzaccaro david.mazzacc...@hudsonmobility.commailto:david.mazzacc...@hudsonmobility.com wrote: Speaking of domain controllers, I am being told 2 different things... 1) ALWAYS keep a single DC physical. You can certainly have virtual DCs, but you must have at least 1 physical. 2) Virtualize everything you can. You don't need any physical boxes at all. Period. Thoughts? From: Andrew S. Baker [mailto:asbz...@gmail.commailto:asbz...@gmail.com] Sent: Monday, April 16, 2012 11:55 AM To: NT System Admin Issues Subject: Re: Hooray, I'm moving to VMware! Single thing to point backups at - I believe you have to backup Hyper-V boxes individually? No, you don't have to back them up individually. Lots of 3rd party options here. No dependency on the domain being present which can put you in a fun situation if you have to power everything off and on again. Your Hyper-V server need not be a domain member. ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market... On Mon, Apr 16, 2012 at 11:41 AM, Paul Hutchings paul.hutchi...@mira.co.ukmailto:paul.hutchi...@mira.co.uk wrote: I've only used VMware so I'm more than happy to be corrected here, but in no particular order: Single ISO takes you from bare metal to working server. No third party drivers needed for things like MPIO and NIC teaming. Single management tool. Single management server (vCenter) gives visibility to your entire VMware infrastructure. Single thing to point backups at - I believe you have to backup Hyper-V boxes individually? No dependency on the domain being present which can put you in a fun situation if you have to power everything off and on again. Outside of usability you then have: Pretty much any virtual appliance you care to name will come natively in VMDK/OVF format Tons of vCenter add-ins I'm very interested in Hyper-V with Windows Server 8 and for us the timing falls nicely with our SAN and server refresh, but honestly the only reason I can see for looking at moving would be license costs - VMware works out expensive if you have more than a few hosts and want more than the basics. From: John Hornbuckle [john.hornbuc...@taylor.k12.fl.usmailto:john.hornbuc...@taylor.k12.fl.us] Sent: 16 April 2012 3:39 PM To: NT System Admin Issues Subject: RE: Hooray, I'm moving to VMware! Is the consensus that VMware is easier to use than Hyper-V? I've only used the latter, so I can't judge. John -Original Message- From: Paul Hutchings [mailto:paul.hutchi...@mira.co.ukmailto:paul.hutchi...@mira.co.uk] Sent: Monday, April 16, 2012 9:36 AM To: NT System Admin Issues Subject: RE: Hooray, I'm moving to VMware! I'd assume ease of use and market leader. -Original Message- From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.usmailto:john.hornbuc...@taylor.k12.fl.us] Sent: 16 April 2012 14:16 To: NT System Admin Issues Subject: RE: Hooray, I'm moving to VMware! Someone else asked about this, but I didn't
RE: Hooray, I'm moving to VMware!
HyperV would save you 5 grand in licenses and the memory issues assuming vSphere doesn't have a specific feature you need. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: David Mazzaccaro [mailto:david.mazzacc...@hudsonmobility.com] Sent: Friday, April 13, 2012 10:39 AM To: NT System Admin Issues Subject: Hooray, I'm moving to VMware! Just got the ok to move forward with VMware/Citrix/Domain upgrade. I have 10 physical servers, and it looks like this will be the solution: 3 hosts: ($21k each) HP DL380 G7 E5660 Pair of 146 15k drives mirrored 196 G RAM - this was $45k alone Quad port gig adapter 2 Switches: ($1,800 each) HP 2910 1 SAN ($22,700) NetApp 2240 12 x 600GB VSphere Essentials Plus ($5,200) 6 Windows licenses ($13,600): Server 2008 Datacenter Windows/Xenapp licenses ($26,000) $40k services Install/config SAN, switches, hosts, VMware, new Citrix farm, 2008 Domain upgrade, P2V existing servers Total: $185,000 Sound good? . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Hooray, I'm moving to VMware!
Given he is going NetApp, I'd be looking at their VMWare integration. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 -Original Message- From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] Sent: Friday, April 13, 2012 2:54 PM To: NT System Admin Issues Subject: RE: Hooray, I'm moving to VMware! I meant more in terms of what backup software are you using? If you're currently doing backups of your physical boxes you're most likely doing it using traditional agents that sit on the boxes and do file or application level backups? Of course you can continue to do that, but you're missing one of the biggest benefits of virtualisation if you're not complementing it (or in some cases replacing it) with taking image level backups of the entire VM. It's something you should definitely look into, not least because, well it's backups so it's probably the most important part of the whole setup, but also because if you do go the Netapp route they also offer a lot of software tools (at a cost) that your backup software may be compatible with - basically you want to check it out prior to any purchase to avoid any surprises down the line (particularly as Netapp aren't the cheapest in terms of software licenses if you need to buy anything down the line). From: David Mazzaccaro [david.mazzacc...@hudsonmobility.com] Sent: 13 April 2012 8:44 PM To: NT System Admin Issues Subject: RE: Hooray, I'm moving to VMware! I assume I will back up to tape? -Original Message- From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] Sent: Friday, April 13, 2012 3:29 PM To: NT System Admin Issues Subject: RE: Hooray, I'm moving to VMware! What are you doing to backup your VM's? From: David Mazzaccaro [david.mazzacc...@hudsonmobility.com] Sent: 13 April 2012 8:06 PM To: NT System Admin Issues Subject: RE: Hooray, I'm moving to VMware! Wow. This is perfect. You probably just saved me some serious coin. Thank you!!! -Original Message- From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] Sent: Friday, April 13, 2012 2:45 PM To: NT System Admin Issues Subject: RE: Hooray, I'm moving to VMware! vSphere will see all the RAM, but the amount you'll be able to use (assuming vSphere 5) is licensed/controlled by your vRAM entitlement. It's one of the biggest and most contentious changes moving from 4.1 to 5. Here's VMware's licensing paper which lists it in all its glorious detail: http://www.vmware.com/files/pdf/vsphere_pricing.pdf So in a nutshell, yes, you'll have almost 600gb of RAM but will only be able to use 1/3rd of it without ponying up for more licenses. Nice eh?! From: David Mazzaccaro [david.mazzacc...@hudsonmobility.com] Sent: 13 April 2012 7:26 PM To: NT System Admin Issues Subject: RE: Hooray, I'm moving to VMware! So, even though I will have 588GB of RAM across all 3 hosts, VMware is only going to see and utilize 192GB? confused -Original Message- From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] Sent: Friday, April 13, 2012 2:05 PM To: NT System Admin Issues Subject: RE: Hooray, I'm moving to VMware! OK one more thing: vSphere Essentials Plus gives you 6 socket licenses for vSphere Standard. Each license gives you 32gb of vRAM entitlement. 