RE: problem subscription to new list

[Christopher Bodnar]

Resolved. not sure why but had to delete my signature to get it to work. 

Thanks

Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Webster 
To: "NT System Admin Issues" 
Date:   05/03/2013 11:21 AM
Subject:RE: problem subscription to new list



Did you use the new cover sheet to submit your request?
 
Thanks
 
 
Webster
 
From: Christopher Bodnar [mailto:christopher_bod...@glic.com] 
Sent: Friday, May 03, 2013 10:07 AM
To: NT System Admin Issues
Subject: Re: problem subscription to new list
 
That's where it's been sent to. I get nothing back indicating acceptance 
to the list. 


Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 


The Guardian Life Insurance Company of America

www.guardianlife.com 






From:Jonathan Link  
To:"NT System Admin Issues"  
Date:05/03/2013 10:59 AM 
Subject:Re: problem subscription to new list 




Try comm...@lists.myitforum.com 



On Fri, May 3, 2013 at 10:53 AM, Christopher Bodnar <
christopher_bod...@glic.com> wrote: 
Anyone else having issues trying to subscribe to the new list that Rod put 
up? I send the subscription e-mail, but I've gotten no confirmation back. 
I've tried 3 times over the last 3 days with no luck. Don't see it getting 
flagged as junk, and I do get the stuff from ad...@myitforum.com without 
any issues. 

Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 


The Guardian Life Insurance Company of America

www.guardianlife.com 



- This message, and any 
attachments to it, may contain information that is privileged, 
confidential, and exempt from disclosure under applicable law. If the 
reader of this message is not the intended recipient, you are notified 
that any use, dissemination, distribution, copying, or communication of 
this message is strictly prohibited. If you have received this message in 
error, please notify the sender immediately by return e-mail and delete 
the message and any attachments. Thank you. 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin 
- This message, and any 
attachments to it, may contain information that is privileged, 
confidential, and exempt from disclosure under applicable law. If the 
reader of this message is not the intended recipient, you are notified 
that any use, dissemination, distribution, copying, or communication of 
this message is strictly prohibited. If you have received this message in 
error, please notify the sender immediately by return e-mail and delete 
the message and any attachments. Thank you. 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<><><>

Re: problem subscription to new list

[Christopher Bodnar]

That's where it's been sent to. I get nothing back indicating acceptance 
to the list. 



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Jonathan Link 
To: "NT System Admin Issues" 
Date:   05/03/2013 10:59 AM
Subject:Re: problem subscription to new list



Try comm...@lists.myitforum.com



On Fri, May 3, 2013 at 10:53 AM, Christopher Bodnar <
christopher_bod...@glic.com> wrote:
Anyone else having issues trying to subscribe to the new list that Rod put 
up? I send the subscription e-mail, but I've gotten no confirmation back. 
I've tried 3 times over the last 3 days with no luck. Don't see it getting 
flagged as junk, and I do get the stuff from ad...@myitforum.com without 
any issues. 


Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459  
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 



The Guardian Life Insurance Company of America

www.guardianlife.com 


- This message, and any 
attachments to it, may contain information that is privileged, 
confidential, and exempt from disclosure under applicable law. If the 
reader of this message is not the intended recipient, you are notified 
that any use, dissemination, distribution, copying, or communication of 
this message is strictly prohibited. If you have received this message in 
error, please notify the sender immediately by return e-mail and delete 
the message and any attachments. Thank you. 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<><>

problem subscription to new list

[Christopher Bodnar]

Anyone else having issues trying to subscribe to the new list that Rod put 
up? I send the subscription e-mail, but I've gotten no confirmation back. 
I've tried 3 times over the last 3 days with no luck. Don't see it getting 
flagged as junk, and I do get the stuff from ad...@myitforum.com without 
any issues.



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 





-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: Can you do this with .CMD?

[Christopher Bodnar]

I haven't done something like this for a while, back in the day I did this 
with ScriptIt. But with VBscript or PowerShell it shouldn't be that 
difficult. My guess is that it's losing focus of the window after the 
carriage return. So your method will need to identify the window and the 
password field. 

Take a look at this and see if it helps.

http://csharpening.net/?p=1008



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   David Lum 
To: "NT System Admin Issues" 
Date:   04/17/2013 04:25 PM
Subject:Can you do this with .CMD?



Use a batch file to launch an application and then send two carriage 
returns to this app? I can do one, but not two. Running the program is 
asks for username (hitting ENTER it uses a default, which is desired), 
then when you hit  it asks for a password.
 
My batch file looks like this:
programtorun < c:\windows\temp\answerfile.txt
 
Answerfile.txt contains 

Password 
 
The app runs but sits and waits for the password, so it’s only 
processesing the first . Surely this is a simple one? Some pipe 
command? Maybe I should get out my old DOS 5.0 book…
 
Please, no PoSh because I have tons of XP machines that need to run this…
David Lum 
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764
 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
<>

Volume Activation with Windows Server 2012

[Christopher Bodnar]

Not really a question here, just curious if others found themselves 
confused as I did with this. 

So I setup our KMS infrastructure here when we began testing Windows 
Server 2008, so I'm fairly familiar with Volume Activation 2.0 . We are 
just in the planning stages of looking at 2012 and I wanted to get 
everything in order to test. So I ask our licensing guy to go and get me 
the Group C KMS key for 2012. He tells me there isn't one. There is just a 
2012 key. So I start looking for the documentation on this, thinking that 
there would be some kind of update to Volume Activation . like 2.1, to 
accommodate for the change. And when you start looking, everything points 
back to the 2.0 information. Until I finally found this:

http://technet.microsoft.com/en-us/library/jj134256.aspx

Which tells me what I needed to know. But the fact that all the other MS 
documentation on Volume Activation hasn't been updated with this 
information, is a little confusing to say the least. 

Anyone else run into this? 

Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 





-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: Query help

[Christopher Bodnar]

Is this an Exchange question? or an AD question? Do you want it to be 
dynamic? Or is this just a once and done thing? 

Either way... if you want to make sure every AD user is in a Distribution 
Group, add Domain Users to it. 



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   "Heaton, Joseph@Wildlife" 
To: "NT System Admin Issues" 
Date:   04/11/2013 03:16 PM
Subject:Query help



I’ve recently created a Org_all distribution group.  Somehow, I must have 
not added myself to it, as I didn’t get a message from our Director this 
morning.  But, that brought up the thought that I need to make sure 
everyone is a member of that distribution group.  With 3000 users, I don’t 
want to do it manually.  Any ideas?
 
Thanks,
 
Joe Heaton
Enterprise Server Support
CA Department of Fish and Wildlife
1807 13th Street, Suite 201
Sacramento, CA  95811
Desk:  (916) 323-1284
 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
<>

RE: AD Simple LDAP authentication question

[Christopher Bodnar]

I'm looking into this:

http://technet.microsoft.com/en-us/library/cc778124(v=ws.10).aspx

Which I wasn't aware of before. Looks like what I was interested in, but 
then I read this: 

"This setting does not have any impact on ldap_simple_bind or 
ldap_simple_bind_s. No Microsoft LDAP clients that are shipped with 
Windows XP Professional use ldap_simple_bind or ldap_simple_bind_s to talk 
to a domain controller."

So for example if you use LDP to do a simple bind, it will use 
ldap_simple_bind_s. So what is to stop a 3rd party application from 
sending a request like that? 



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   "Michael B. Smith" 
To: "NT System Admin Issues" 
Date:   04/09/2013 09:58 AM
Subject:RE: AD Simple LDAP authentication question



+1

My question was directed more to the fact that any "Authenticated User" 
has pretty much full read-access to AD anyway.

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Monday, April 8, 2013 7:14 PM
To: NT System Admin Issues
Subject: Re: AD Simple LDAP authentication question

On Mon, Apr 8, 2013 at 4:03 PM, Christopher Bodnar 
 wrote:
> I know that AD supports both Simple and SASL methods for LDAP binds:
>
> http://msdn.microsoft.com/en-us/library/cc223499.aspx
>
> What I was surprised is that there doesn't seem to be a way to disable 
> the Simple method. It supports SSL/TLS but does not require it. Is that 
correct?

  I don't really know, but I do know that our Windows 2008 R2 domain 
controllers log the event below once a day.  I know what's causing it and 
haven't cared enough to do something about it.  The link takes you to a KB 
article which tells you how to require *signing*.  It talks a lot about 
simple binds but doesn't explicitly say that requiring signing also causes 
it to reject simple binds, but seems to imply it pretty strongly.

Source: ActiveDirectory_DomainService
Event ID: 2886
-
The security of this directory server can be significantly enhanced by 
configuring the server to reject SASL (Negotiate,  Kerberos, NTLM, or
Digest) LDAP binds that do not request signing (integrity
verification) and LDAP simple binds that  are performed on a cleartext
(non-SSL/TLS-encrypted) connection.  Even if no clients are using such 
binds, configuring the server to reject them will improve the security of 
this server.

Some clients may currently be relying on unsigned SASL binds or LDAP 
simple binds over a non-SSL/TLS connection, and will stop working if this 
configuration change is made.  To assist in identifying these clients, if 
such binds occur this  directory server will log a summary event once 
every 24 hours indicating how many such binds  occurred.
You are encouraged to configure those clients to not use such binds.
Once no such events are observed  for an extended period, it is 
recommended that you configure the server to reject such binds.

For more details and information on how to make this configuration change 
to the server, please see http://go.microsoft.com/fwlink/?LinkID=87923.

You can enable additional logging to log an event each time a client makes 
such a bind, including information on which client made the bind.  To do 
so, please raise the setting for the "LDAP Interface Events" event logging 
category to level 2 or higher.
--

  FWIW, YMMV, HTH, HAND, AT&T.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by retu

RE: AD Simple LDAP authentication question

[Christopher Bodnar]

>From a security perspective. It's allowing the username and password to be 
sent over the wire in clear text. 

You could say the same thing about NTLM, not that it's going over the wire 
in clear text.  But you have the ability to not allow NTLM or LANMan 
authentication, why not also limit the Simple Authentication method. 


Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   "Michael B. Smith" 
To: "NT System Admin Issues" 
Date:   04/08/2013 04:29 PM
Subject:RE: AD Simple LDAP authentication question



What benefit do you think there would be to disable it?
 
From: Christopher Bodnar [mailto:christopher_bod...@glic.com] 
Sent: Monday, April 8, 2013 4:03 PM
To: NT System Admin Issues
Subject: AD Simple LDAP authentication question
 
I know that AD supports both Simple and SASL methods for LDAP binds: 

http://msdn.microsoft.com/en-us/library/cc223499.aspx 

What I was surprised is that there doesn't seem to be a way to disable the 
Simple method. It supports SSL/TLS but does not require it. Is that 
correct? 


Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 


The Guardian Life Insurance Company of America

www.guardianlife.com 


- This message, and any 
attachments to it, may contain information that is privileged, 
confidential, and exempt from disclosure under applicable law. If the 
reader of this message is not the intended recipient, you are notified 
that any use, dissemination, distribution, copying, or communication of 
this message is strictly prohibited. If you have received this message in 
error, please notify the sender immediately by return e-mail and delete 
the message and any attachments. Thank you. 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<><>

AD Simple LDAP authentication question

[Christopher Bodnar]

I know that AD supports both Simple and SASL methods for LDAP binds:

http://msdn.microsoft.com/en-us/library/cc223499.aspx

What I was surprised is that there doesn't seem to be a way to disable the 
Simple method. It supports SSL/TLS but does not require it. Is that 
correct? 



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 





-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: April Fools humor

[Christopher Bodnar]

. the waffles smell great.


Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   "Maglinger, Paul" 
To: "NT System Admin Issues" 
Date:   04/01/2013 10:37 AM
Subject:RE: April Fools humor



Yeah,  but Google has come through again.
 
http://www.google.com/landing/nose/ 
 
From: Chinnery, Paul [mailto:pa...@mmcwm.com] 
Sent: Monday, April 01, 2013 9:10 AM
To: NT System Admin Issues
Subject: OT: April Fools humor
 
People write that Google always has Easter Eggs, etc.   One of the big EHR 
providers, Epic, always changes their home page on April Fool's Day.  If 
you want a chuckle, check epic.com. 
BTW, the kool-aid reference is because some people complain that hospital 
CIO's have drunk the Epic kool-aid.
 
Paul Chinnery
Network Admin
Memorial Medical Center
231.845.2319
 
 
 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: Automate DCDIAG and e-mail results

[Christopher Bodnar]

Yes, I have a daily scripts that runs on one DC in the domain and mails 
back a report. Yes, we also have a monitoring solution in place, this is 
not to replace that, just a nice to have. 


Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   David Lum 
To: "NT System Admin Issues" 
Date:   03/18/2013 12:53 PM
Subject:Automate DCDIAG and e-mail results



Are any of you guys doing anything similar to this?
http://scriptzilla.blogspot.com/2010/02/automate-dcdiag-on-your-domain.html
 
Would be nice to patch/reboot my DC’s and have DCDIAG and REPADMIN run 30 
mins later and e-mail the results. This looks like a good base but am 
curious what others do.
David Lum 
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764
 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
<>

Re: Manage JAVA updates

[Christopher Bodnar]

What are you using now for patching? 

Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Tom Miller 
To: "NT System Admin Issues" 
Date:   03/18/2013 09:01 AM
Subject:Manage JAVA updates



Anyone have any suggestions for managing JAVA updates in a corporate 
environment?  At my last job we used the kbox as it was part of the patch 
stream, but the product I use  now does not include JAVA as part of the 
stream.  I'd like to be able to control when updates are performed, do to 
it silently, and to turn off that annoying prompt to install the Ask 
toolbar.
 
Thanks,
Tom
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: Difference between port forwarding and DMZ

[Christopher Bodnar]

Big difference. If the Management server resides on the internal LAN, and 
it gets hacked, it has direct access to the LAN. If it resides on a DMZ, 
and gets hacked, it only has direct access to other machines on the same 
DMZ subnet, it is isolated from the Internal LAN. Depending on the 
configuration of the DMZ. 



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   David Lum 
To: "NT System Admin Issues" 
Date:   03/14/2013 11:23 AM
Subject:Difference between port forwarding and DMZ



What’s the risk difference between a server in a DMZ (firewalls on each 
end) and port forwarding from the Internet to a machine inside a network 
perimeter? Scenario : I have PC’s that use port  to talk to a 
management server, I’m wondering of that server needs to be in the DMZ 
(with that port opened), or if forwarding that port through is 
functionally the same thing?
David Lum 
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764
 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
<>

Re: Keeping 550+ systems maintained

[Christopher Bodnar]

My guess is that it will come down to Dell/Kace or SCCM 2012, and possibly 
Altiris IT Management Suite. I've never used one, but from what I have 
heard Kace might be a better fit for a smaller shop with less requirements 
than an SCCM installation. But SCCM is more full featured, but requires 
move time/overhead. 

In regards to how many hours per week.. what is the SLA? For example, 
are you looking at 99.999% compliance at all times? If so I'd say a FTE is 
required. 




YMMV



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   David Lum 
To: "NT System Admin Issues" 
Date:   03/12/2013 10:41 AM
Subject:Keeping 550+ systems maintained



Scenario: 
· 550 Windows workstations, with 100+ of them remote. 
· Active Directory (W2K8R2 and W2K3 DCs).
· Windows 7 and Windows XP. 
· Users are local admins. 
· Some remote users VPN in daily, others only VPN in once/month, a 
few others almost never
· 30+ onsite users frequently jump between wired and wireless (in 
my experience this occasionally trips up DNS and thus management agents 
for a bit)
· Systems are cycled out at the rate of about 30 machines every 
quarter (relevant because finding a noncompliant machine often means knows 
if a system has been decommissioned or not). Systems are not always 
immediately removed from AD for various reasons.
 
Task: Keep them up to date on anti-virus and patches, incl. 3rd party 
(Java/Adobe/Chrome/etc.). This includes coordinating (with select users) 
installing/testing the patches on their systems before full rollout to the 
rest of the org.
 
Is this enough info to give a SWAG for how many hours/week you would you 
tell management this would take? A rough number works.
David Lum 
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764
 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: P2V DC/radius server

[Christopher Bodnar]

Can you point the controller to a different DC? Move the RADIUS server to 
a different machine to see if that resolves the issue? 


Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   David Lum 
To: "NT System Admin Issues" 
Date:   03/06/2013 08:52 AM
Subject:P2V DC/radius server



This weekend we did a P2V of a DC that also handles RADIUS and DHCP 
duties. Before the P2V I did make sure it held no FSMO roles as well 
DCPROMO it out of being a DC, then P2V, then DCPROMO back up.
 
Once it came up as a VM, I assigned the IP info to the “new” NIC, checked 
replication, DCDIAG, DHCP requests, etc. and it all came up good. Our 
wireless system (Meru) uses RADIUS and since the P2V we have had many 
clients now have connect/disconnect/reconnect/disconnect issues. 
1.   We have 25 access points spread over six floors in our building
2.   Meru connected via GotoAssist and was able to confirm their 
controller and the RADIUS server are passing auth requests as expected
3.   Deleting and re-creating the wireless profile seems to fix this 
issue
4.   Not 100% of our users are affected, but probable 75% of them are
 
Anyone see anything similar before?
David Lum 
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764
 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
<>

Re: Color me skeptical

[Christopher Bodnar]

I'm really interested to see if this is the paradigm shift that Google 
thinks it's going to be. I think if they can really work out the issues, 
it will be. But I'm not convinced they can at this point. Specifically 
voice recognition issues. With this device, the voice recognition has to 
be pretty close to 100% 24x7, or it won't catch on. They way I see this 
working in real life, is that it's going to be tethered do your phone all 
the time. Meaning  you will still have your phone with you, so it won't 
replace that device. I see it as more of an accessory to your phone. But 
if you are constantly shifting back and forth between the 2 then it's 
going to be a hard sell. 



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Kurt Buff 
To: "NT System Admin Issues" 
Date:   02/26/2013 08:55 PM
Subject:Color me skeptical



http://www.theverge.com/2013/2/22/4013406/i-used-google-glass-its-the-future-with-monthly-updates


On several levels, including:

o- Too many areas without network capability - where I live, anyway.

o- Voice interaction. Really? No thanks.

o- Privacy. Do I really want Google to know that much about me? They
already know too much.

Don't get me wrong - this is amazing technology. But, I don't have to
say yes to everything that comes along


Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: Communications slow between two servers

[Christopher Bodnar]

I'm not familiar with Smart Sync, so can't comment on that. But can you 
reproduce the problem outside of that software? For example do you see the 
same slowness if you use RoboCopy or DFSR? 