6 x 32 = 192gb vRAM across all three hosts. So 196gb per host seems slightly excessive (consider we can and occasionally do run around 50 VM's on one host with 144gb). From: David Mazzaccaro [david.mazzacc...@hudsonmobility.com] Sent: 13 April 2012 5:54 PM To: NT System Admin Issues Subject: RE: Hooray, I'm moving to VMware! LOL Yes, that is per host.. and it is HP memory (hence the premium) -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Friday, April 13, 2012 12:42 PM To: NT System Admin Issues Subject: Re: Hooray, I'm moving to VMware! I'm a penny-pincher, and I saw a only one thing that really stuck out... 196 G RAM - this was $45k alone Ouch! Is that 196 Gig per computer, or total for the 3 servers? Even if it's 196 per computer, Crucial can get you that much ram for $8100... As long as I'm looking at the right memory. http://www.crucial.com/store/listparts.aspx?model=ProLiant%20DL380%20G7; Cat=RAM 48GB Kit - ($899.99 each) * 3 for each server ($2699.97) * 3 servers = $8099.91 kiddingHey, I just saved you $36k! Can I get a commission for that? Sm:)e./kidding --Matt Ross Ephrata School District - Original Message - From: David Mazzaccaro [mailto:david.mazzacc...@hudsonmobility.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Fri, 13 Apr 2012 08:38:47 -0700 Subject: Hooray, I'm moving to VMware! Just got the ok to move forward with VMware/Citrix/Domain upgrade. I have 10 physical servers, and it looks like
RE: GPO Reporting
Yep - call Darren @ sdmsoftware.com. He's got the tools to do this right. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Free, Bob [mailto:r...@pge.com] Sent: Thursday, April 12, 2012 9:38 AM To: NT System Admin Issues Subject: RE: GPO Reporting There are free scripts provided with GPMC that will pull reports on the cheap that you could massage. The one called getreportsforallgpos.wsf (from memory, you need to verify exact name) will dump them all into html files in a jiffy. If you need a more elegant solution, I'd definitely look at Darren's offerings that Chris pointed out. From what I've seen it does a better job of reporting in many ways than the full featured GPO management tools and I toy with the idea of trying to augment the tools I use with it. From: James Kerr [mailto:cluster...@gmail.com] Sent: Thursday, April 12, 2012 7:01 AM To: NT System Admin Issues Subject: [dkim-failure] GPO Reporting Heh guys, I'm looking for a way to have some kind of report that would look into specified GPOs and list the settings they have. Specifically, I'm trying to look at a list of GPOs and determine what drive maps they have. Thanks for any assistance. James ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: PC power management
Many of my customers are doing this with SCCM. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Tom Miller [mailto:tmil...@hnncsb.org] Sent: Thursday, April 12, 2012 6:41 AM To: NT System Admin Issues Subject: PC power management Are any of you using power management products? These would be products that remotely power on/off, enable monitor shutdown, and such. Our KBox can take advantage of WOL, but I've found in testing that it's not always reliable with IP changes from DHCP. We tested a few products and I like one called Greentrac. This uses an agent and has been very reliable in testing the hosted version. Unfortunately, they run on Ubuntu and XenServer does not officially support that, and I'm not inclined to purchase VMWare for a single installation. There is no other installation option. Suggestions anyone? I'm looking for products that shut down PCs after inactivity, starting at a certain time of the day, can put the monitor to sleep, can power on PC and power off. Recommendations appreciated. Thanks Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Domain local vs. global vs. universal
In a single domain forest (or even many multi-domain domain forests today), I would just do all uni groups. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: David Lum [mailto:david@nwea.org] Sent: Thursday, April 12, 2012 11:28 AM To: NT System Admin Issues Subject: Domain local vs. global vs. universal Today I found a global group in my AD (created by an SE that wasn't me), but for this function I needed to add a domain local group to it and for course, that's not possible. Someplace I heard in AD pretty much every group you use should be domain local unless it's used for Exchange in which case you use Universal. All groups I create are domain local and it simply works, but I know that doesn't mean it's right. Before sending a note to the SE team on this I wanted to get a consensus from you guys. Comments? David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Domain local vs. global vs. universal
Nothing really happens when you toggle that button other than an update to the groupType (IIRC that's the one) attribute. Replication is smart enough in a multi-domain environment on GCs to sync the membership into the GC's database. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Free, Bob [mailto:r...@pge.com] Sent: Thursday, April 12, 2012 1:38 PM To: NT System Admin Issues Subject: RE: Domain local vs. global vs. universal Volumes have been written about this. There are even those who gasp disagree with Brian's recommendation. I'm not saying any of it is good or bad but a lot of smart folks have argued pros and cons of various methodologies over the years. You might want to read up on it a little for your own edification. From: David Lum [mailto:david@nwea.org] Sent: Thursday, April 12, 2012 11:12 AM To: NT System Admin Issues Subject: RE: Domain local vs. global vs. universal Sotechnically what is happening when you click that little radio button to change group type Local/Global/Universal? What's happening behind the scenes? Universal's get copied to GC's and others don't, but what else? Dave From: Brian Desmond [mailto:br...@briandesmond.com]mailto:[mailto:br...@briandesmond.com] Sent: Thursday, April 12, 2012 10:03 AM To: NT System Admin Issues Subject: RE: Domain local vs. global vs. universal In a single domain forest (or even many multi-domain domain forests today), I would just do all uni groups. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: David Lum [mailto:david@nwea.org]mailto:[mailto:david@nwea.org] Sent: Thursday, April 12, 2012 11:28 AM To: NT System Admin Issues Subject: Domain local vs. global vs. universal Today I found a global group in my AD (created by an SE that wasn't me), but for this function I needed to add a domain local group to it and for course, that's not possible. Someplace I heard in AD pretty much every group you use should be domain local unless it's used for Exchange in which case you use Universal. All groups I create are domain local and it simply works, but I know that doesn't mean it's right. Before sending a note to the SE team on this I wanted to get a consensus from you guys. Comments? David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Domain local vs. global vs. universal
GCs always get uni group membership. Universal Group Caching is generally speaking not something you want. Thanks, Brian Desmond br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 From: Lora Cates [mailto:lora.ca...@rocketmail.com] Sent: Thursday, April 12, 2012 1:33 PM To: NT System Admin Issues Subject: Re: Domain local vs. global vs. universal From my reading that's basically it. But do GC's always get them, or only when enabled for universal group caching? -lc From: David Lum david@nwea.orgmailto:david@nwea.org To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 1:12 PM Subject: RE: Domain local vs. global vs. universal So….technically what is happening when you click that little radio button to change group type Local/Global/Universal? What’s happening behind the scenes? Universal’s get copied to GC’s and others don’t, but what else? Dave From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Thursday, April 12, 2012 10:03 AM To: NT System Admin Issues Subject: RE: Domain local vs. global vs. universal In a single domain forest (or even many multi-domain domain forests today), I would just do all uni groups. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 From: David Lum [mailto:david@nwea.org]mailto:[mailto:david@nwea.org] Sent: Thursday, April 12, 2012 11:28 AM To: NT System Admin Issues Subject: Domain local vs. global vs. universal Today I found a global group in my AD (created by an SE that wasn’t me), but for this function I needed to add a domain local group to it and for course, that’s not possible. Someplace I heard in AD pretty much every group you use should be domain local unless it’s used for Exchange in which case you use Universal. All groups I create are domain local and it simply works, but I know that doesn’t mean it’s right. Before sending a note to the SE team on this I wanted to get a consensus from you guys. Comments? David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Domain local vs. global vs. universal
Well the impact is that all uni group membership changes replicate to every GC. If you’ve got concerns around WAN utilization, availability, latency, etc., then this could be worth looking at. In quite a lot of scenarios, the WAN issues that existed circa Windows 2000 don’t exist anymore which makes this a less interesting discussion point. Without knowing about your customer’s environment and scale it’s hard to say. I would say that it’s highly unlikely that I would design a new multi-domain forest except for some pretty isolated and specific design requirements these days. Thanks, Brian Desmond br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 From: Lora Cates [mailto:lora.ca...@rocketmail.com] Sent: Thursday, April 12, 2012 1:05 PM To: NT System Admin Issues Subject: Re: Domain local vs. global vs. universal I too am looking into this for a coming migration I've been asked to design for a customer. What's the impact to GC's by making everything Universal Groups? Especially in a multi domain, multi forest environment? -lc From: Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 12:02 PM Subject: RE: Domain local vs. global vs. universal In a single domain forest (or even many multi-domain domain forests today), I would just do all uni groups. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 From: David Lum [mailto:david@nwea.org] Sent: Thursday, April 12, 2012 11:28 AM To: NT System Admin Issues Subject: Domain local vs. global vs. universal Today I found a global group in my AD (created by an SE that wasn’t me), but for this function I needed to add a domain local group to it and for course, that’s not possible. Someplace I heard in AD pretty much every group you use should be domain local unless it’s used for Exchange in which case you use Universal. All groups I create are domain local and it simply works, but I know that doesn’t mean it’s right. Before sending a note to the SE team on this I wanted to get a consensus from you guys. Comments? David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Domain local vs. global vs. universal
This isn't entirely true. In a single domain forest, the IM has nothing to do and every DC should be a GC anyway. In a multi-domain forest, if every DC is a GC, then the IM has nothing to do also. In a Windows 2008 R2 forest, with the Recycle Bin enabled, the IM has nothing to do. So, that leaves you with a multi-domain forest where every DC in a given domain isn't a GC. In this scenario you need to worry about IM placement in that domain. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Patrick Salmon [mailto:psal...@gmail.com] Sent: Thursday, April 12, 2012 2:09 PM To: NT System Admin Issues Subject: Re: Domain local vs. global vs. universal Every DC except the one holding the Infrastructure Master FSMO role. Only because you must have the role somewhere, and it can only reside on a DC. And no, other than that no reason at all that I can think of. Pat. On Thu, Apr 12, 2012 at 2:48 PM, Lora Cates lora.ca...@rocketmail.commailto:lora.ca...@rocketmail.com wrote: Ah ha! Thank you , my misunderstanding on caching. Just so I'm clear this can be enabled on any DC, correct? Is there any reason to not have every DC also be a GC? -lc From: William Robbins dangerw...@gmail.commailto:dangerw...@gmail.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 1:37 PM Subject: Re: Domain local vs. global vs. universal Understanding group types: http://technet.microsoft.com/en-us/library/cc755692(WS.10).aspx Understanding caching of universal groups: http://technet.microsoft.com/en-us/magazine/ff797984.aspx - Will On Thu, Apr 12, 2012 at 13:32, Lora Cates lora.ca...@rocketmail.commailto:lora.ca...@rocketmail.com wrote: From my reading that's basically it. But do GC's always get them, or only when enabled for universal group caching? -lc From: David Lum david@nwea.orgmailto:david@nwea.org To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 1:12 PM Subject: RE: Domain local vs. global vs. universal Sotechnically what is happening when you click that little radio button to change group type Local/Global/Universal? What's happening behind the scenes? Universal's get copied to GC's and others don't, but what else? Dave From: Brian Desmond [mailto:br...@briandesmond.commailto:br...@briandesmond.com] Sent: Thursday, April 12, 2012 10:03 AM To: NT System Admin Issues Subject: RE: Domain local vs. global vs. universal In a single domain forest (or even many multi-domain domain forests today), I would just do all uni groups. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: David Lum [mailto:david@nwea.org]mailto:[mailto:david@nwea.org] Sent: Thursday, April 12, 2012 11:28 AM To: NT System Admin Issues Subject: Domain local vs. global vs. universal Today I found a global group in my AD (created by an SE that wasn't me), but for this function I needed to add a domain local group to it and for course, that's not possible. Someplace I heard in AD pretty much every group you use should be domain local unless it's used for Exchange in which case you use Universal. All groups I create are domain local and it simply works, but I know that doesn't mean it's right. Before sending a note to the SE team on this I wanted to get a consensus from you guys. Comments? David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt
RE: Domain local vs. global vs. universal
UGC gets enabled on a DC which isn’t a GC. It’s got a lot of side effects and strange behaviors. Without a really good reason you should not be going down that path. Thanks, Brian Desmond br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 From: Lora Cates [mailto:lora.ca...@rocketmail.com] Sent: Thursday, April 12, 2012 1:48 PM To: NT System Admin Issues Subject: Re: Domain local vs. global vs. universal Ah ha! Thank you , my misunderstanding on caching. Just so I'm clear this can be enabled on any DC, correct? Is there any reason to not have every DC also be a GC? -lc From: William Robbins dangerw...@gmail.commailto:dangerw...@gmail.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 1:37 PM Subject: Re: Domain local vs. global vs. universal Understanding group types: http://technet.microsoft.com/en-us/library/cc755692(WS.10).aspx Understanding caching of universal groups: http://technet.microsoft.com/en-us/magazine/ff797984.aspx - Will [http://sale.images.woot.com/Air_Quothhs7Detail.png] On Thu, Apr 12, 2012 at 13:32, Lora Cates lora.ca...@rocketmail.commailto:lora.ca...@rocketmail.com wrote: From my reading that's basically it. But do GC's always get them, or only when enabled for universal group caching? -lc From: David Lum david@nwea.orgmailto:david@nwea.org To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 1:12 PM Subject: RE: Domain local vs. global vs. universal So….technically what is happening when you click that little radio button to change group type Local/Global/Universal? What’s happening behind the scenes? Universal’s get copied to GC’s and others don’t, but what else? Dave From: Brian Desmond [mailto:br...@briandesmond.commailto:br...@briandesmond.com] Sent: Thursday, April 12, 2012 10:03 AM To: NT System Admin Issues Subject: RE: Domain local vs. global vs. universal In a single domain forest (or even many multi-domain domain forests today), I would just do all uni groups. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 From: David Lum [mailto:david@nwea.org]mailto:[mailto:david@nwea.org] Sent: Thursday, April 12, 2012 11:28 AM To: NT System Admin Issues Subject: Domain local vs. global vs. universal Today I found a global group in my AD (created by an SE that wasn’t me), but for this function I needed to add a domain local group to it and for course, that’s not possible. Someplace I heard in AD pretty much every group you use should be domain local unless it’s used for Exchange in which case you use Universal. All groups I create are domain local and it simply works, but I know that doesn’t mean it’s right. Before sending a note to the SE team on this I wanted to get a consensus from you guys. Comments? David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint
RE: Domain local vs. global vs. universal
That'd be me. Empty root doesn't really add any value anymore. I do a single domain (root only) forest usually for new customers. For customers who are consolidating, we will often consolidate them to the largest child domain so you end up with a small empty root and then a giant child domain. The overhead here is minimal compared to the cost of migrating out of the largest child. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Cameron [mailto:cameron.orl...@gmail.com] Sent: Thursday, April 12, 2012 3:43 PM To: NT System Admin Issues Subject: Re: Domain local vs. global vs. universal http://briandesmond.com/ On Thu, Apr 12, 2012 at 4:08 PM, Lora Cates lora.ca...@rocketmail.commailto:lora.ca...@rocketmail.com wrote: Well I've inherited what I'll kindly refer to as a mess. I'm still in the information gathering phase myself as I haven't quite been here 12 days yet, and only found this list recently. So I'll apologize in advance for my faux pas. Basically I was hired to consolidate a plethora of disparate AD domains/forests in several geographically dispersed hospital groups into a single forest. I still haven't met with the networking folks, so I don't know what shape the WAN is in. My predecessor went so far as to set up the CompanyX.com parent domain and it's empty save the defaults, there is also a child domain of US.companyX.comhttp://us.companyx.com/ with what appears to be the users from corporate. I've read several debates regarding an empty root. Is there a consensus on yea vs. nay? Speaking of reading, and apologies for any offense, are you this Brian Desmond? Active Directory: Designing, Deploying, and Running Active Directory, Fourth Edition -lc From: Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 2:16 PM Subject: RE: Domain local vs. global vs. universal Well the impact is that all uni group membership changes replicate to every GC. If you've got concerns around WAN utilization, availability, latency, etc., then this could be worth looking at. In quite a lot of scenarios, the WAN issues that existed circa Windows 2000 don't exist anymore which makes this a less interesting discussion point. Without knowing about your customer's environment and scale it's hard to say. I would say that it's highly unlikely that I would design a new multi-domain forest except for some pretty isolated and specific design requirements these days. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438tel:312.625.1438 | c - 312.731.3132tel:312.731.3132 From: Lora Cates [mailto:lora.ca...@rocketmail.commailto:lora.ca...@rocketmail.com] Sent: Thursday, April 12, 2012 1:05 PM To: NT System Admin Issues Subject: Re: Domain local vs. global vs. universal I too am looking into this for a coming migration I've been asked to design for a customer. What's the impact to GC's by making everything Universal Groups? Especially in a multi domain, multi forest environment? -lc From: Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 12:02 PM Subject: RE: Domain local vs. global vs. universal In a single domain forest (or even many multi-domain domain forests today), I would just do all uni groups. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438tel:312.625.1438 | c - 312.731.3132tel:312.731.3132 From: David Lum [mailto:david@nwea.org] Sent: Thursday, April 12, 2012 11:28 AM To: NT System Admin Issues Subject: Domain local vs. global vs. universal Today I found a global group in my AD (created by an SE that wasn't me), but for this function I needed to add a domain local group to it and for course, that's not possible. Someplace I heard in AD pretty much every group you use should be domain local unless it's used for Exchange in which case you use Universal. All groups I create are domain local and it simply works, but I know that doesn't mean it's right. Before sending a note to the SE team on this I wanted to get a consensus from you guys. Comments? David Lum Systems Engineer // NWEATM Office 503.548.5229tel:503.548.5229 // Cell (voice/text) 503.267.9764tel:503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint
RE: Script signing ?