Take a look at this post:

http://social.technet.microsoft.com/Forums/en-US/winserverfiles/thread/e55022a4-db65-4dc9-a2f1-96b7f5d8e2fa

Even though you aren't using DFSR, it might give you some ideas. 
Specifically I'd look at the TCP off-load value . That might help. 


Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Eric Brouwer 
To: "NT System Admin Issues" 
Date:   02/26/2013 10:18 AM
Subject:Communications slow between two servers



Greetings,

I have an odd communications issue that I just can't pin down.  I have two 
existing servers, X and Y.  X will be replaced by a new server, Z.  Then Y 
will be replaced by X, and Y decommissioned.  These are rather simple file 
servers.

When we brought Z online, we copied data from X to Z via Smart Sync and 
got fantastic transfer speeds.  When we went to copy from Y to X, however, 
speeds are horrible.  What should take several hours is taking days.  We 
then tested communications between Y and Z and speeds are great again.

All servers are on the same switch and reside in the same rack.  Why would 
2 servers communicate so slowly?

X to Z = fast
Y to X = slow
Y to Z = Fast

Results are the same whether we "push" or "pull" data.

Thank you,

Eric

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: Need help with VBscript

[Christopher Bodnar]

Take a look at these:

http://blogs.msdn.com/b/astebner/archive/2007/03/14/mailbag-what-version-of-the-net-framework-is-included-in-what-version-of-the-os.aspx

http://stackoverflow.com/questions/1164495/windows-7-default-net-framework



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Tammy George 
To: "NT System Admin Issues" 
Date:   02/26/2013 09:53 AM
Subject:RE: Need help with VBscript



BTW - is this also the case for Vista & XP?  i.e. version 2.0 is 
installed?
 
 
 
From: Christopher Bodnar [mailto:christopher_bod...@glic.com] 
Sent: February-26-13 10:31 AM
To: NT System Admin Issues
Subject: RE: Need help with VBscript
 
Yes, all Windows 7 systems come with 2.0 , 3.0 and 3.5 installed 

If your install only requires 2.0 or higher, then check for 2.0 and you 
should be fine. 


Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 


The Guardian Life Insurance Company of America

www.guardianlife.com 






From:Tammy George  
To:"NT System Admin Issues" 
 
Date:02/26/2013 09:17 AM 
Subject:RE: Need help with VBscript 




Thanks, Christopher. 
  
I did see that and then wondered if 2.0 is installed on all systems and 
couldn’t find an answer.  Windows 7 comes with .NET 3.5 OOB and my system 
also has 2.0.  Is that the case with all Windows 7 systems?  i.e. Is it 
sufficient to do a check for 2.0 or do I need to check for all versions 
from 2.0 onward? 
  
  
  
  
  
From: Christopher Bodnar [mailto:christopher_bod...@glic.com] 
Sent: February-26-13 10:06 AM
To: NT System Admin Issues
Subject: Re: Need help with VBscript 
  
First hit on Google: 

http://stackoverflow.com/questions/4394607/vbscript-to-check-if-net-2-0-is-installed
 


Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 


The Guardian Life Insurance Company of America

www.guardianlife.com 







From:Tammy George  
To:"NT System Admin Issues"  
Date:02/26/2013 08:58 AM 
Subject:Need help with VBscript 
 





Hello. 
 
I have a VBScript which calls an .exe in order to install something.  We 
created the VBScript in order to run the .exe with elevated privileges as 
well as send us an email each time it’s run reporting success or failure. 
 
We’ve discovered that if users don’t have .NET Framework version 2.0 or 
greater, the install fails.   Is it possible for the VBScript to check if 
version 2.0 or greater is installed?  If it’s not, I’ll then run the 
install.   
 
Thanks in advance! 
- Tammy 
 
 
 
 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin 
- This message, and any 
attachments to it, may contain information that is privileged, 
confidential, and exempt from disclosure under applicable law. If the 
reader of this message is not the intended recipient, you are notified 
that any use, dissemination, distribution, copying, or communication of 
this message is strictly prohibited. If you have received this message in 
error, please notify the sender immediately by return e-mail and delete 
the message and any attachments. Thank you. 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysad

RE: Need help with VBscript

[Christopher Bodnar]

Yes, all Windows 7 systems come with 2.0 , 3.0 and 3.5 installed

If your install only requires 2.0 or higher, then check for 2.0 and you 
should be fine. 



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Tammy George 
To: "NT System Admin Issues" 
Date:   02/26/2013 09:17 AM
Subject:RE: Need help with VBscript



Thanks, Christopher.
 
I did see that and then wondered if 2.0 is installed on all systems and 
couldn’t find an answer.  Windows 7 comes with .NET 3.5 OOB and my system 
also has 2.0.  Is that the case with all Windows 7 systems?  i.e. Is it 
sufficient to do a check for 2.0 or do I need to check for all versions 
from 2.0 onward?
 
 
 
 
 
From: Christopher Bodnar [mailto:christopher_bod...@glic.com] 
Sent: February-26-13 10:06 AM
To: NT System Admin Issues
Subject: Re: Need help with VBscript
 
First hit on Google: 

http://stackoverflow.com/questions/4394607/vbscript-to-check-if-net-2-0-is-installed
 



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 


The Guardian Life Insurance Company of America

www.guardianlife.com 






From:Tammy George  
To:"NT System Admin Issues"  
Date:02/26/2013 08:58 AM 
Subject:Need help with VBscript 




Hello. 
  
I have a VBScript which calls an .exe in order to install something.  We 
created the VBScript in order to run the .exe with elevated privileges as 
well as send us an email each time it’s run reporting success or failure. 
  
We’ve discovered that if users don’t have .NET Framework version 2.0 or 
greater, the install fails.   Is it possible for the VBScript to check if 
version 2.0 or greater is installed?  If it’s not, I’ll then run the 
install. 
  
Thanks in advance! 
- Tammy 
  
  
  
  
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
<><>

Re: Need help with VBscript

[Christopher Bodnar]

First hit on Google:

http://stackoverflow.com/questions/4394607/vbscript-to-check-if-net-2-0-is-installed



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Tammy George 
To: "NT System Admin Issues" 
Date:   02/26/2013 08:58 AM
Subject:Need help with VBscript



Hello.
 
I have a VBScript which calls an .exe in order to install something.  We 
created the VBScript in order to run the .exe with elevated privileges as 
well as send us an email each time it’s run reporting success or failure.
 
We’ve discovered that if users don’t have .NET Framework version 2.0 or 
greater, the install fails.   Is it possible for the VBScript to check if 
version 2.0 or greater is installed?  If it’s not, I’ll then run the 
install. 
 
Thanks in advance!
- Tammy
 
 
 
 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
<>

Re: Powershell with Quest advice - show all disabled users, but only in a certain OU

[Christopher Bodnar]

Take a look at this:

http://poshoholic.com/2009/07/08/essential-powershell-know-your-operator-and-enclosure-precedence/



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Michael Leone 
To: "NT System Admin Issues" 
Date:   02/21/2013 12:29 PM
Subject:Re: Powershell with Quest advice - show all disabled 
users, but only in a certain OU



On Thu, Feb 21, 2013 at 12:17 PM, Christopher Bodnar
 wrote:
>
> Something like this might help:
>
> get-qaduser|where {$_.dn -match "Q2" -and $_.dn -match "Q3"}


Yes, I can definitely make use of that - thanks! How would I do the
reverse? i.e., dn must not match DISABLED? (to find any disabled
accounts that are not in the DISABLED OU or it's sub-OUs)

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: Powershell with Quest advice - show all disabled users, but only in a certain OU

[Christopher Bodnar]

Something like this might help:

get-qaduser|where {$_.dn -match "Q2" -and $_.dn -match "Q3"}



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Michael Leone 
To: "NT System Admin Issues" 
Date:   02/21/2013 11:40 AM
Subject:Powershell with Quest advice - show all disabled users, 
but only in a certain OU



I'm still trying to get the hang of this. Here's what I need - a
report of all user accounts that are in just certain OUs. Specifically
- we have an OU called "Disabled" where we put disabled user accounts.
There are 4 sub-OUs - Q1, Q2, etc. And what I want is only the
accounts in Q2 and Q3. HOWEVER, when a user is on a leave of absence,
we disable their accoutn, but do NOT move it into the "Disabled" OU.

I know I can use
Get-QADUser -Disabled -SearchRoot "OU=Disabled in
Q3,OU=DISABLED,DC=...DC=...,DC=...,DC=...,DC=..."

Which gives me that one sub-OU. Will I just have to repeat it for just Q2?

OR ... is there some way I can search the DISABLED OU, and just filter
out Q1 and Q4?

Also: there doesn't seem to be an entry for "DisabledDate", I only see
last modification date (which ideally will work out to be the same
thing as disabled date). It's not critical for me, but is there a way
to list date the account was disabled?

I plan to write all this out into an Excel spreadsheet, which I've done 
before.

Any advice gratefully appreciated.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Weird RDS thin client issue

[Christopher Bodnar]

All severs 2008 R2:

Got (3) Hyper-V physical hosts. (3) RDS boxes as guests. Clients connect 
with Wyse/Dell thin clients. Had a user say they were having problems when 
doing a Save As from Word (Office 2007). It crashes Word. I was able to 
reproduce the problem. I'm going to open a case with MS since I can't find 
a fix for it yet.So in the meantime, I'm just taking that box out of the 
lineup.  But here is the weird part,  this only happens on a specific RDS 
box, and only when connecting from a thin client. If I connect from a PC 
with RDP to that box, I can't reproduce the problem. 

Fun stuff.

Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 





-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: OT: MCM certification

[Christopher Bodnar]

Don't want to keep on this thread, it's obvious that most of you are in 
disagreement with me. I'm OK with that. But to your comment:

I think I get who the certification is targeting. My point is that I think 
there is a larger population out there that might be interested in and 
possibly be valid candidates for, this  certification in mid sized shops, 
but the cost is prohibitive. And I understand that there has to be a fee 
for this. And I even agree that MS isn't really making money off this. But 
just doing some basic numbers (I may be way off on these figures so don't 
crucify me on this). If there are 4 sessions a year in any given track 
(SQL, Messaging, DS, etc...)That's 100 people that need to pay for the 
course. Thats' $1.4milliion. Even say they cut this in half, they would 
only be reducing their revenue by $750K per track. In terms of MS, that is 
peanuts. This is not a revenue stream for MS, they are just trying to 
recoup some of the costs. But this would open it up to a much larger pool 
of potential candidates. 


Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   "Andrew S. Baker" 
To: "NT System Admin Issues" 
Date:   02/14/2013 02:59 PM
Subject:Re: OT: MCM certification



Chris, if you look at who that certification is targeting, the ROI is 
very, very straightforward.

Lowering the price wouldn't lower the barrier that much, and the cost of 
the overall process must come from somewhere.

 
 

ASB
http://XeeMe.com/AndrewBaker
Providing Virtual CIO Services (IT Operations & Information Security) for 
the SMB market…
 


On Wed, Feb 13, 2013 at 10:20 AM, Christopher Bodnar <
christopher_bod...@glic.com> wrote:
Was reading this yesterday: 

http://blogs.metcorpconsulting.com/tech/?p=1101 

And got to thinking about this again. It still bothers me that the road to 
this certification is artificially blocked by monetary constraints. I 
think the certification is difficult enough without adding that as a 
factor to reduce the overall numbers just to increase the "value" of this 
certification. Maybe I'm in the minority, but I know I wont' even consider 
this certification, just based on the cost. Not that I think I would pass, 
or that I even think I'm ready for something like this. I don't work for 
MS and I'm not a consultant. Which from what I've seen are the 2 primary 
groups of people seeking this certification. My employer would never 
consider this strictly based on cost and ROI. 

Anyone else of the same opinion? Or am I way off base here? 



Chris 


- This message, and any 
attachments to it, may contain information that is privileged, 
confidential, and exempt from disclosure under applicable law. If the 
reader of this message is not the intended recipient, you are notified 
that any use, dissemination, distribution, copying, or communication of 
this message is strictly prohibited. If you have received this message in 
error, please notify the sender immediately by return e-mail and delete 
the message and any attachments. Thank you. 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
<>

RE: OT: MCM certification

[Christopher Bodnar]

Not sure I agree with that. 

"The fee is to ensure that only serious people apply"

If you kept everything else the same, all requirements,tests, labs, 
etc and lowered the cost to say $5K. What do you think would happen? 
Do you really think there would be a huge glut of "paper" MCSM/MCM's out 
there that would be able to pass the exams? I highly doubt that. I think 
you would just be opening it up to people who are qualified, but can't 
currently afford the cost. Not that I'm in that category. Wish I was.


Again just my opinion. 

Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   "Michael B. Smith" 
To: "NT System Admin Issues" 
Date:   02/13/2013 10:47 AM
Subject:RE: OT: MCM certification



Microsoft loses money on the Exchange MCM classes. I suspect they do for 
all of the MCM tracks.

The fee is to ensure that only serious people apply plus to cover the cost 
of the labs, meeting rooms, and presentation materials.

Big companies need people with big experience.

I don't pass the screening criteria for Exchange MCM (I've never done a 
750K seat deployment of Exchange). But they've told me they'd let me in as 
a favor. :)

But I can't afford the class, plus the travel, plus the loss of revenue 
(income) for 3 weeks. I wish I could.

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Wednesday, February 13, 2013 10:38 AM
To: NT System Admin Issues
Subject: Re: OT: MCM certification

On Wed, Feb 13, 2013 at 7:20 AM, Christopher Bodnar 
 wrote:
>
> Was reading this yesterday:
>
> http://blogs.metcorpconsulting.com/tech/?p=1101
>
> And got to thinking about this again. It still bothers me that the road 
to this certification is artificially blocked by monetary constraints. I 
think the certification is difficult enough without adding that as a 
factor to reduce the overall numbers just to increase the "value" of this 
certification. Maybe I'm in the minority, but I know I wont' even consider 
this certification, just based on the cost. Not that I think I would pass, 
or that I even think I'm ready for something like this. I don't work for 
MS and I'm not a consultant. Which from what I've seen are the 2 primary 
groups of people seeking this certification. My employer would never 
consider this strictly based on cost and ROI.
>
> Anyone else of the same opinion? Or am I way off base here?
>
> Chris

Uh - do you think it's free to administer these tests?

Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: OT: MCM certification

[Christopher Bodnar]

No I do not think they are free to administer. Nor do I claim they should 
be free. I take exception to the fact that they seem to be artificially 
inflated. Just my opinion. 


Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Kurt Buff 
To: "NT System Admin Issues" 
Date:   02/13/2013 10:38 AM
Subject:Re: OT: MCM certification



On Wed, Feb 13, 2013 at 7:20 AM, Christopher Bodnar
 wrote:
>
> Was reading this yesterday:
>
> http://blogs.metcorpconsulting.com/tech/?p=1101
>
> And got to thinking about this again. It still bothers me that the road 
to this certification is artificially blocked by monetary constraints. I 
think the certification is difficult enough without adding that as a 
factor to reduce the overall numbers just to increase the "value" of this 
certification. Maybe I'm in the minority, but I know I wont' even consider 
this certification, just based on the cost. Not that I think I would pass, 
or that I even think I'm ready for something like this. I don't work for 
MS and I'm not a consultant. Which from what I've seen are the 2 primary 
groups of people seeking this certification. My employer would never 
consider this strictly based on cost and ROI.
>
> Anyone else of the same opinion? Or am I way off base here?
>
> Chris

Uh - do you think it's free to administer these tests?

Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

OT: MCM certification

[Christopher Bodnar]

Was reading this yesterday:

http://blogs.metcorpconsulting.com/tech/?p=1101

And got to thinking about this again. It still bothers me that the road to 
this certification is artificially blocked by monetary constraints. I 
think the certification is difficult enough without adding that as a 
factor to reduce the overall numbers just to increase the "value" of this 
certification. Maybe I'm in the minority, but I know I wont' even consider 
this certification, just based on the cost. Not that I think I would pass, 
or that I even think I'm ready for something like this. I don't work for 
MS and I'm not a consultant. Which from what I've seen are the 2 primary 
groups of people seeking this certification. My employer would never 
consider this strictly based on cost and ROI. 

Anyone else of the same opinion? Or am I way off base here? 




Chris




-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Dell/Quest Reporter

[Christopher Bodnar]

Anyone using this? 

Looking for a canned package that can generate reports on Active 
Directory. Looks like this does it and a lot more. 

Would like to hear from anyone who has used it.

Thanks


Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 





-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: Domain upgrade: 2008 R2 or 2012 ?

[Christopher Bodnar]

Eventually I will be responsible for both. My biggest fear at this point 
is that we find some kind of incompatibility with 2012 down the road. As 
you mentioned the 2012 will be a new build that needs to be certified in 
our environment. Where as 2008 R2 has been in our environment and stable 
for 3 years now. I'm leaning towards 2012, just think there will be more 
testing and evaluation work needed for that since it will be a new OS for 
our environment. I think we are at least 6 months out from this project, 
so I have time. Just starting to think about it now.





Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Ken Schaefer 
To: "NT System Admin Issues" 
Date:   02/07/2013 10:53 PM
Subject:RE: Domain upgrade: 2008 R2 or 2012 ?



Are you doing a technical evaluation or a business case?
 
>From a technical PoV, I think the posts already have this covered: there 
are some incremental enhancements and no real downsides (platform is 
stable, covered in your EA etc.)
 
>From a broader perspective, is your project going to have to pick up 
shared costs like a new Win2k12 build, updating CMDB, deployment and 
support capability blah, blah? That might impact your business case.
 
Cheers
Ken
 
From: Christopher Bodnar [mailto:christopher_bod...@glic.com] 
Sent: Friday, 8 February 2013 8:34 AM
To: NT System Admin Issues
Subject: Domain upgrade: 2008 R2 or 2012 ?
 
Has anyone done this evaluation recently? We are a 2003 R2 shop. We were 
in the process of planning a migration to a 2008 R2 domain last year 
(hardware was bought and deployed), when the funds got cut. From what I 
hear, we will have funding and approval this year for the project. So the 
question is now, 2008 R2 or 2012. I've had very little time with 2012 so 
far. Hopefully that will change in the near future. The benefits of going 
from 2003 to 2008 R2 i've already captured. From what I've seen so far, 
2012 seems stable and an incremental upgrade for our environment. Some of 
the things that might push me towards 2012 don't apply in our environment. 
for Example RDS and Hyper-V. We are a big Citrix and VMWare shop. So I 
don't really see us making use of those specific features, or the 
enhancements in them from previous versions. From my understanding 2012 is 
included in our EA agreement. So I don't think it will really be a 
licensing issue. 