I sign all my scripts with a commercial code signing cert. PowerShell in particular by default requires this. If you have an internal PKI you should be able to get a code signing cert off of there. They require some effort to get commercially because of the risk involved in issuing something that connotes a fairly high degree of trust. IMO it's a good practice. Most any script or binary that leaves my computer gets signed. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Wednesday, April 04, 2012 2:49 PM To: NT System Admin Issues Subject: Script signing ? Anyone have to implement a policy regarding signed scripts due to an internal or external audit? Had an internal audit recently and one of the observations was this: A script is a program written by an end user to execute an application. It may be used for a variety of purposes, including logon scripts, administration and general automation. A script executed by privileged accounts creates security risks unless it is tightly controlled and protected from unauthorized changes or malicious coding. A signed script ensures the code was reviewed, approved and free from malicious coding. Audit noted that administrators can execute unsigned scripts from any workstation or server. Execution of a compromised script by an administrator increases the risk that unauthorized access or unauthorized changes on the network and data can occur With this as the recommendation: Evaluate the feasibility of restricting administrators, administrative workstation and domain controllers from executing unsigned scripts. So I've been looking at the feasibility of actually doing something like this with combinations of Software Restriction Policies (certificate policies) and possibly AppLocker. Which look to be a nightmare to try and implement. The auditor has agreed to the following, which will be much less intrusive: All scripts created by Domain Admins for Domain admins, going forward would be signed Creating a policy document Creating documentation for the process Training the admins on the new process Obviously nothing is enforcing this, but it's a start. Just wondered if others have gone through something similar. Christopher Bodnar Enterprise Achitect I, Corporate Office of Technology Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto: [cid:image001.jpg@01CD1276.54205B60] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: Script signing ?
Aside from the security side of things in terms of process for issuing the cert, don't forget the timestamp server and to timestamp your signatures. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Steven Peck [mailto:sep...@gmail.com] Sent: Wednesday, April 04, 2012 4:29 PM To: NT System Admin Issues Subject: Re: Script signing ? We had a custom template for 'Code Signing' created by our security team (they maintain the cert server stuff) but haven't had time to sit down and actually implement it as a process because it's an IT wish list project and we're a little buried at the moment. So the beginning of the structure is in place, just need to get time to test, document and publisize it here. Steven Peck http://www.blkmtn.org On Wed, Apr 4, 2012 at 1:19 PM, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com wrote: I sign all my scripts with a commercial code signing cert. PowerShell in particular by default requires this. If you have an internal PKI you should be able to get a code signing cert off of there. They require some effort to get commercially because of the risk involved in issuing something that connotes a fairly high degree of trust. IMO it's a good practice. Most any script or binary that leaves my computer gets signed. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438tel:312.625.1438 | c - 312.731.3132tel:312.731.3132 From: Christopher Bodnar [mailto:christopher_bod...@glic.commailto:christopher_bod...@glic.com] Sent: Wednesday, April 04, 2012 2:49 PM To: NT System Admin Issues Subject: Script signing ? Anyone have to implement a policy regarding signed scripts due to an internal or external audit? Had an internal audit recently and one of the observations was this: A script is a program written by an end user to execute an application. It may be used for a variety of purposes, including logon scripts, administration and general automation. A script executed by privileged accounts creates security risks unless it is tightly controlled and protected from unauthorized changes or malicious coding. A signed script ensures the code was reviewed, approved and free from malicious coding. Audit noted that administrators can execute unsigned scripts from any workstation or server. Execution of a compromised script by an administrator increases the risk that unauthorized access or unauthorized changes on the network and data can occur With this as the recommendation: Evaluate the feasibility of restricting administrators, administrative workstation and domain controllers from executing unsigned scripts. So I've been looking at the feasibility of actually doing something like this with combinations of Software Restriction Policies (certificate policies) and possibly AppLocker. Which look to be a nightmare to try and implement. The auditor has agreed to the following, which will be much less intrusive: All scripts created by Domain Admins for Domain admins, going forward would be signed Creating a policy document Creating documentation for the process Training the admins on the new process Obviously nothing is enforcing this, but it's a start. Just wondered if others have gone through something similar. Christopher Bodnar Enterprise Achitect I, Corporate Office of Technology Tel 610-807-6459tel:610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto:christopher_bod...@glic.com [cid:image001.jpg@01CD1285.76B8B820] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog
RE: Script signing ?
They have a similar deal for MVPs - good company. Your example doesn't use timestamping (-TimestampServer). You are going to be in for an unpleasant surprise when your cert expires and all the stuff you signed with it suddenly stops working. signtool is the magic command line tool that will sign most anything. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Webster [mailto:webs...@carlwebster.com] Sent: Wednesday, April 04, 2012 5:22 PM To: NT System Admin Issues Subject: RE: Script signing ? I offer a Signed version of all my PowerShell scripts as I know some places will only allow Signed scripts. DigiCert gives CTPs free certs so it was an easy process for me to go through to receive a code signing cert. To make it easy for me to remember the signing process, I wrote an article. http://carlwebster.com/how-to-digitally-sign-a-microsoft-powershell-script-with-a-third-party-code-signing-certificate/ Thanks Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.comhttp://www.carlwebster.com/ From: Brian Desmond [mailto:br...@briandesmond.com] Subject: RE: Script signing ? I sign all my scripts with a commercial code signing cert. PowerShell in particular by default requires this. If you have an internal PKI you should be able to get a code signing cert off of there. They require some effort to get commercially because of the risk involved in issuing something that connotes a fairly high degree of trust. IMO it's a good practice. Most any script or binary that leaves my computer gets signed. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Christopher Bodnar [mailto:christopher_bod...@glic.com]mailto:[mailto:christopher_bod...@glic.com] Subject: Script signing ? Anyone have to implement a policy regarding signed scripts due to an internal or external audit? Had an internal audit recently and one of the observations was this: A script is a program written by an end user to execute an application. It may be used for a variety of purposes, including logon scripts, administration and general automation. A script executed by privileged accounts creates security risks unless it is tightly controlled and protected from unauthorized changes or malicious coding. A signed script ensures the code was reviewed, approved and free from malicious coding. Audit noted that administrators can execute unsigned scripts from any workstation or server. Execution of a compromised script by an administrator increases the risk that unauthorized access or unauthorized changes on the network and data can occur With this as the recommendation: Evaluate the feasibility of restricting administrators, administrative workstation and domain controllers from executing unsigned scripts. So I've been looking at the feasibility of actually doing something like this with combinations of Software Restriction Policies (certificate policies) and possibly AppLocker. Which look to be a nightmare to try and implement. The auditor has agreed to the following, which will be much less intrusive: All scripts created by Domain Admins for Domain admins, going forward would be signed Creating a policy document Creating documentation for the process Training the admins on the new process Obviously nothing is enforcing this, but it's a start. Just wondered if others have gone through something similar. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: recommendations on home server
I have two Dell Precision workstations that have 2 sockets each in them, 32-48GB of RAM each, and 4-8 drives each. They make a very noticeable impact on my electricity bill (Chicago). They're essentially server components in a workstation case with quiet fans. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: John Cook [mailto:john.c...@pfsf.org] Sent: Tuesday, April 03, 2012 11:57 AM To: NT System Admin Issues Subject: RE: recommendations on home server Electricity for a single low use server is pennies a day, the more drives you spin the higher the bill no matter what case you put it in and no it isn't workstation quiet but I wouldn't expect it to be. As he'd be doing remote management for the most part the server can go anywhere there is an ethernet connection. If you want to play around with virtualization build a workstation, if you want to learn and test in something close to a real world environment buy a used server. John W. Cook Network Operations Manager Partnership For Strong Families 5950 NW 1st Place Gainesville, Fl 32607 Office (352) 244-1610 Cell (352) 215-6944 MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4 From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Tuesday, April 03, 2012 12:48 PM To: NT System Admin Issues Subject: Re: recommendations on home server It isn't quiet or low powered, though... On Tue, Apr 3, 2012 at 12:42 PM, John Cook john.c...@pfsf.orgmailto:john.c...@pfsf.org wrote: OR you can just buy a used Dell Poweredge 2950 for $400-$600 with a raid controller, multiple drives and CPU's and gobs of memory and be done with it. I can assure you it's on the VMWare HCL and most likely Microsoft's and Citrix's as well. http://www.ebay.com/itm/Dell-PowerEdge-2950-2x-Intel-R-Xeon-R-CPU-5120-1-86-Dual-Core-6-x-300GB-/160776821444?pt=COMP_EN_Servershash=item256f0b9ac4 John W. Cook Network Operations Manager Partnership For Strong Families 5950 NW 1st Place Gainesville, Fl 32607 Office (352) 244-1610tel:%28352%29%20244-1610 Cell (352) 215-6944tel:%28352%29%20215-6944 MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4 From: Carl Houseman [mailto:c.house...@gmail.commailto:c.house...@gmail.com] Sent: Tuesday, April 03, 2012 12:18 PM To: NT System Admin Issues Subject: RE: recommendations on home server Wow, 8 cores for a home/lab server? That's a little extravagant, isn't it? 4 cores is fine for a handful of VMs, and quad AMD Phenom's can be had for $100 when on sale. Don't really need the graphics that's bundled into the FX CPUs, and AM3 motherboards are cheaper as well. Carl From: Christopher Bodnar [mailto:christopher_bod...@glic.com]mailto:[mailto:christopher_bod...