Love to hear thoughts and comments from others who are going through this 
right now, or have done this evaluation recently. 

Thanks, 

Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 
 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Domain upgrade: 2008 R2 or 2012 ?

[Christopher Bodnar]

Has anyone done this evaluation recently? We are a 2003 R2 shop. We were 
in the process of planning a migration to a 2008 R2 domain last year 
(hardware was bought and deployed), when the funds got cut. From what I 
hear, we will have funding and approval this year for the project. So the 
question is now, 2008 R2 or 2012. I've had very little time with 2012 so 
far. Hopefully that will change in the near future. The benefits of going 
from 2003 to 2008 R2 i've already captured. From what I've seen so far, 
2012 seems stable and an incremental upgrade for our environment. Some of 
the things that might push me towards 2012 don't apply in our environment. 
for Example RDS and Hyper-V. We are a big Citrix and VMWare shop. So I 
don't really see us making use of those specific features, or the 
enhancements in them from previous versions. From my understanding 2012 is 
included in our EA agreement. So I don't think it will really be a 
licensing issue. 

Love to hear thoughts and comments from others who are going through this 
right now, or have done this evaluation recently.

Thanks,


Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 





-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

DFSR question regarding RDC

[Christopher Bodnar]

Got a question about this: 

http://msdn.microsoft.com/en-us/library/windows/desktop/bb540025(v=vs.85).aspx


"Replicating data to multiple servers increases data availability and 
gives users in remote sites fast, reliable access to files. DFSR uses a 
new compression algorithm called Remote Differential Compression (RDC). 
RDC is a "diff over the wire" protocol that can be used to efficiently 
update files over a limited-bandwidth network. RDC detects insertions, 
removals, and rearrangements of data in files, enabling DFSR to replicate 
only the deltas (changes) when files are updated."

Just curious if anyone has really looked at this in regards to the RDC 
feature in larger files. Got a replication set we are going to setup. 
These will be larger files (17-25G), they will be images for Citrix 
Provisioning server. Wanted to know if it's really doing delta's in larger 
images files as they change, or replicating the whole thing. 

Thanks


Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 





-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: Robocopy reliability

[Christopher Bodnar]

I've never had an issue with the reliability of RoboCopy. I have used 
ScriptLogic's Secure Copy, which I believe is now a Dell product through 
the Quest acquisition. Great, product, but I wouldn't say it was more 
reliable, just easier to use and had a few specific features that we 
liked. One of which was the multi-threaded option. At that time, RoboCopy 
didn't have the /MT switch. 

YMMV



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Tigran K 
To: "NT System Admin Issues" 
Date:   02/04/2013 11:38 AM
Subject:Robocopy reliability



Having a discussion with the boss on how we should do something I 
suggested robocopy. His reply was a strict "NO". Reasoning was that it's 
not reliable. He said "I've seen it break".

So my question is have you seen it break? Is robocopy any more or less 
reliable than built in copy? I did point out that robocopy is built in to 
windows as well at least for Windows7. Didn't seem to help.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: MS site?

[Christopher Bodnar]

http://www.zdnet.com/some-users-reporting-microsoft-office-365-access-issues-710689/



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   John Cook 
To: "NT System Admin Issues" 
Date:   02/01/2013 12:46 PM
Subject:RE: MS site?



Came right up for me.
 
 John W. Cook
Network Operations Manager
Partnership For Strong Families
5950 NW 1st Place
Gainesville, Fl 32607
Office (352) 244-1610
Cell (352) 215-6944
MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4
 
From: Joseph Schvarcz [mailto:yossi...@hotmail.com] 
Sent: Friday, February 01, 2013 10:23 AM
To: NT System Admin Issues
Subject: RE: MS site?
 
Works for me
 
From: Christopher Bodnar [mailto:christopher_bod...@glic.com] 
Sent: Friday, February 01, 2013 9:54 AM
To: NT System Admin Issues
Subject: MS site?
 
Anyone else having trouble getting to this link? 

http://support.microsoft.com 

Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 


The Guardian Life Insurance Company of America

www.guardianlife.com 


- This message, and any 
attachments to it, may contain information that is privileged, 
confidential, and exempt from disclosure under applicable law. If the 
reader of this message is not the intended recipient, you are notified 
that any use, dissemination, distribution, copying, or communication of 
this message is strictly prohibited. If you have received this message in 
error, please notify the sender immediately by return e-mail and delete 
the message and any attachments. Thank you. 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity 
to which it is addressed and may contain Protected Health Information 
(PHI), confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon 
this information by persons or entities other than the intended recipient 
without the express written consent of the sender are prohibited. This 
information may be protected by the Health Insurance Portability and 
Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. 
Improper or unauthorized use or disclosure of this information could 
result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you really 
need to.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<><>

RE: MS site?

[Christopher Bodnar]

It's working for us now. 

Thanks for all the replies

Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   "Guyer, Don" 
To: "NT System Admin Issues" 
Date:   02/01/2013 10:59 AM
Subject:RE: MS site?



Looks like it’s a PA thing, Chris.
 
: )
 
Regards,
 
Don Guyer
Catholic Health East - Information Technology
Enterprise Directory & Messaging Services
3805 West Chester Pike, Suite 100, Newtown Square, Pa  19073
email: dgu...@che.org
Office:  610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440
For immediate assistance, please open a Service Desk ticket or call the 
helpdesk @ 610-492-3839.

 
From: Merker, Michael R [mailto:merk...@palmbeachstate.edu] 
Sent: Friday, February 01, 2013 9:58 AM
To: NT System Admin Issues
Subject: RE: MS site?
 
Just got connected with no issues.  Signed in with no issues as well.
 
Best regards,
 
Michael Merker
Director of Technology Infrastructure
Voice (561) 868-3252  Fax (561) 868-3259
merk...@palmbeachstate.edu
Palm Beach State College
4200 Congress Avenue
Lake Worth, FL 33461
 
From: Christopher Bodnar [mailto:christopher_bod...@glic.com] 
Sent: Friday, February 01, 2013 9:54 AM
To: NT System Admin Issues
Subject: MS site?
 
Anyone else having trouble getting to this link? 

http://support.microsoft.com 

Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 


The Guardian Life Insurance Company of America

www.guardianlife.com 


- This message, and any 
attachments to it, may contain information that is privileged, 
confidential, and exempt from disclosure under applicable law. If the 
reader of this message is not the intended recipient, you are notified 
that any use, dissemination, distribution, copying, or communication of 
this message is strictly prohibited. If you have received this message in 
error, please notify the sender immediately by return e-mail and delete 
the message and any attachments. Thank you. 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
 

Please note: Due to Florida’s broad open records law, most written 
communication to or from College employees is public record, available to 
the public and the media upon request. Therefore, this e-mail 
communication may be subject to public disclosure.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Confidentiality Notice:
This e-mail, including any attachments is the 
property of Catholic Health East and is intended 
for the sole use of the intended recipient(s). 
It may contain information that is privileged and 
confidential.  Any unauthorized review, use,
disclosure, or distribution is prohibited. If you are 
not the intended recipient, please delete this message, and 
reply to the sender regarding the error in a separate email. 
 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
<><><>

MS site?

[Christopher Bodnar]

Anyone else having trouble getting to this link? 

http://support.microsoft.com


Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 





-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: DC eventid 1168, bizarre behavior

[Christopher Bodnar]

Interesting. When you say that the Linux (samba) servers can't talk to 
DC20, what are you seeing? Authentication failures? How is Samba 
configured? NTLM, or Kerberos ? 

Any thoughts of upgrading the 2008 DCs to 2008 R2? See if the issue 
persists? 

Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Elijah Buck 
To: "NT System Admin Issues" 
Date:   01/29/2013 10:30 AM
Subject:Re: DC eventid 1168, bizarre behavior



A reboot does fix the issue. We've rebooted three times this month to fix 
the issue. Oddly, the errors do go back to 12/20/12, but we apparently 
didn't notice the problem in December.

It has never happened on DC20 (our only 2008R2 DC). The Linux servers are 
in the CAL site and can talk to the RODC in the CAL site, all four DCs in 
CORP, but cannot talk to DC20.

We aren't running a daily DCDIAG, but running DCDIAG on DC11 and DC20 both 
report all tests passed.

Here is the frequency of error 1168 on DC11. The error seems to occur 
every time an ADSI edit read fails.

  1   12/20/2012
  1   12/21/2012
  1   12/22/2012
  1   12/23/2012
  1   12/24/2012
  1   12/25/2012
  1   12/26/2012
  1   12/27/2012
  5   12/28/2012
 28   12/29/2012
  5   12/30/2012
 17   12/31/2012
  1   1/1/2013
 13   1/2/2013
  9   1/3/2013
 12   1/4/2013
 13   1/5/2013
  1   1/6/2013
  4   1/7/2013
  2   1/8/2013
 17   1/9/2013
 65   1/10/2013
 26   1/11/2013
  1   1/12/2013
  1   1/13/2013
  1   1/14/2013
 17   1/16/2013
 10   1/17/2013
  8   1/19/2013
  1   1/20/2013
  1   1/21/2013
  2   1/23/2013
  1   1/24/2013
 13   1/25/2013
  1   1/26/2013
  1   1/27/2013
  3   1/28/2013
  1   1/29/2013

Replication seems OK:
C:\>repadmin /showrepl |findstr Last
Last attempt @ 2013-01-29 10:26:08 was successful.
Last attempt @ 2013-01-29 10:26:18 was successful.
Last attempt @ 2013-01-29 10:26:39 was successful.
Last attempt @ 2013-01-29 09:52:31 was successful.
Last attempt @ 2013-01-29 09:52:31 was successful.
Last attempt @ 2013-01-29 10:22:31 was successful.
Last attempt @ 2013-01-29 09:52:31 was successful.
Last attempt @ 2013-01-29 09:52:31 was successful.
Last attempt @ 2013-01-29 10:22:31 was successful.
Last attempt @ 2013-01-29 09:52:31 was successful.
Last attempt @ 2013-01-29 09:52:32 was successful.
Last attempt @ 2013-01-29 10:22:31 was successful.
Last attempt @ 2013-01-29 09:52:32 was successful.
Last attempt @ 2013-01-29 09:52:32 was successful.
Last attempt @ 2013-01-29 10:22:31 was successful.

On Tue, Jan 29, 2013 at 9:23 AM, Christopher Bodnar <
christopher_bod...@glic.com> wrote:
Never happened on DC20 ? When this happens, does a reboot resolve the 
issue? 

What has been the frequency? any chance you run a daily DCDIAG report? 
What does your replication health look like on a daily basis? 




Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459  
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 



The Guardian Life Insurance Company of America

www.guardianlife.com 






From:Elijah Buck  
To:"NT System Admin Issues"  
Date:01/28/2013 05:05 PM 
Subject:DC eventid 1168, bizarre behavior 



Hello,

I've been battling an odd issue with our domain controllers, and am
completely stumped. This seems to have been precipitated by adding a
Read Only Domain Controller and adding a number of Linux samba
servers. The symptoms of the issue follows:

On DC11 (2008 sp2 ReadWrite DC, 2GB ram, virtual machine on ESXi 5.0u2):

0.) cpu usage is low, typically under 5%. Memory is 800M cached. 118M 
free.

1.) In the Directory Service event log the following two errors are 
logged:
*Event ID 1168 - Internal error: An Active Directory Domain Services
error has occured.
Additional data: Error value (decimal): 1450, Error Value (hex): 5aa,
Internal ID: 124048b
*Event ID 1168 - Internal error: An Active Directory Domain Services
error has occured.
Additional data: Error value (decimal): 1450, Error Value (hex): 5aa,
Internal ID: 1240627

2.) This has happened three times on DC11, and once on DC10 (also 2008
sp2). The time that it affected both DC11 and DC10, manually pushing
passwords-to-be-cached to the RODC failed.

3.) Trying to read the properties of an object with ADSI edit
(connected to DC11) returns:
Windows could not load the values for all the attributes. Operation
failed. Error Code:
0x2

Re: DC eventid 1168, bizarre behavior

[Christopher Bodnar]

Never happened on DC20 ? When this happens, does a reboot resolve the 
issue? 

What has been the frequency? any chance you run a daily DCDIAG report? 
What does your replication health look like on a daily basis?





Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Elijah Buck 
To: "NT System Admin Issues" 
Date:   01/28/2013 05:05 PM
Subject:DC eventid 1168, bizarre behavior



Hello,

I've been battling an odd issue with our domain controllers, and am
completely stumped. This seems to have been precipitated by adding a
Read Only Domain Controller and adding a number of Linux samba
servers. The symptoms of the issue follows:

On DC11 (2008 sp2 ReadWrite DC, 2GB ram, virtual machine on ESXi 5.0u2):

0.) cpu usage is low, typically under 5%. Memory is 800M cached. 118M 
free.

1.) In the Directory Service event log the following two errors are 
logged:
*Event ID 1168 - Internal error: An Active Directory Domain Services
error has occured.
Additional data: Error value (decimal): 1450, Error Value (hex): 5aa,
Internal ID: 124048b
*Event ID 1168 - Internal error: An Active Directory Domain Services
error has occured.
Additional data: Error value (decimal): 1450, Error Value (hex): 5aa,
Internal ID: 1240627

2.) This has happened three times on DC11, and once on DC10 (also 2008
sp2). The time that it affected both DC11 and DC10, manually pushing
passwords-to-be-cached to the RODC failed.

3.) Trying to read the properties of an object with ADSI edit
(connected to DC11) returns:
Windows could not load the values for all the attributes. Operation
failed. Error Code:
0x2121. The search failed to retrieve attributes from the database.
2121: SvcErr: DSID-0312048E, problem 5012 (DIR_ERROR), data 1450.

4.) Attempting to run Windows Update gives Error 0x800705AA, which I
believe is ERROR_NO_SYSTEM_RESOURCE.

5.) Running 'runas /user:me cmd' fails with "5: Access is denied"

6.) The server appears to continue to service auth requests, and LDAP
binds still work. However, we seem to encounter intermittent issues
with the samba servers during this time.

Site topology:
  CORP:
  DC4, DC5 (server 2003, auto-site coverage disabled by registry)
  DC10, DC11 (server 2008 sp2)

  CAL: connected to CORP
  RODC1 (server 2008 R2, read only domain controller)

  NY: connected to CORP and DRSITE
  NYDC4 (server 2003)

  DRSITE: connected to CORP and NY
  DC3 (server 2003)
  DC20 (server 2008 R2)

DC4 is the Schema Master. All other roles are on DC5.

repadmin /showrepl and dcdiag don't show any errors.

Two additional bits of information. (1) For some reasons, IIS is
installed on the DC10 and DC11 domain controllers. (2) a similar thing
recently happened with our Exchange 2010 server (2008 R2). The same
error with 'runas' failing occured, IIS app pools couldn't restart,
and the windows process activation service couldn't be restarted (also
with error 5 access denied).

I am planning on setting up a new RWDC, physically in CORP but in the
CAL AD site, and seeing if the issue follows the new server or stays
with DC11.

Any help would be appreciated.

Thanks,
Elijah

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: Seeding a remote DFS share

[Christopher Bodnar]

Yes, that will work. Going under the assumption that you have the (2) 
folder targets setup in DFS:

\\siteA\software

\\siteb\software


Also keep in mind that the share has to be available. If it's not, the 
client will pull from the closest available site. Which means pulling 
across the wire if it's local DFS target is down for some reason. 




Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Oliver Marshall 
To: "NT System Admin Issues" 
Date:   01/26/2013 02:33 PM
Subject:Seeding a remote DFS share



Hi

We have a GPO that installs Adobe Master Collection. It's amazingly huge 
in its hugeness. 

Currently we have two GPOs, one for each site to ensure that users at the 
remote site don't get the install from the server at the other site. 

Each GPO is limited to a group, again with one group for each site. 

This works fine but I'd rather have one GPO, one group and one policy on 
what to do if users need Adobe. 

So I want to setup a DFS share so that the GPO can point to 
\\mydomain\software\adobe\big_installer.msi, and the user will get the 
install from their nearest DFS location. 

Can i just ship up the installer on USB and have someone copy it to the 
correct location?

If you have any comments on the setup as well then let me know.

Olly



Network Support
Online Backups
Server Management
Tel: 0845 307 3443
Web: http://www.g2support.com
Twitter: g2support
Google+: http://www.g2support.com/plus
Facebook: http://www.facebook.com/g2support
Mail: Unit H, Hove Technology Centre, Hove, Sussex, BN3 7ES
Have you said something nice about us to a friend or colleague ? Let us 
say thanks. Find out more at www.g2support.com/referral
G2 Support LLP is registered at Mill House, 103 Holmes Avenue, HOVE
BN3 7LE. Our registered company number is OC316341.

  
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: DC's and VM's

[Christopher Bodnar]

I think it depends on your infrastructure. If you have components 
(firewalls, routers, switches, NAS, SAN, etc.) that rely on AD, then I 
would still keep at least one physical around, possibly (2) at each site, 
depending on the size of your environment. 



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   David Lum 
To: "NT System Admin Issues" 
Date:   01/22/2013 11:07 AM
Subject:DC's and VM's



Is this still current thinking?
 
“Note: Always have at least one DC that is on physical hardware so that 
failover clusters and other infrastructure can start.”
http://support.microsoft.com/kb/888794
David Lum 
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764
 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
<>

RE: Patch management recommendations

[Christopher Bodnar]

We specifically told them we would be getting a similar MS presentation. 
The thing to keep in mind when comparing these 2 products from a high 
level is that you do get all the SCCM products in one suite now, which is 
fantastic (Orchestrator, VMM, etc...) but they are still separate 
applications. So for example you do get VMM for the view into your virtual 
infrastructure, but it's still a  separate management piece. Where as 
Altiris it's all in one component. Especially for 3rd party patching, that 
seems very attractive. 
 

Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   "Rod Trent" 
To: "NT System Admin Issues" 
Date:   01/17/2013 11:26 AM
Subject:RE: Patch management recommendations



Did they approach it that way because you are a 2007 shop?  Or, did they 
take 2012 into consideration for their demo?
 
I say that because, 2012 with SP1 allows less infrastructure, views into 
the virtual infrastructure, patching for 3rd party apps, and client health 
(for Windows, Mac, Linux, and Unix) has been greatly improved.
 
The reporting thing, I can agree with.  Looks to me like their competitor 
battle cards need to be updated.
 
From: Christopher Bodnar [mailto:christopher_bod...@glic.com] 
Sent: Thursday, January 17, 2013 10:52 AM
To: NT System Admin Issues
Subject: RE: Patch management recommendations
 
We didn't bring it in house for a POC, so I can't say from experience, 
just what we saw at the presentation. We are an SCCM 2007 shop. Some of 
the things that stood out about the Altiris product: 

Less infrastructure required 
Significantly easier and integrated reporting 
Direct views into virtual infrastructure 
Built in patching for 3rd party software (Adobe, Java, etc...) 
Less issues with client agent health 



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 


The Guardian Life Insurance Company of America

www.guardianlife.com 






From:"Rod Trent"  
To:"NT System Admin Issues"  
Date:01/17/2013 09:54 AM 
Subject:RE: Patch management recommendations 




I’m curious.  What impressed you about Altiris?   
  
I ask because, from what I’ve heard, they are good presenters and good 
salespeople, but the product itself has really tanked since the Symantec 
acquisition. 
  
From: Christopher Bodnar [mailto:christopher_bod...@glic.com] 
Sent: Thursday, January 17, 2013 9:37 AM
To: NT System Admin Issues
Subject: RE: Patch management recommendations 
  
Interesting. I wasn't aware of that. We had MS come in and give us a 
presentation on SCCM 2012, and then had Symantec come in for Altiris. Got 
to say I was impressed by Altiris. 

Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 


The Guardian Life Insurance Company of America

www.guardianlife.com 







From:"Rod Trent"  
To:"NT System Admin Issues"  
Date:01/17/2013 09:09 AM 
Subject:RE: Patch management recommendations 
 





I’d take a step back to wait and see on Altiris with yesterday’s news. 
 
http://myitforum.com/myitforumwp/2013/01/16/altiris-to-become-altiris-again-symantec-dumping-it-for-less-than-it-paid/
 

 
From: Christopher Bodnar [mailto:christopher_bod...@glic.com] 
Sent: Thursday, January 17, 2013 8:40 AM
To: NT System Admin Issues
Subject: Re: Patch management recommendations 
 
Kace 
Altiris 
SCCM with SCUP 

One of these should fit most of your clients needs. 

Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 


The Guardian Life Insurance Company of America

www.guardianlife.com 







From:"Charlie Kaiser"  
To:"NT System Admin Issues"  
Date:01/16/2013 06:04 PM 
Subject:Patch management recommendations 

 






I work for a consulting firm that manages a variety of SMB clients. As we
increase our client load and the size of the clients (moving from the 3-10
seat to the 50-1000 seat clients) we are implementing more advanced 
products
for a variety of tasks.

We are currently looking at patch management solutions. Our current 
paradigm
is a mix of WSUS and manual intervention, but it's not enough, obviously. 
I
haven't used a centralized patch management system f

RE: Patch management recommendations

[Christopher Bodnar]

We didn't bring it in house for a POC, so I can't say from experience, 
just what we saw at the presentation. We are an SCCM 2007 shop. Some of 
the things that stood out about the Altiris product:

Less infrastructure required
Significantly easier and integrated reporting
Direct views into virtual infrastructure
Built in patching for 3rd party software (Adobe, Java, etc...)
Less issues with client agent health




Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   "Rod Trent" 
To: "NT System Admin Issues" 
Date:   01/17/2013 09:54 AM
Subject:RE: Patch management recommendations



I’m curious.  What impressed you about Altiris?  
 
I ask because, from what I’ve heard, they are good presenters and good 
salespeople, but the product itself has really tanked since the Symantec 
acquisition.
 
From: Christopher Bodnar [mailto:christopher_bod...@glic.com] 
Sent: Thursday, January 17, 2013 9:37 AM
To: NT System Admin Issues
Subject: RE: Patch management recommendations
 
Interesting. I wasn't aware of that. We had MS come in and give us a 
presentation on SCCM 2012, and then had Symantec come in for Altiris. Got 
to say I was impressed by Altiris. 


Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 


The Guardian Life Insurance Company of America

www.guardianlife.com 






From:"Rod Trent"  
To:"NT System Admin Issues" 
 
Date:01/17/2013 09:09 AM 
Subject:RE: Patch management recommendations 




I’d take a step back to wait and see on Altiris with yesterday’s news. 
  
http://myitforum.com/myitforumwp/2013/01/16/altiris-to-become-altiris-again-symantec-dumping-it-for-less-than-it-paid/
 

  
From: Christopher Bodnar [mailto:christopher_bod...@glic.com] 
Sent: Thursday, January 17, 2013 8:40 AM
To: NT System Admin Issues
Subject: Re: Patch management recommendations 
  
Kace 
Altiris 
SCCM with SCUP 

One of these should fit most of your clients needs. 

Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 


The Guardian Life Insurance Company of America

www.guardianlife.com 







From:"Charlie Kaiser"  
To:"NT System Admin Issues"  
Date:01/16/2013 06:04 PM 
Subject:Patch management recommendations 
 





I work for a consulting firm that manages a variety of SMB clients. As we
increase our client load and the size of the clients (moving from the 3-10
seat to the 50-1000 seat clients) we are implementing more advanced 
products
for a variety of tasks.

We are currently looking at patch management solutions. Our current 
paradigm
is a mix of WSUS and manual intervention, but it's not enough, obviously. 
I
haven't used a centralized patch management system for around 5-6 years
(used to use early versions of Shavlik) so I haven't been keeping up with
the market. We're now looking for something that does 3rd party apps, not
just MS stuff, so WSUS is off the table. Our clients are all on MS
platforms, though; almost no *nix or Apple.

I don't envision a one-size-fits-all product. I expect that we'll want a
variety of solutions tailored to the size and complexity of the client. 
And
I have no illusions about the "ease" of patch management given any 
product.
:-)
My boss would love an MSP-style of centrally managed product that can 
handle
all our clients, but my belief is that trying to go that route is much 
more
difficult than doing per-client implementations, especially without
dedicated patch management admins.

Having said all that, is anyone working with patch management systems that
they really like for this space? Also, any you really DON'T like?

Thanks!

***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
***




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

- This message, and any 
attachments to it, may contain information that is privileged, 
confidential, and exempt from disclosure under applicable law. If the 
reader of this message is not the intended recipient, you are 

RE: Patch management recommendations

[Christopher Bodnar]

Interesting. I wasn't aware of that. We had MS come in and give us a 
presentation on SCCM 2012, and then had Symantec come in for Altiris. Got 
to say I was impressed by Altiris. 



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   "Rod Trent" 
To: "NT System Admin Issues" 
Date:   01/17/2013 09:09 AM
Subject:RE: Patch management recommendations



I’d take a step back to wait and see on Altiris with yesterday’s news. 
 
http://myitforum.com/myitforumwp/2013/01/16/altiris-to-become-altiris-again-symantec-dumping-it-for-less-than-it-paid/
 

 
From: Christopher Bodnar [mailto:christopher_bod...@glic.com] 
Sent: Thursday, January 17, 2013 8:40 AM
To: NT System Admin Issues
Subject: Re: Patch management recommendations
 
Kace 
Altiris 
SCCM with SCUP 

One of these should fit most of your clients needs. 

Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 


The Guardian Life Insurance Company of America

www.guardianlife.com 






From:"Charlie Kaiser"  
To:"NT System Admin Issues"  
Date:01/16/2013 06:04 PM 
Subject:Patch management recommendations 




I work for a consulting firm that manages a variety of SMB clients. As we
increase our client load and the size of the clients (moving from the 3-10
seat to the 50-1000 seat clients) we are implementing more advanced 
products
for a variety of tasks.

We are currently looking at patch management solutions. Our current 
paradigm
is a mix of WSUS and manual intervention, but it's not enough, obviously. 
I
haven't used a centralized patch management system for around 5-6 years
(used to use early versions of Shavlik) so I haven't been keeping up with
the market. We're now looking for something that does 3rd party apps, not
just MS stuff, so WSUS is off the table. Our clients are all on MS
platforms, though; almost no *nix or Apple.

I don't envision a one-size-fits-all product. I expect that we'll want a
variety of solutions tailored to the size and complexity of the client. 
And
I have no illusions about the "ease" of patch management given any 
product.
:-)
My boss would love an MSP-style of centrally managed product that can 
handle
all our clients, but my belief is that trying to go that route is much 
more
difficult than doing per-client implementations, especially without
dedicated patch management admins.

Having said all that, is anyone working with patch management systems that
they really like for this space? Also, any you really DON'T like?

Thanks!

***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
***




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

- This message, and any 
attachments to it, may contain information that is privileged, 
confidential, and exempt from disclosure under applicable law. If the 
reader of this message is not the intended recipient, you are notified 
that any use, dissemination, distribution, copying, or communication of 
this message is strictly prohibited. If you have received this message in 
error, please notify the sender immediately by return e-mail and delete 
the message and any attachments. Thank you. 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
<><>

Re: Patch management recommendations

[Christopher Bodnar]

Kace
Altiris
SCCM with SCUP

One of these should fit most of your clients needs. 

Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   "Charlie Kaiser" 
To: "NT System Admin Issues" 
Date:   01/16/2013 06:04 PM
Subject:Patch management recommendations



I work for a consulting firm that manages a variety of SMB clients. As we
increase our client load and the size of the clients (moving from the 3-10
seat to the 50-1000 seat clients) we are implementing more advanced 
products
for a variety of tasks.

We are currently looking at patch management solutions. Our current 
paradigm
is a mix of WSUS and manual intervention, but it's not enough, obviously. 
I
haven't used a centralized patch management system for around 5-6 years
(used to use early versions of Shavlik) so I haven't been keeping up with
the market. We're now looking for something that does 3rd party apps, not
just MS stuff, so WSUS is off the table. Our clients are all on MS
platforms, though; almost no *nix or Apple.

I don't envision a one-size-fits-all product. I expect that we'll want a
variety of solutions tailored to the size and complexity of the client. 
And
I have no illusions about the "ease" of patch management given any 
product.
:-)
My boss would love an MSP-style of centrally managed product that can 
handle
all our clients, but my belief is that trying to go that route is much 
more
difficult than doing per-client implementations, especially without
dedicated patch management admins.

Having said all that, is anyone working with patch management systems that
they really like for this space? Also, any you really DON'T like?

Thanks!

***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
***




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: PowerShell noob issues

[Christopher Bodnar]

Does this help?

http://social.technet.microsoft.com/Forums/en-CA/winserverpowershell/thread/6887f6a4-1a64-4dce-8c5e-a20373b6cf4f



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   James Rankin 
To: "NT System Admin Issues" 
Date:   01/16/2013 11:42 AM
Subject:PowerShell noob issues



I'm trying to tidy up some old scripts and move them to PowerShell, but 
hitting some issues.

I want to get PS to call out to an external program (ctxclios.exe, to be 
precise, http://www.ctrl-alt-del.com.au/files/CTXCliOS.txt), but I want to 
write the return code from the external program into a Registry value. I'm 
struggling a bit as how to achieve this.

Does anyone have any pointers that might nudge me in the right direction?

TIA,


-- 
James Rankin
Technical Consultant (ACA, CCA, MCTS)
http://appsensebigot.blogspot.co.uk
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: AIX and Windows

[Christopher Bodnar]

If you are responsible for the support of the system, I'd make sure they 
have budget to send you for training. 

http://www-304.ibm.com/jct03001c/services/learning/ites.wss/us/en?pageType=page&c=a0000607



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   "itli...@imcu.com" 
To: "NT System Admin Issues" 
Date:   01/09/2013 11:53 AM
Subject:RE: AIX and Windows



Being told we are going to be required to maintain the AIX system as a 
part of the contract cuts.
…..
 
 
From: Guyer, Don [mailto:dgu...@che.org] 
Posted At: Wednesday, January 9, 2013 11:18 AM
Posted To: itli...@imcu.com
Conversation: AIX and Windows
Subject: RE: AIX and Windows
 
What exactly are the concerns? Wouldn’t the “Tellering” system just be 
browser-based or run in an emulation program within Windows?
 
Regards,
 
Don Guyer
Catholic Health East - Information Technology
Enterprise Directory & Messaging Services
3805 West Chester Pike, Suite 100, Newtown Square, Pa  19073
email: dgu...@che.org
Office:  610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440
For immediate assistance, please open a Service Desk ticket or call the 
helpdesk @ 610-492-3839.

 
From: itli...@imcu.com [mailto:itli...@imcu.com] 
Sent: Wednesday, January 09, 2013 10:49 AM
To: NT System Admin Issues
Subject: RE: AIX and Windows
 
We are a Credit Union so it is our Tellering system that would host member 
transactions and data.  Yes it will be our first nx envnironment.  We are 
currently windows based and the idea of bringing in the AIX is a little 
intimidating.
 
 
From: Christopher Bodnar [mailto:christopher_bod...@glic.com] 
Posted At: Wednesday, January 9, 2013 9:48 AM
Posted To: itli...@imcu.com
Conversation: AIX and Windows
Subject: Re: AIX and Windows
 
Can you elaborate more on your environment? And when you say your "Core 
employee program"  what specifically do you mean by that? ERP (SAP)? Or 
your identity management system (RACF/ ITIM)? 

Is this your first UNIX/Linux system in your environment? 

Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 


The Guardian Life Insurance Company of America

www.guardianlife.com 






From:"itli...@imcu.com"  
To:"NT System Admin Issues"  
Date:01/09/2013 08:39 AM 
Subject:AIX and Windows 




We will most like be going to an AIX solution for our Core employee 
program.  Does anyone work with an AIX system and if so do you also have 
Windows AD 2008R2 running alongside it?? 
Just trying to get ahead of this. 
Thanks 
David 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
Confidentiality Notice:
This e-mail, including any attachments is the 
property of Catholic Health East and is intended 
for the sole use of the intended recipient(s). 
It may contain information that is privileged and 
confidential.  Any unauthorized review, use,
disclosure, or distribution is prohibited. If you are 
not the intended recipient, please delete this message, and 
reply to the sender regarding the error in a separate email. 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-softwa

Re: washable keyboard and mouse?

[Christopher Bodnar]

Follow up on this if anyone is interested:

Got them last night (haven't tried washing yet), and they work. Can't say 
I love it. That's not a dig on the hardware or the performance. 2 biggest 
things I don't like about this particular set:

- No indicator lights for (Caps, Num Lock), I now realize this is common 
for wireless keyboards.
- The mouse doesn't have a scroll wheel, but uses a sensor to serve the 
same function. Works, but not very well. Really miss the scroll wheel. 

So I can't say I recommend this. Already looking to replace, probably with 
a Logitech MK710 set (gives me both features). Not washable, but I can 
live with that.



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Christopher Bodnar/TheGuardian
To: NT System Admin Issues 
Date:   01/02/2013 02:03 PM
Subject:washable keyboard and mouse? 


Anyone ever used one of these? 

http://www.tigerdirect.com/applications/SearchTools/item-details.asp?EdpNo=7587094&Sku=R43-1004

For $10, I'm tempted to try it.



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 






-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<><>

RE: AIX and Windows

[Christopher Bodnar]

Depends on what your level of involvement or support for the system will 
be. If you are lucky, your vendor will take care of everything from 
migration to support. Or will you be responsible for support of the 
hardware and  the underlying OS on the AIX boxes? That can be challenging 
if you don't have experience with it. As far as having it run alongside 
AD, you shouldn't have any issues. Will the application be authenticating 
the users against AD ? 

Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   "itli...@imcu.com" 
To: "NT System Admin Issues" 
Date:   01/09/2013 11:01 AM
Subject:RE: AIX and Windows



We are a Credit Union so it is our Tellering system that would host member 
transactions and data.  Yes it will be our first nx envnironment.  We are 
currently windows based and the idea of bringing in the AIX is a little 
intimidating.
 
 
From: Christopher Bodnar [mailto:christopher_bod...@glic.com] 
Posted At: Wednesday, January 9, 2013 9:48 AM
Posted To: itli...@imcu.com
Conversation: AIX and Windows
Subject: Re: AIX and Windows
 
Can you elaborate more on your environment? And when you say your "Core 
employee program"  what specifically do you mean by that? ERP (SAP)? Or 
your identity management system (RACF/ ITIM)? 

Is this your first UNIX/Linux system in your environment? 

Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 


The Guardian Life Insurance Company of America

www.guardianlife.com 






From:"itli...@imcu.com"  
To:"NT System Admin Issues"  
Date:01/09/2013 08:39 AM 
Subject:AIX and Windows 




We will most like be going to an AIX solution for our Core employee 
program.  Does anyone work with an AIX system and if so do you also have 
Windows AD 2008R2 running alongside it?? 
Just trying to get ahead of this. 
Thanks 
David 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<><>

Re: Max Password Age

[Christopher Bodnar]

Changing the Max password Age value in GPO does not reset the pwdLastSet 
value of the users. 



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   "Heaton, Joseph@Wildlife" 
To: "NT System Admin Issues" 
Date:   01/09/2013 10:36 AM
Subject:Max Password Age



If my policy currently is 90 days, and I then shorten that to 60 days, 
does the clock reset to 0, or will everyone that’s in the 60-89 day window 
going to have expired passwords?
 
 
Thanks,
 
 
Joe Heaton
Enterprise Server Support
CA Department of Fish and Wildlife
1807 13th Street, Suite 201
Sacramento, CA  95811
Desk:  (916) 557-3422
 
 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
<>

Re: AIX and Windows

[Christopher Bodnar]

Can you elaborate more on your environment? And when you say your "Core 
employee program"  what specifically do you mean by that? ERP (SAP)? Or 
your identity management system (RACF/ ITIM)? 

Is this your first UNIX/Linux system in your environment? 

Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   "itli...@imcu.com" 
To: "NT System Admin Issues" 
Date:   01/09/2013 08:39 AM
Subject:AIX and Windows



We will most like be going to an AIX solution for our Core employee 
program.  Does anyone work with an AIX system and if so do you also have 
Windows AD 2008R2 running alongside it??
Just trying to get ahead of this.
Thanks
David
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: TechEd vs TechMentor

[Christopher Bodnar]

One more thing I would add about Tech Mentor is that it's muchmuch... 
smaller than TechEd. So the size of the audiences is less intimidating. 
This also gives you more face time with the instructors for one-on-one 
discussions, if that is something that might interest you. 

Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   "itli...@imcu.com" 
To: "NT System Admin Issues" 
Date:   01/09/2013 08:30 AM
Subject:RE: TechEd vs TechMentor



I have attended TechMentor like 6 times now.  I always get great 
information from the tracks I choose.
I use SQL, Exchange, Cisco ASA, Cisco IOS, Ironports, LogRhythm SIEM 
product, Windows 2003,2008 and Windows XP and 7.  Active Directory at 2008 
R2 level with TrendMicro for Antivirus.
So this is good for me.  I have not ever looked at TechEd, mostly because 
I thought it was for educators and trainers more the System Admins like 
us.  After reading some of the responses I will look at Tech Ed and see if 
it would fit for me.  I am really biased on TechMentor though because I 
take their ideas bounce them off this list and my Auditors and then 
implement my own creative ideas from there.  But without the starting 
place I would be more lost than I seem with I post….
Hope that helps a little.?
 
From: Damien Solodow [mailto:damien.solo...@harrison.edu] 
Posted At: Tuesday, January 8, 2013 5:14 PM
Posted To: itli...@imcu.com
Conversation: TechEd vs TechMentor
Subject: TechEd vs TechMentor
 
It looks like I might be able to make one of these for the first time. 
Any advice on which is the better/more useful event? Are they about the 
same price for registration normally (TechEd registration isn’t open yet 
to check)?
 
DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE
500 North Meridian St
Suite 500
Indianapolis, IN 46204-1213
www.harrison.edu
 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
<>

Re: Replacement for SteadyState

[Christopher Bodnar]

Have you looked at this document yet?

http://www.microsoft.com/en-us/download/details.aspx?id=24373

Also, have you considered going to Thin Clients and using RDS? 

Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Bambi J Saastad 
To: "NT System Admin Issues" 
Date:   01/04/2013 12:04 PM
Subject:Replacement for SteadyState



Hello
I was wondering if any of you could suggest a replacement for SteadyState.
I have a roomful of pc's that the factory users use for browsing etc that 
I am replacing with Windows 7 Pro that need to be locked down.

Can anyone suggest a product that does the same thing, wipe out any 
changes on reboot?

TIA
B



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: Time sync

[Christopher Bodnar]

How far is your drift? What it the tolerance for drift in the application? 


Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Richard McClary 
To: "NT System Admin Issues" 
Date:   01/04/2013 09:11 AM
Subject:Time sync



Greetings!
 
I’m sure I and many others have asked this (but are still stumped).  Ken 
S’s reply yesterday pointing to ultimately a chain of TechNet articles has 
shed some light and will start us digging.
 
Microsoft admits W32Time is sloppy (http://support.microsoft.com/kb/939322
) – mainly meant to make Kerberos v5 work.
 
Our issue is, W32Time lets things drift enough for weird things to occur 
in our medical records.
 
We have a veterinary toxicology consulting hotline.  Because things get 
out of sync a bit, we frequently have medical records opening before a 
client’s telephone call is received.
 
The article referenced above essentially says to go find an alternative to 
W32Time.  NIST has gathered a list of time sync software.  QUESTION:  has 
anyone on the list used (and would recommend) anything on that list to fix 
the “record created prior to the call” situation?  (
http://www.nist.gov/pml/div688/grp40/softwarelist.cfm) 
 
Thank you…
--
richard
 


The information contained in this e-mail, and any attachments hereto, is 
from The American Society for the Prevention of Cruelty to Animals® 
(ASPCA®) and is intended only for use by the addressee(s) named herein and 
may contain legally privileged and/or confidential information. If you are 
not the intended recipient of this e-mail, you are hereby notified that 
any dissemination, distribution, copying or use of the contents of this 
e-mail, and any attachments hereto, is strictly prohibited. If you have 
received this e-mail in error, please immediately notify me by reply email 
and permanently delete the original and any copy of this e-mail and any 
printout thereof. 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
<>

Re: DC server 2003 Time service

[Christopher Bodnar]

Keep in mind that in a Domain hierarchy, unless you make changes, the 
clients don't all sync time from the PDC emulator. They sync from the DC 
that they logon with. 



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   "itli...@imcu.com" 
To: "NT System Admin Issues" 
Date:   01/03/2013 11:33 AM
Subject:DC server 2003 Time service



I am bringing 2008 R2 servers on line to take the FSMO jobs.
I have set one of them as a W32time server but my pc’s are still getting 
time from the old
2003 DC SNTP server???
Any ideas on how to correct this?
 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
<>

washable keyboard and mouse?

[Christopher Bodnar]

Anyone ever used one of these? 

http://www.tigerdirect.com/applications/SearchTools/item-details.asp?EdpNo=7587094&Sku=R43-1004

For $10, I'm tempted to try it.



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 





-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: Enterprise task scheduler

[Christopher Bodnar]

Control-M from BMC is good.



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Adam Meixler 
To: "NT System Admin Issues" 
Date:   01/02/2013 01:35 PM
Subject:Enterprise task scheduler



Happy New Year everyone!
 
I was hoping to get The Lists opinion on a good, un-bloated enterprise 
task scheduler. Right now we have about a thousand tasks scattered across 
different servers using the windows scheduled task service and it’s just 
not doing it for us.
 
It’d be nice if jobs could be pushed down to workers as they were 
available vs. being scheduled on specific instances, but we at least want 
a central control of these jobs.
 
We’re open to any ideas that don’t involve CA
 
Thanks all
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
<>

Update SEP script ?

[Christopher Bodnar]

Does anyone else have a script that detects the virus definition version 
on your SEP clients? I've had one in place for a few years now, was using 
the following 2 Reg keys:

"HKLM\Software\Symantec\SharedDefs\NAVCORP_70"
"HKLM\Software\Symantec\SharedDefs\DEFWATCH_10"

Recently had the SEP client updated to 12.1 and it no longer uses those 
keys,  it now uses (for 64-bit):

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint 
Protection\AV\UsingPattern

Which is in Hex. I've found a PowerShell script that does the conversion,

http://powershell.cz/2011/03/30/virus-definition-file-version-in-registry/

But my script runs locally on each machine and uses VBScript since not all 
machines have PowerShell in our environment.

Was wondering if anyone has modified their VBScript  to do the conversion, 
and if so would be willing to share? I could write this, but if someone 
has it done, it will save me significant time. 


Thanks,




Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 





-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: Cheapest way to get Hyper-V and 64GB

[Christopher Bodnar]

I think it only comes down to what this box needs to do for you? If it 
requires any other roles (DHCP, WINS, DNS, DC, etc) then Hyper-V 
server isn't what your looking for. 

Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   David Lum 
To: "NT System Admin Issues" 
Date:   12/05/2012 01:48 PM
Subject:RE: Cheapest way to get Hyper-V and 64GB



This makes it look like the free 2008 R2 Hyper-V server supports 1TB:
http://technet.microsoft.com/en-us/library/jj647789
 
It can be argued that if I’m going to change Hyper-V host OS then why not 
go to 2012.
 
Next question….how nervous should I be about the guests if on the host I 
go from full 2008 w/ Hyper-V as the host to 2012 Hyper-V (effectively 
server core). Seems pretty simple on the surface, am I overlooking 
anything obvious?
 
I guess the fallback would be to reinstall the full 2008 R2 OS, as least 
protecting the VM’s themselves is pretty straightforward. Time eater, but 
technically simple. Time for more research.
 
Dave
 
From: Christopher Bodnar [mailto:christopher_bod...@glic.com] 
Sent: Wednesday, December 05, 2012 8:49 AM
To: NT System Admin Issues
Subject: RE: Cheapest way to get Hyper-V and 64GB
 
And the Hyper-V version is free. 


Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 


The Guardian Life Insurance Company of America

www.guardianlife.com 






From:Mike Hoffman  
To:"NT System Admin Issues"  
Date:12/05/2012 11:28 AM 
Subject:RE: Cheapest way to get Hyper-V and 64GB 




What about 2012 – 4Tb limit. 
  
From: David Lum [mailto:david@nwea.org] 
Sent: 05 December 2012 16:15
To: NT System Admin Issues
Subject: Cheapest way to get Hyper-V and 64GB 
  
I have a client system that can physically hold 64GB of RAM, is $2000+ 
2008 R2 Server Enterprise the only way to use that much RAM with Hyper-V 
guests? 64-bit Server Standard only recognizes 32GB… 
David Lum 
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764 
  
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin 
- This message, and any 
attachments to it, may contain information that is privileged, 
confidential, and exempt from disclosure under applicable law. If the 
reader of this message is not the intended recipient, you are notified 
that any use, dissemination, distribution, copying, or communication of 
this message is strictly prohibited. If you have received this message in 
error, please notify the sender immediately by return e-mail and delete 
the message and any attachments. Thank you. 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
<><>

RE: Cheapest way to get Hyper-V and 64GB

[Christopher Bodnar]

And the Hyper-V version is free. 



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Mike Hoffman 
To: "NT System Admin Issues" 
Date:   12/05/2012 11:28 AM
Subject:RE: Cheapest way to get Hyper-V and 64GB



What about 2012 – 4Tb limit.
 
From: David Lum [mailto:david@nwea.org] 
Sent: 05 December 2012 16:15
To: NT System Admin Issues
Subject: Cheapest way to get Hyper-V and 64GB
 
I have a client system that can physically hold 64GB of RAM, is $2000+ 
2008 R2 Server Enterprise the only way to use that much RAM with Hyper-V 
guests? 64-bit Server Standard only recognizes 32GB…
David Lum 
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764
 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
<>

Re: Server login reporting

[Christopher Bodnar]

Stuff like this is a bear if you don't have a system that understands the 
MS security log format. For example SCOM which has ACS, which will do all 
of this for  you, prepackaged. There are other systems that do it as well, 
but none are free or cheap. So if you have to roll your own, you have to 
deal with the headaches of parsing the information. Is this a one time 
need (few days or weeks) ? Or is this ongoing, something you will need in 
your environment going forward? 

If you have to do this on your own, there are resources that discuss the 
different string fields for the various event IDs. For example the SCOM 
Unleashed book discusses this on pages 790-794 as part of the discussion 
on ACS.



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Gavin Wilby 
To: "NT System Admin Issues" 
Date:   12/05/2012 09:08 AM
Subject:Re: Server login reporting



I struggling with this really.

I still dont get how this can be parsed to a emailed report of what I 
want.

I dont need to know successful null sessions for example.

I just need to know when any user tries to log into the DC, and then tell 
mw what account and where from.

Gavin.

On Wed, Dec 5, 2012 at 1:48 PM, Christopher Bodnar <
christopher_bod...@glic.com> wrote:
I think the OP mentioned this was a 2008 DC. These are the event ID's for 
2003, in 2008 they are different. 

Try this: 

http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4624
 



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459  
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 



The Guardian Life Insurance Company of America

www.guardianlife.com 






From:Webster  
To:"NT System Admin Issues"  
Date:12/04/2012 06:36 PM 
Subject:RE: Server login reporting 




This should help you out.

http://technet.microsoft.com/en-us/library/cc787567(v=ws.10).aspx

Thanks


Webster


-Original Message-
From: Gavin Wilby [mailto:gavin.wi...@gmail.com] 
Subject: Re: Server login reporting

OK,

I understand what your all saying but the server in question shows 100's 
if not 1000's of logon events.

How to I ascertain which ones are true user logons to the servers console?

Gavin.

On Tue, Dec 4, 2012 at 10:48 PM, Kim Longenbaugh  wrote:
> Great minds.
>
>
>
> From: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
> Sent: Tuesday, December 04, 2012 4:33 PM
>
>
> To: NT System Admin Issues
> Subject: RE: Server login reporting
>
>
>
>>I know the sec log shows this, but its a nightmare to go through.
>
> Its really not, you can use the UI to actually build a query.
>
>
>
> Open up the mmc, click "Attach a Task To this Log..."
>
>
>
> You'll be shocked how easy it is:) It even has "send an email" as an 
action.
> Use the query builder to abstract you from the syntax if needed.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



-- 
Gavin Wilby,
Twitter: http://twitter.com/gavin_wilby
GSXR Blog: http://www.stoof.co.uk
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpo

RE: Server login reporting

[Christopher Bodnar]

I think the OP mentioned this was a 2008 DC. These are the event ID's for 
2003, in 2008 they are different. 

Try this:

http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4624



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Webster 
To: "NT System Admin Issues" 
Date:   12/04/2012 06:36 PM
Subject:RE: Server login reporting



This should help you out.

http://technet.microsoft.com/en-us/library/cc787567(v=ws.10).aspx

Thanks


Webster


-Original Message-
From: Gavin Wilby [mailto:gavin.wi...@gmail.com] 
Subject: Re: Server login reporting

OK,

I understand what your all saying but the server in question shows 100's 
if not 1000's of logon events.

How to I ascertain which ones are true user logons to the servers console?

Gavin.

On Tue, Dec 4, 2012 at 10:48 PM, Kim Longenbaugh 
 wrote:
> Great minds.
>
>
>
> From: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
> Sent: Tuesday, December 04, 2012 4:33 PM
>
>
> To: NT System Admin Issues
> Subject: RE: Server login reporting
>
>
>
>>I know the sec log shows this, but its a nightmare to go through.
>
> Its really not, you can use the UI to actually build a query.
>
>
>
> Open up the mmc, click "Attach a Task To this Log..."
>
>
>
> You'll be shocked how easy it is:) It even has "send an email" as an 
action.
> Use the query builder to abstract you from the syntax if needed.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: FORMAT without admin

[Christopher Bodnar]

I haven't tested this, but would granting the "Perform Volume maintenance 
task" give them this right? 




Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Ben Scott 
To: "NT System Admin Issues" 
Date:   12/03/2012 12:03 PM
Subject:FORMAT without admin



  Is there a way to grant a user the ability to format hard disks,
without granting them other permissions/privileges/rights/etc.?  In
particular, without Administrator rights?

  I want our Security dept people be able to format USB flash drives
(which are considered hard disks), without needing to grant them full
admin (even in a separate account).

  Under *nix, this is as easy as "chmod g+w /dev/hd*" or similar, but
Windows is rather more complicated.  There are things like the
\Device\Hardisk*\DR* names, which allegedly have security features
like ACLs, but I can't find anything useful about how to examine or
change said ACLs.

  XP Pro SP3 and/or Vista Biz SP1.  I'll take what I can get.

  Anyone got a clue they can spare me?

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: GPO Issues

[Christopher Bodnar]

First thing I would do is to verify it really is the GPO causing the 
issue. Dump one of the boxes into the computers OU and see if it still has 
the problem. If it doesn't its definitely the GPO causing the issue. If 
not look elsewhere for the problem. 

Also what does RSOP show on the box after you place the new GPO on it? 




Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   winsys 
To: "NT System Admin Issues" 
Date:   11/29/2012 04:49 PM
Subject:GPO Issues



Hey Everyone,

I have some servers that need to communicate with each other over TCP port 
445, but a GPO is blocking port 445. It's not an 'enforced' GPO and I've 
tried creating a GPO that opens port 445 and have placed it higher in the 
link order, but I can see in the Windows firewall log that received port 
445 packets are being dropped. I'm looking for ideas on how to 
troubleshoot/correct this issue.

Thanks
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: DNS settings in GPO or logon script

[Christopher Bodnar]

I would start with something like this in PowerShell. 

http://digitaldeviation.com/articles/change-dns-servers-remotely-powershell


I'd modify it to look at the current DNS server config of the adapter and 
only modify it if it's got the old DNS server address. I think that's what 
you are trying to do.



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   "itli...@imcu.com" 
To: "NT System Admin Issues" 
Date:   11/29/2012 01:54 PM
Subject:DNS settings in GPO or logon script



 
I have active directory server 2008r2 standard.
I want to push DNS primary and secondary.  I can netsh it but not everyone 
has the same adapter settings name?
I have all static addressing on all 24 LAN’s.
How am I going to get this done?
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
<>

RE: Auditing proof of password change

[Christopher Bodnar]

My guess is that an auditor might want to see proof of who changed it, not 
just that it changed. For that you will need the logs.



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   "Free, Bob" 
To: "NT System Admin Issues" 
Date:   11/29/2012 12:20 PM
Subject:RE: Auditing proof of password change



User objects have an attribute called pwdlastset. Report on that. Simple 
as that.
 
Don’t overcomplicate it rooting around in logs J
 
FWIW- Our auditors accept the account policy as general evidence of 
password aging. You might want to look into that.
 
From: David Lum [mailto:david@nwea.org] 
Sent: Thursday, November 29, 2012 7:20 AM
To: NT System Admin Issues
Subject: Auditing proof of password change
 
I have an audit request to prove that we change administrative passwords 
on a periodic basis. Surely some of you have to do this on occasion and if 
so, how do you go about it? Event log reporting?
David Lum 
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764
 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


PG&E is committed to protecting our customers' privacy. 
To learn more, please visit 
http://www.pge.com/about/company/privacy/customer/

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
<>

RE: Auditing proof of password change

[Christopher Bodnar]

In 2003, I think this is a 627.



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   "Ziots, Edward" 
To: "NT System Admin Issues" 
Date:   11/29/2012 10:28 AM
Subject:RE: Auditing proof of password change



The admin password change should show in the Security Eventlog. 
 
David this is from Windows 2008 Auditing guidelines, 
 
Recommended Setting: Success and Failure (DC’s and Member Servers)
Notes: This security policy setting determines whether the 
operating system generates audit events when the following user account 
management tasks are performed: 
 
· A user account is created, changed, deleted, renamed, disabled, 
enabled, locked out, or unlocked. 
· A user account password is set or changed. 
· Security identifier (SID) history is added to a user account. 
· The Directory Services Restore Mode password is set. 
· Permissions on accounts that are members of administrators 
groups are changed. 
· Credential Manager Credentials are backed up or restored. 
· This policy setting is essential for tracking events that 
involve provisioning and managing user accounts.
 
 
 
Event ID’s:4720, 4722, 4723, 4724, 4725, 4726, 4738, 4740, 
4765, 4766, 4767, 4780, 4781, 4794, 5376, 5377. 

Account Management
User Account Management
4720
A user account was created.
Windows Vista, Windows Server 2008
Account Management
User Account Management
4722
A user account was enabled.
Windows Vista, Windows Server 2008
Account Management
User Account Management
4723
An attempt was made to change an account's password.
Windows Vista, Windows Server 2008
Account Management
User Account Management
4724
An attempt was made to reset an account's password.
Windows Vista, Windows Server 2008
Account Management
User Account Management
4725
A user account was disabled.
Windows Vista, Windows Server 2008
Account Management
User Account Management
4726
A user account was deleted.
Windows Vista, Windows Server 2008
Account Management
User Account Management
4738
A user account was changed.
Windows Vista, Windows Server 2008
Account Management
User Account Management
4740
A user account was locked out.
Windows Vista, Windows Server 2008
Account Management
User Account Management
4765
SID History was added to an account.
Windows Vista, Windows Server 2008
Account Management
User Account Management
4766
An attempt to add SID History to an account failed.
Windows Vista, Windows Server 2008
Account Management
User Account Management
4767
A user account was unlocked.
Windows Vista, Windows Server 2008
Account Management
User Account Management
4780
The ACL was set on accounts which are members of administrators groups.
Windows Vista, Windows Server 2008
Account Management
User Account Management
4781
The name of an account was changed:
Windows Vista, Windows Server 2008
Account Management
User Account Management
4794
An attempt was made to set the Directory Services Restore Mode.
Windows Vista, Windows Server 2008
Account Management
User Account Management
5376
Credential Manager credentials were backed up.
Windows Vista, Windows Server 2008
Account Management
User Account Management
5377
Credential Manager credentials were restored from a backup.
Windows Vista, Windows Server 2008
 
 
Hit me offline if you need more. 
 
Z
 
Edward E. Ziots, CISSP, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org
 
From: David Lum [mailto:david@nwea.org] 
Sent: Thursday, November 29, 2012 10:20 AM
To: NT System Admin Issues
Subject: Auditing proof of password change
 
I have an audit request to prove that we change administrative passwords 
on a periodic basis. Surely some of you have to do this on occasion and if 
so, how do you go about it? Event log reporting?
David Lum 
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764
 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confi

RE: AD Washout

[Christopher Bodnar]

Tombstonelifetime error makes me think this might be an issues with 
lingering objects. Were any of the domain controllers migrated from 
physical to virtual recently? Or restored from a backup? 



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   "Dan Bartley" 
To: "NT System Admin Issues" 
Date:   11/19/2012 09:51 PM
Subject:RE: AD Washout



No. 
 
However, I just discovered that when I try to do a manual replication on 
one 2003 DC from the PDCe 2003 DC, I get an error that it can’t replicate 
due to tombstone lifetime being exceeded. It does replicate the other 
direction. I am not getting any Event errors in the Directory Service 
event log of either DC when I try the manual replication (such as 
2042-which I did find references on).
 
Best Regards,

Dan Bartley
Director - Security, IT, Billing, A-R
NetCarrier Telecom
Phone: (877) 255-7733; Fax: (267) 638-0317; Direct: (215) 966-3310

 
From: Jon Harris [mailto:jk.har...@live.com] 
Sent: Monday, November 19, 2012 21:37
To: NT System Admin Issues
Subject: RE: AD Washout
 
Any new patches added just prior to this.
 
Jon
 

Subject: AD Washout
Date: Mon, 19 Nov 2012 21:31:10 -0500
From: bartl...@corp.netcarrier.com
To: ntsysadmin@lyris.sunbelt-software.com
I mostly watch and learn, but today a question. Today I had an issue I 
can’t find any reason for.
 
Mixed 2000-2003 domain. 2 of each. All the roles have been moved to the 
2003 DCs, except time server. Fully patched.
 
Out of nowhere I started getting SCOM alerts from 2 of the DCs that 
various DC functions were failing when contacting one of the 2003 DCs. The 
2 2000 servers could be RDP, but not accessed via MMC for services, etc. 
from a Win7 workstation. I saw various KCC NTDS Replication related errors 
on one of the 2003 DCs. I could attach to them via RPC (MMC) though. One 
of the 2000 DCs is still the time server. Neither of the 2003 DCs could 
update time with it having a server error 5, access denied error. The 
other 2000 DC could update time fine. Logins to various internal systems 
and DFS links started to fail with access denied errors.
 
Eventually I rebooted the 2003 DC with the PDCe role and everything 
started to come back. There were no Directory Service errors or warnings 
in the event log at or before this happened. At the time this started this 
DC had system errors that the other 2003 DC had a time in the future, 
however it did not. In the application log there were errors when it 
started for ID 1058, Windows cannot access the file gpt.ini for GPO”” and 
ending with “(There is a time and/or date difference between the client 
and server. ). Group Policy processing aborted.”
 
All of the other DCs showed nothing other than the breakdown between them 
and this server. After the reboot all was well again. No performance 
issues for CPU, HDD or memory while it was going on. No services stopped.
 
Anybody have any thoughts on what might have caused this?
 
Best Regards,

Dan Bartley


 
CONFIDENTIALITY NOTICE***The information contained in this message may be 
privileged, confidential, and protected from disclosure. If the reader of 
this message is not the intended recipient, or any employee or agent 
responsible for delivering this message to the intended recipient, you are 
hereby notified that any dissemination, distribution, or copying of this 
communication is strictly prohibited. If you have received this 
communication in error, please notify us immediately by replying to the 
message and deleting it from your computer. Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
CONFIDENTIALITY NOTICE***The information contained in this message may be 
privileged, confidential, and protected from disclosure. If the reader of 
this message is not the intended recipient, or any employee or agent 
responsible for delivering this message to the intended recipient, you are 
hereby notified that any dissemination, distribution, or copying of this 
communication is strictly prohibited. If you have received this 
communication in error, please notify us immediatel

Re: GPO issue

[Christopher Bodnar]

If you really want to see if it's being applied just go to a client 
machine and do a GPRESULT from a command prompt. It will give you all the 
applied GPOs.



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   James Rankin 
To: "NT System Admin Issues" 
Date:   11/14/2012 08:52 AM
Subject:Re: GPO issue



Thanks, I now have a full understanding of what's going on. Looks like I 
will have to dig elsewhere to find the cause of the massive logon hangs.

Cheers,



JR

On 14 November 2012 13:46, Christopher Bodnar  wrote:
No, Authenticated Users will not be running the GPO. You have to have the 
Apply Group Policy right in order for it to apply. Either by adding it 
manually through the Advanced button on the Delegation tab, or by using 
the security filtering tab, which does it for you, Having only read does 
not give you the ability to apply the GPO. 

HTH 
Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459  
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 



The Guardian Life Insurance Company of America

www.guardianlife.com 






From:James Rankin  
To:"NT System Admin Issues"  
Date:11/14/2012 08:39 AM 
Subject:Re: GPO issue 



It definitely wasn't inherited. One thing I have noticed though if you add 
the Authenticated Users group through the Security Filtering function you 
get Read and Apply GPO permissions. If you add it through the Delegation 
tab you can only apply Read permissions unless you go through the Advanced 
tab.

If you've explicitly removed Authenticated Users from the Security Filter 
tab and add only GroupA and GroupB so that they are the groups receiving 
the GPO, if someone adds the Authenticated Users back via Delegation and 
gives them Read permissions, does that then apply the GPO to the 
Authenticated Users group even though you've removed them from the 
Security Filter? That's what I was trying to ask, but I think the fact I 
noticed above about the Apply GPO permission may have answered that 
question for me :-)

On 14 November 2012 13:20, Christopher Bodnar  wrote: 
You are correct, somehow the Authenticated Users was added to the 
Delegation tab, unless it was inherited, but I doubt that. Does it say No 
under the inherited column? 

Not sure what you mean by this: 

"And does this mean that the groups defined in the Security Filtering 
section will effectively be overridden? " 

Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459  
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 


The Guardian Life Insurance Company of America

www.guardianlife.com 







From:James Rankin  
To:"NT System Admin Issues"  
Date:11/14/2012 07:11 AM 
Subject:GPO issue 




I have noticed that some GPOs in use here are Security Filtered to certain 
AD groups, and Authenticated Users has been removed from the default 
Security Filter. This is all very normal and good.

However, switching to the Delegation tab of the GPO, I see Authenticated 
Users listed with Read permission - but not with the "(from Security 
Filtering)" suffix. This means that someone has specifically added 
Authenticated Users to the Delegation tab, I think? And does this mean 
that the groups defined in the Security Filtering section will effectively 
be overridden? I just want to check I am correct before I go complaining 
:-) I created a test GPO and it seems to indicate that I am correct, but I 
like to double-check first

Cheers,




-- 
James Rankin
Technical Consultant (ACA, CCA, MCTS)
http://appsensebigot.blogspot.co.uk 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin 
- This message, and any 
attachments to it, may contain information that is privileged, 
confidential, and exempt from disclosure under applicable law. If the 
reader of this message is not the intended recipient, you are notified 
that any use, dissemination, distribution, copying, or communication of 
this message is strictly prohibited. If you have received this message in 
error, please notify the sender immediately by return e-mail and delete 
the message and any attachments. Thank you. 
~ Finally

Re: GPO issue

[Christopher Bodnar]

No, Authenticated Users will not be running the GPO. You have to have the 
Apply Group Policy right in order for it to apply. Either by adding it 
manually through the Advanced button on the Delegation tab, or by using 
the security filtering tab, which does it for you, Having only read does 
not give you the ability to apply the GPO.

HTH

Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   James Rankin 
To: "NT System Admin Issues" 
Date:   11/14/2012 08:39 AM
Subject:Re: GPO issue



It definitely wasn't inherited. One thing I have noticed though if you add 
the Authenticated Users group through the Security Filtering function you 
get Read and Apply GPO permissions. If you add it through the Delegation 
tab you can only apply Read permissions unless you go through the Advanced 
tab.

If you've explicitly removed Authenticated Users from the Security Filter 
tab and add only GroupA and GroupB so that they are the groups receiving 
the GPO, if someone adds the Authenticated Users back via Delegation and 
gives them Read permissions, does that then apply the GPO to the 
Authenticated Users group even though you've removed them from the 
Security Filter? That's what I was trying to ask, but I think the fact I 
noticed above about the Apply GPO permission may have answered that 
question for me :-)

On 14 November 2012 13:20, Christopher Bodnar  wrote:
You are correct, somehow the Authenticated Users was added to the 
Delegation tab, unless it was inherited, but I doubt that. Does it say No 
under the inherited column? 

Not sure what you mean by this: 

"And does this mean that the groups defined in the Security Filtering 
section will effectively be overridden? " 


Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459  
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 



The Guardian Life Insurance Company of America

www.guardianlife.com 






From:James Rankin  
To:"NT System Admin Issues"  
Date:11/14/2012 07:11 AM 
Subject:GPO issue 




I have noticed that some GPOs in use here are Security Filtered to certain 
AD groups, and Authenticated Users has been removed from the default 
Security Filter. This is all very normal and good.

However, switching to the Delegation tab of the GPO, I see Authenticated 
Users listed with Read permission - but not with the "(from Security 
Filtering)" suffix. This means that someone has specifically added 
Authenticated Users to the Delegation tab, I think? And does this mean 
that the groups defined in the Security Filtering section will effectively 
be overridden? I just want to check I am correct before I go complaining 
:-) I created a test GPO and it seems to indicate that I am correct, but I 
like to double-check first

Cheers,




-- 
James Rankin
Technical Consultant (ACA, CCA, MCTS)
http://appsensebigot.blogspot.co.uk
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin 
- This message, and any 
attachments to it, may contain information that is privileged, 
confidential, and exempt from disclosure under applicable law. If the 
reader of this message is not the intended recipient, you are notified 
that any use, dissemination, distribution, copying, or communication of 
this message is strictly prohibited. If you have received this message in 
error, please notify the sender immediately by return e-mail and delete 
the message and any attachments. Thank you. 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



-- 
James Rankin
Technical Consultant (ACA, CCA, MCTS)
http://appsensebigot.blogspot.co.uk

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://

Re: GPO issue

[Christopher Bodnar]

You are correct, somehow the Authenticated Users was added to the 
Delegation tab, unless it was inherited, but I doubt that. Does it say No 
under the inherited column? 

Not sure what you mean by this:

"And does this mean that the groups defined in the Security Filtering 
section will effectively be overridden? "



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   James Rankin 
To: "NT System Admin Issues" 
Date:   11/14/2012 07:11 AM
Subject:GPO issue



I have noticed that some GPOs in use here are Security Filtered to certain 
AD groups, and Authenticated Users has been removed from the default 
Security Filter. This is all very normal and good.

However, switching to the Delegation tab of the GPO, I see Authenticated 
Users listed with Read permission - but not with the "(from Security 
Filtering)" suffix. This means that someone has specifically added 
Authenticated Users to the Delegation tab, I think? And does this mean 
that the groups defined in the Security Filtering section will effectively 
be overridden? I just want to check I am correct before I go complaining 
:-) I created a test GPO and it seems to indicate that I am correct, but I 
like to double-check first

Cheers,




-- 
James Rankin
Technical Consultant (ACA, CCA, MCTS)
http://appsensebigot.blogspot.co.uk

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Content Matrix

[Christopher Bodnar]

Anyone here use this before? 

http://www.metalogix.com/Products/Content-Matrix.aspx

If so can you give me an idea of the cost? I've called them 4 times in the 
last 2 days and can't get someone to give me a quote. It's awful. They 
keep telling me the sales rep from my area will get back to me. I've tried 
the demo version of the product and it seems perfect for our needs.

Thanks




Chris




-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: SSH (PuTTY) session from Windows2008R2

[Christopher Bodnar]

I have no problems using Putt or SSH Secure Shell connecting to our ESX 
hosts.



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Richard McClary 
To: "NT System Admin Issues" 
Date:   11/09/2012 10:41 AM
Subject:SSH (PuTTY) session from Windows2008R2



Greetings!
 
We use PuTTY for SSH sessions to manage various devices.  An issue has 
recently been discovered by us here…
 
We have no problem logging in to our Cisco Catalyst 3750 switch stack via 
SSH from machines running Windows XP, Windows 7, or Windows 2003. However, 
if we are logged into a Windows 2008R2 system…
 
Using PuTTY, we connect to the switch stack and get a login box.  After 
providing user name and password, we are denied access.
 
Using telnet (MS version enabled in the “Features” page of Control 
Panel/Applications), we can log in with no problem.
 
My preliminary Google searches seem to indicate that although SSH clients 
and servers are not a part of Windows 2008, it is supported.  So far, 
nothing regarding this inability to log in to other systems using SSH. 
Again, this is weird as a telnet session from the same Windows 2008 
machine gives access.
 
Anyone???  Thanks!!!
--
Richard D. McClary
Jr Infrastructure Architect, Information Technology Group 
ASPCA®
1717 S. Philo Rd, Ste 36
Urbana, IL 61802
richard.mccl...@aspca.org
P: 217-337-9761
C: 217-417-1182
F: 217-337-9761
www.aspca.org
 


The information contained in this e-mail, and any attachments hereto, is 
from The American Society for the Prevention of Cruelty to Animals® 
(ASPCA®) and is intended only for use by the addressee(s) named herein and 
may contain legally privileged and/or confidential information. If you are 
not the intended recipient of this e-mail, you are hereby notified that 
any dissemination, distribution, copying or use of the contents of this 
e-mail, and any attachments hereto, is strictly prohibited. If you have 
received this e-mail in error, please immediately notify me by reply email 
and permanently delete the original and any copy of this e-mail and any 
printout thereof. 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
<>

Re: Confused about DNS resolution on a server with 2 NICs on a DMZ

[Christopher Bodnar]

If you want the MS resource that is taken from, it's here:

http://technet.microsoft.com/en-us/library/bb457118.aspx



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Christopher Bodnar 
To: "NT System Admin Issues" 
Date:   11/07/2012 11:02 AM
Subject:Re: Confused about DNS resolution on a server with 2 NICs 
on a DMZ



Have you taken a look at this yet? 

http://www.scribd.com/doc/63870216/108/Multihomed-Name-Resolution 


Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 



The Guardian Life Insurance Company of America

www.guardianlife.com 






From:Michael Leone  
To:"NT System Admin Issues" 
 
Date:11/07/2012 10:14 AM 
Subject:Confused about DNS resolution on a server with 2 NICs on a 
DMZ 



So, today's confusion ... we have a webserver on our DMZ, Win 2008 R2. It 
has 2 NICs, and external and an internal. The external NIC has DNS 
settings pointing to our ISp (Verizon, in our case). The internal NIC has 
DNS settings of our internal LAN. 

So how come, if I say "ping ", the name resolves 
and I can ping? (I can understand how the ping succeeds; we have a static 
route to our internal servers). But how is the name resolving to the 
internal address? 

Using another of my internal servers as a target (i.e., not on the DMZ): 

If I do "ping ", it says could not find host. That's good; we 
don't have our domain name set in the NIC properties. 

if I do "ping ", it says "Pinging  [internal IP]". And how 
does it know to do that?? 

It appears that it's succeeding by using the internal NIC, but how does it 
know to use the internal NIC to resolve a name? If it was an internal IP, 
I could understand it - it would use the static route. 

Is it normal behavior to use the DMZ NIC, and - if that fails - silently 
use the INTERNAL NIC? That makes no sense to me either, but that's all I 
am coming up with, for why this is working. 

Can somebody clear up my age-fogged brain about this?? 

There is no HOSTS file, these are not domain members. 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<><>

Re: Confused about DNS resolution on a server with 2 NICs on a DMZ

[Christopher Bodnar]

Have you taken a look at this yet?

http://www.scribd.com/doc/63870216/108/Multihomed-Name-Resolution



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Michael Leone 
To: "NT System Admin Issues" 
Date:   11/07/2012 10:14 AM
Subject:Confused about DNS resolution on a server with 2 NICs on a 
DMZ



So, today's confusion ... we have a webserver on our DMZ, Win 2008 R2. It 
has 2 NICs, and external and an internal. The external NIC has DNS 
settings pointing to our ISp (Verizon, in our case). The internal NIC has 
DNS settings of our internal LAN.

So how come, if I say "ping ", the name resolves 
and I can ping? (I can understand how the ping succeeds; we have a static 
route to our internal servers). But how is the name resolving to the 
internal address?

Using another of my internal servers as a target (i.e., not on the DMZ):

If I do "ping ", it says could not find host. That's good; we 
don't have our domain name set in the NIC properties.

if I do "ping ", it says "Pinging  [internal IP]". And how 
does it know to do that??

It appears that it's succeeding by using the internal NIC, but how does it 
know to use the internal NIC to resolve a name? If it was an internal IP, 
I could understand it - it would use the static route. 

Is it normal behavior to use the DMZ NIC, and - if that fails - silently 
use the INTERNAL NIC? That makes no sense to me either, but that's all I 
am coming up with, for why this is working.

Can somebody clear up my age-fogged brain about this??

There is no HOSTS file, these are not domain members.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: Updates

[Christopher Bodnar]

Depends on what you are looking for. So you are currently using WSUS. Have 
you looked at SCCM (2007 or 2012) , which will give you SUP?  Altiris is 
in that space as well. Do you need 3rd party updates? SCUP can do that as 
part of SCCM, but Altiris has this natively. Both of those applications 
give you a lot more than just updates, but they also have a higher $$$



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Steve Ens 
To: "NT System Admin Issues" 
Date:   11/06/2012 12:12 PM
Subject:Updates



Not sure if we've discussed this lately, but what is the update product du 
jour?  I have been using Secunia CSI but they aren't developing for my 
version (and they won't upgrade me to the latest version under my contract 
which is why I want to leave them).  Does Sunbelt/GFI have a good 
offering?  I just moved my WSUS to a Server 2012 machine.   
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: Limit LDAP read to specific containers?

[Christopher Bodnar]

What is the reasoning that they don't want to be able to read the other 
containers? 

Is this a security issue that your company is concerned with? 



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Robert Peterson 
To: "NT System Admin Issues" 
Date:   11/05/2012 01:46 PM
Subject:Limit LDAP read to specific containers?



All,
I have a vendor that is requesting an LDAP “read only” account be 
restricted from reading all containers, EXCEPT the ones where they want it 
to read. By default the account has “read” on all containers. 
 
Seems like this might require “DENY” rules, which I have always understood 
should be avoided as Best Practice.
 
Thanks for wiser advice,
Robert
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
<>

Re: New job: AD is a mess

[Christopher Bodnar]

Seems like you are putting too much emphasis on the NetBIOS name which is 
still supported in 2003 FFL/DFL. Upgrading your FFL won't get rid of the 
NetBIOS name,  so any apps that still rely on this will still work. 

You will not need to do step # 2 




Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   "Tom Miller" 
To: "NT System Admin Issues" 
Date:   11/05/2012 11:21 AM
Subject:New job:  AD is a mess



Hi Folks,
 
I started a new job a week ago and I'm auditing the various systems for 
which I am responsible. 
 
Active Directory is a mess.  It is still at Windows 2000 functional level. 
 I need to address this before a planned migration to Exchange 2010. There 
are a few Windows 2000 domain controllers that I need to decommission, and 
my memory is foggy on Windows 2000.
 
The  name for the AD domain is like ABCdomain.com.  The pre- Windows 2000 
name is just "ABC".  Oddly, a number of systems seem to want to use ABC 
and not ABCdomain - these are 2003 servers and PCs mostly.   Are there any 
tools anyone knows of that can tell me which systems refer to that.  Since 
I'm new and the previous person left no documentation, I'm hunting alot 
now.   All of the user IDs have the ABD domain name listed in the Account 
tab of their accounts, and the field is user logon name (Pre-Windows 
2000).
 
Here's the plan to at least remove the 2000 domain controllers (there are 
2003/2008 DCs):
1.  create new GPOs to address printer and drive mappings.  Currently done 
via mix of batch and kixtart files. 
2.  Update the account information for users accounts from ABC to 
ABCdomain (necessary?? ).
3.  Demote Windows 2000 domain controllers.
4.  Change domain/functional levels to 2003 (minimum required for Exchange 
2010).
 
I'm sure I'm missing something.  Comments/recommendations appreciated.
 
Tom
 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: OT: SSRS question

[Christopher Bodnar]

Thanks Jeff, that is exactly what I was looking for.


Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Jeff Steward 
To: "NT System Admin Issues" 
Date:   11/01/2012 07:47 PM
Subject:Re: OT: SSRS question



Right click the text box in which you are displaying the date/time field. 
 Select Text Box Properties.  Click Number.  Chose Date from the Category. 
 Select the format type you want.  Alternatively, type a lowercase d in 
the Format property of the Text Box to get a mm/dd/ display.

-Jeff

On Thu, Nov 1, 2012 at 3:32 PM, Christopher Bodnar <
christopher_bod...@glic.com> wrote:
Any SSRS guys out there that might be able to help me with this?  It's 
2008 R2. 

Creating a report that uses a log file as the data source. Using an OLEDB 
connection string and a SCHEMA.INI file to set a custom delimiter: 

Provider=Microsoft.Jet.OLEDB.4.0;Data Source=\\10.x.x.x\Data\;Extended 
Properties="text;HDR=Yes;Format=Delimited(#)" 

Everything is working perfectly, except for one nagging detail. I've got a 
field in the log file "DATE" that I'm getting back as DateTime in the 
report: 


11/01/2012  12:00:00 AM 

I want to truncate this to just date. 

11/01/2012 

I've tried almost every combination I can think of and can't get it to 
give me just the date. Tried combinations of the following: 

Format 
FormatDateTime 
Convert 
Cast 
CDate 

Here is info on the dataset: 

query: 
select  * FROM sample.txt 

Filter Expression: 
=Fields!Date.Value 

Expression for value: 
=DateAdd(DateInterval.Day , -7, Today) 


Any help is much appreciated. 



Chris 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

OT: SSRS question

[Christopher Bodnar]

Any SSRS guys out there that might be able to help me with this?  It's 
2008 R2.

Creating a report that uses a log file as the data source. Using an OLEDB 
connection string and a SCHEMA.INI file to set a custom delimiter:

Provider=Microsoft.Jet.OLEDB.4.0;Data Source=\\10.x.x.x\Data\;Extended 
Properties="text;HDR=Yes;Format=Delimited(#)"

Everything is working perfectly, except for one nagging detail. I've got a 
field in the log file "DATE" that I'm getting back as DateTime in the 
report:


11/01/2012  12:00:00 AM

I want to truncate this to just date. 

11/01/2012

I've tried almost every combination I can think of and can't get it to 
give me just the date. Tried combinations of the following:

Format
FormatDateTime
Convert
Cast
CDate

Here is info on the dataset:

query:
select  * FROM sample.txt

Filter Expression:
=Fields!Date.Value

Expression for value:
=DateAdd(DateInterval.Day , -7, Today)


Any help is much appreciated.




Chris




-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

OT: East Coast people out there?

[Christopher Bodnar]

Anyone else on the east coast dealing with the aftermath of Sandy?

Still waiting to hear how our NY office faired. 




Chris


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Can't send large attachments

[Christopher Bodnar]

My guess is that the attachment is increasing in size as it's encoded. 
Take a look at this:

http://searchexchange.techtarget.com/tip/Outbound-message-size-changes-due-to-format-conversions

I've never used that utility before, but I think you need to figure out 
the size that Exchange is encoding this to. 


Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   S Powell 
To: "NT System Admin Issues" 
Date:   10/17/2012 11:05 AM
Subject:Can't send large attachments



Hi guys,

I'm having issues with sending some very large attached files.

the issue is that i'm not sure where the issue really is.

I have upped the limit in Exchange 2007 to 30M, " Set-TransportConfig
-MaxReceiveSize 30MB -MaxSendSize 30MB"
and there are no limits on the Users mailboxes.

On our Ironport I've gone in like this says
https://supportforums.cisco.com/message/3594048#3594048

on the iron port SSH in and >scanconfig
Enter the maximum size of attachment to scan:  (set it to the MAX)
set the timeout to 60.

And on our firewall, Fortigate 60C, Ive set the UTM and the AV filters to 
25M



I keep getting this:: (on an 8M PDF)
 #550 5.3.4 SMTPSEND.OverAdvertisedSize; message size
exceeds fixed maximum size ##

---

I can send these files internally fine, i've sent internally up to 15M
and I can receive up to 8MB but cannot send that same file out.
If you have any thoughts
i'd be grateful.

thanks

-
Sub ubi semper ubi

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

OT: Scour redirect virus?

[Christopher Bodnar]

Just wondering if anyone else has had to deal with this one.

Got hit with this on my home machine this week. I am by no means a 
security expert, so that may have been part of my problem. But was sort of 
surprised by the lack of resources/info available out there from the major 
players (AVG, McAfee, Symantec, etc). I use AVG and it had no idea the 
machine was infected. and couldn't find any mention of it on their support 
site. Tried both TDSSKiller from Kaspersky and  FixTDSS from Symantec. 
Neither of which worked. Finally gave in and tried ComboFix, which really 
looked like it was questionable, but resolved the problem for me. 

Luckily this was relatively harmless in the grand scheme of things. Just 
very annoying. 



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 





-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: DFS Server 2008 Greyed out

[Christopher Bodnar]

Hmmm how about this?

http://technet.microsoft.com/en-us/library/cc753875.aspx

If you really do have a 2000 mode name space, this will allow you to 
migrate it.



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Matt Plahtinsky 
To: "NT System Admin Issues" 
Date:   10/04/2012 11:14 AM
Subject:Re: DFS Server 2008 Greyed out



Yes I have tried this with no luck I'm running into a time crunch 
so I might have to live with DFS 2000 mode If i can't find a solution.

Thanks for the suggestion.

Matt

On Thu, Oct 4, 2012 at 8:42 AM, Christopher Bodnar <
christopher_bod...@glic.com> wrote:
Have you tried this? 

http://www.petri.co.il/forums/showthread.php?t=46538 


Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459  
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 



The Guardian Life Insurance Company of America

www.guardianlife.com 






From:Matt Plahtinsky  
To:"NT System Admin Issues"  
Date:10/03/2012 09:16 PM 
Subject:DFS Server 2008 Greyed out 




Getting ready to setup a multiple site DFS file shares.  The domain was 
just recently upgraded from SBS 2003 to Server 2008 R2.  The network is 
made up of 3 sites with each having 1 dc and 1 file server.  The domain 
functional level is at Server 2008 R2. 

When creating the DFS Name Space the check box "Enable Windows Server 2008 
Mode" is greyed out. After a few hours of searching the web I have not 
found out how to get the DFS level to 2008. 

My only guess is that at some point the old SBS 2003 (has 
been decommissioned) box had DFS enabled and somewhere the new file 
servers still see or have record of the old server and will not allow me 
to implement the new 2008 mode. 

Does anyone have any ideas? 

Thanks 

Matt  
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<><>

Re: DFS Server 2008 Greyed out

[Christopher Bodnar]

Have you tried this? 

http://www.petri.co.il/forums/showthread.php?t=46538



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Matt Plahtinsky 
To: "NT System Admin Issues" 
Date:   10/03/2012 09:16 PM
Subject:DFS Server 2008 Greyed out



Getting ready to setup a multiple site DFS file shares.  The domain was 
just recently upgraded from SBS 2003 to Server 2008 R2.  The network is 
made up of 3 sites with each having 1 dc and 1 file server.  The domain 
functional level is at Server 2008 R2.

When creating the DFS Name Space the check box "Enable Windows Server 2008 
Mode" is greyed out. After a few hours of searching the web I have not 
found out how to get the DFS level to 2008.

My only guess is that at some point the old SBS 2003 (has 
been decommissioned) box had DFS enabled and somewhere the new file 
servers still see or have record of the old server and will not allow me 
to implement the new 2008 mode.

Does anyone have any ideas?

Thanks

Matt 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: Uggg -- Flash 11.4 on RDS (terminal services)

[Christopher Bodnar]

Hey Jesse, if you look back I posted on 9/12/2012, with this thread "Flash 
and RDS with Thin clients". Identical issue to what you are seeing. I 
still have not resolved the issue. In my case I've got (3) identical RDS 
severs, and only one is exhibiting the issue, no idea why. I really think 
it's a permissions issue, but haven't found any resolution.  There was an 
article I found that discussed the issue and there were steps to reset the 
permissions on specific folders, but in my situation id didn't resolve the 
problem. If you come up with a fix let us know. I may end up going the 
Firefox route until someone finds a solution. 

Thanks,


Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   "Jesse Rink" 
To: "NT System Admin Issues" 
Date:   10/02/2012 10:21 PM
Subject:Uggg -- Flash 11.4 on RDS (terminal services)



So at first I thought I was going crazy.  I have a 2008 R2 terminal server
(RDS) that hadn't been updated in many months.  It was running an older
version of Adobe Flash (no, I don't remember which version but something
PRE-June 2012 at least).  In late September, some of the users were saying
that certain websites required a newer version of flash in order to view 
the
site properly (mostly kid's learning sites).   So I updated Flash to the
latest 11.4 version on the 2008 R2 RDS box.  (I did use the "change user
/install" command before updating Flash.

Since then, nothing but problems.  Anyone aside from the Administrator
cannot properly browse websites.  Going to msn.com, Microsoft.com,
abcya.com, and pretty much ANYTHING that isn't just some basic static
website, takes literally 8-10 minutes to load.  At first I thought the 
users
were crazy but, after some testing, I was able to verify this was true.  I
uninstalled Flash, and geez, all the problems with websites loading slow 
is
FIXED.   If I try to reinstall Flash 11.4, the same thing happens, 
websites
take forever to load.

I thought maybe my 2008 R2 RDS box was messed up so I built a brand new 
2008
R2 RDS server. Loaded up Office 2007, Adobe Reader, and a few other apps
that are on the older RDS box.  Then installed Flash 11.4.  Initially,
everything seemed to be working.  Then after a reboot (or maybe 2?), the
EXACT same thing starts happening.  Administrator can access websites 
fine,
but users cannot, they just have to wait and wait... This happens when the
internet pipe is NOT even 1% utilized.   On this brand new RDS server,
uninstalling Flash 11.4 once again FIXES the problem.  Yet, I need Flash 
on
it because it's used on a small school lab for learning sites, ughh.

I've tried installing OLDER versions of Flash (11.3, 10.3, etc.) on the 
new
RDS box after having uninstalled 11.4, but when the older versions are
installed, I cannot even pass the Flash Tests (do you have Flash on your
machine?) from the Adobe site, whether logged in as an administrator or a
user.   So this is happening on *2* different servers, what in the world?!

I did find this
(
http://www.kevintaber.com/2012/08/31/adobe-flash-player-11-4-causes-ie-9-to

-not-load-flash-sites/) but...  his explanation to load an older Flash 
isn't
working for me at all. 

Any help here?


Jesse



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: BusinessObjects Web Intelligence

[Christopher Bodnar]

I know, that is exactly what I think too. But this is what they are 
telling me, and since they are the SMEs for the application, its up to me 
to prove that what they are saying is wrong. 

Was really hoping someone on the list out there used the product and could 
tell me without a doubt that it does this.

Thanks

Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Steve Kradel 
To: "NT System Admin Issues" 
Date:   10/01/2012 10:23 PM
Subject:Re: BusinessObjects Web Intelligence



This seems implausible, given that "how much money" and "when" are the 
most common variables in business reports...

On Mon, Oct 1, 2012 at 4:24 PM, Christopher Bodnar <
christopher_bod...@glic.com> wrote:
Any BO people on here I can run a question by? 

I've got some data that will be stored in a flat file. I need to generate 
a report on this data. One of the fields in the file will be 
date/timestamp. The BO group here is telling me that they can't filter by 
that in the report. For example if I want to show results for the last 7 
days, they are telling me they don't have the ability to filter the report 
by the timestamp. 

Anyone here confirm that? 

Thanks 
Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459  
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 



The Guardian Life Insurance Company of America

www.guardianlife.com 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<><>

BusinessObjects Web Intelligence

[Christopher Bodnar]

Any BO people on here I can run a question by?

I've got some data that will be stored in a flat file. I need to generate 
a report on this data. One of the fields in the file will be 
date/timestamp. The BO group here is telling me that they can't filter by 
that in the report. For example if I want to show results for the last 7 
days, they are telling me they don't have the ability to filter the report 
by the timestamp. 

Anyone here confirm that? 

Thanks

Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 





-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: Restricting who can join a system to the domain

[Christopher Bodnar]

Yes, one is modifying the quota the other is granting the right to the new 
group. 


Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   David Lum 
To: "NT System Admin Issues" 
Date:   09/28/2012 12:20 PM
Subject:Restricting who can join a system to the domain



If I want to make it so only domain admins (and hey, do I need to 
capitalize that when referring to that group?) and members of a specific 
new AD group can join systems to the domain, do I need to do BOTH the 
ADSIEdit to change ms-DS-MachineAccountQuota to zero AND a GPO setting for 
“Add workstations to Domain”?
David Lum 
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764
 
 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
<>

RE: Listing all groups / finding a group on shared folders security

[Christopher Bodnar]

You are talking about certification and recertification. All part of 
Identity and Access Management. Like anything else it all depends on the 
size of your company, $$$, resources. Some places have a manual process 
(spreadsheets, home grown DB, etc). Then there are the bigger players 
in this field: 

Aveksa
SailPoint
IBM

All of these tie directly into your directories (LDAP, Domino, AD, RACF, 
etc...) And deal with the life cycle of your identities. None of them are 
easy or cheap, but if you really need to do this and do it well, they are 
the way to go. 

Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   David Lum 
To: "NT System Admin Issues" 
Date:   09/27/2012 10:45 AM
Subject:RE: Listing all groups / finding a group on shared folders 
security



BTW, I know *EXACTLY* How you feel. We have a lot of groups created before 
I was here and the description says simply "for access to files".

Along the same lines, how do folks here go about auditing security groups 
and knowing if they are still valid or if the members list is still 
appropriate? As in, how do you track/audit if the appropriate group 
memberships were changed when Jill moved from sales to accounting?

-Original Message-
From: Michael Leone [mailto:oozerd...@gmail.com] 
Sent: Thursday, September 27, 2012 7:27 AM
To: NT System Admin Issues
Subject: Listing all groups / finding a group on shared folders security

I have this problem. I have an AD group that has just a name and no 
description, no notes, no nothing. (it was apparently created like 7 years 
ago). I don't know what it does, or what it is used for. I
*suspect* that it's used to control ACLs to a share, but I don't know that 
for sure. And it occurred to me that I don't know how to find out what 
share it might be providing security for.

I guess what I am asking is: how can I go through all the folders on a 
file server, and list out the user and group names on the security of the 
folders (or shares, I suppose)? Is there a utility that does that?
A script I would have to run against the whole folder structure?
Ideally, tell it the group name I'm looking for, and have it come back and 
say "\\this-server\that-folder"? I'm looking for a free utility, BTW - I 
know there are a lot of security programs for purchase that can tell me 
this, and in fact we will be looking at one in a few weeks. But even if we 
purchased such software, it would be a while to implement, etc. And I'd 
like to answer at least this one request now.

This is why I harp on about using the description and notes fields in AD, 
both for users and groups ... it makes my life a lot easier when someone 
asks me for a list like this 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: Powershell question - listing groups a user belongs to, and the notes/description of the group

[Christopher Bodnar]

With the Quest CMDLets this works:

get-qaduser jdoe -properties memberof|select -expandProperty 
memberof|get-qadgroup|select name,notes



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Michael Leone 
To: "NT System Admin Issues" 
Date:   09/26/2012 10:46 AM
Subject:Powershell question - listing groups a user belongs to, 
and the notes/description of the group



I have this request to list all the groups a specific set of users
belong to. Since we use groups to control ACLs, this can (effectively)
be a listing of all the shared folders the user has access to (we list
the location of the shared folder in the notes of the group).  I'm
still new to PS, and could use a bit of a pointer as to how to get to
the description. To get the list of groups, I am planning on:

import-module ActiveDirectory
cd AD:

and then loop through a text file of SAMAccountNames:

Get-ADUser -Identity LeoneM -Properties memberof | select
-ExpandProperty memberof | get-adgroup | select name

This would give me the names of the groups (thank you, Google ...),
but how do I get to the descriptions of the groups that are returned?
I don't seem to see the notes property in the adgroup. How can I list
that attribute of the returned group?

If someone has a better idea, I'm all ears. :-)

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: System/file monitoring

[Christopher Bodnar]

It isn't cheap. Usually not the best choice for a smaller company. As ASB 
mentioned there is Tripwire as well. I use both products and there is some 
overlap with functionality. I consider Tripwire more of a compliance tool, 
as where Varonis is more of an auditing tool. I think DataAdvantage would 
better fit your needs in this case. 

YMMV

Chris







From:   "Ray" 
To: "NT System Admin Issues" 
Date:   09/25/2012 02:07 PM
Subject:RE: System/file monitoring



I couldn’t even find a price.  The demo says “in a couple hours our 
engineers will help get you up and running”. 
 
From: Andrew S. Baker [mailto:asbz...@gmail.com] 
Sent: Tuesday, September 25, 2012 10:12 AM
To: NT System Admin Issues
Subject: Re: System/file monitoring
 
Varonis is a strong player here, but the price will probably be higher. 
OTOH, I did suggest TripWire which is not known for low prices in the 
enterprise space. :)

ASB
http://XeeMe.com/AndrewBaker
Harnessing the Advantages of Technology for the SMB market…


On Tue, Sep 25, 2012 at 8:18 AM, Christopher Bodnar <
christopher_bod...@glic.com> wrote:
Have you looked at this? 

http://www.varonis.com/products/datadvantage/windows/index.html 




Chris 






From:"Ray"  
To:"NT System Admin Issues"  
Date:09/24/2012 05:45 PM 
Subject:RE: System/file monitoring 



Auditing has been enabled. The MS logfiles are just too "chatty". But
filesystemwatcher looks interesting. Thanks. 
-Original Message-
From: Joseph L. Casale [
mailto:jcas...@activenetwerx.com] 
Sent: Monday, September 24, 2012 1:34 PM
To: NT System Admin Issues
Subject: RE: System/file monitoring

I have to be honest, I wouldn't pay for such a thing.
A quick look has me guessing windows can provide all this info natively.
Enabling auditing for example and use a query to mine the relevant info. 
If
you needed to act on a file system event, there is the file system watcher
class which you can leverage either yourself or through some opensource
implementations that allow you to run the watcher as a service.

Is what your after just logging for accountability?

jlc

From: Ray [rz...@qwest.net]
Sent: Monday, September 24, 2012 2:09 PM

To: NT System Admin Issues
Subject: System/file monitoring

I tried a trial version of this: 
http://www.poweradmin.com/file-sight/ =

which seems to do what I need.  I have a lot of users I can't necessarily
trust, not to mention just being careless. Anyway, what this does is just
keep an eye on the folders and files to see who's creating, deleting or
moving them.

Just curious if anyone's using something "better".

TIA
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: GPO preventing RDP from Other Domains

[Christopher Bodnar]

Can you export the settings of that GPO and post them here (omitting any 
privacy related information of course).

What is the multi domain layout? Multiple forests? 

What is the exact message you get when RDP doesn't work from the Win 7 
machine? 

Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   winsys 
To: "NT System Admin Issues" 
Date:   09/25/2012 08:32 AM
Subject:GPO preventing RDP from Other Domains



I have Win2K8 R2 member servers in a multi domain environment.
I RDP to them from a Win 7 PC in 1 of the domains.
A new member server GPO has been applied to the Win2K8 R2 boxes and now I 
am unable to RDP to them.
I can RDP to them from another Win2K8 server outside of their domain, but 
NOT from a Win 7 PC.
When I unlink the GPO all works fine again.
Any idea what setting in the GPO causes this and what the fix would be?

Thanks!
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: System/file monitoring

[Christopher Bodnar]

Have you looked at this? 

http://www.varonis.com/products/datadvantage/windows/index.html





Chris






From:   "Ray" 
To: "NT System Admin Issues" 
Date:   09/24/2012 05:45 PM
Subject:RE: System/file monitoring



Auditing has been enabled. The MS logfiles are just too "chatty". But
filesystemwatcher looks interesting. Thanks. 

-Original Message-
From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] 
Sent: Monday, September 24, 2012 1:34 PM
To: NT System Admin Issues
Subject: RE: System/file monitoring

I have to be honest, I wouldn't pay for such a thing.
A quick look has me guessing windows can provide all this info natively.
Enabling auditing for example and use a query to mine the relevant info. 
If
you needed to act on a file system event, there is the file system watcher
class which you can leverage either yourself or through some opensource
implementations that allow you to run the watcher as a service.

Is what your after just logging for accountability?

jlc

From: Ray [rz...@qwest.net]
Sent: Monday, September 24, 2012 2:09 PM
To: NT System Admin Issues
Subject: System/file monitoring

I tried a trial version of this: http://www.poweradmin.com/file-sight/ =
which seems to do what I need.  I have a lot of users I can't necessarily
trust, not to mention just being careless. Anyway, what this does is just
keep an eye on the folders and files to see who's creating, deleting or
moving them.

Just curious if anyone's using something "better".

TIA


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Certification time?

[Christopher Bodnar]

All of those certifications are valuable in the industry, but it's a very 
subjective area. I'd say what are you trying to do in the next 3 years? 
Moving into a specific area of expertise? Sys Admin, Network, 
Virtualization, security? Or are you moving more towards management or 
compliance? If so Six Sigma , ITIL, etc might be a good choice. 

Some more basic information about what you would like to do over the next 
few years would help give you some suggestions. 

Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Mathew Shember 
To: "NT System Admin Issues" 
Date:   09/18/2012 12:23 PM
Subject:Certification time?



First off to avoid the question and value of certifications; I tend to 
view them as resume garnish which helps get you by HR filters.
 
The question is which to pursue?  I think all of mine have expired and my 
new organization seems to place value on them.
 
They have all the training stuff for 2003 but I am thinking that’s a 
little too old even though it seems to be in many places.  One guy told me 
why not get it and then take the upgrade test for 2008?
 
Redhat Engineer?  Worth it?
 
The ever present CCNA and CCNP.  At the moment I am out of the networking 
areas but will probably reup.
 
Vmware.  Any value to VCP?
 
Citrix?
 
Any other areas? 
 
Thank you for donating a minute to read this.
 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
<>

Flash and RDS with Thin clients

[Christopher Bodnar]

Wanted to know if anyone has run into this yet. 
Environment:
All servers Windows Server 2008 R2 
The environment is a small office with (3) Hyper-V hosts each with an RDS 
VM. All configured identically (or so I thought). Problem occurred when a 
Thin client (Wyse C10LE) connects to one of the RDS servers (RDS2) and 
launches IE, basically IE is excruciatingly slow. Found that it is the 
Adobe Flash plug-in. Disable that and everything is fine. Weird thing is, 
the other (2) RDS servers are not experiencing this issue, and they both 
have the same Flash plug-in installed. And if I launch an RDP session to 
RDS2 from a Windows machine, works fine as well. Definitely seems to be a 
permissions issue. Since while logged on as a user who is experiencing the 
issue, if I launch IE as an admin with “Run As Administrator” I don’t 
experience the issue. I’ve tried uninstalling and re-installing Flash. No 
luck. Then I found this article, which didn’t work, but does seem to have 
the same symptoms:
http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/409d2f04-3eb6-4be9-a8c6-1583b21ca446
I’ve removed Flash from that box for the time being, but would love to 
know what it is and how to fix it. 

Thanks,

Chris




-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: New Domain Controllers

[Christopher Bodnar]

My first question is why are you looking to replace your domain 
controllers right now? What's the driver? Old hardware at EOL? Off lease? 
Moving to 2008 FFL/DFL? Single Forest ? Single domain? Going under the 
assumption that you have a business driver, I would suggest having one 
physical DC at each site, and one virtual at each site. 



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Robert Peterson 
To: "NT System Admin Issues" 
Date:   09/11/2012 11:36 AM
Subject:New Domain Controllers



Does anyone have Best Practices for the type and number of DCs they would 
recommend for the following environment?
Happy to hear ideas and receive links to further reading.
Thx,
Robert
 
Current environment…
Two sites with a T3 connecting both.
Current DCs: (Qty- 4) “Hard server” Server 2003, two at each site.
20 various system servers each site.
700 users each site.
 
Each site, has (2) Hyper-V hosts with High Availability within the site.
 
Questions:
Should I replace all 4 – “hard” DCs, with VMs?
I was thinking a DC on each Hyper-V host, but not in the Fail-Over 
cluster…?
Do I need 4 DCs, 2 on each site?
Should I build at least one “hard” DC at each site?
 
Been thinking Server 2008R2, should I jump to Server 2012 for the new DCs?
 
 
Again, would love to hear everyone’s ideas, and/or be pointed at some good 
reading.
All the best!
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
<>

Re: OT: Phone plan

[Christopher Bodnar]

I've switched my wife and myself over to Straight Talk, both of us have 
the iPhone 4 and have been happy with the service. No issues so far. I was 
more interested in anyone that had done something like this before. Bought 
a phone for one network to get the lower price on the phone, then 
immediately switched to another. 

Thanks


Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   "Matthew W. Ross" 
To: "NT System Admin Issues" 
Date:   09/05/2012 12:30 PM
Subject:Re: OT: Phone plan



My father went down the line of a refurbished iPhone 4 with the Straight 
Talk plan. Making the change to put it on the new carrier did not require 
me to unlock the phone. 

Thus far, he's been extremely happy with the service. He doesn't use heavy 
internet (say, Netflix) on Straight Talk, but he does use it for emails, 
iMessage texting and some web browsing.

The guide we had to do the conversion for the phone noted the following: 
The official tag line is that the internet is "unlimited". The unofficial 
line is that after about 100 megs or so, they will start rate limiting 
you. This wasn't a problem for my father's planned use of the phone.

FYI


--Matt Ross
Ephrata School District


- Original Message -
From: Christopher Bodnar
[mailto:christopher_bod...@glic.com]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Wed, 05 Sep 2012
07:54:14 -0800
Subject: OT: Phone plan


> Anyone else see this? 
> 
> 
http://www.engadget.com/2012/09/04/samsung-galaxy-s-ii-for-t-mobile-299-without-contract/

> 
> Thinking about getting this for my daughter for the first month, then 
> switching her over to the Straight talk plan. Seems like a good way to 
get 
> the phone for $299. Don't thing the 100 minutes would be sufficient for 
> her, and the $45/month straight talk plan is a better option then the 
> other T-mobile plans ($50 and $60). 
> 
> 
> 
> 
> 
> Christopher Bodnar 
> Enterprise Architect I, Corporate Office of Technology:Enterprise 
> Architecture and Engineering Services 
> Tel 610-807-6459 
> 3900 Burgess Place, Bethlehem, PA 18017 
> christopher_bod...@glic.com 
> 
> 
> 
> 
> The Guardian Life Insurance Company of America
> 
> www.guardianlife.com 
> 
> 
> 
> 
> 
> -
> This message, and any attachments to it, may contain information
> that is privileged, confidential, and exempt from disclosure under
> applicable law.  If the reader of this message is not the intended
> recipient, you are notified that any use, dissemination,
> distribution, copying, or communication of this message is strictly
> prohibited.  If you have received this message in error, please
> notify the sender immediately by return e-mail and delete the
> message and any attachments.  Thank you.
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

OT: Phone plan

[Christopher Bodnar]

Anyone else see this? 

http://www.engadget.com/2012/09/04/samsung-galaxy-s-ii-for-t-mobile-299-without-contract/

Thinking about getting this for my daughter for the first month, then 
switching her over to the Straight talk plan. Seems like a good way to get 
the phone for $299. Don't thing the 100 minutes would be sufficient for 
her, and the $45/month straight talk plan is a better option then the 
other T-mobile plans ($50 and $60). 





Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 





-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: Deploying Printers in Group Policy not working for non-admins

[Christopher Bodnar]

Too funny, I was just about to type up the exact same question. I ran into 
this same scenario last night. The only thing that I found different was 
between 2 different printers. In my case the printers are:

Canon iR3245
HP Officejet 8600

So I deployed the iR3245 first via GPO using the Print Management method 
and none of the users received the mapping. But I could map the printer 
manually. So I finally decided to test using the 2nd printer, using the 
same method and the OfficeJet mapped successfully. I then went and 
published the iR3245 via GPO preferences, and that worked.  The only thing 
I can think of is that for some reason its a driver issue, but I can't 
think of what that would be.

Not sure if this is relavent, but this is a ThinClient environment. All 
Hyper-V hosts with RDS and clients are Wyse C10LE.  All servers are 
Windows 2008 R2.






Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   "Matthew W. Ross" 
To: "NT System Admin Issues" 
Date:   08/30/2012 06:02 PM
Subject:Deploying Printers in Group Policy not working for 
non-admins



Good Afternoon.

I'm deploying printers using Group Policy. We have Windows Server 20008 R2 
Domain controllers and Windows 7 desktops. I have a new lab that I wanted 
to deploy the network printers. In this one lab, for some reason, 
Administrators see the printers. Non-admins do not.

I am using the Print Management GUI to deploy the printers. I have them 
deployed via a Group Policy that is assigned to all computers in an OU, 
not users. The printers are being setup as TCP/IP printers and the drivers 
are being distributed by the print server.

Now... why is this working in all of my labs that I have setup but this 
one? And why only Admins? Has anybody else run into this problem?


--Matt Ross
Ephrata School District

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: Ultrabook

[Christopher Bodnar]

How about this? 

http://www.amazon.com/Sony-Notebook-i7-2860QM-generation-processor/dp/B005OUKTM0



Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Webster 
To: "NT System Admin Issues" 
Date:   08/30/2012 08:32 AM
Subject:Ultrabook



I am trying to find an Ultrabook that meets the following specs:

holds 16GB RAM (or upgradable to 16GB RAM)
at least a 512GB SSD
15" screen
USB3 ports

I have looked on Newegg, Amazon, Dell and Samsung sites and haven't found 
one that will support more than 8GB RAM with a 14" screen.

Do any of you know of an Ultrabook that meets those specs?  I will wipe 
and load the system with Win7 x64 Pro.

Thanks


Carl Webster
Consultant and Citrix Technology Professional
http://www.CarlWebster.com
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: LDAP authentication across external trust

[Christopher Bodnar]

Yes Ken you have summed it up correctly. Never had to do something like 
this before, but find it odd that this is no work around to get the Domain 
B DC to hand off the authentication to the Domain A DC for the client. 
I've got a call with Microsoft today to discuss this. I think you are 
right, the only way I'm going to get this to work is to have the 
application server (client) be allowed to authenticate to domain A after 
the DC hands it the referral. Ugh...

Thanks


Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Ken Schaefer 
To: "NT System Admin Issues" 
Date:   08/29/2012 10:09 PM
Subject:RE: LDAP authentication across external trust



Unless I’m reading your setup incorrectly:
You have a one-way trust with selective authentication. When WebPortal 
(part of Domain B) contacts a Domain B DC, the Domain B DC would provide a 
referral to a Domain A DC (assuming the correct external cross-reference 
object exists). However your web portal server in Domain B would not be 
able to authenticate to the Domain A DC.
 
So, you either need a two-way trust, or configure your application to bind 
to a Domain A DC (with Domain A service account) to validate users.
 
Cheers
Ken
 
From: Christopher Bodnar [mailto:christopher_bod...@glic.com] 
Sent: Thursday, 30 August 2012 7:16 AM
To: NT System Admin Issues
Subject: Re: LDAP authentication across external trust
 
Sorry ... separate forests. (acme.com and widgets.com) 


Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 


The Guardian Life Insurance Company of America

www.guardianlife.com 






From:Don Kuhlman  
To:"NT System Admin Issues"  
Date:08/29/2012 04:59 PM 
Subject:Re: LDAP authentication across external trust 




Hi Chris. Are they in the same Forest or separate ?  eg 
domaina.company.com and domainb.company.com or domaina.com an domainb.com 
?

Don K



From: Christopher Bodnar 
To: NT System Admin Issues  
Sent: Wednesday, August 29, 2012 2:08 PM
Subject: LDAP authentication across external trust 

We have 2 domains with a one way trust relationship (Domain A is Trusted, 
Domain B is Trusting). Domain B is in a DMZ. So Domain A users can access 
resources in domain B with their Domain A credentials. Also using 
selective authentication for this trust. Works great 

Working with a vendor  to implement a new system. The issue is that they 
are trying to authenticate Domain A users from within  Domain B (web 
portal is in domain B) across the trust relationship using LDAP. So they 
are pointing the LDAP bind to a Domain B DC, and it's not working. Anyone 
doing something like this? Never had to setup anything like this before. 
Vendor isn't real helpful in this situation. I'm not even positive what 
domain the base DN should be. Been trying both each time we make a change. 
So far no luck. Also not seeing any specific errors on the domain 
controller yet. Bad thing is that not sure what DC the Domain B domain 
controller is bouncing the request off of in Domain A. We have quite a 
few, and the logs are pretty hefty. Probably gonna have to put WireShark 
on this to look at the packets to get a clue. 

Any help is appreciated. 

Thanks, 

Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 


The Guardian Life Insurance Company of America

www.guardianlife.com 



- This message, and any 
attachments to it, may contain information that is privileged, 
confidential, and exempt from disclosure under applicable law. If the 
reader of this message is not the intended recipient, you are notified 
that any use, dissemination, distribution, copying, or communication of 
this message is strictly prohibited. If you have received this message in 
error, please notify the sender immediately by return e-mail and delete 
the message and any attachments. Thank you. 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click