@glic.com] Sent: Tuesday, April 03, 2012 9:13 AM To: NT System Admin Issues Subject: Re: recommendations on home server Strictly for home lab use: MB http://www.tigerdirect.com/applications/SearchTools/item-details.asp?EdpNo=1963472CatId=7248 $84 Memory http://www.tigerdirect.com/applications/SearchTools/item-details.asp?EdpNo=1874822CatId=4534 HD http://www.tigerdirect.com/applications/SearchTools/item-details.asp?EdpNo=7331904CatId=4357 $99 CPU http://www.tigerdirect.com/applications/SearchTools/item-details.asp?EdpNo=1239958CatId=7341 $189 Case http://www.tigerdirect.com/applications/SearchTools/item-details.asp?EdpNo=7328068CatId=1509 $69 Using these components you could get the following: 32G RAM 3TB in RAID 5 array across 4 spindles Total cost $954. Christopher Bodnar Enterprise Achitect I, Corporate Office of Technology Tel 610-807-6459tel:610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto:christopher_bod...@glic.com [cid:image001.jpg@01CD11A0.B1AB1030] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ From:Jimmy Tran jt...@teachtci.commailto:jt...@teachtci.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date:04/02/2012 06:26 PM Subject:recommendations on home server I'm in need of a decent home server to run ESX-I to run SBS, W7 and some other test VM's. My budget is preferably around $500-$1k. Looking for lots of processing power but low powered (if possible), RAID on the drives, decent amount of ram. Don't know where to startcan someone recommend something? Jimmy ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only
RE: recommendations on home server
I get Dell Precision workstations off their outlet store. Both the ones I have were good deals in terms of cost/components. I just upgrade the RAM periodically when I run out of capacity. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Tuesday, April 03, 2012 1:13 PM To: NT System Admin Issues Subject: RE: recommendations on home server I have a few HP DL's which are not feasible, so I bought an ML150G6, quiet as hell, the downside is the ram is prohibitively expensive... From: John Cook [john.c...@pfsf.org] Sent: Tuesday, April 03, 2012 11:09 AM To: NT System Admin Issues Subject: RE: recommendations on home server I have a 2950 at home (just as an example) and have never suffered any need to modify the electrical circuit. There are ways of isolating the noise but any fan is going to generate noise. Irritates women - I'll have to keep that handy in case I need to get rid of one! John W. Cook Network Operations Manager Partnership For Strong Families 5950 NW 1st Place Gainesville, Fl 32607 Office (352) 244-1610 Cell (352) 215-6944 MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Powershell question
How about something like this. You can figure out what $value1 and $value2 should look like (could just be your Test-Path calls or maybe the function is registry aware...). [bool]function XorValues($value1, $value2, [ref]$outputVal) { if ($value1 -xor $value2) { If ($value1) { $outputVal = $value1 return $true } If ($value2) { $outputVal = $value2 return $true } } else { return $false } } Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 -Original Message- From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Tuesday, April 03, 2012 4:27 PM To: NT System Admin Issues Subject: Powershell question Hey guys, What is the most elegant way to -xor test two paths and keep the one that exists? I have a bunch of cases where I check for the existence of two reg keys (both can not co-exist) and then set a variable based on either one. If ((Test-Path hklm:\... ) -xor (Test-Path hklm:\... )) { $var = value1 or value2 } Else { must exit the script } is the logic I need, but then I need additional code to set a single variable to value1 or value2. Not a big deal once, but I have several and I was just hoping for a slick way to accomplish setting $var to either value based on which side tests true w/o another if block. Thanks, jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: System Center 2012
Also on the volume licensing site. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Monday, April 02, 2012 1:15 PM To: NT System Admin Issues Subject: RE: System Center 2012 Yep. I'm downloading the official bits right now from TechNet (which appear to be two builds past my last drop). From: Rod Trent [mailto:rodtr...@myitforum.com] Sent: Monday, April 02, 2012 2:10 PM To: NT System Admin Issues Subject: RE: System Center 2012 Hmmm...are you sure it's on TechNet and MSDN? It was just going to the Volume License site today. BTW: Official, public announcement of the Suite is scheduled for Brad Anderson's keynote on April 17th (at MMS 2012). From: Michael B. Smith [mailto:mich...@smithcons.com]mailto:[mailto:mich...@smithcons.com] Sent: Monday, April 02, 2012 1:58 PM To: NT System Admin Issues Subject: System Center 2012 The System Center 2012 suite RTW'ed today. You can get it on Technet and MSDN. This includes Operations Manager, Configuration Manager, Service Manager, Data Protection Manager, Orchestrator, App Controller, and Virtual Machine Manager. I just finished teaching my first intensive course on SCCM 2012 last week and started teaching my first intensive course on SCOM 2012 today. Fun stuff! Regards, Michael B. Smith Consultant and Exchange MVP http://theessentialexchange.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Powershell ODBC and SQL scripts
Have you considered just buying Red Gate's tools that do this? They're a couple hundred bucks and are going to be infinitely more mature than a home grown tool... Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 -Original Message- From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Monday, April 02, 2012 11:39 AM To: NT System Admin Issues Subject: Powershell ODBC and SQL scripts I have to make a ps script that is portable for use with MSSQL and Oracle backends to apply regular schema updates then reload stored procs. Starting with SQL half first, there is plenty of sample code for running individual statements against an SQL server but that means rewriting the script each time. Anyone know a ps method using the DbCommand Class to play a script into the database? Thanks! jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: recommendations on home server
Your experience will be *way* better though with multiple spindles. I use 4x1T SATA RAID10 in my VM hosts and it works great. Thanks, Brian Desmond br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 From: Richard Stovall [mailto:rich...@gmail.com] Sent: Monday, April 02, 2012 6:15 PM To: NT System Admin Issues Subject: Re: recommendations on home server Funny. For what I presume his purposes are (home lab, learning, testing, etc.), I would recommend a bunch of RAM and to not worry too much about disk I/O, RAID or CPU power. A regular PC with 12GB or 16GB RAM, an i5 or i7 CPU, and a decent SATA hard drive ought to do nicely for mucking about with the new toys from Microsoft. Also, why limit yourself to ESXi. Hyper-V server is free and works great on a large variety of hardware. On Mon, Apr 2, 2012 at 7:01 PM, Joseph L. Casale jcas...@activenetwerx.commailto:jcas...@activenetwerx.com wrote: Not to be the bearer of bad news, but raid/lots of power/low wattage and for 500 to 1000? I'd say not a chance. Any decent raid card (by decent I mean has a BBWC) will easily be in the 1000.00 range alone. In my opinion most setups I see are disc io bound, so if you can put money in mostly one place, thats where. From: Jimmy Tran [jt...@teachtci.commailto:jt...@teachtci.com] Sent: Monday, April 02, 2012 4:19 PM To: NT System Admin Issues Subject: recommendations on home server I’m in need of a decent home server to run ESX-I to run SBS, W7 and some other test VM’s. My budget is preferably around $500-$1k. Looking for lots of processing power but low powered (if possible), RAID on the drives, decent amount of ram. Don’t know where to start….can someone recommend something? Jimmy ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Powershell reg binary issue
You could just put it in $foo or some variable. No need to dump it to a temp file. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Monday, March 26, 2012 7:16 PM To: NT System Admin Issues Subject: RE: Powershell reg binary issue Out-file -encoding binary Or similar. -Original Message- From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Monday, March 26, 2012 8:01 PM To: NT System Admin Issues Subject: Powershell reg binary issue I am trying to save the result of a Reg Binary value from one key into the value of another key, any idea on how to save the output of get-itemproperty or pipe it into set-itemproperty for use with reg binary values? Thanks! jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Microsoft's Password Export Server 3.1 x64
I assure you it's how it works. :) There's a rather limited number ways to run in-process in LSA to have that level of access. Password filter is one of them. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 -Original Message- From: Steve Kradel [mailto:skra...@zetetic.net] Sent: Friday, March 23, 2012 10:44 AM To: NT System Admin Issues Subject: Re: Microsoft's Password Export Server 3.1 x64 Apart from the sleep issue (and I realize this is an old thread), I'm not sure I agree with Mr. Desmond... PCNS likely acts as an always okay password filter, but PES's job is to yank password hashes out of LSA on-demand, encrypt them symmetrically with an application key, and transmit to the client (probably ADMT). --Steve On Fri, Mar 23, 2012 at 9:40 AM, Ziots, Edward ezi...@lifespan.org wrote: Sleep is over rated. Z Edward Ziots CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: James Rankin [mailto:kz2...@googlemail.com] Sent: Tuesday, March 13, 2012 5:36 AM To: NT System Admin Issues Subject: Re: Microsoft's Password Export Server 3.1 x64 I would just like to knowdo you ever sleep? On 13 March 2012 09:28, Webster webs...@carlwebster.com wrote: Brian, I would just like to know if the customer can install it on a 2008 R2 domain controller. The download page only lists x64 2003 and 2008. It doesn't specifically say 2008 R2. I guess it will either install or not but just wanted to verify first. Thanks Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.com http://www.carlwebster.com/ On 3/13/12 2:35 AM, Brian Desmond br...@briandesmond.com wrote: I doubt it's much different but there may either a) be hard blocks in the code if you don't hit the versions right or b) older PES' might not load on newer Windows. It basically is a password filter though that spins off a thread and listens for RPCs IIRC. It just returns true for every password. Thanks, Brian Desmond ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: OT: Re: OldCmp.exe
AD returns errors via the mechanism LDAP provides to do that... Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Friday, March 23, 2012 1:22 PM To: NT System Admin Issues Subject: Re: OT: Re: OldCmp.exe I could've been clearer. I don't know how the error handling is built, if it's just passing error codes based on results from AD queries or what. So if it is passing on the errors AD is throwing, then yes, it's a Microsoft product applies. No offense was meant to be extended to Joe, I was thinking about the product it was designed to work with. On Fri, Mar 23, 2012 at 2:07 PM, Free, Bob r...@pge.commailto:r...@pge.com wrote: oldcmp is hardly a MS product...one can only hope joe doesn't see this :) in this case it was the age old problem of pebcak.. as always, the condition is technology agnostic From: Jonathan Link [mailto:jonathan.l...@gmail.commailto:jonathan.l...@gmail.com] Sent: Friday, March 23, 2012 9:18 AM To: NT System Admin Issues Subject: [dkim-failure] Re: OldCmp.exe It is a Microsoft product! On Fri, Mar 23, 2012 at 11:39 AM, David Lum david@nwea.orgmailto:david@nwea.org wrote: And the error messages generated don't always correspond to what the real problem is :) From: Webster [mailto:webs...@carlwebster.commailto:webs...@carlwebster.com] Sent: Friday, March 23, 2012 8:29 AM To: NT System Admin Issues Subject: RE: OldCmp.exe Computers are like women, they make no sense at all no matter how long you have been around them! Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.comhttp://www.carlwebster.com/ From: David Lum [david@nwea.orgmailto:david@nwea.org] Sent: Friday, March 23, 2012 10:14 AM To: NT System Admin Issues Subject: OldCmp.exe Thanks for not reading the e-mail I didn't send because I figured it out myself while typing the e-mail I cancelled, but did you know if you use DN= instead of DC= in when specifying a BaseDN it won't work? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Exchange Disaster Recovery Solutions
NetApp has SnapMirror Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 -Original Message- From: Jon D [mailto:rekcahp...@gmail.com] Sent: Tuesday, March 20, 2012 8:10 AM To: NT System Admin Issues Subject: Exchange Disaster Recovery Solutions Outside of using a DAG, what other technologies are youguys using to replicate exchange data to your DR sites? I saw that google/postini had an exchange message continuity solution that they're apparently phasing out. It looks like http://www.mimecast.com offeres something simular. Anyone have any solutions they like? Thanks, Jon ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin