RE: End of month plan B for list shutdown.
I had to work with one of the Ed’s, (Crowley) when he used to work here and we migrated to win95/Exchange/NT from win31/Vines. Now *that* was fun. Thought I would kill him at first but ended up with an enduring respect for his abilities and I actually really like him today. From: Ryan Finnesey [mailto:r...@finnesey.com] Sent: Monday, April 29, 2013 9:58 PM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. Also got to work with some of them on a exchange 2000 install lots of fun Sent from my Windows Phone From: Tim Evans Sent: 4/30/2013 12:38 AM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. They were cool, right? …Tim -Original Message- From: Ryan Finnesey [mailto:r...@finnesey.com] Sent: Monday, April 29, 2013 8:17 PM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. I remember lots of chatter and banter back in the day on the old exchange list regarding PSTs and brick-level backups lol -Original Message- From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Monday, April 29, 2013 3:08 PM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. ➢ Just hate the web based forums Me too, but I think most of the people that migrated over there didn't like the chatter on the list. From: Ryan Finnesey [mailto:r...@finnesey.com] Sent: Monday, April 29, 2013 1:57 PM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. I need to pop over there and check it out….. Just hate the web based forums…… maybe we can get them back on the new listserv. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Monday, April 29, 2013 1:42 PM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. Many of the Exchange swynk people are on the Microsoft forums; some of them have moved on (into management, ownership, and other career changes); some of them have retired. From: Ryan Finnesey [mailto:r...@finnesey.com] Sent: Monday, April 29, 2013 12:55 PM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. I really miss the old Swynk exchange list. Great group of people, good time had on the list and even more fun meeting up with them at MECs. Cheers Ryan From: Pete Howard [mailto:pchow...@yahoo.com] Sent: Monday, April 29, 2013 11:16 AM To: NT System Admin Issues Subject: Re: End of month plan B for list shutdown. Rods lists at myitorum have a long history in tech lists that go way back to when most of the old Swynk lists of from the late 90s to early 00s migrated there. Swynk had a great sms and exchange community and I know all the SMS\SCCM people went to myitforum. Not sure what happened to the exchange community but it never seemed the same. From: Kennedy, Jim kennedy...@elyriaschools.orgmailto:kennedy...@elyriaschools.org To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Monday, April 29, 2013 10:44 AM Subject: RE: End of month plan B for list shutdown. Rob’s list has picked up a few peeps already. It is fast, it is both email and web so people can do it the way they want. Consensus seems to be Rob’s. From: Richard McClary [mailto:richard.mccl...@aspca.org] Sent: Monday, April 29, 2013 10:43 AM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. Question – we’ve had both Rod and Ben offer to host, and both have given links. Do those wishing to continue a mail-based (rather than web-based) forum go with Rod’s? Is that what the agreement seems to be? Thanks to both Rod and Ben! -- richard From: Rod Trent [mailto:rodtr...@myitforum.com] Sent: Monday, April 29, 2013 9:29 AM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. Done. Link is here: http://myitforum.com/myitforumwp/services/email-lists/ Rod Trent From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Monday, April 29, 2013 10:18 AM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. Sounds good to me and post the link so we can start over there… Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org Work:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you.
RE: End of month plan B for list shutdown.
In a sense we had ~500 because each Banyan server was a separate entity from a mail perspective that had to be dealt with individually. The project name had a fancy acronym but Ed just called it the Darwin project. From: Ryan Finnesey [mailto:r...@finnesey.com] Sent: Tuesday, April 30, 2013 9:24 AM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. Ed was one of the people I worked with on the project. We had over 100 different mail systems going into one single AD/Exchange 2000. very fun project. From: Free, Bob Sent: Tuesday, April 30, 2013 10:50 AM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. I had to work with one of the Ed’s, (Crowley) when he used to work here and we migrated to win95/Exchange/NT from win31/Vines. Now *that* was fun. Thought I would kill him at first but ended up with an enduring respect for his abilities and I actually really like him today. From: Ryan Finnesey [mailto:r...@finnesey.com] Sent: Monday, April 29, 2013 9:58 PM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. Also got to work with some of them on a exchange 2000 install lots of fun Sent from my Windows Phone From: Tim Evans Sent: 4/30/2013 12:38 AM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. They were cool, right? …Tim -Original Message- From: Ryan Finnesey [mailto:r...@finnesey.com] Sent: Monday, April 29, 2013 8:17 PM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. I remember lots of chatter and banter back in the day on the old exchange list regarding PSTs and brick-level backups lol -Original Message- From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Monday, April 29, 2013 3:08 PM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. ➢ Just hate the web based forums Me too, but I think most of the people that migrated over there didn't like the chatter on the list. From: Ryan Finnesey [mailto:r...@finnesey.com] Sent: Monday, April 29, 2013 1:57 PM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. I need to pop over there and check it out….. Just hate the web based forums…… maybe we can get them back on the new listserv. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Monday, April 29, 2013 1:42 PM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. Many of the Exchange swynk people are on the Microsoft forums; some of them have moved on (into management, ownership, and other career changes); some of them have retired. From: Ryan Finnesey [mailto:r...@finnesey.com] Sent: Monday, April 29, 2013 12:55 PM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. I really miss the old Swynk exchange list. Great group of people, good time had on the list and even more fun meeting up with them at MECs. Cheers Ryan From: Pete Howard [mailto:pchow...@yahoo.com] Sent: Monday, April 29, 2013 11:16 AM To: NT System Admin Issues Subject: Re: End of month plan B for list shutdown. Rods lists at myitorum have a long history in tech lists that go way back to when most of the old Swynk lists of from the late 90s to early 00s migrated there. Swynk had a great sms and exchange community and I know all the SMS\SCCM people went to myitforum. Not sure what happened to the exchange community but it never seemed the same. From: Kennedy, Jim kennedy...@elyriaschools.orgmailto:kennedy...@elyriaschools.org To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Monday, April 29, 2013 10:44 AM Subject: RE: End of month plan B for list shutdown. Rob’s list has picked up a few peeps already. It is fast, it is both email and web so people can do it the way they want. Consensus seems to be Rob’s. From: Richard McClary [mailto:richard.mccl...@aspca.org] Sent: Monday, April 29, 2013 10:43 AM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. Question – we’ve had both Rod and Ben offer to host, and both have given links. Do those wishing to continue a mail-based (rather than web-based) forum go with Rod’s? Is that what the agreement seems to be? Thanks to both Rod and Ben! -- richard From: Rod Trent [mailto:rodtr...@myitforum.com] Sent: Monday, April 29, 2013 9:29 AM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. Done. Link is here: http://myitforum.com/myitforumwp/services/email-lists/ Rod Trent From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Monday, April 29, 2013 10:18 AM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. Sounds good to me and post the link so we can start over there… Z Edward E. Ziots, CISSP, CISA, Security
RE: [dkim-failure] Re: End of month plan B for list shutdown.
Close enough :-) -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, April 30, 2013 9:51 AM To: NT System Admin Issues Subject: [dkim-failure] Re: End of month plan B for list shutdown. On Tue, Apr 30, 2013 at 12:39 PM, Free, Bob r...@pge.com wrote: In a sense we had ~500 because each Banyan server was a separate entity from a mail perspective that had to be dealt with individually. The project name had a fancy acronym but Ed just called it the Darwin project. Millennium Year Application Software System? -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: End of month plan B for list shutdown.
Lots of that stuff although it was a separate group as we had a pretty large distributed SNA network that predated that new-fangled Banyan stuff. Coin of the realm back then with us Banyan admins in remote sites was ICA cards and SNA option keys, especially the 64 or 96 LU ☺ I remember when this caused much consternation amongst the users- http://support.microsoft.com/kb/89172 From: Pete Howard [mailto:pchow...@yahoo.com] Sent: Tuesday, April 30, 2013 11:02 AM To: NT System Admin Issues Subject: [dkim-failure] Re: End of month plan B for list shutdown. Going old school now .. you must have had some SNADS and PROFS ? From: Free, Bob Sent: Tuesday, April 30, 2013 10:50 AM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. I had to work with one of the Ed’s, (Crowley) when he used to work here and we migrated to win95/Exchange/NT from win31/Vines. Now *that* was fun. Thought I would kill him at first but ended up with an enduring respect for his abilities and I actually really like him today. From: Ryan Finnesey [mailto:r...@finnesey.com] Sent: Monday, April 29, 2013 9:58 PM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. Also got to work with some of them on a exchange 2000 install lots of fun Sent from my Windows Phone From: Tim Evans Sent: 4/30/2013 12:38 AM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. They were cool, right? …Tim -Original Message- From: Ryan Finnesey [mailto:r...@finnesey.com] Sent: Monday, April 29, 2013 8:17 PM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. I remember lots of chatter and banter back in the day on the old exchange list regarding PSTs and brick-level backups lol -Original Message- From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Monday, April 29, 2013 3:08 PM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. ➢ Just hate the web based forums Me too, but I think most of the people that migrated over there didn't like the chatter on the list. From: Ryan Finnesey [mailto:r...@finnesey.com] Sent: Monday, April 29, 2013 1:57 PM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. I need to pop over there and check it out….. Just hate the web based forums…… maybe we can get them back on the new listserv. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Monday, April 29, 2013 1:42 PM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. Many of the Exchange swynk people are on the Microsoft forums; some of them have moved on (into management, ownership, and other career changes); some of them have retired. From: Ryan Finnesey [mailto:r...@finnesey.com] Sent: Monday, April 29, 2013 12:55 PM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. I really miss the old Swynk exchange list. Great group of people, good time had on the list and even more fun meeting up with them at MECs. Cheers Ryan From: Pete Howard [mailto:pchow...@yahoo.com] Sent: Monday, April 29, 2013 11:16 AM To: NT System Admin Issues Subject: Re: End of month plan B for list shutdown. Rods lists at myitorum have a long history in tech lists that go way back to when most of the old Swynk lists of from the late 90s to early 00s migrated there. Swynk had a great sms and exchange community and I know all the SMS\SCCM people went to myitforum. Not sure what happened to the exchange community but it never seemed the same. From: Kennedy, Jim kennedy...@elyriaschools.orgmailto:kennedy...@elyriaschools.org To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Monday, April 29, 2013 10:44 AM Subject: RE: End of month plan B for list shutdown. Rob’s list has picked up a few peeps already. It is fast, it is both email and web so people can do it the way they want. Consensus seems to be Rob’s. From: Richard McClary [mailto:richard.mccl...@aspca.org] Sent: Monday, April 29, 2013 10:43 AM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. Question – we’ve had both Rod and Ben offer to host, and both have given links. Do those wishing to continue a mail-based (rather than web-based) forum go with Rod’s? Is that what the agreement seems to be? Thanks to both Rod and Ben! -- richard From: Rod Trent [mailto:rodtr...@myitforum.com] Sent: Monday, April 29, 2013 9:29 AM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. Done. Link is here: http://myitforum.com/myitforumwp/services/email-lists/ Rod Trent From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Monday, April 29, 2013 10:18 AM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. Sounds good to me and post the link so we can start
RE: The list?
It's Memorex. That is why you hear the sound of shattering glass. From: Webster [mailto:webs...@carlwebster.com] Sent: Tuesday, April 30, 2013 12:35 PM To: NT System Admin Issues Subject: RE: The list? It is or is it? Thanks Webster From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Tuesday, April 30, 2013 2:30 PM To: NT System Admin Issues Subject: Re: The list? But it is webscale. On Tuesday, April 30, 2013, James Rankin wrote: It's a new feature - manual mirroring. In that you post the same stuff to both. On 30 April 2013 18:05, Stringham, Steven sstri...@lrlaw.commailto:sstri...@lrlaw.com wrote: Yes, but does it automatic failover? Is it load balanced? From: kz2...@googlemail.commailto:kz2...@googlemail.com [mailto:kz2...@googlemail.com] Sent: Tuesday, April 30, 2013 9:38 AM To: NT System Admin Issues Subject: Re: The list? We now have list redundancy Sent from my Blackberry, which may be an antique but delivers email RELIABLY From: Ryan Finnesey r...@finnesey.commailto:r...@finnesey.com Date: Tue, 30 Apr 2013 16:29:46 + To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: The list? I hate to jinks it but it seem the list is still up and running? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin For more information about Lewis and Roca LLP, please go to www.lewisandroca.comhttp://www.lewisandroca.com/. Phoenix (602)262-5311 Reno (775)823-2900 Tucson (520)622-2090 Albuquerque (505)764-5400 Las Vegas (702)949-8200 Silicon Valley (650)391-1380 This message is intended only for the use of the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the sende -- James Rankin Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.uk ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.comjavascript:_e(%7b%7d,%20'cvml',%20'listmana...@lyris.sunbeltsoftware.com'); with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: End of month plan B for list shutdown.
Nice. 502. That's an error. The server encountered a temporary error and could not complete your request. Please try again in 30 seconds. That's all we know. Typical google :-] -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Monday, April 29, 2013 5:40 AM To: NT System Admin Issues Subject: [dkim-failure] Re: End of month plan B for list shutdown. On Mon, Apr 29, 2013 at 8:14 AM, Kennedy, Jim kennedy...@elyriaschools.org wrote: The end of the month and allegedly the end of the list is tomorrow. We need a plan B to get back in contact to get this going again if possible. Someone got a blog we can bookmark for new/announcements that would be willing to post anything they hear? Until something better comes along, I offer this: https://sites.google.com/site/mailvortex/ntsysadmin I'll also update that after something better comes along. This is intended to be a quick response, not a good one. :-) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: So where is this new list signup?
Yea YOU are here but what did you do with Stu? From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Monday, April 29, 2013 11:10 AM To: NT System Admin Issues Subject: [dkim-failure] Re: So where is this new list signup? I'm still here. On Mon, Apr 29, 2013 at 11:29 AM, Webster webs...@carlwebster.commailto:webs...@carlwebster.com wrote: Link is here: http://myitforum.com/myitforumwp/services/email-lists/ Thanks Webster -Original Message- From: Michael Leone [mailto:oozerd...@gmail.commailto:oozerd...@gmail.com] Sent: Monday, April 29, 2013 10:06 AM To: NT System Admin Issues Subject: So where is this new list signup? The list is moving, right? (I don't get to read it every day, so I probably missed something). So do I need to go and sign up for the new home of the list, or will I be migrated over as an existing user? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt- software.com/read/my_forums/http://software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: [NTSysADM] Re: End of month plan B for list shutdown.
Since the GFI list is as yet imaginary would it be an imaginary subscription? From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: Monday, April 29, 2013 9:25 AM To: NT System Admin Issues Subject: RE: [NTSysADM] Re: End of month plan B for list shutdown. Also, might be nice to subscribe Rod's list to the GFI list so all messages to GFI go to both places in the interim. From: James Rankin [mailto:kz2...@googlemail.com] Sent: Monday, April 29, 2013 10:16 AM To: NT System Admin Issues Subject: [NTSysADM] Re: End of month plan B for list shutdown. I think we need someone to send out an official communication to pick everyone up :-) On 29 April 2013 16:09, Pete Howard pchow...@yahoo.commailto:pchow...@yahoo.com wrote: Just joined too From: Ziots, Edward ezi...@lifespan.orgmailto:ezi...@lifespan.org To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Monday, April 29, 2013 10:41 AM Subject: RE: End of month plan B for list shutdown. Just joined myself, appreciate it Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org Work:401-444-9081tel:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Kennedy, Jim [mailto:kennedy...@elyriaschools.orgmailto:kennedy...@elyriaschools.org] Sent: Monday, April 29, 2013 10:38 AM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. Thank you very much Sir. From: Rod Trent [mailto:rodtr...@myitforum.com] Sent: Monday, April 29, 2013 10:29 AM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. Done. Link is here: http://myitforum.com/myitforumwp/services/email-lists/ Rod Trenthttp://myitforum.com/myitforumwp/community/members/rodtrent/ [myITSMButton]http://www.myitforum.com/[TwitterButton]http://twitter.com/rodtrent[Facebookbutton]http://www.facebook.com/rodtrent[LinkedInButton]http://www.linkedin.com/profile/view?id=2881785 From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Monday, April 29, 2013 10:18 AM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. Sounds good to me and post the link so we can start over there... Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org Work:401-444-9081tel:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: David Lum [mailto:david@nwea.org] Sent: Monday, April 29, 2013 9:05 AM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. I vote do it. I prefer e-mail to web forum for this stuff. From: rodtr...@myitforum.commailto:rodtr...@myitforum.com [mailto:rodtr...@myitforum.com] Sent: Monday, April 29, 2013 5:23 AM To: NT System Admin Issues Subject: Re: End of month plan B for list shutdown. I can set up a list in a few minutes, just say the word. We already host over 25 lists and have plenty of bandwidth to spare. Sent from Microsoft Surface Pro From: Kennedy, Jim Sent: Monday, April 29, 2013 8:14 AM To: NT System Admin Issues The end of the month and allegedly the end of the list is tomorrow. We need a plan B to get back in contact to get this going again if possible. Someone got a blog we can bookmark for new/announcements that would be willing to post anything they hear? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally,
RE: ALERT : NTSYSADMIN LIST MIGRATION
You're right, the older I get the more it annoys me... that brings up probably the best stat to solve this whole mystery: age Turn your monitor upside down and this will be easier to read in context -Original Message- From: Rod Trent [mailto:rodtr...@myitforum.com] Sent: Friday, April 26, 2013 8:03 AM To: NT System Admin Issues Subject: RE: ALERT : NTSYSADMIN LIST MIGRATION And, that brings up probably the best stat to solve this whole mystery: age. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, April 26, 2013 10:23 AM To: NT System Admin Issues Subject: Re: ALERT : NTSYSADMIN LIST MIGRATION On Fri, Apr 26, 2013 at 7:11 AM, Doug Hampshire dhampsh...@gmail.com wrote: Bottom posting: Something abandoned a long time ago by everyone except Kurt. It's annoying as heck on a PC and makes reading threads on a mobile device significantly more difficult. But then again it's a free country and if Kurt wants to continue to write a paper check, make the entry into the checkbook register, and update the running balance while five people stand behind him in line at the grocery store so be it. But I also have the right to glare at him and make snide comments about those fancy new debit cards all the cool kids are using these days. No checks for me. Cash only - can't forge a $20 bill in my name. Too risky. You might want to check with Ben before characterizing my posting habits as unique to me. Also, portable devices for email - don't like 'em. Too darn hard to work with and see the messages on. Get off my lawn. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: ALERT : NTSYSADMIN LIST MIGRATION
deaned :-] -Original Message- From: Angus Scott-Fleming [mailto:angu...@geoapps.com] Sent: Friday, April 26, 2013 9:05 AM To: NT System Admin Issues Subject: Re: ALERT : NTSYSADMIN LIST MIGRATION All you top posters, see answer inline. On 26 Apr 2013 at 7:23, Kurt Buff wrote: On Fri, Apr 26, 2013 at 7:11 AM, Doug Hampshire dhampsh...@gmail.com wrote: Bottom posting: Something abandoned a long time ago by everyone except Kurt. It's annoying as heck on a PC and makes reading threads on a mobile device significantly more difficult. But then again it's a free country and if Kurt wants to continue to write a paper check, make the entry into the checkbook register, and update the running balance while five people stand behind him in line at the grocery store so be it. But I also have the right to glare at him and make snide comments about those fancy new debit cards all the cool kids are using these days. No checks for me. Cash only - can't forge a $20 bill in my name. Too risky. You might want to check with Ben before characterizing my posting habits as unique to me. Also, portable devices for email - don't like 'em. Too darn hard to work with and see the messages on. Get off my lawn. +1 -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Startup processes
It essentially delays presentation of the gina/desktop till startup and GPO processing complete. Windows clients XP and above support Fast Logon Optimization in a domain environment. To turn off Fast Logon Optimization, you can use the policy setting. With logon optimization- Policy settings apply asynchronously when the computer starts and when the user signs in. As a result, Windows 8, Windows 7, Windows Vista, and Windows XP do not wait for the network to be fully initialized at startup and sign-in. Existing users are logged on by using cached credentials. This results in shorter logon times. Group Policy is applied in the background after the network becomes available. Without- Windows waits for the network to be fully initialized before users are logged on. This results in the synchronous application of policies when the computer starts and when the user logs on. This application of policies resembles a background refresh process and can increase the time that is required for the Logon dialog box to display and the time that is required for the shell to be available to the user. From: Guyer, Don [mailto:dgu...@che.org] Sent: Thursday, April 25, 2013 7:10 AM To: NT System Admin Issues Subject: RE: Startup processes I thought that setting just delayed GPO processing? Regards, Don Guyer Catholic Health East - Information Technology Enterprise Directory Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: dgu...@che.orgmailto:dgu...@che.org Office: 610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440 For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839. [Description: Description: Description: InfoService-Logo240] From: James Rankin [mailto:kz2...@googlemail.com] Sent: Thursday, April 25, 2013 9:37 AM To: NT System Admin Issues Subject: Re: Startup processes Actually hang on, is that right? It delays all the services until the network is available? That might work - but then if no network is available, does it start those services at all? On 25 April 2013 14:22, N Parr npar...@mortonind.commailto:npar...@mortonind.com wrote: GPO - Always wait for the network at computer startup. Would this setting work for you, it won't let any other services start until the network is available. Most people turn in on anyway because it solves a lot of other issues. -Original Message- From: kz2...@googlemail.commailto:kz2...@googlemail.com [mailto:kz2...@googlemail.commailto:kz2...@googlemail.com] Sent: Thursday, April 25, 2013 7:12 AM To: NT System Admin Issues Subject: Startup processes On a Windows system, is there a process that runs on startup that will only run if there is network connectivity present? I've got a strange requirement and I need to be able to tell when the network is available, if possible. TIA, JR Sent from my Blackberry, which may be an antique but delivers email RELIABLY ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- James Rankin Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.uk ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail, including any attachments is the property of Catholic Health East and is intended for the sole use of the intended recipient(s). It may contain information that is privileged and confidential. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please delete this message, and reply to the sender regarding the error in a separate email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers'
RE: ALERT : NTSYSADMIN LIST MIGRATION
Ooohhh, the popcorn is so much better when dripping with sarcasm -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, April 25, 2013 4:11 PM To: NT System Admin Issues Subject: RE: ALERT : NTSYSADMIN LIST MIGRATION It was normal for 20 years, until Outlook didn't do it and it gained primacy. All of the other clients followed along. -Original Message- From: Rod Trent [mailto:rodtr...@myitforum.com] Sent: Thursday, April 25, 2013 5:55 PM To: NT System Admin Issues Subject: RE: ALERT : NTSYSADMIN LIST MIGRATION Oh my...that's a lot of work for both the recipient and the sender and definitely not the norm. I guess we're all just doing it wrong. :) I thought it was an email client issue, like you were using Lotus Notes or something. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, April 25, 2013 5:49 PM To: NT System Admin Issues Subject: Re: ALERT : NTSYSADMIN LIST MIGRATION See response below... On Thu, Apr 25, 2013 at 1:38 PM, Rod Trent rodtr...@myitforum.com wrote: Every time I see your messages come through I almost delete it automatically, thinking someone accidentally hit Send too soon. Then, I realize your response is *under* the original text. Tricky. Is that a Gmail thing? -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, April 25, 2013 4:13 PM To: NT System Admin Issues Subject: Re: ALERT : NTSYSADMIN LIST MIGRATION On Thu, Apr 25, 2013 at 11:44 AM, s...@knowbe4.com wrote: Hi All, You are invited to the new NTSYSADMIN list hosted by KnowBe4. This replaces the Lyris list hosted by Sunbelt Software / GFI, which will shut down at the end of this month. GFI will confirm this with a separate message. I will continue to moderate the NTSYSADMIN list from KnowBe4. Warm regards, Stu Continuity? That is, will the archives migrate too? You say invited does this mean I have to do a new signup? If so, where's the subscription info? Can you ban the indeed when used as a single word response? :) Will you finally migrate to mailman so that we can have a sane list handler? Kurt No, it's called bottom posting, and I do it by deleting the to empty lines that gmail starts with, then CTRL-END to the bottom of the message and delete the cruft that the list software appends to each message. It's (IMNSHO) the better way of pursuing a conversation, for two reasons: o- It maintains a natural flow of reading - read the post all the way through, then read the reply all the way through, instead of read the reply, then bounce down and read the original post o- If you're doing in-line replies, it's also more natural, as it's easier to maintain conversation flow while responding to individual thoughts in the original post(s). Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: BSOD patch, Microsoft urges removal.
You will have more fun finding the patch Finding it in different scenarios is laid out here pretty well- http://support.microsoft.com/kb/2839011 Just skimming so apologies if that was already mentioned From: Jon Harris [mailto:jk.har...@live.com] Sent: Monday, April 15, 2013 11:46 AM To: NT System Admin Issues Subject: RE: BSOD patch, Microsoft urges removal. It is not all that bad at least if you only have a few. I did it on Friday for one laptop and have another to do tonight. It does require a reboot. You will have more fun finding the patch to uninstall than the actual uninstall. Jon From: gswe...@acts360.commailto:gswe...@acts360.com To: ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: BSOD patch, Microsoft urges removal. Date: Mon, 15 Apr 2013 16:45:32 + http://www.computerworld.com/s/article/9238371/Microsoft_urges_Windows_7_users_to_uninstall_Blue_Screen_of_Death_patch Sounds like fun for all. Greg Sweers CEO ACTS360.comhttp://www.acts360.com/ P.O. Box 1193 Brandon, FL 33509 813-657-0849 Office 813-644-3479 Cell 813-644-3476 Fax ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: OT: Career and Social Media
It's not necessarily what you know, but who you know... Today it's more along the lines of who knows what you know IME. Street creds trumped simple familiarity long ago. -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Friday, March 22, 2013 10:50 AM To: NT System Admin Issues Subject: Re: OT: Career and Social Media Which just is more evidence for the old point: It's not necessarily what you know, but who you know... --Matt Ross Ephrata School District - Original Message - From: Andrew S. Baker [mailto:asbz...@gmail.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Fri, 22 Mar 2013 09:50:35 -0800 Subject: Re: OT: Career and Social Media Same here... *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Fri, Mar 22, 2013 at 12:26 PM, Michael B. Smith mich...@smithcons.comwrote: Most of my engagements today come because of social media. J ** ** And then repeat business, of course. ** ** *From:* Rod Trent [mailto:rodtr...@myitforum.com] *Sent:* Friday, March 22, 2013 11:39 AM *To:* NT System Admin Issues *Subject:* RE: OT: Career and Social Media ** ** My last two jobs have come about because of social media. ** ** ** ** *From:* Sam Cayze [mailto:sca...@gmail.com sca...@gmail.com] *Sent:* Friday, March 22, 2013 11:12 AM *To:* NT System Admin Issues *Subject:* RE: OT: Career and Social Media ** ** “With social media you might not have to look for a new job, it might find you” ** ** Spot on. Lately I’m always having recruiters and companies reach out to me for hire. I always ask how they find me, and they always say social media or internet presence. I haven’t published my resume anywhere (Heck, hardly even active on LinkedIn and it’s not that up to date. My Facebook is strictly personal – but I do keep a ‘clean’ presence on it). ** ** Several great offers have come my way. ** ** I take it as a sign the IT hiring is really picking up too. ** ** Sam ** ** ** ** ** ** *From:* David Lum [mailto:david@nwea.org david@nwea.org] *Sent:* Friday, March 22, 2013 8:43 AM *To:* NT System Admin Issues *Subject:* RE: OT: Career and Social Media ** ** In case you haven’t noticed, privacy is becoming history. The current young generation by and large expects to be able to find out where there friends and family are, where they eat and shop, and where they work, and they also have no problems sharing their own information with people. As these people become older and enter the corporate world, they will expect to know quite a bit about you whether or not your resume is any good, and they will likely influence company rules… ** ** The added twist is just by having family on social media, your information becomes public “I went to my dad’s 40th birthday party yesterday, not too far from the house he was born in”. Presto, your age, date and place of birth given up in one sentence by someone else. ** ** In many ways I see keeping privacy in the same vein as not having a car or a phone. You can do it, but it takes a concerted effort and a specific lifestyle to pull it off. (Oddly, I didn’t have this view until I went to a lunch/seminar that was all about security yesterday!). ** ** I’m sure when those first came out there were people who said “who needs such a thing!”. I went without a smartphone longer than many folks, but to be relevant/competitive in my field it became necessary to get one (although I still turn off location services except for the specific times I need them) and I am better off for it as it saves me a lot of time vs. if I were to be without it. ** ** Heck cellphones are now being used to inform different service providers traffic densities, average speeds, etc. so their mapping software can tell you how to avoid traffic. Big brother is here, the difference is it’s not like The Truman Show because the participants are also getting the benefits of said information. ** ** With social media you might not have to look for a new job, it might find you. I can see in a few years the conversation being “Remember when we had so send resume’s out? How lame!”. ** ** That Dilbert is spot-on whether we like it or not. ** ** *From:* Kurt Buff [mailto:kurt.b...@gmail.com kurt.b...@gmail.com] *Sent:* Thursday, March 21, 2013 7:51 PM *To:* NT System Admin Issues *Subject:* Re: OT: Career and Social Media ** ** +1000 I do not have a facebook account, nor any other social media account other than
RE: RT devices?
I had a MS PFE onsite at the beginning og the year and he had left the power brick for his laptop at his last client so he worked the whole week off his surface RT. It was kind of surprising how well they had it integrated with their business systems. Of course if they couldn't pull it off who could but I was suitably impressed. I had mine if the office that week and I learned a lot of tricks from him being so new to Win8-touch devices. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, March 20, 2013 8:01 AM To: NT System Admin Issues Subject: RE: RT devices? The Pro is very slick and I've got a hospital client that is testing them. So far, they are very happy with them. I don't think the RT is appropriate in a business environment. Just IMHO. From: Webster [mailto:webs...@carlwebster.com] Sent: Wednesday, March 20, 2013 8:32 AM To: NT System Admin Issues Subject: RE: RT devices? Not RT but the project I am on, the IT virtual desktop team is testing the Pro device and they love them. They prefer them to the iPads. I can't provide any specifics as that is not the part of the project I am working on. Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.comhttp://www.carlwebster.com/ From: Ryan Finnesey [mailto:r...@finnesey.com] Sent: Tuesday, March 19, 2013 11:42 PM To: NT System Admin Issues Subject: RT devices? I am curious to know if anyone is thinking or has deployed RT devices to their end users. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Normalizing a disk image
LOL... forgot about that... sync; sync; sync; halt -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Thursday, March 07, 2013 7:51 AM To: NT System Admin Issues Subject: [dkim-failure] Re: Normalizing a disk image On Thu, Mar 7, 2013 at 10:34 AM, Webster webs...@carlwebster.com wrote: I have still not found anything about booting multiple times before sealing the image. This reminds me of the old Unix superstition, sync three times before shutting down. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Semi-OT: Vsphere shutdown
Who said they had licenses? From: Webster [mailto:webs...@carlwebster.com] Sent: Wednesday, March 06, 2013 10:52 AM To: NT System Admin Issues Subject: RE: Semi-OT: Vsphere shutdown Iran being one of the top countries that hit my blog is a bit unnerving to say the least. I am surprised the feds haven’t come knocking asking what is going on. Plus all the “stan”s that hit my site is really weird. I wouldn’t think anyone in those countries could afford Citrix licenses. Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.comhttp://www.carlwebster.com/ From: kz2...@googlemail.commailto:kz2...@googlemail.com [mailto:kz2...@googlemail.com] Subject: Re: Semi-OT: Vsphere shutdown Webster has millions of readers. Mainly Iranians :-) Sent from my Blackberry, which may be an antique but delivers email RELIABLY From: Richard Stovall rich...@gmail.commailto:rich...@gmail.com Subject: RE: Semi-OT: Vsphere shutdown Thanks for the offer, Carl. But wouldn't I want to put it somewhere where it might actually be read? :-) But seriously, thanks for the offer. I'll see if I can find time to put something together. Richard On Mar 6, 2013 7:32 AM, Webster webs...@carlwebster.commailto:webs...@carlwebster.com wrote: I would be happy to post the article on my site. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: USB3 External HD recommendation
In the small form factor, I have had very good luck with the WD Passports over the years. Just got one of the 2TB USB3 models. Whenever I go to get a new one, I check and Seagate is getting bashed in the reviews for reliability so I stick with what has worked for me. From: Webster [mailto:webs...@carlwebster.com] Sent: Thursday, February 28, 2013 10:10 AM To: NT System Admin Issues Subject: USB3 External HD recommendation I have had seven Seagate external hard drives in my lab at various times in the last 4.5 years. The last two appear to be failing. They no longer work on my Win7 PC but work perfectly on my MacBook Pro with the Paragon NTFS for Max OS X driver. Needless to say, I am a little gun shy about getting another Seagate external drive. What drives do you recommend? The two drives that fail in Win7 but work on my Mac are 1TB USB3 drives Seagate FreeAgent GoFlex. Thanks Webster ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Slightly OT: RE: Migrate DHCP from 2003 to 2008 R2
We replaced all our old BIND and CNR infrastructure with them and it's working well. The UI is a bit challenging if you don't use it regularly but it's pretty powerful stuff, I especially like the grid concept. --Sorry for the tardy thread resurrection, been away and trying to catch up. -Original Message- From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Thursday, February 21, 2013 7:38 AM To: NT System Admin Issues Subject: RE: Slightly OT: RE: Migrate DHCP from 2003 to 2008 R2 Any thoughts on the InfoBlox appliances? A 3-letter gov agency we provide service to is considering them... -sc -Original Message- From: Webster [mailto:webs...@carlwebster.com] Sent: Wednesday, February 20, 2013 3:53 PM To: NT System Admin Issues Subject: RE: Slightly OT: RE: Migrate DHCP from 2003 to 2008 R2 I just helped move a company from Bluecat DHCP devices to Server 2008 R2 DHCP! They hated the Bluecat devices and they were a real PITA to get zone data out of. Thanks Webster -Original Message- From: Guyer, Don [mailto:dgu...@che.org] Sent: Wednesday, February 20, 2013 2:04 PM To: NT System Admin Issues Subject: Slightly OT: RE: Migrate DHCP from 2003 to 2008 R2 It's also a good excuse/time to clean everything up. : ) We're currently moving from Windows-based DHCP to Bluecat devices. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt- software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Domain upgrade: 2008 R2 or 2012 ?
We have been stuck at 2003 for some time we found during the discovery phase of the upgrade process because the vendor of our Contact Centers' application suite won't support the version we are running on anything else. That is finally getting upgraded so our AD 2008 migration plan is being resurrected. Same vendor will not support version we are upgrading to on 2012 so once again we are stuck. This vendor is well known as a hardware vendor who got into the software business through acquisition and is famous for a support matrix of 1 entry per version of their products, at the Windows Service Pack level no less. Ran into a similar situation on the opposite end of the spectrum where another ReallyBig(tm) HW vendor refused to support an implementation of some of its software because we were still on 2003. They only supported 2008R2 and insisted we have a dedicated SE to cover our unsupported configuration because AD groups behaved differently in different versions of Windows I still haven't gotten all the coffee off my monitor from that conf call. Moral of the story is to do an inventory of critical enterprise apps and make sure you don't get into an untenable situation. I really don't doubt that any one of the 3 versions of AD could support any of these apps but when a large vendor waves the unsupported flag there can be a pretty hard stop from management. Ironically, Windows support sunset often comes into play when you get in these situations and becomes one of the drivers. From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Thursday, February 07, 2013 1:34 PM To: NT System Admin Issues Subject: Domain upgrade: 2008 R2 or 2012 ? Has anyone done this evaluation recently? We are a 2003 R2 shop. We were in the process of planning a migration to a 2008 R2 domain last year (hardware was bought and deployed), when the funds got cut. From what I hear, we will have funding and approval this year for the project. So the question is now, 2008 R2 or 2012. I've had very little time with 2012 so far. Hopefully that will change in the near future. The benefits of going from 2003 to 2008 R2 i've already captured. From what I've seen so far, 2012 seems stable and an incremental upgrade for our environment. Some of the things that might push me towards 2012 don't apply in our environment. for Example RDS and Hyper-V. We are a big Citrix and VMWare shop. So I don't really see us making use of those specific features, or the enhancements in them from previous versions. From my understanding 2012 is included in our EA agreement. So I don't think it will really be a licensing issue. Love to hear thoughts and comments from others who are going through this right now, or have done this evaluation recently. Thanks, Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto: [cid:image001.jpg@01CE08FA.0084EA40] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: Recommended Ultrabooks?
I've been playing with the Lenovo Yoga every time I got to BestBuy and I really like it but I can't get past the dinky drive and it's being all chopped up into a bunch of goofy partitions in the model BB offers. I've read of folks upgrading to 256SSD and 8GB. Supposedly they announced some new ones art CES this week. Haven't taken the time to see if I could tweak one directly from Lenovo. In any case, it is a really cool hybrid ultrabook/tablet but it has to make the inevitable sacrifices by trying to be more than a single purpose device. -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Thursday, January 10, 2013 12:30 PM To: NT System Admin Issues Subject: Recommended Ultrabooks? I have some requests coming in from teachers and administrators for smaller laptops. I'm curious what the list would recommend. 11-13 (Leaning toward the 11, but there are not many of those.) Can run Windows 7 Pro. Thin and Light. Less than $1000. (The cheaper, the better, really.) I've already looked around at various HPs and Dells, but I'm more interested in real-world experiences. Most teachers/administrators look at this as Laptop vs iPad. Thanks for any suggestions. --Matt Ross Ephrata School District ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Time sync
If it's minutes, something's wrong. My experience is much the same as Steve's. Other than some very specialized applications, w32time is sufficient. We do have a very intricate Time Synchronization Network with multiple atomic clocks and other sources but it's not needed on the majority of windows clients. We used to run the ntp.org software on the NT DCs in lieu of timeserv but w32time has been sufficient since we moved to AD. My DCs in the domain I just checked are all within 15 ms of Stratum 1, actually only one is over 10ms. My laptop is on VPN over LTE and hasn't been in the office in months and it is only +70ms from Stratum 2. Biggest problem I've had over the years is with meddlers who *think* they know better and fool around with it. Usually setting things back to default and w32tm /resync fixes it. -Original Message- From: Steve Kradel [mailto:skra...@zetetic.net] Sent: Friday, January 04, 2013 8:32 AM To: NT System Admin Issues Subject: Re: Time sync How much time skew are we talking about here? While MSFT will only support w32tm accuracy within 1-2 seconds, in practice I have found it to be stable within a tenth of a second or less, and would not feel compelled to look into very-high-accuracy NTP clients for regular non-scientific applications. Do you have separate systems recording the timestamps of an incoming call and the creation of a linked medical record, or are things unreliable even on a single host? --Steve On Fri, Jan 4, 2013 at 9:10 AM, Richard McClary richard.mccl...@aspca.org wrote: Greetings! I'm sure I and many others have asked this (but are still stumped). Ken S's reply yesterday pointing to ultimately a chain of TechNet articles has shed some light and will start us digging. Microsoft admits W32Time is sloppy (http://support.microsoft.com/kb/939322) - mainly meant to make Kerberos v5 work. Our issue is, W32Time lets things drift enough for weird things to occur in our medical records. We have a veterinary toxicology consulting hotline. Because things get out of sync a bit, we frequently have medical records opening before a client's telephone call is received. The article referenced above essentially says to go find an alternative to W32Time. NIST has gathered a list of time sync software. QUESTION: has anyone on the list used (and would recommend) anything on that list to fix the record created prior to the call situation? (http://www.nist.gov/pml/div688/grp40/softwarelist.cfm) Thank you... -- richard The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Google Maps for iOS. Was: RE: iOS6 devices erroneously take ownership of meetings - Exchange Team Blog - Site Home - TechNet Blogs
Looked different than the old app on iOS5 to me First experience was an epic fail, I copied a link from the map to a Dr's office with send to clipboard and pasted in appointment in calendar. Open link in calendar and it goes to a mall 40 miles away..pbbbttt That must be the apple influence on the app From: Guyer, Don [mailto:dgu...@che.org] Sent: Friday, December 14, 2012 5:02 AM To: NT System Admin Issues Subject: Google Maps for iOS. Was: RE: iOS6 devices erroneously take ownership of meetings - Exchange Team Blog - Site Home - TechNet Blogs BTW, Google Maps is now back and available to download for iOS devices. Grabbed it last night. At first glance, looks the same as was the built-in version. Regards, Don Guyer Catholic Health East - Information Technology Enterprise Directory Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: dgu...@che.orgmailto:dgu...@che.org Office: 610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440 For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839. [Description: Description: Description: InfoService-Logo240] From: Guyer, Don [mailto:dgu...@che.org] Sent: Thursday, December 13, 2012 3:51 PM To: NT System Admin Issues Subject: RE: iOS6 devices erroneously take ownership of meetings - Exchange Team Blog - Site Home - TechNet Blogs Wellthe Australian Police say not to use the maps, so I won't... http://www.redmondpie.com/australian-police-slams-ios-6-maps-recommends-using-alternatives/ Regards, Don Guyer Catholic Health East - Information Technology Enterprise Directory Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: dgu...@che.orgmailto:dgu...@che.org Office: 610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440 For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839. [Description: Description: Description: InfoService-Logo240] From: Free, Bob [mailto:r...@pge.com] Sent: Thursday, December 13, 2012 2:50 PM To: NT System Admin Issues Subject: RE: iOS6 devices erroneously take ownership of meetings - Exchange Team Blog - Site Home - TechNet Blogs That's what David said, I can neither confirm or deny. It says so in the article but...they also said the maps were way better too :-p From: Guyer, Don [mailto:dgu...@che.org] Sent: Thursday, December 13, 2012 11:20 AM To: NT System Admin Issues Subject: RE: iOS6 devices erroneously take ownership of meetings - Exchange Team Blog - Site Home - TechNet Blogs I thought this was reportedly resolved with 6.0.1? Regards, Don Guyer Catholic Health East - Information Technology Enterprise Directory Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: dgu...@che.orgmailto:dgu...@che.org Office: 610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440 For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839. [Description: Description: Description: InfoService-Logo240] From: Free, Bob [mailto:r...@pge.com] Sent: Thursday, December 13, 2012 2:17 PM To: NT System Admin Issues Subject: iOS6 devices erroneously take ownership of meetings - Exchange Team Blog - Site Home - TechNet Blogs FYI- Our Exchange guys say the help desk reported encountered some major difficulties with this today... http://blogs.technet.com/b/exchange/archive/2012/10/23/ios6-devices-erroneously-take-ownership-of-meetings.aspx e.g- the Additionally, the Apple iOS 6 device may incorrectly let the device user (attendee) act as the meeting organizer. For example, the attendee can send meeting updates or cancellations to all the original meeting attendees. part in the associated KB article. http://support.microsoft.com/kb/2768774 As in one of the more significant events was that a high-level exec declined a meeting and it got removed from 400 calendars. ouch PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail, including any attachments is the property of Catholic Health East and is intended for the sole use of the intended recipient(s). It may contain information that is privileged and confidential. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please delete this message, and reply to the sender regarding the error in a separate email. ~ Finally, powerful endpoint security that ISN'T a resource hog
RE: Google Maps for iOS. Was: RE: iOS6 devices erroneously take ownership of meetings - Exchange Team Blog - Site Home - TechNet Blogs
The directions were perfect, it fell down on the integration/copy to clipboard. I only looked at it for a few minutes last night through bleary eyes as well, it *looks* very nice at first glance :--) From: Guyer, Don [mailto:dgu...@che.org] Sent: Friday, December 14, 2012 8:56 AM To: NT System Admin Issues Subject: RE: Google Maps for iOS. Was: RE: iOS6 devices erroneously take ownership of meetings - Exchange Team Blog - Site Home - TechNet Blogs I only looked at it for a minute last night, through bleary eyes. The few times I used it in the past, probably a few years ago, it was pretty much spot on. Oh well That's what I have an actual NAV system now for. : ) Regards, Don Guyer Catholic Health East - Information Technology Enterprise Directory Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: dgu...@che.orgmailto:dgu...@che.org Office: 610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440 For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839. [Description: Description: Description: InfoService-Logo240] From: Graeme Carstairs [mailto:loonyto...@gmail.com] Sent: Friday, December 14, 2012 11:38 AM To: NT System Admin Issues Subject: Re: Google Maps for iOS. Was: RE: iOS6 devices erroneously take ownership of meetings - Exchange Team Blog - Site Home - TechNet Blogs Google maps is pretty pants as well to this day it cant cirect you through aberdeen properly and frequently tells you to turn right into when the line on the map show you turning left. Nav free works much better On 14 December 2012 16:33, Free, Bob r...@pge.commailto:r...@pge.com wrote: Looked different than the old app on iOS5 to me First experience was an epic fail, I copied a link from the map to a Dr's office with send to clipboard and pasted in appointment in calendar. Open link in calendar and it goes to a mall 40 miles away..pbbbttt That must be the apple influence on the app From: Guyer, Don [mailto:dgu...@che.orgmailto:dgu...@che.org] Sent: Friday, December 14, 2012 5:02 AM To: NT System Admin Issues Subject: Google Maps for iOS. Was: RE: iOS6 devices erroneously take ownership of meetings - Exchange Team Blog - Site Home - TechNet Blogs BTW, Google Maps is now back and available to download for iOS devices. Grabbed it last night. At first glance, looks the same as was the built-in version. Regards, Don Guyer Catholic Health East - Information Technology Enterprise Directory Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: dgu...@che.orgmailto:dgu...@che.org Office: 610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440 For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839. [Description: Description: Description: InfoService-Logo240] From: Guyer, Don [mailto:dgu...@che.org] Sent: Thursday, December 13, 2012 3:51 PM To: NT System Admin Issues Subject: RE: iOS6 devices erroneously take ownership of meetings - Exchange Team Blog - Site Home - TechNet Blogs Wellthe Australian Police say not to use the maps, so I won't... http://www.redmondpie.com/australian-police-slams-ios-6-maps-recommends-using-alternatives/ Regards, Don Guyer Catholic Health East - Information Technology Enterprise Directory Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: dgu...@che.orgmailto:dgu...@che.org Office: 610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440 For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839. [Description: Description: Description: InfoService-Logo240] From: Free, Bob [mailto:r...@pge.com] Sent: Thursday, December 13, 2012 2:50 PM To: NT System Admin Issues Subject: RE: iOS6 devices erroneously take ownership of meetings - Exchange Team Blog - Site Home - TechNet Blogs That's what David said, I can neither confirm or deny. It says so in the article but...they also said the maps were way better too :-p From: Guyer, Don [mailto:dgu...@che.org] Sent: Thursday, December 13, 2012 11:20 AM To: NT System Admin Issues Subject: RE: iOS6 devices erroneously take ownership of meetings - Exchange Team Blog - Site Home - TechNet Blogs I thought this was reportedly resolved with 6.0.1? Regards, Don Guyer Catholic Health East - Information Technology Enterprise Directory Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: dgu...@che.orgmailto:dgu...@che.org Office: 610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440 For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839. [Description: Description: Description: InfoService-Logo240] From: Free, Bob [mailto:r...@pge.com] Sent: Thursday, December 13, 2012 2:17 PM To: NT System Admin Issues Subject: iOS6 devices erroneously take ownership of meetings - Exchange Team Blog - Site Home - TechNet Blogs FYI- Our Exchange guys say
RE: Phantom Exchange Server
Engage that MBS guy or equivalent unless you have some PSS vouchers laying around. Not a trivial undertaking. Actually, there's probably no equivalent, just call MBS :-) -Original Message- From: Shawn Everett [mailto:sh...@tandac.com] Sent: Wednesday, December 12, 2012 10:41 PM To: NT System Admin Issues Subject: Phantom Exchange Server Hi All, Strange problem for you... I've inherited a client who is experiencing general weirdness with their SBS 2011 server. Internal email delivery issues, problems adding items to calendars and other strange events. Running the Exchange 2010 Best Practices tool shows that Exchange thinks the old server is still in the picture. Talking to the client, the old server is long gone, and no longer even physically exists. It seems that someone attempted to do a migration from SBS 2003 to SBS2011 and didn't complete it entirely. I'm really not sure how to go about resolving this. I suspect cleaning this up would go a long way to improving things. Any thoughts would be most appreciated. Shawn ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: iOS6 devices erroneously take ownership of meetings - Exchange Team Blog - Site Home - TechNet Blogs
That's what David said, I can neither confirm or deny. It says so in the article but...they also said the maps were way better too :-p From: Guyer, Don [mailto:dgu...@che.org] Sent: Thursday, December 13, 2012 11:20 AM To: NT System Admin Issues Subject: RE: iOS6 devices erroneously take ownership of meetings - Exchange Team Blog - Site Home - TechNet Blogs I thought this was reportedly resolved with 6.0.1? Regards, Don Guyer Catholic Health East - Information Technology Enterprise Directory Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: dgu...@che.orgmailto:dgu...@che.org Office: 610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440 For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839. [Description: Description: Description: InfoService-Logo240] From: Free, Bob [mailto:r...@pge.com] Sent: Thursday, December 13, 2012 2:17 PM To: NT System Admin Issues Subject: iOS6 devices erroneously take ownership of meetings - Exchange Team Blog - Site Home - TechNet Blogs FYI- Our Exchange guys say the help desk reported encountered some major difficulties with this today... http://blogs.technet.com/b/exchange/archive/2012/10/23/ios6-devices-erroneously-take-ownership-of-meetings.aspx e.g- the Additionally, the Apple iOS 6 device may incorrectly let the device user (attendee) act as the meeting organizer. For example, the attendee can send meeting updates or cancellations to all the original meeting attendees. part in the associated KB article. http://support.microsoft.com/kb/2768774 As in one of the more significant events was that a high-level exec declined a meeting and it got removed from 400 calendars. ouch PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail, including any attachments is the property of Catholic Health East and is intended for the sole use of the intended recipient(s). It may contain information that is privileged and confidential. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please delete this message, and reply to the sender regarding the error in a separate email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: iOS6 devices erroneously take ownership of meetings - Exchange Team Blog - Site Home - TechNet Blogs
With thousands of devices, some BYOD, you might not have the agility to move that quickly. If you do, more power to you. Everyone doesn't. I know my phone is firmly planted at 5.1, I put a little dot of white-out on the settings badge so it would quit bugging me about updating :) From: Guyer, Don [mailto:dgu...@che.org] Sent: Thursday, December 13, 2012 11:22 AM To: NT System Admin Issues Subject: RE: iOS6 devices erroneously take ownership of meetings - Exchange Team Blog - Site Home - TechNet Blogs Never mind, it's right there in the article... Boo for them not updating their device then, I say. Regards, Don Guyer Catholic Health East - Information Technology Enterprise Directory Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: dgu...@che.orgmailto:dgu...@che.org Office: 610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440 For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839. [Description: Description: Description: InfoService-Logo240] From: Free, Bob [mailto:r...@pge.com] Sent: Thursday, December 13, 2012 2:17 PM To: NT System Admin Issues Subject: iOS6 devices erroneously take ownership of meetings - Exchange Team Blog - Site Home - TechNet Blogs FYI- Our Exchange guys say the help desk reported encountered some major difficulties with this today... http://blogs.technet.com/b/exchange/archive/2012/10/23/ios6-devices-erroneously-take-ownership-of-meetings.aspx e.g- the Additionally, the Apple iOS 6 device may incorrectly let the device user (attendee) act as the meeting organizer. For example, the attendee can send meeting updates or cancellations to all the original meeting attendees. part in the associated KB article. http://support.microsoft.com/kb/2768774 As in one of the more significant events was that a high-level exec declined a meeting and it got removed from 400 calendars. ouch PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail, including any attachments is the property of Catholic Health East and is intended for the sole use of the intended recipient(s). It may contain information that is privileged and confidential. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please delete this message, and reply to the sender regarding the error in a separate email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: iOS6 devices erroneously take ownership of meetings - Exchange Team Blog - Site Home - TechNet Blogs
I don't. We have an Exchange team that should. I pass them along stuff that you post here. I have a full time day job doing OtherStuff(tm) The highlighted part is taken to heart, thanks very much. My personal SOP has always been don't touch calendar events on a mobile device unless I have to. Starting with my iPaq :-p Yea old skool, I know From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, December 13, 2012 11:23 AM To: NT System Admin Issues Subject: RE: iOS6 devices erroneously take ownership of meetings - Exchange Team Blog - Site Home - TechNet Blogs You don't read the Exchange group, do you? :) From a post I made there this morning: I can absolutely tell you that you are also running into a secondary issue - if the calendar processing agent is slow (which is going to happen with a single person being a delegate on 130+ mailboxes) the above problem is significantly exacerbated because it will take longer for the full calendar details to sync to the handheld device. iOS first syncs the push email notification and then gets the calendar details separately. I repeat - deal with meetings from the Inbox and not from Calendar. The highlighted section is very important. From: Free, Bob [mailto:r...@pge.com] Sent: Thursday, December 13, 2012 2:17 PM To: NT System Admin Issues Subject: iOS6 devices erroneously take ownership of meetings - Exchange Team Blog - Site Home - TechNet Blogs FYI- Our Exchange guys say the help desk reported encountered some major difficulties with this today... http://blogs.technet.com/b/exchange/archive/2012/10/23/ios6-devices-erroneously-take-ownership-of-meetings.aspx e.g- the Additionally, the Apple iOS 6 device may incorrectly let the device user (attendee) act as the meeting organizer. For example, the attendee can send meeting updates or cancellations to all the original meeting attendees. part in the associated KB article. http://support.microsoft.com/kb/2768774 As in one of the more significant events was that a high-level exec declined a meeting and it got removed from 400 calendars. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: iOS6 devices erroneously take ownership of meetings - Exchange Team Blog - Site Home - TechNet Blogs
I just observe and report... From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Thursday, December 13, 2012 11:24 AM To: NT System Admin Issues Subject: RE: iOS6 devices erroneously take ownership of meetings - Exchange Team Blog - Site Home - TechNet Blogs Not an Apple fanboi here but I blame Exchange for this one. Shouldn't Exchange keep track of the meeting owner and control the appropriate access? e.g- the Additionally, the Apple iOS 6 device may incorrectly let the device user (attendee) act as the meeting organizer.. From: Free, Bob [mailto:r...@pge.com] Sent: Thursday, December 13, 2012 2:18 PM To: NT System Admin Issues Subject: iOS6 devices erroneously take ownership of meetings - Exchange Team Blog - Site Home - TechNet Blogs FYI- Our Exchange guys say the help desk reported encountered some major difficulties with this today... http://blogs.technet.com/b/exchange/archive/2012/10/23/ios6-devices-erroneously-take-ownership-of-meetings.aspx e.g- the Additionally, the Apple iOS 6 device may incorrectly let the device user (attendee) act as the meeting organizer. For example, the attendee can send meeting updates or cancellations to all the original meeting attendees. part in the associated KB article. http://support.microsoft.com/kb/2768774 As in one of the more significant events was that a high-level exec declined a meeting and it got removed from 400 calendars. ouch PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DNS/Replication broken after MS updates?
I've actually had an experienced PFE tell me there is no reason to run that arg in production unless you have a really good reason and know exactly what you are doing -Original Message- From: Webster [mailto:webs...@carlwebster.com] Sent: Thursday, December 13, 2012 2:11 PM To: NT System Admin Issues Subject: RE: DNS/Replication broken after MS updates? Why are you having to force replication between all domain controllers? Find and fix what is broken. Thanks Webster -Original Message- From: Phil Hershey [mailto:phers...@agia.com] Subject: RE: DNS/Replication broken after MS updates? Ah, but what tipped me off is definitely not normal. I have a batch file that runs a series of REPADMIN /SYNCALL commands to force replication between all the DCs. It hasn't thrown an error in literally years, and normally takes about 5 seconds to complete. No every single server coughs up the RPC Server is unavailable error. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: I hate newegg...
I think it starts becoming hands off for larger customers. We order through an internal website that gathers all the requisite information, approvals, billing etc then makes the order automagically. They have some sort of connection to our internal telephony apps so we can see usage individually, by cost center, officer etc. I *can* use MyVerizon from a PC to manage contacts, voice mail and such but I doubt anyone manages the contract with it as there's no information of that type. Don't know what the tipping point is, but I would hate to be Ben. -Original Message- From: Guyer, Don [mailto:dgu...@che.org] Sent: Wednesday, December 12, 2012 5:36 AM To: NT System Admin Issues Subject: RE: I hate newegg... If that's true, I feel for our admin, who manages well North of 1k devices for the company. Regards, Don Guyer Catholic Health East - Information Technology Enterprise Directory Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: dgu...@che.org Office: 610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440 For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839. -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, December 11, 2012 4:59 PM To: NT System Admin Issues Subject: Re: I hate newegg... On Tue, Dec 11, 2012 at 4:46 PM, Free, Bob r...@pge.com wrote: Dell Premium is the slowest site in the world ... I suspect Verizon Wireless's web site could give them a run for their money. Concur, I h@te checking my usage but it's a necessary evil for my situation. Try administering 30+ mobile devices using it. When it's not dog slow, it times out completely, or yields cryptic errors. No joke, the following error was already in my clipboard for complaining to our rep: The action you are taking did not complete successfully due to an unexpected error. I'm getting that on random MDNs right now. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail, including any attachments is the property of Catholic Health East and is intended for the sole use of the intended recipient(s). It may contain information that is privileged and confidential. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please delete this message, and reply to the sender regarding the error in a separate email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: I hate newegg...
LOL -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Wednesday, December 12, 2012 9:21 AM To: NT System Admin Issues Subject: [dkim-failure] Re: I hate newegg... On Wed, Dec 12, 2012 at 12:09 PM, Free, Bob r...@pge.com wrote: ... I would hate to be Ben. I hear that a lot. Sometimes even when I'm the only person around. ;-) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Looking for Insight on Registrars
lol, HRH Michael B Smith :-) -Original Message- From: Rick Berry [mailto:rbe...@elevativenetworks.com] Sent: Wednesday, December 12, 2012 12:45 PM To: NT System Admin Issues Subject: RE: Looking for Insight on Registrars I also dislike GoDaddy. But if I'm going for *cheap* SSL, especially for UCC, then I'll invariably use www.certificatesforexchange.com which belongs to Simon Butler and which qualifies as a shameless (uncompensated) plug for his site ... which is a GoDaddy storefront. I love Digicert for SSL, they're pricey but I also know their support staff by name. But I'm a sucker for 'knowing my guy' at any given vendor ... it's why I try to use DH instead of Ingram Micro, but I digress. (Digicert came up here the other day on another topic, which long story short got an immediate and personal reaction from their CTO after he was made aware of my post via Mr. Brian Desmond HRH Michael B Smith). For registrars, we have a lot of our client base on EasyDNS and DynDNS and I love both. At EasyDNS I also have a good sense of 'knowing the guys' when I have to interact with them. -Original Message- From: James R. Costa, MCP [mailto:james.co...@gmail.com] Sent: Wednesday, December 12, 2012 2:44 PM To: NT System Admin Issues Subject: Looking for Insight on Registrars Hey all, Does anyone have any good experience with a registrar that issues domains and/or SSL certificates? Looking for any recommendations you can provide. If they're cheap, or if one registrar does both, well then that is certainly a plus. I've used GoDaddy in the past and did not like them at all. Thanks very much, James ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: I hate newegg...
I suspect Verizon Wireless's web site could give them a run for their money. (Or should that be crawl for their money?) Concur, I h@te checking my usage but it's a necessary evil for my situation. -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, December 11, 2012 1:28 PM To: NT System Admin Issues Subject: [dkim-failure] Re: I hate newegg... On Tue, Dec 11, 2012 at 12:56 PM, Sam Cayze sca...@gmail.com wrote: Dell Premium is the slowest site in the world ... I know what you mean, but I suspect Verizon Wireless's web site could give them a run for their money. (Or should that be crawl for their money?) Amazon invoices are lot easier to read, with better descriptions. Dell products descriptions are usually cryptic on their invoices. So my accounting teams is totally ok with it. Yah, Dell invoices are incredibly cryptic. Just as bad, there's often no correlation between the order and packing list line items. You order 1 PC, you get a packing list with 30 line items detailing every last nut and bolt that went into the PC. Then the next day you get a separate shipment with the mouse. One thing Amazon can't seem to do is put our Purchase Order number on their packing slips. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: I hate newegg...
I feel your pain although I'm sure yours is much greater that mine. I just try to keep track of my MiFi and HomeFusion data with it. Now they offer a monitoring service for $4.99 additional...I don't think so. My favorite Verizon moment was when I installed their app on my work phone hoping to manage some other accounts and all it would tell me was that my bill for $451K was due...brilliant! -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, December 11, 2012 1:59 PM To: NT System Admin Issues Subject: [dkim-failure] Re: I hate newegg... On Tue, Dec 11, 2012 at 4:46 PM, Free, Bob r...@pge.com wrote: Dell Premium is the slowest site in the world ... I suspect Verizon Wireless's web site could give them a run for their money. Concur, I h@te checking my usage but it's a necessary evil for my situation. Try administering 30+ mobile devices using it. When it's not dog slow, it times out completely, or yields cryptic errors. No joke, the following error was already in my clipboard for complaining to our rep: The action you are taking did not complete successfully due to an unexpected error. I'm getting that on random MDNs right now. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Mobile app for password management
+1 From: Greg Sweers [mailto:gswe...@acts360.com] Sent: Tuesday, December 04, 2012 9:51 AM To: NT System Admin Issues Subject: RE: Mobile app for password management Lastpass.com Has mobile as well as PC/Mac Greg Sweers CEO ACTS360.comhttp://www.acts360.com/ P.O. Box 1193 Brandon, FL 33509 813-657-0849 Office 813-758-6850 Cell From: David Lum [mailto:david@nwea.org] Sent: Tuesday, December 04, 2012 11:51 AM To: NT System Admin Issues Subject: Mobile app for password management I use KeePass on my PC's to manage passwords, I'd like to use a mobile app to do the same thing . There are tons of apps available, do you guys have a recommendation? Device is an iPhone... David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Exchange 2010 - manage mobile phone
Kind of makes me wonder about the security model if you have email enabled accounts using mobile devices that are victims of adminsdholder. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Friday, November 30, 2012 8:22 AM To: NT System Admin Issues Subject: RE: Exchange 2010 - manage mobile phone This is most common: http://theessentialexchange.com/blogs/michael/archive/2008/10/22/admincount-adminsdholder-sdprop-and-you.aspx From: N Parr [mailto:npar...@mortonind.com] Sent: Friday, November 30, 2012 11:04 AM To: NT System Admin Issues Subject: RE: Exchange 2010 - manage mobile phone Thanks from me also. I had a user that replaced his Droid 4 with a new one and his couldn't set up his email again on the new phone. I have no clue how inheritance gets turned off. From: David Lum [mailto:david@nwea.org] Sent: Thursday, November 29, 2012 12:56 PM To: NT System Admin Issues Subject: RE: Exchange 2010 - manage mobile phone Thanks, fixed, and we have a winner! Because you're here and I am not on the Exchange list anymore. :) From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, November 29, 2012 10:39 AM To: NT System Admin Issues Subject: RE: Exchange 2010 - manage mobile phone Check out permission inheritance on the user object. And why are you asking this question here, instead of the Exchange list? :P From: David Lum [mailto:david@nwea.org] Sent: Thursday, November 29, 2012 1:05 PM To: NT System Admin Issues Subject: RE: Exchange 2010 - manage mobile phone Whoa...it showed 4 devices. 1. Deleted these 2. Reassociated their user acct to my iPhone 3. Verification works (asks to accept a cert, I say yes, although it doesn't ask for the server name until after e-mail/domain/username/password) 4. 2nd phase of verification works (check boxes on each row) 5. Click Done to get out of iPhone mail settings 6. Open Exchange mailbox in iPhone mail app and I still get The connection to the server failed 7. Change the user's settings to use *my* ID instead but leave other server settings alone (same Exchange server, etc), it works as I can send/receive from my phone 8. Out of curiosity I tried changing right back to problem users settings, it still fails. I've looked at this users' mailbox settings and compared them to a user who can get mail via iPhone and nothing jumps out at me. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, November 29, 2012 8:47 AM To: NT System Admin Issues Subject: RE: Exchange 2010 - manage mobile phone Sign in using OWA Lite. Go and clean Device Associations. Re-associate. From: David Lum [mailto:david@nwea.org] Sent: Thursday, November 29, 2012 11:16 AM To: NT System Admin Issues Subject: Exchange 2010 - manage mobile phone I have two Exchange 2010 users that can't get their accounts to work with an iPhone and I'm pretty sure it's specific to their account. I can get my account to work on their iPhone (and mine), but I can't get their accounts to work. It does go through the verify process OK, but when opening the mail app it stops at the inbox saying it cannot connect. Looking in the E2K10 console for the users with this issue (and it's only two users, it works for most others) if I go to recipient configuration/Mailbox the option to manage mobile phone is there but when choosing that option there's no device listed. (Other users the option lists the device, or the manage mobile phone is not listed as an option). It's as if a mobile device gets partially associated with their account. Ideas anyone? Maybe PowerShell is needed to strip some partial association? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
RE: Exchange 2010 - manage mobile phone
I totally agree with you that the behavior is less then optimal by a long shot. My thinking comes from an environment where we have always had separate AdminIDs, even pre-windows domains. We have never used the normal user IDs for administrative work or vice versa. My problems with adminsdholder back in the day were from a lot of grandfathered AdminIDs from the multiple collapsed NT Resource Domains that comprised our original AD so my view of the issue is extremely myopic compared to your client example. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Friday, November 30, 2012 9:09 AM To: NT System Admin Issues Subject: RE: Exchange 2010 - manage mobile phone The real problem, IMO, is that even after accounts are moved out of protected groups, inheritance is not automatically restored and adminCount set to zero. You can't set up an EAS device with a protected account. You can setup a MAPI connection and there is a lot of history behind that. The team wanted to remove that, but the complaints were huge. I worked with a health care client that had almost 100 accounts in domain admins, and a total of 300 accounts in protected groups. Some reasons were good, most weren't. But even after cleaning those up and delegating properly, this still had to be dealt with... And (shame face) fixing adminCount is trivial, but fixing up the ACLs (in a script) was beyond me. :( I don't speak really good SDDL. From: Free, Bob [mailto:r...@pge.com] Sent: Friday, November 30, 2012 11:47 AM To: NT System Admin Issues Subject: RE: Exchange 2010 - manage mobile phone Kind of makes me wonder about the security model if you have email enabled accounts using mobile devices that are victims of adminsdholder. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Friday, November 30, 2012 8:22 AM To: NT System Admin Issues Subject: RE: Exchange 2010 - manage mobile phone This is most common: http://theessentialexchange.com/blogs/michael/archive/2008/10/22/admincount-adminsdholder-sdprop-and-you.aspx From: N Parr [mailto:npar...@mortonind.com] Sent: Friday, November 30, 2012 11:04 AM To: NT System Admin Issues Subject: RE: Exchange 2010 - manage mobile phone Thanks from me also. I had a user that replaced his Droid 4 with a new one and his couldn't set up his email again on the new phone. I have no clue how inheritance gets turned off. From: David Lum [mailto:david@nwea.org] Sent: Thursday, November 29, 2012 12:56 PM To: NT System Admin Issues Subject: RE: Exchange 2010 - manage mobile phone Thanks, fixed, and we have a winner! Because you're here and I am not on the Exchange list anymore. :) From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, November 29, 2012 10:39 AM To: NT System Admin Issues Subject: RE: Exchange 2010 - manage mobile phone Check out permission inheritance on the user object. And why are you asking this question here, instead of the Exchange list? :P From: David Lum [mailto:david@nwea.org] Sent: Thursday, November 29, 2012 1:05 PM To: NT System Admin Issues Subject: RE: Exchange 2010 - manage mobile phone Whoa...it showed 4 devices. 1. Deleted these 2. Reassociated their user acct to my iPhone 3. Verification works (asks to accept a cert, I say yes, although it doesn't ask for the server name until after e-mail/domain/username/password) 4. 2nd phase of verification works (check boxes on each row) 5. Click Done to get out of iPhone mail settings 6. Open Exchange mailbox in iPhone mail app and I still get The connection to the server failed 7. Change the user's settings to use *my* ID instead but leave other server settings alone (same Exchange server, etc), it works as I can send/receive from my phone 8. Out of curiosity I tried changing right back to problem users settings, it still fails. I've looked at this users' mailbox settings and compared them to a user who can get mail via iPhone and nothing jumps out at me. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, November 29, 2012 8:47 AM To: NT System Admin Issues Subject: RE: Exchange 2010 - manage mobile phone Sign in using OWA Lite. Go and clean Device Associations. Re-associate. From: David Lum [mailto:david@nwea.org] Sent: Thursday, November 29, 2012 11:16 AM To: NT System Admin Issues Subject: Exchange 2010 - manage mobile phone I have two Exchange 2010 users that can't get their accounts to work with an iPhone and I'm pretty sure it's specific to their account. I can get my account to work on their iPhone (and mine), but I can't get their accounts to work. It does go through the verify process OK, but when opening the mail app it stops at the inbox saying it cannot connect. Looking in the E2K10 console for the users with this issue (and it's only two users, it works for most others) if I go to recipient configuration/Mailbox the option
RE: Auditing proof of password change
Perhaps on highly sensitive accounts. If they are properly secured only a very select # of people could change them anyway. It all depends on the auditor, how well they understand it and the control in my experience. We keep track with a 3rd party product that can do the who-what-where kind of auditing they like for privileged objects. The native logs are quickly unmanageable in an environment of any size for this kind of reporting IME. OPs requirement was much simpler the way I read it. “to prove that we change administrative passwords on a periodic basis” From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Thursday, November 29, 2012 9:30 AM To: NT System Admin Issues Subject: RE: Auditing proof of password change My guess is that an auditor might want to see proof of who changed it, not just that it changed. For that you will need the logs. Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto: [cid:image001.jpg@01CDCE18.D6D431E0] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ From:Free, Bob r...@pge.commailto:r...@pge.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date:11/29/2012 12:20 PM Subject:RE: Auditing proof of password change User objects have an attribute called pwdlastset. Report on that. Simple as that. Don’t overcomplicate it rooting around in logs ☺ FWIW- Our auditors accept the account policy as general evidence of password aging. You might want to look into that. From: David Lum [mailto:david@nwea.org] Sent: Thursday, November 29, 2012 7:20 AM To: NT System Admin Issues Subject: Auditing proof of password change I have an audit request to prove that we change administrative passwords on a periodic basis. Surely some of you have to do this on occasion and if so, how do you go about it? Event log reporting? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: GPO Hell (Unlinked/Empty GPOs)
FindUnlinkedGPOs.wsf in the GPMC scripts should solve the first issue. Have to think about the second one a bit more :) From: Guyer, Don [mailto:dgu...@che.org] Sent: Friday, November 16, 2012 12:38 PM To: NT System Admin Issues Subject: GPO Hell (Unlinked/Empty GPOs) Greetings, We have over 800 GPOs, org-wide, and I'm in cleanup mode. Have been trying to find a script/utility to run that will list out unlinked GPOs and/or ones with no settings. Haven't had much luck. TIA! Regards, Don Guyer Catholic Health East - Information Technology Enterprise Directory Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: dgu...@che.orgmailto:dgu...@che.org Office: 610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440 For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839. [Description: Description: Description: InfoService-Logo240] Confidentiality Notice: This e-mail, including any attachments is the property of Catholic Health East and is intended for the sole use of the intended recipient(s). It may contain information that is privileged and confidential. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please delete this message, and reply to the sender regarding the error in a separate email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: GPO Hell (Unlinked/Empty GPOs)
Web- There are canned scripts for unlinked, orphaned, disabled and empty sec filter but not empty settings as I recall. Low-tech way if in a hurry would be run the GetReportsForAllGPOs.wsf and look at the xml, the really small files would likely be empty. Very low tech but it would show you where to look. I'll have a peek at Darren's posh module but I don't think it does it either. --bob From: Webster [mailto:webs...@carlwebster.com] Sent: Friday, November 16, 2012 1:15 PM To: NT System Admin Issues Subject: RE: GPO Hell (Unlinked/Empty GPOs) Bob, I thought one of the scripts also did empty GPOs? Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.comhttp://www.carlwebster.com/ From: Free, Bob [mailto:r...@pge.com] Sent: Friday, November 16, 2012 3:01 PM To: NT System Admin Issues Subject: RE: GPO Hell (Unlinked/Empty GPOs) FindUnlinkedGPOs.wsf in the GPMC scripts should solve the first issue. Have to think about the second one a bit more :) From: Guyer, Don [mailto:dgu...@che.org] Sent: Friday, November 16, 2012 12:38 PM To: NT System Admin Issues Subject: GPO Hell (Unlinked/Empty GPOs) Greetings, We have over 800 GPOs, org-wide, and I'm in cleanup mode. Have been trying to find a script/utility to run that will list out unlinked GPOs and/or ones with no settings. Haven't had much luck. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: GPO Hell (Unlinked/Empty GPOs)
Very nice Hunter. Worked like a champ in a dev forest I have that has a number of abandoned test Unix GPOs. Thanks! From: Coleman, Hunter [mailto:hcole...@mt.gov] Sent: Friday, November 16, 2012 2:05 PM To: NT System Admin Issues Subject: RE: GPO Hell (Unlinked/Empty GPOs) This is what I use to check for empty GPOs. It checks the XML report for empty user configuration and computer configuration sections, and dumps the name and last modified timestamp of the empty GPOs to an output file. Darren had posted a while back on his GPTalk list that checking for empty user and computer configuration settings isn't 100% accurate, but I haven't had a chance to follow up and see what the edge cases are. Regardless, I end up checking the GPOs that get flagged as empty before I delete them just to be sure. #System Requirements: # SDM Group Policy cmdlets # Group Policy Management Console (GPMC.msc) # Powershell v2 #--- #--- #requires -version 2 $gpm = new-object -comObject gpmGMT.gpm $constants = $gpm.getConstants() $domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain() $gpmDomain = $gpm.GetDomain($domain.name,$null,$constants.useanydc) $folderPath = get-location $xmlReport = $folderPath.path + \tempGPOReport.xml $reportFile = EmptyGPOs.txt $tempLine = GPO Name;OU Link Count;Linked OUs;Last Modified Date add-content -path $reportFile -value $tempLine -encoding ASCII $allGPOs = get-SDMgpo -name * foreach ($tempGPO in $allGPOs) { $gpmGPO = $gpmDomain.GetGPO($tempGPO.ID) $gpmGPO.GenerateReportToFile($constants.ReportXML,$xmlReport) $myXMLFile = [xml](Get-Content $xmlReport) $computerNodeProperties = $myXMLFile.GPO.Computer | gm $computerConfigured = $false foreach ($member in $computerNodeProperties) { if (($member.MemberType -eq Property) -and ($member.name -eq ExtensionData)) { $computerConfigured = $true } } $userNodeProperties = $myXMLFile.GPO.User | gm $userConfigured = $false foreach ($member in $userNodeProperties) { if (($member.MemberType -eq Property) -and ($member.name -eq ExtensionData)) { $userConfigured = $true } } if ($computerConfigured -or $userConfigured) { #write-host This is not an empty GPO } else { write-host EMPTY GPO: + $tempGPO.name $tempLine = $tempGPO.name + ;EMPTY;; + $tempGPO.modificationtime add-content -path $reportFile -value $tempLine -encoding ASCII } } From: Free, Bob [mailto:r...@pge.com] Sent: Friday, November 16, 2012 2:24 PM To: NT System Admin Issues Subject: RE: GPO Hell (Unlinked/Empty GPOs) Web- There are canned scripts for unlinked, orphaned, disabled and empty sec filter but not empty settings as I recall. Low-tech way if in a hurry would be run the GetReportsForAllGPOs.wsf and look at the xml, the really small files would likely be empty. Very low tech but it would show you where to look. I'll have a peek at Darren's posh module but I don't think it does it either. --bob From: Webster [mailto:webs...@carlwebster.com] Sent: Friday, November 16, 2012 1:15 PM To: NT System Admin Issues Subject: RE: GPO Hell (Unlinked/Empty GPOs) Bob, I thought one of the scripts also did empty GPOs? Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.comhttp://www.carlwebster.com/ From: Free, Bob [mailto:r...@pge.com] Sent: Friday, November 16, 2012 3:01 PM To: NT System Admin Issues Subject: RE: GPO Hell (Unlinked/Empty GPOs) FindUnlinkedGPOs.wsf in the GPMC scripts should solve the first issue. Have to think about the second one a bit more :) From: Guyer, Don [mailto:dgu...@che.org] Sent: Friday, November 16, 2012 12:38 PM To: NT System Admin Issues Subject: GPO Hell (Unlinked/Empty GPOs) Greetings, We have over 800 GPOs, org-wide, and I'm in cleanup mode. Have been trying to find a script/utility to run that will list out unlinked GPOs and/or ones with no settings. Haven't had much luck. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana
RE: Standing up 2K8DC - finally. Opinions?
Glen covers lingering objects nicely as well on 2 of his plethora of 5 blog articles :) http://blogs.technet.com/b/glennl/archive/2007/07/26/clean-that-active-directory-forest-of-lingering-objects.aspx http://blogs.technet.com/b/glennl/archive/2007/10/04/so-you-want-to-clean-up-your-forest-of-lingering-objects-before-you-set-your-forest-to-strict-but-you-have-windows-2000-dcs-in-the-forest.aspx From: David Lum [mailto:david@nwea.org] Sent: Friday, November 09, 2012 11:00 AM To: NT System Admin Issues Subject: RE: Standing up 2K8DC - finally. Opinions? EventID 1988 in the Directory Service event log, correct? DC's are clear on that point. From: Webster [mailto:webs...@carlwebster.com] Sent: Thursday, November 08, 2012 1:20 PM To: NT System Admin Issues Subject: RE: Standing up 2K8DC - finally. Opinions? I have only seen this at two customers in the 12 years I have been working with AD but don't forget to check for Lingering Objects. Lingering Objects can really foul up replication between DCs. Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.comhttp://www.carlwebster.com/ From: Free, Bob [mailto:r...@pge.com] Subject: RE: Standing up 2K8DC - finally. Opinions? What Glen suggests is putting your new DC in an isolated test AD site and having your apps test against it. Most apps that have site affinity generally won't know it's there and if you have stuff that's hardcoded you can control it to some extent. It also hopefully covers the very valid point Carl made about when you remove that last down-level DC. I know that I want sign-off from the major LOB apps that use AD for AuthN/AuthZ on a major upgrade. In some environments that might not be such a big deal. I don't want to be the guy who broke SAP or CCB here :) Hopefully you have all the crypto and AuthN type stuff covered with your GPOS so you know what is going on there and the vast majority of things should just work. That is what I've usually heard bite people with upgrades; something like storage, SAMBA, TACACS, databases etc. broke because the security was upgraded. You are already way ahead of that curve because you are aware of it and are configuring it the way you want it. Again don't forget 8-d. That stuff probably all needs attention. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Windows 8 app behaviour
I thought this was the only tile you needed MBS? [cid:image001.png@01CDA7B0.4FF6A7E0] -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, October 11, 2012 10:13 AM To: NT System Admin Issues Subject: RE: Windows 8 app behaviour This is only true of metro apps. Desktop apps follow the standard we are used to. And quite frankly, everyone (or most) on this mailing list will spend almost all of their time on the desktop. IMO. YMMV. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com]mailto:[mailto:kurt.b...@gmail.com] Sent: Thursday, October 11, 2012 12:33 PM To: NT System Admin Issues Subject: Re: Windows 8 app behaviour Forgive my poor memory, but isn't this the kind of multitasking that Win3.x brought us? Kurt On Thu, Oct 11, 2012 at 6:20 AM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: It seems that it is similar to the Windows Phone 7.5 model. After “about” six apps get suspended, Win8 starts closing the apps that have been suspended the longest. I say “about” because it can fool you – several apps with different UIs are actually a single app. For example, Mail and People are a single app. From: James Rankin [mailto:kz2...@googlemail.com]mailto:[mailto:kz2...@googlemail.com] Sent: Thursday, October 11, 2012 9:13 AM To: NT System Admin Issues Subject: Re: Windows 8 app behaviour I bet it does add up when you multiply the suspension overhead by (however many apps your average user can manage to open up in a single session). I'm sure its better than the traditional model tho. On 11 October 2012 13:51, Ken Schaefer k...@adopenstatic.commailto:k...@adopenstatic.com wrote: They get suspended when you move to another app. So, they do use resources (some storage to store their suspended state), but that resource usage shouldn’t slow down your computer (I think that’s how the argument goes…) See: http://msdn.microsoft.com/en-us/library/windows/apps/hh464925.aspx Cheers Ken From: James Rankin [mailto:kz2...@googlemail.com]mailto:[mailto:kz2...@googlemail.com] Sent: Thursday, 11 October 2012 11:15 PM To: NT System Admin Issues Subject: Windows 8 app behaviour Just saw this from Brian Madden From the Win8 FAQ: In Windows 8, apps you install from the Windows Store don’t slow down your computer, so you don’t need to close them Sounds novel, apps without resource footprints. Cool! (Apologies to those who may follow Brian on Twitter and have already seen this) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- http://appsensebigot.blogspot.co.uk IMPORTANT INFORMATION/DISCLAIMER I certainly don't have time to monitor the content of e-mail sent and received via this account for the purposes of ensuring compliance with anyone's policies and procedures. I am pretty sure that somewhere in UK legislation there is some politically-correct drivel that stipulates I must never send or store e-mails or attachments that are obscene, indecent, sexist, racist, defamatory, abusive, in breach of copyright, encrypted, amusing, overly long, slightly opinionated, anonymous, likely to harm animals or hurt the feelings of an as-yet-unspecified or as-yet-nonexistent minority (such as extraterrestrial eggplants). Emails of this nature sent in or out of this account may be intercepted and stopped by the system, but it's a long shot. This being the UK, even if I was prosecuted for breach of said email guidelines, I'd probably walk with a suspended sentence anyway, but if I'd forgotten to pay my car insurance, I'd most certainly be hung, drawn and quartered. I am not responsible for any changes made to the message after it has been sent, in more or less the same way that cyclozine manufacturers aren't responsible for drug addicts mixing it with methadone and overdosing, so I'm glad I cleared the confusion up there nice and early. Where opinions are expressed, they are not necessarily mine. However, I don't make a habit of expressing other people's opinions for them, so you shouldn't take that statement as an indication that I am in the business of providing an opinion-expressing service. In the event that I did, this discourse would provide no guarantee that I would do it anyway, but I don't, so I won't. This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the
RE: Listing all groups / finding a group on shared folders security
You need to audit changes of membership and validate they are appropriate. You can roll your own processes or use 3rd party software. Every group needs to have an owner identified that attests to its membership and necessity periodically. Identifying the purpose of the group has already been covered but it is equally as important. You can roll your own processes or use 3rd party software. You need to have provisioning/de-provisioning processes that manage access to resources for both on-boarding and MACs. Security groups are a big part of that process but there are also a lot of other elements to consider. You can roll your own processes or use 3rd party software. The part I kept repeating can be as simple as some process documentation in a very small shop, a large home-grown collection of tools and processes or a suite of 3rd party software that operates in the Identity, Access and Asset management spaces. In mid to large shops you usually see a combination of all three. You will note the word repeated most often is process. I call it the P-word at work. Anyone who comes to me for solutions has heard it over and over. It's usually fairly easy to come up with a technical solution, maintaining the care and feeding for its lifetime (which is often way longer than you might imagine) with minimal additional effort and keeping all the compliance folks happy is the time consuming part. I tell them all the time that its 90% planning and 10% block and tackle. A lot of people didn't have rigorous processes for maintaining groups back in the day and now find themselves in this boat so don't feel alone. -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Thursday, September 27, 2012 7:45 AM To: NT System Admin Issues Subject: RE: Listing all groups / finding a group on shared folders security BTW, I know *EXACTLY* How you feel. We have a lot of groups created before I was here and the description says simply for access to files. Along the same lines, how do folks here go about auditing security groups and knowing if they are still valid or if the members list is still appropriate? As in, how do you track/audit if the appropriate group memberships were changed when Jill moved from sales to accounting? -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, September 27, 2012 7:27 AM To: NT System Admin Issues Subject: Listing all groups / finding a group on shared folders security I have this problem. I have an AD group that has just a name and no description, no notes, no nothing. (it was apparently created like 7 years ago). I don't know what it does, or what it is used for. I *suspect* that it's used to control ACLs to a share, but I don't know that for sure. And it occurred to me that I don't know how to find out what share it might be providing security for. I guess what I am asking is: how can I go through all the folders on a file server, and list out the user and group names on the security of the folders (or shares, I suppose)? Is there a utility that does that? A script I would have to run against the whole folder structure? Ideally, tell it the group name I'm looking for, and have it come back and say \\this-server\that-folder? I'm looking for a free utility, BTW - I know there are a lot of security programs for purchase that can tell me this, and in fact we will be looking at one in a few weeks. But even if we purchased such software, it would be a while to implement, etc. And I'd like to answer at least this one request now. This is why I harp on about using the description and notes fields in AD, both for users and groups ... it makes my life a lot easier when someone asks me for a list like this ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: SOLVED RE: Deploying Printers in Group Policy not working for non-admins
Thanks for the follow-up. Much appreciated Indeed(tm) Always appreciate the tickets being closed and KB updated :) From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, September 05, 2012 5:03 AM To: NT System Admin Issues Subject: [dkim-failure] Re: SOLVED RE: Deploying Printers in Group Policy not working for non-admins Drivers would be available via the ADMIN$ share of the machine, I would expect. Thanks for the follow-up. Much appreciated. http://xkcd.com/979/ ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market... On Wed, Sep 5, 2012 at 3:52 AM, Matthew W. Ross mr...@ephrataschools.orgmailto:mr...@ephrataschools.org wrote: I finally figured it out. I figured that I'd share: I was sorting my labs AD Computers into OUs. I then assigned a blank group policy for the printers on that OU. Using the Printer Manager, I installed the printers and drivers as a TCP/IP printer on my print server. I then used the Deploy Printer option to configure the until now blank group policy. This was all working perfectly. I had not had any problems doing it this way. This installs the printers on the client machines as TCP/IP printers, so none of them are dependent on a print server. My mistake was that I forgot a crucial step in this kind of deployment process: I still had to share the printer from the print server. Doing this allowed the computers to install the necessary drivers from the print server. what I can't figure out is how the administrator accounts could see and use use the printers, but the non-admins could not. Is there a hidden administrative share that holds the drivers? Was Windows able to install local drivers each time? Anyways, as usual, something small and somewhat obvious was preventing it from working. --Matt Ross Ephrata School District - Original Message - From: Matthew W. Ross [mailto:mr...@ephrataschools.orgmailto:mr...@ephrataschools.org] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Tue, 04 Sep 2012 09:24:52 -0800 Subject: RE: Deploying Printers in Group Policy not working for non-admins As student's are not admins, they don't have the option to install the printers. Especially as I'm trying to install them via IP. I'm about to install the printers via script, as they need printers working, with or without group policy. --Matt Ross Ephrata School District - Original Message - From: Kelsey, John [mailto:jckel...@drmc.orgmailto:jckel...@drmc.org] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Tue, 04 Sep 2012 06:11:38 -0800 Subject: RE: Deploying Printers in Group Policy not working for non-admins What happens if the student tries to install the printer manually? Does it complete or does it bomb out? -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.orgmailto:mr...@ephrataschools.org] Sent: Friday, August 31, 2012 11:04 AM To: NT System Admin Issues Subject: Re: Deploying Printers in Group Policy not working for non-admins Here are some more oddities for this lab: 1) The printers are an HP Laserjet 4250 and a HP Color Laserjet 4700. We have other labs with the same model printers deployed from the same print server and this problem does not exist with them. 2) The printers show up if I log in as an administrator... but if I immediately log off, and log in as a generic student account, the printers are no longer there. Shouldn't the printers be installed already? --Matt Ross Ephrata School District - Original Message - From: Christopher Bodnar [mailto:christopher_bod...@glic.commailto:christopher_bod...@glic.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Fri, 31 Aug 2012 05:22:56 -0800 Subject: Re: Deploying Printers in Group Policy not working for non-admins Too funny, I was just about to type up the exact same question. I ran into this same scenario last night. The only thing that I found different was between 2 different printers. In my case the printers are: Canon iR3245 HP Officejet 8600 So I deployed the iR3245 first via GPO using the Print Management method and none of the users received the mapping. But I could map the printer manually. So I finally decided to test using the 2nd printer, using the same method and the OfficeJet mapped successfully. I then went and published the iR3245 via GPO preferences, and that worked. The only thing I can think of is that for some reason its a driver issue, but I can't think of what that would be. Not sure if this is relavent, but this is a ThinClient environment. All Hyper-V hosts with RDS and clients are Wyse C10LE. All servers are
RE: Offline/online detection
That's exactly what I was thinking, since that's kind of what NLA was designed for, couldn't it be leveraged? Actually went down the rabbit hole to look at it this AM to satisfy my curiosity but wsck got in the way :-] -Original Message- From: Steve Kradel [mailto:skra...@zetetic.net] Sent: Thursday, August 16, 2012 12:51 PM To: NT System Admin Issues Subject: Re: Offline/online detection AFAIK the built-in network location bits in Vista and later use the reachability of a domain controller to decide when to use the Domain / Private / Public network profiles. I'd probably do the same thing in an app, rather than ICMP ping, to avoid spoofing, including the horrible DNS default responses that some ISPs perpetrate upon their customers. An even lazier approach might be to use the return code of nltest... --Steve On Thu, Aug 16, 2012 at 8:56 AM, James Rankin kz2...@googlemail.com wrote: Yes, the possibilities of users disconnecting mid-session really makes this a minefield, to be fair. Almost looks as though ping will be the best way to do this, running the Online Check at a particular process start point. Just need to dust my VB off I guess - for some reason the person requesting this wants it as a VBScript rather than a batch command. PITA - I had an old batch script I could have repurposed in five minutes. Cheers, JR On 16 August 2012 12:31, Ben Scott mailvor...@gmail.com wrote: On Thu, Aug 16, 2012 at 6:56 AM, James Rankin kz2...@googlemail.com wrote: I have to say that using ping seems a tad - well, anachronistic. Why? It's specifically designed to see if a host is reachable -- almost exactly what you want to do, no? Simple is good. I'd have thought there might be a Registry key that indicated an offline logon or something simple like that ... Well, if I understand it correctly, that's not really what you want to do. You don't really care how they logged on, you care how the app is running. Right? For example, what if I log on to the corporate network, but then undock and take my laptop to lunch (without shutting down), and then run the app? Be wary of solving the wrong problem. :) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DNS Lookup Failing for One Address
AKA fishing lesson :) From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Wednesday, August 15, 2012 7:36 AM To: NT System Admin Issues Subject: RE: DNS Lookup Failing for One Address I have a theory. Often when Mr. Smith asks a question he isn't looking for an answer to that question, he is pointing you towards the answer for your problem. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]mailto:[mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, August 15, 2012 10:33 AM To: NT System Admin Issues Subject: RE: DNS Lookup Failing for One Address Yup. When we decommissioned the old server this server replaced, some devices were still looking for it for DNS (they had static settings). So we assigned the old server's address to the new one as a second address. John From: Michael B. Smith [mailto:mich...@smithcons.com]mailto:[mailto:mich...@smithcons.com] Sent: Wednesday, August 15, 2012 10:05 AM To: NT System Admin Issues Subject: RE: DNS Lookup Failing for One Address Your DC has multiple IP addresses? From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]mailto:[mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, August 15, 2012 9:08 AM To: NT System Admin Issues Subject: RE: DNS Lookup Failing for One Address Oh, and to add... Each of my sites has its own DNS server. All other DNS servers are resolving this address fine. All servers are behind the same firewall. Curiouser and curiouser. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]mailto:[mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, August 15, 2012 8:50 AM To: NT System Admin Issues Subject: RE: DNS Lookup Failing for One Address Per the suggestions from the list, I put dig on my squirrely DNS server and ran dig +trace www.studyisland.comhttp://www.studyisland.com. Results are: === ; DiG 9.3.2 +trace www.studyisland.comhttp://www.studyisland.com ;; global options: printcmd . 19740 IN NS b.root-servers.net. . 19740 IN NS c.root-servers.net. . 19740 IN NS d.root-servers.net. . 19740 IN NS e.root-servers.net. . 19740 IN NS f.root-servers.net. . 19740 IN NS g.root-servers.net. . 19740 IN NS h.root-servers.net. . 19740 IN NS i.root-servers.net. . 19740 IN NS j.root-servers.net. . 19740 IN NS k.root-servers.net. . 19740 IN NS l.root-servers.net. . 19740 IN NS m.root-servers.net. . 19740 IN NS a.root-servers.net. ;; Received 449 bytes from 127.0.0.1#53(127.0.0.1) in 15 ms com.172800 IN NS g.gtld-servers.net. com.172800 IN NS m.gtld-servers.net. com.172800 IN NS e.gtld-servers.net. com.172800 IN NS j.gtld-servers.net. com.172800 IN NS k.gtld-servers.net. com.172800 IN NS d.gtld-servers.net. com.172800 IN NS a.gtld-servers.net. com.172800 IN NS c.gtld-servers.net. com.172800 IN NS f.gtld-servers.net. com.172800 IN NS h.gtld-servers.net. com.172800 IN NS b.gtld-servers.net. com.172800 IN NS l.gtld-servers.net. com.172800 IN NS i.gtld-servers.net. ;; Received 509 bytes from 192.33.4.12#53(c.root-servers.net) in 46 ms studyisland.com.172800 IN NS aldfwprdinf001.archipelagolearni ng.com. studyisland.com.172800 IN NS aldfwcrpinf001.archipelagolearni ng.com. ;; Received 147 bytes from 192.42.93.30#53(g.gtld-servers.net) in 93 ms www.studyisland.comhttp://www.studyisland.com.0 IN CNAME vip1.studyisland.com. vip1.studyisland.com. 28800 IN A 72.249.13.58 ;; Received 72 bytes from 207.210.237.70#53(aldfwprdinf001.archipelagolearning.c om) in 46 ms === Now, I'm not a DNS expert. But to me, this looks right because I know that www.studyisland.comhttp://www.studyisland.com = vip1.studyisland.com = 72.249.13.58. But when I use nslookup against that same DNS server, my queries still fail. I enabled debugging in nslookup and got this: === set db2 www.studyisland.comhttp://www.studyisland.com. Server: aoc-pet300.taylor.k12.fl.us Addresses: 10.11.7.19 10.11.7.13 Got answer: HEADER: opcode = QUERY, id = 8, rcode = SERVFAIL header flags: response, want recursion, recursion avail. questions = 1, answers = 0,
RE: DCs in saperate OU
Thought someone was reading our private conversations there for a sec :-] -Original Message- From: Webster [mailto:webs...@carlwebster.com] Sent: Monday, August 13, 2012 7:45 AM To: NT System Admin Issues Subject: Re: DCs in saperate OU Just had this conversation last week with several list members. Answers are: 1. No 2. No 3. No OT: YES Look at this: http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturd ay-edition.aspx Which contains: Question I have heard that moving a DC to a child OU under the default Domain Controllers OU is not supported by Microsoft. Is it is possible, and any supporting arguments for or against doing this. AnswerIt¹s supported but not recommended - bad things happen when developers assume an object will always be in the same spot. Some examples: 978994 Error message when you try to migrate the SYSVOL share from the FRS to the DFSR service in a Windows Server 2008 domain: The parameter is incorrect http://support.microsoft.com/default.aspx?scid=kb;EN-US;978994 833436 The current DC is not in the domain controller's OU error message when you run the Dcdiag tool http://support.microsoft.com/default.aspx?scid=kb;EN-US;833436 And so on. We periodically find bugs and fix them without much argument. More often it¹s third parties that really get bent out of shape. Too many of their developers test using a domain built with DCPROMO using ³next next next next done now don¹t touch it!². They may not be as accommodating about a fix, so if you design this you are likely to need to un-design it someday. The real question you have to ask yourself is: why do you feel the need to move the DC¹s? Because you must, or because you can? I¹ve never had a customer successfully convince me of the former case. You can try in the comments if you like, I welcome all comers. Don't say because I need differnet policies applies to different computers because you can use security groups (global or domain local) to do that, or WMI filters. Thanks Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.com http://www.carlwebster.com/ On 8/13/12 10:17 AM, Juned Shaikh jsha...@gmail.com wrote: Greetings: Trying to find out: If there are 10 regional offices with 25 odd staff, is there a need to 1) create Regional Domain Contoller OUs and 2) move the Regional Domain Controllers to that OU and 3) apply the Domain Controller GPO. OT should we leave domain controllers alone in their natural GPO and control the acccess using Sites and services? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: [dkim-failure] Re: Problem with computer not getting its security group
voila`. You have a secure channel problem From: Eric Wittersheim [mailto:eric.wittersh...@gmail.com] Sent: Friday, August 10, 2012 1:17 PM To: NT System Admin Issues Subject: [dkim-failure] Re: Problem with computer not getting its security group 2 things are sticking out to me. 1. The Evend Id t5719, the computer was not able to set up a secure session with a domain controller due to the following. There are currently no logon server available to service login requests. 2. The computer is not seeing itself in the security group. On Fri, Aug 10, 2012 at 3:14 PM, Eric Wittersheim eric.wittersh...@gmail.commailto:eric.wittersh...@gmail.com wrote: That is what it is showing. Computer membership is not listing the Push group. But under Applied GPOs it is listing the GPO that I am trying to apply. On Fri, Aug 10, 2012 at 2:52 PM, Eric Wittersheim eric.wittersh...@gmail.commailto:eric.wittersh...@gmail.com wrote: Adding domain computers didn't work. On Fri, Aug 10, 2012 at 2:48 PM, Eric Wittersheim eric.wittersh...@gmail.commailto:eric.wittersh...@gmail.com wrote: I'll give that a shot. But do you think that this would block the server from seeing that it is a member of the security group? According to gpresult the policy is being applied. On Fri, Aug 10, 2012 at 2:38 PM, Jonathan Link jonathan.l...@gmail.commailto:jonathan.l...@gmail.com wrote: It's been a long time since I set this up. IIRC, the Everyone group just doesn't work. Don't remember why. You need to give Domain Computers rights to the installation point. On Fri, Aug 10, 2012 at 3:27 PM, Eric Wittersheim eric.wittersh...@gmail.commailto:eric.wittersh...@gmail.com wrote: nope, it is on a member server at the 2003 server's site. On Fri, Aug 10, 2012 at 2:19 PM, Rankin, James R kz2...@googlemail.commailto:kz2...@googlemail.com wrote: Is the software hosted on a DC? I had massive problems with installation policies in that config ---Blackberried From: Eric Wittersheim eric.wittersh...@gmail.commailto:eric.wittersh...@gmail.com Date: Fri, 10 Aug 2012 14:05:58 -0500 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: Re: Problem with computer not getting its security group I gave the share everyone full control and NTFS full control for everyone. I'm not getting any errors at all in the event logs saying that there was a error during install. On Fri, Aug 10, 2012 at 1:47 PM, Mayo, Bill bem...@pittcountync.govmailto:bem...@pittcountync.gov wrote: Software Installation policies are computer policies, so you have to make sure that the computer account has the ability to read the share where the software is. From: Eric Wittersheim [mailto:eric.wittersh...@gmail.commailto:eric.wittersh...@gmail.com] Sent: Friday, August 10, 2012 2:43 PM To: NT System Admin Issues Subject: Problem with computer not getting its security group Windows 2008 domain and I'm trying to apply a software installation policy gpo to a security group named Push I remove auth users from the GPO add the Push group. Verified that Push has read and apply policy to the GPO I have added a windows 2003 R2 server to the test group and waited for AD to replicate to all the DCs. I have rebooted the 2003 server many times but it is not seeing that it should/is a member of the Push group. I am getting this information by running gpresult from the 2003 box. GPresult shows that it is applying the GPO that I created to push the software. DNS resolution checks out I have disabled slow link detection just in case but that didn't have any effect. I have removed and rejoined the server from he domain. Windows Firewall is disabled When I run the GP results wizard it states that software installation did not complete and a restart is required. I am getting a Event ID 5719 when the server boots up saying that it can't set up a secure session with the domain controller. I have tried adding a policy that waits for the network to process policies. If anyone can point me in the right direction I would be forever in your debt. I'm losing hair on this one. This should be a 5 minute job and done. Eric ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to
RE: help w/ tracert
Or more apropos to the concurrent threads...pong :-] -Original Message- From: David Mazzaccaro [mailto:david.mazzacc...@hudsonmobility.com] Sent: Tuesday, July 24, 2012 12:43 PM To: NT System Admin Issues Subject: RE: help w/ tracert Like a tennis match. -Original Message- From: Steve Kradel [mailto:skra...@zetetic.net] Sent: Tuesday, July 24, 2012 3:30 PM To: NT System Admin Issues Subject: Re: help w/ tracert Routing loops are not that unusual when folks get to (badly) configuring routing, although it's most unfortunate when absolutely all your outbound traffic gets stuck in the loop... When a.b.c.13 has a.b.c.14 as its default gateway, and a.b.c.14 has a.b.c.13 as *its* default gw... there ya go. --Steve On Tue, Jul 24, 2012 at 2:18 PM, Ziots, Edward ezi...@lifespan.org wrote: Routing issue in FW probably Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: David Mazzaccaro [mailto:david.mazzacc...@hudsonmobility.com] Sent: Tuesday, July 24, 2012 1:44 PM To: NT System Admin Issues Subject: help w/ tracert When I run a tracert to google, here are the results... any suggestions from the group? Its like it just bounces between these two hosts... Tracing route to google.com [74.125.224.161] over a maximum of 30 hops: 1 1 ms1 ms1 ms {local IP Address removed} 2 3 ms 3 ms 3 ms 63-138-116-13.customer.static.ip.paetec.net [63.138.116.13] 3 4 ms 4 ms 4 ms 63-138-116-14.customer.static.ip.paetec.net [63.138.116.14] 4 7 ms 8 ms 7 ms 63-138-116-13.customer.static.ip.paetec.net [63.138.116.13] 5 7 ms 7 ms 7 ms 63-138-116-14.customer.static.ip.paetec.net [63.138.116.14] 610 ms10 ms10 ms 63-138-116-13.customer.static.ip.paetec.net [63.138.116.13] 710 ms10 ms11 ms 63-138-116-14.customer.static.ip.paetec.net [63.138.116.14] 813 ms13 ms13 ms 63-138-116-13.customer.static.ip.paetec.net [63.138.116.13] 914 ms14 ms28 ms 63-138-116-14.customer.static.ip.paetec.net [63.138.116.14] 1017 ms17 ms17 ms 63-138-116-13.customer.static.ip.paetec.net [63.138.116.13] 1117 ms17 ms17 ms 63-138-116-14.customer.static.ip.paetec.net [63.138.116.14] 1220 ms20 ms20 ms 63-138-116-13.customer.static.ip.paetec.net [63.138.116.13] 1324 ms20 ms20 ms 63-138-116-14.customer.static.ip.paetec.net [63.138.116.14] 1432 ms37 ms24 ms 63-138-116-13.customer.static.ip.paetec.net [63.138.116.13] 1524 ms24 ms35 ms 63-138-116-14.customer.static.ip.paetec.net [63.138.116.14] 1628 ms26 ms26 ms 63-138-116-13.customer.static.ip.paetec.net [63.138.116.13] 1727 ms27 ms27 ms 63-138-116-14.customer.static.ip.paetec.net [63.138.116.14] 1830 ms31 ms31 ms 63-138-116-13.customer.static.ip.paetec.net [63.138.116.13] 1931 ms30 ms32 ms 63-138-116-14.customer.static.ip.paetec.net [63.138.116.14] 2033 ms33 ms33 ms 63-138-116-13.customer.static.ip.paetec.net [63.138.116.13] 2134 ms38 ms34 ms 63-138-116-14.customer.static.ip.paetec.net [63.138.116.14] 2237 ms52 ms37 ms 63-138-116-13.customer.static.ip.paetec.net [63.138.116.13] 2337 ms37 ms37 ms 63-138-116-14.customer.static.ip.paetec.net [63.138.116.14] 2440 ms41 ms40 ms 63-138-116-13.customer.static.ip.paetec.net [63.138.116.13] 2541 ms42 ms41 ms 63-138-116-14.customer.static.ip.paetec.net [63.138.116.14] 2650 ms43 ms43 ms 63-138-116-13.customer.static.ip.paetec.net [63.138.116.13] 2744 ms44 ms44 ms 63-138-116-14.customer.static.ip.paetec.net [63.138.116.14] 2860 ms47 ms64 ms 63-138-116-13.customer.static.ip.paetec.net [63.138.116.13] 2947 ms47 ms48 ms 63-138-116-14.customer.static.ip.paetec.net [63.138.116.14] 3052 ms50 ms51 ms 63-138-116-13.customer.static.ip.paetec.net [63.138.116.13] Trace complete. . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin . ~ Finally, powerful endpoint security that
RE: chagne AD p/w option
Did I miss a portion of this conversation? What on earth does this have to do with the original question about userAccountControl flags being manipulated? AdminSDHolder has nothing to do with the original issue stated. I would also respectfully submit that this behavior is indeed by design, but to protect admins from themselves, not because they provided feedback to MS. Most people had no clue what it was or why it was designed that way 10 or 12 years ago but it saved people from shooting themselves in the foot by not allowing lesser privileged built-in groups to manage their most highly prized assets and closed a potential glaring loophole in the default ACLs. From: pdw1...@hotmail.com [mailto:pdw1...@hotmail.com] Sent: Friday, July 20, 2012 8:42 AM To: NT System Admin Issues Subject: RE: chagne AD p/w option @Chris-No question. I just was letting the group know what I had found since they had mentioned it was either gpo or script. Its almost all the accounts. Reading through the article it did state that it also applied to any user that was part of a security or distribution group. Thanks for the link, Daviid. From: david@nwea.orgmailto:david@nwea.org To: ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: RE: chagne AD p/w option Date: Fri, 20 Jul 2012 15:33:05 + Our own Michael B Smith has an article as well: http://theessentialexchange.com/blogs/michael/archive/2008/10/22/admincount-adminsdholder-sdprop-and-you.aspx I thought you had this for every account? My bad for not asking that clarifying question...Unless they were all members at one time of one of the AdminSDHolder groups at one time it shouldn't be affecting everyone. But yes if it's just specifc accounts, you need to fire up ADSIEdit and set the adminCount attribute to 0. This need to be done to any account that was say, Domain Admins that you later removed from Domain Admins (or any other AdminSDHolder group). For me it's SOP if I remove someone from Domain Admins that I fire up ADSIEdit and set the adminCount to zero. This behavior is by design, because that's the feedback Microsoft got from us admins... Dave From: hotmail_2d1f874cdc16f...@live.commailto:hotmail_2d1f874cdc16f...@live.com [mailto:hotmail_2d1f874cdc16f...@live.com]mailto:[mailto:hotmail_2d1f874cdc16f...@live.com] On Behalf Of pa...@mmcwm.commailto:pa...@mmcwm.com Sent: Friday, July 20, 2012 8:10 AM To: NT System Admin Issues Subject: chagne AD p/w option I posted a question regarding that to the MS forums and it looks like they've seen it before. They posted this link: http://technet.microsoft.com/en-us/magazine/2009.09.sdadminholder.aspx Some days I long for the simplicity of NT 3.51 and MS Mail. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: chagne AD p/w option
I say both Point taken. I'll stand by my assertion that it was a seminal design implementation that preceded any feedback. I've heard as much from MS folks. I was talking more about its origins than it's metamorphosis but I'll definitely concede your point that subsequent feedback influenced it's behavior:) It's behavior was changed circa W2K RC3 , there was a hotfix that confused it further in that timeframe and it has been changed several times, to your point, probably significantly influenced by customer feedback, especially wrt the confusion the behavior introduces. Certainly it is very misunderstood as I've heard a 90min deep dive by a MS person who was supposed to be an expert challenged by several of the MVPs who were in the room and had dug into the source code. Ned implies the same in the ask-ds blog you quoted. Look at the conversation in comments between him and Tony M. He actually got it wrong at first based on the documentation so it's no wonder mere mortals are confused. Several of the DS MVPs have blogged about it extensively if you want info in addition to Michael's excellent article. Still don't see how it applies to OP's original dilemma though... From: David Lum [mailto:david@nwea.org] Sent: Friday, July 20, 2012 9:41 AM To: NT System Admin Issues Subject: RE: chagne AD p/w option but to protect admins from themselves, not because they provided feedback to MS. Oh yeah? I say both: Question: What is AdminCount, and why is it not being decremented to '0' or 'not set' when I remove a user from a Protected Group? Answer: AdminCount is an attribute on the user account that is set to 1 on any users being protected by AdminSdHolder. When protected, the user gets this attribute set and the security inheritance bit is removed from their account. The reason AdminCount isn't set back to 0 when the user is removed from a protected group is that you told us not to! A survey of customers early on in Windows 2000's design found that they favored deleting a user account after its high-privilege http://blogs.technet.com/b/askds/archive/2009/05/07/five-common-questions-about-adminsdholder-and-sdprop.aspx Neener neener :) Dave From: Free, Bob [mailto:r...@pge.com]mailto:[mailto:r...@pge.com] Sent: Friday, July 20, 2012 9:35 AM To: NT System Admin Issues Subject: RE: chagne AD p/w option Did I miss a portion of this conversation? What on earth does this have to do with the original question about userAccountControl flags being manipulated? AdminSDHolder has nothing to do with the original issue stated. I would also respectfully submit that this behavior is indeed by design, but to protect admins from themselves, not because they provided feedback to MS. Most people had no clue what it was or why it was designed that way 10 or 12 years ago but it saved people from shooting themselves in the foot by not allowing lesser privileged built-in groups to manage their most highly prized assets and closed a potential glaring loophole in the default ACLs. From: pdw1...@hotmail.commailto:pdw1...@hotmail.com [mailto:pdw1...@hotmail.com]mailto:[mailto:pdw1...@hotmail.com] Sent: Friday, July 20, 2012 8:42 AM To: NT System Admin Issues Subject: RE: chagne AD p/w option @Chris-No question. I just was letting the group know what I had found since they had mentioned it was either gpo or script. Its almost all the accounts. Reading through the article it did state that it also applied to any user that was part of a security or distribution group. Thanks for the link, Daviid. From: david@nwea.orgmailto:david@nwea.org To: ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: RE: chagne AD p/w option Date: Fri, 20 Jul 2012 15:33:05 + Our own Michael B Smith has an article as well: http://theessentialexchange.com/blogs/michael/archive/2008/10/22/admincount-adminsdholder-sdprop-and-you.aspx I thought you had this for every account? My bad for not asking that clarifying question...Unless they were all members at one time of one of the AdminSDHolder groups at one time it shouldn't be affecting everyone. But yes if it's just specifc accounts, you need to fire up ADSIEdit and set the adminCount attribute to 0. This need to be done to any account that was say, Domain Admins that you later removed from Domain Admins (or any other AdminSDHolder group). For me it's SOP if I remove someone from Domain Admins that I fire up ADSIEdit and set the adminCount to zero. This behavior is by design, because that's the feedback Microsoft got from us admins... Dave From: hotmail_2d1f874cdc16f...@live.commailto:hotmail_2d1f874cdc16f...@live.com [mailto:hotmail_2d1f874cdc16f...@live.com]mailto:[mailto:hotmail_2d1f874cdc16f...@live.com] On Behalf Of pa...@mmcwm.commailto:pa...@mmcwm.com Sent: Friday, July 20, 2012 8:10 AM To: NT System Admin Issues Subject: chagne AD p/w option I posted
Re: The security database on the server ...
Yep, worst auto-responding list I've ever seen. It's malware harvester heaven...how to get lots of valid emails of systems management folks without even trying. I used to participate when it was new, then lurked for a while, now the noise-sig ratio is so high I just look there if there's something specific I'm wondering about and dean 98% of it. There is an occasional gem from the MS Update guys that's worth keeping. From: Rankin, James R [mailto:kz2...@googlemail.com] Sent: Thursday, July 19, 2012 1:57 PM To: NT System Admin Issues Subject: [dkim-failure] Re: The security database on the server ... Just don't mail that list unless you want to see a world record of auto-replies ---Blackberried From: Free, Bob r...@pge.commailto:r...@pge.com Date: Thu, 19 Jul 2012 20:31:29 + To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: Re: The security database on the server ... If you suspect a recent Microsoft update, check patchmanagement.org, they are all over that kind of thing. From: G.Waleed Kavalec [mailto:kava...@gmail.com]mailto:[mailto:kava...@gmail.com] Sent: Thursday, July 19, 2012 12:51 PM To: NT System Admin Issues Subject: [dkim-failure] Re: The security database on the server ... Just had it happen on a different server. Also 2008 32-bit. Make me think a recent update may be the culprit. Stay tuned! On Wed, Jul 18, 2012 at 1:50 PM, Daniel Chenault dchena...@lgnetworksinc.commailto:dchena...@lgnetworksinc.com wrote: I keep getting this too and in particular from one specific user. I've not been able to get a handle on it. Daniel Chenault dchena...@lgnetworksinc.commailto:dchena...@lgnetworksinc.com [Description: Description: cid:image001.jpg@01CCF24C.F9B05160] From: G.Waleed Kavalec [mailto:kava...@gmail.commailto:kava...@gmail.com] Sent: Wednesday, July 18, 2012 12:04 PM To: NT System Admin Issues Subject: The security database on the server ... The following condition is repeating on a newly configured server, 2008 SP2 32-bit EVERY TIME WE REBOOT, OR IF A RDP SESSION GOES TO SLEEP... Logging on as a domain user: The security database on the server does not have a computer account for this workstation trust Logging on as the local admin: no problem Fix is currently: Leave the domain. Reboot. Go to AD controller and remove the server. Rejoin the domain. Reboot. Can't seem to ID the underlying problem Anyone ever tackle this? -- G. Waleed Kavalec -- ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- G. Waleed Kavalec -- - http://www.islamawakened.com/ Helping the west read the Qur'an since 2003 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: The security database on the server ...
Yes, that one. I joined the day Shavlic opened it. I guess your idea of low auto-reply is different than James's and mine. To be fair, I haven't posted to it in over a year but you used to get dozens of auto replies, I believe I counted 50 one time. That is high to me :) From: David Lum [mailto:david@nwea.org] Sent: Thursday, July 19, 2012 2:36 PM To: NT System Admin Issues Subject: RE: The security database on the server ... Do you mean this list? patchmanagem...@listserv.patchmanagement.orgmailto:patchmanagem...@listserv.patchmanagement.org ? That one is pretty low spammage/auto-reply. Dave From: Free, Bob [mailto:r...@pge.com]mailto:[mailto:r...@pge.com] Sent: Thursday, July 19, 2012 2:30 PM To: NT System Admin Issues Subject: Re: The security database on the server ... Yep, worst auto-responding list I've ever seen. It's malware harvester heaven...how to get lots of valid emails of systems management folks without even trying. I used to participate when it was new, then lurked for a while, now the noise-sig ratio is so high I just look there if there's something specific I'm wondering about and dean 98% of it. There is an occasional gem from the MS Update guys that's worth keeping. From: Rankin, James R [mailto:kz2...@googlemail.com]mailto:[mailto:kz2...@googlemail.com] Sent: Thursday, July 19, 2012 1:57 PM To: NT System Admin Issues Subject: [dkim-failure] Re: The security database on the server ... Just don't mail that list unless you want to see a world record of auto-replies ---Blackberried From: Free, Bob r...@pge.commailto:r...@pge.com Date: Thu, 19 Jul 2012 20:31:29 + To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: Re: The security database on the server ... If you suspect a recent Microsoft update, check patchmanagement.org, they are all over that kind of thing. From: G.Waleed Kavalec [mailto:kava...@gmail.com]mailto:[mailto:kava...@gmail.com] Sent: Thursday, July 19, 2012 12:51 PM To: NT System Admin Issues Subject: [dkim-failure] Re: The security database on the server ... Just had it happen on a different server. Also 2008 32-bit. Make me think a recent update may be the culprit. Stay tuned! On Wed, Jul 18, 2012 at 1:50 PM, Daniel Chenault dchena...@lgnetworksinc.commailto:dchena...@lgnetworksinc.com wrote: I keep getting this too and in particular from one specific user. I've not been able to get a handle on it. Daniel Chenault dchena...@lgnetworksinc.commailto:dchena...@lgnetworksinc.com [Description: Description: cid:image001.jpg@01CCF24C.F9B05160] From: G.Waleed Kavalec [mailto:kava...@gmail.commailto:kava...@gmail.com] Sent: Wednesday, July 18, 2012 12:04 PM To: NT System Admin Issues Subject: The security database on the server ... The following condition is repeating on a newly configured server, 2008 SP2 32-bit EVERY TIME WE REBOOT, OR IF A RDP SESSION GOES TO SLEEP... Logging on as a domain user: The security database on the server does not have a computer account for this workstation trust Logging on as the local admin: no problem Fix is currently: Leave the domain. Reboot. Go to AD controller and remove the server. Rejoin the domain. Reboot. Can't seem to ID the underlying problem Anyone ever tackle this? -- G. Waleed Kavalec -- ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- G. Waleed Kavalec -- - http://www.islamawakened.com/ Helping the west read the Qur'an since 2003 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana
RE: ipPhone attribute displayed in Outlook 2010
This one? 3.1.1.2.3.2 Auto-Generated mAPIID http://msdn.microsoft.com/en-us/library/cc223849(v=prot.10).aspx From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Monday, July 16, 2012 6:04 PM To: NT System Admin Issues Subject: RE: ipPhone attribute displayed in Outlook 2010 There is now a supported mechanism for doing this. I'd have to look it up, but it was introduced with Server 2008. From: Damien Solodow [mailto:damien.solo...@harrison.edu]mailto:[mailto:damien.solo...@harrison.edu] Sent: Monday, July 16, 2012 5:34 PM To: NT System Admin Issues Subject: RE: ipPhone attribute displayed in Outlook 2010 The trick is generating that mapI id. :) Sent from my Android phone using TouchDown (www.nitrodesk.comhttp://www.nitrodesk.com) -Original Message- From: Brian Desmond [br...@briandesmond.com] Received: Monday, 16 Jul 2012, 4:52pm To: NT System Admin Issues [ntsysadmin@lyris.sunbelt-software.com] Subject: RE: ipPhone attribute displayed in Outlook 2010 You can retroactively assign a mapiID to an attribute in AD that doesn't have such a thing assigned. From there it's using the Details Template Editor, not the OCT to do this. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Michael B. Smith [mailto:mich...@smithcons.com]mailto:[mailto:mich...@smithcons.com] Sent: Thursday, July 12, 2012 7:35 AM To: NT System Admin Issues Subject: RE: ipPhone attribute displayed in Outlook 2010 Some quick stuff. The list of attributes that you can use for modification is obtained by: dsquery * CN=Schema,CN=Configuration,DC=example,DC=com -limit 0 -filter mAPIId=* -attr cn lDAPDisplayName mAPIID You can only modify MAPI tools (e.g., Outlook) using attributes that have a mAPIID. What you see is that ipPhone (whose official name is Phone-Ip-Primary), isn't in the list! You couldn't have modified it anyway. What you COULD do is (via a batch process) copy the value to another field that does have a mAPIID and then display that value. You have a surprising (IMO) amount of control over the contents of a number of displays when using the Office Customization Tool. That does not require your provider's involvement. It does require that you be using a non-retail version of Outlook. And finally, many of those displays are controllable via the registry. For an example, see KB 981022. Regards, Michael B. From: David Lum [mailto:david@nwea.org] Sent: Wednesday, July 11, 2012 9:18 AM To: NT System Admin Issues Subject: RE: ipPhone attribute displayed in Outlook 2010 Ok I feel dumb - I tried many variations but not my exact subject line - I only feel a little dumb :) Excellent article and just what we want...too bad our Exchange is outsourced so we have no access/control of Exchange :( From: Free, Bob [mailto:r...@pge.com]mailto:[mailto:r...@pge.com] Sent: Tuesday, July 10, 2012 3:12 PM To: NT System Admin Issues Subject: RE: ipPhone attribute displayed in Outlook 2010 I copy/pasted your subject and the first article was Customizing the Outlook Address Book. Seemed like it was right what you needed :-] From: David Lum [mailto:david@nwea.org]mailto:[mailto:david@nwea.org] Sent: Tuesday, July 10, 2012 3:02 PM To: NT System Admin Issues Subject: RE: ipPhone attribute displayed in Outlook 2010 All the crap I saw was about the Apple iPhone.. From: Free, Bob [mailto:r...@pge.com]mailto:[mailto:r...@pge.com] Sent: Tuesday, July 10, 2012 2:57 PM To: NT System Admin Issues Subject: RE: ipPhone attribute displayed in Outlook 2010 It's as easy as 1-2-3 1. Copy your subject verbatim and paste it into your web browser's address bar. 2. Submit it to the googleplex 3. Read the first article the googleplex shows you and follow the directions therein :) From: David Lum [mailto:david@nwea.org]mailto:[mailto:david@nwea.org] Sent: Tuesday, July 10, 2012 2:41 PM To: NT System Admin Issues Subject: ipPhone attribute displayed in Outlook 2010 Is it possible to map the ipPhone field to something that displays in Outlook 2010 when using Exchange? David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint
RE: W7 workstation cannot install drivers
Check that SYSTEM has Full control on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR Ensure you don't have any GPOs that govern device driver installation, restrictions or signing requirements. -Original Message- From: L. M. Rappaport [mailto:r...@lmr.com] Sent: Friday, July 13, 2012 4:48 PM To: NT System Admin Issues Subject: W7 workstation cannot install drivers I'm trying to figure out why a Windows 7 Business Pro 64 bit workstation will not let me (a member of the Administrator's Group) install any drivers. It allowed driver installation before, but it will not permit the installation of a driver for a blood glucose meter (Bayer Contour) (it uses a USB to serial converter) or a Fitbit pedometer also USB. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: File/Folder Permission
Read up on DAC in WS2012, makes ABE look like child's play. http://blogs.technet.com/b/windowsserver/archive/2012/05/22/introduction-to-windows-server-2012-dynamic-access-control.aspx From: David Lum [mailto:david@nwea.org] Sent: Thursday, July 12, 2012 7:40 AM To: NT System Admin Issues Subject: RE: File/Folder Permission ABE rocks. I remember adding it to 2003 servers when the add-in came out. From: Andrew S. Baker [mailto:asbz...@gmail.com]mailto:[mailto:asbz...@gmail.com] Sent: Thursday, July 12, 2012 7:31 AM To: NT System Admin Issues Subject: Re: File/Folder Permission A. Create a new share, such that \\ipaddress\Efile:///\\ipaddress\E = \\ipaddress\A\B\C\Dfile:///\\ipaddress\A\B\C\D OR B. Use Access-based Enumeration http://blogs.technet.com/b/hugofe/archive/2010/06/21/windows-2008-access-based-enumeration-abe.aspx?Redirected=true ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market... On Thu, Jul 12, 2012 at 10:07 AM, Haritwal, Dhiraj dhiraj.harit...@ap.sony.commailto:dhiraj.harit...@ap.sony.com wrote: Then user will be able to see all folder/files. Is there any other option to allow only child folder access (D) without giving root folder access. Dhiraj From: Andrew S. Baker [mailto:asbz...@gmail.commailto:asbz...@gmail.com] Sent: Thursday, July 12, 2012 18:34 To: NT System Admin Issues Subject: Re: File/Folder Permission Path \\ipaddress\a\b\c\dfile:///\\ipaddress\a\b\c\d makes it look like \\ipaddress\Afile:///\\ipaddress\A is a sharename. If so, you need permissions A and D If it were a local folder, everything else that has been said already would come into play. ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market... On Thu, Jul 12, 2012 at 8:54 AM, Haritwal, Dhiraj dhiraj.harit...@ap.sony.commailto:dhiraj.harit...@ap.sony.com wrote: Ben, I have given Security permissions only on D folder tried to access path \\IPAddress\A\B\C\Dfile:///\\IPAddress\A\B\C\D from client side, but showing error you don't have access rights to access that folder etc. Dhiraj -Original Message- From: Ben Scott [mailto:mailvor...@gmail.commailto:mailvor...@gmail.com] Sent: Thursday, July 12, 2012 18:13 To: NT System Admin Issues Subject: Re: File/Folder Permission On Thu, Jul 12, 2012 at 8:05 AM, Haritwal, Dhiraj dhiraj.harit...@ap.sony.commailto:dhiraj.harit...@ap.sony.com wrote: But Ben There are multiple folders inside the root folder. Ex root folder is A -- B -- C --D Now the shared folder is A which is root folder I want to give access of folder D to a user who doesn't have root folder access A. is it possible. Will he able to access that child folder. By default, the user will be able to access D, even if the user cannot read A, B, or C. (There is a feature, Bypass traverse checking, which allows this. It is enabled by default.) However, the user may not be able to *find* D if they can't read the parent folders. They would need to enter/type/know the path to D explicitly, rather than drilling down through folders. Shortcuts and hyperlinks can help here. If you want users to be able to navigate to D by clicking through parent folders, you'll need to give the users read permission to the parents folders. You don't need to grant them anything other than read/list on those folders, though. You can choose to apply the permission to This folder only, for example. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: OT - Clean Joke -
Ahhh..usenet. Reminded me of a couple of Spafford’s quotes that are still fairly relevant today if you just replace ‘usenet’ with your medium of choice. “Usenet is like a herd of performing elephants with diarrhea -- massive, difficult to redirect, awe-inspiring, entertaining, and a source of mind-boggling amounts of excrement when you least expect it. ” Axiom #1: The Usenet is not the real world. The Usenet usually does not even resemble the real world. Corollary #1: Attempts to change the real world by altering the structure of the Usenet is an attempt to work sympathetic magic -- electronic voodoo. Corollary #2: Arguing about the significance of newsgroup names and their relation to the way people really think is equivalent to arguing whether it is better to read tea leaves or chicken entrails to divine the future. Axiom #2: Ability to type on a computer terminal is no guarantee of sanity, intelligence, or common sense. Corollary #3: An infinite number of monkeys at an infinite number of keyboards could produce something like Usenet. Corollary #4: They could do a better job of it. Axiom #3: Sturgeon's Law (90% of everything is crap) applies to Usenet. Corollary #5: In an unmoderated newsgroup, no one can agree on what constitutes the 10%. Corollary #6: Nothing guarantees that the 10% isn't crap, too. From: Don Kuhlman [mailto:drkuhl...@yahoo.com] Sent: Thursday, June 28, 2012 6:43 AM To: NT System Admin Issues Subject: Re: OT - Clean Joke - Wow - that's been a while :) From: Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Wednesday, June 27, 2012 4:23 PM Subject: RE: OT - Clean Joke - Honestly, I have a printed copy of this joke (with minor changes appropriate for changing technology), from Usenet, dated October, 1981. It was (perhaps), more timely then – long before AutoSave. ☺ From: Don Kuhlman [mailto:drkuhl...@yahoo.com]mailto:[mailto:drkuhl...@yahoo.com] Sent: Wednesday, June 27, 2012 12:01 PM To: NT System Admin Issues Subject: OT - Clean Joke - This is one of the best clean jokes I've seen in a while! Jesus and Satan were having an on-going argument about who was better on the computer. They had been going at it for days, and frankly God was tired of hearing all the bickering. Finally fed up, God said, 'THAT'S IT! I have had enough. I am going to set up a test that will run for two hours, and from those results, I will judge who does the better job.' So Satan and Jesus sat down at the keyboards and typed away. They moused. They faxed. They e-mailed. They e-mailed with attachments... They downloaded. They did spreadsheets! They wrote reports. They created labels and cards. They created charts and graphs. They did some genealogy reports. They did every job known to man. Jesus worked with heavenly efficiency and Satan was faster than hell. Then, ten minutes before their time was up, lightning suddenly flashed across the sky, thunder rolled, rain poured, and, of course, the power went off... Satan stared at his blank screen and screamed every curse word known in the underworld. Jesus just sighed Finally, the electricity came back on, and each of them restarted their computers. Satan started searching frantically, screaming: 'It's gone! It's all GONE! 'I lost everything when the power went out!' Meanwhile, Jesus quietly started printing out all of his files from the past two hours of work. Satan observed this and became irate. 'Wait!' he screamed. That's not fair! He cheated! How come he has all his work and I don't have any?' God just shrugged and said, JESUS SAVES... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
RE: Backup a DC
Then they would have to be admins and policy definitely states otherwise :) My policy- Wherever you are you should be able to count EA/DAs on the fingers of one hand From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, June 29, 2012 10:05 AM To: NT System Admin Issues Subject: RE: Backup a DC I would assume yes, unless policy states otherwise... Z Edward Ziots CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org From: David Lum [mailto:david@nwea.org]mailto:[mailto:david@nwea.org] Sent: Friday, June 29, 2012 12:55 PM To: NT System Admin Issues Subject: RE: Backup a DC This begs the question: Who patches the DC's, the same team that does the rest of the servers? From: Free, Bob [mailto:r...@pge.com] Sent: Friday, June 29, 2012 7:54 AM To: NT System Admin Issues Subject: RE: Backup a DC Then you can script it all and manage the resultant files with said scripts to comply with your security requirements, DR SLAs, offsite storage reqs etc. From: David Lum [mailto:david@nwea.org]mailto:[mailto:david@nwea.org] Sent: Thursday, June 28, 2012 6:51 AM To: NT System Admin Issues Subject: RE: Backup a DC Nope I sure don't mind the command line. From: Michael B. Smith [mailto:mich...@smithcons.com]mailto:[mailto:mich...@smithcons.com] Sent: Wednesday, June 27, 2012 2:25 PM To: NT System Admin Issues Subject: RE: Backup a DC Windows server backup is amazingly powerful, if you don't mind dropping to the command line. From: David Lum [mailto:david@nwea.org]mailto:[mailto:david@nwea.org] Sent: Wednesday, June 27, 2012 11:58 AM To: NT System Admin Issues Subject: RE: Backup a DC Cool I was thinking just the AD guys should be able to backup/restore, hadn't considered not using TSM for DC recovery options but I like that idea. I got the HelpDesk folks out of DA's years ago, this latest development lets me kick out the other SE's from being DA's which has been a point of contention for me for YEARS! Dave From: Free, Bob [mailto:r...@pge.com]mailto:[mailto:r...@pge.com] Sent: Wednesday, June 27, 2012 8:31 AM To: NT System Admin Issues Subject: RE: Backup a DC Only your fully qualified AD admins should have backup/restore rights on the DCs. Period. Double check the user rights assignment as well. You have your DR plan all document and tested too, right? wink Do you even need TSM? We don't use it because it doesn't fit in our DR plan and because of the attendant security holes. If you have people in the other built-in *Operator groups, they should also be addressed. Hope you got the helpdesk folks out by now too From: David Lum [mailto:david@nwea.org]mailto:[mailto:david@nwea.org] Sent: Wednesday, June 27, 2012 8:17 AM To: NT System Admin Issues Subject: Backup a DC How do you guys handle permissions for backup and restore of a domain controller? I somehow got to be the AD lead on our newly formed Active Directory team, and one thing I get to do is pare back is Domain Admin membership! Our Tivoli backup person is DA for the *sole* purpose of backup/restore of our DC's and I'm thinking that can be addressed. David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana
Free eBooks from MSPress
I've seen links to a couple individual ones here and there (thanks MBS) but here is a page with quite a few - http://blogs.msdn.com/b/microsoft_press/archive/2012/05/04/free-ebooks-great-content-from-microsoft-press-that-won-t-cost-you-a-penny.aspx ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Ex 2003 to 2010
We did. Roughly 25K mailboxes in the prod env. From: Daniel Chenault [mailto:dchena...@lgnetworksinc.com] Sent: Friday, June 22, 2012 12:12 PM To: NT System Admin Issues Subject: Ex 2003 to 2010 Is it possible to transition from Ex2k3 to Ex2k10? I've found a couple of documents that say yes, yes with caveats and no. Anyone done this? Daniel Chenault dchena...@lgnetworksinc.commailto:dchena...@lgnetworksinc.com Office: 972-528-6546 x 1002 Fax: 972-982-0054 9550 Skillman Road Suite 500 Dallas, TX 75243 [Description: Description: cid:image001.jpg@01CCF24C.F9B05160] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: How many in your company can join systems to domain
To each his own but you can do that just fine with ms-DS-MachineAccountQuota set to zero. The value of ms-DS-MachineAccountQuota is actually rather irrelevant with properly delegated permissions. We have a LOT of OUs with tens of thousands of computer objects and zero in the default container without all the extras you describe below. There are also plenty of admins who can join the domain in the proper location based on discrete delegations. Moving and disabling and chastising after the fact seems like a lot of extra work to me. If they can't do it wrong because you control it with the delegations and they get I'm sorry Dave but I can't let you do that they can't very well forget and do it wrong resulting in the need for intervention :-) Much of this is going away in our environment with process improvement and automated deployments but it has worked fine for 10 years. -Original Message- From: Paul Gordon [mailto:paul_gor...@hotmail.com] Sent: Thursday, June 21, 2012 2:11 AM To: NT System Admin Issues Subject: RE: How many in your company can join systems to domain I have done this Because my requirement *IS* to allow a certain number of delegated regional admins (who are NOT Domain Admin members) to join computers, I have not reduced the ms-ds-machineaccountquota, as that is too blunt a tool, and can't distinguish between ordinary users and my delegated admins... - In fact I have *increased* the quota so that those regional administrators can continue to function... However, I *HAVE*... - created a brand new top level OU called Computers to be moved. - ACLd that OU to only allow my intended admins to create child objects. - Changed the default container for new computer objects in AD to this new OU. Now, any computer that joins the domain does not get created in the default computers container, but in my new OU. I have issued a very prescriptive process to those regional admins that instructs them in no uncertain terms that when joining computers to our domain they must pre-create the computer account in their specific OU before joining the machine. Obviously, most of the time they forget to do this (don't we all?) and just do it the regular way, such that the computer account does end up in that computers to be moved OU... - (which is also fine, just so long as they then remember to immediately go into ADUC move the object to the correct OU, which they've also been instructed to do), So by way of encouraging them to change their habits, I run the following powershell script as a scheduled task every 1 hour, on the hour, which disables any machine accounts that happen to be there! - it could just as easily delete those computer accounts... :-) - Feel free to take this script and do with it as you will... - but I'd appreciate getting back any improvements! # Script to automatically disable any computer accounts found to exist in the Computers container in AD # Version: 1.0 # Date: 18-01-2012 # Author Paul Gordon ## #FUNCTION DECLARATIONS # ## function MyLog { # Log events to screen and/or file param ([string]$msg, [int]$flag, [int]$target) # $flag = Log event type (INFO, WARNING, etc), $target = log destination (0=none, 1=screen, 2=file 3=both) if ($target -gt 1) {$fileoutput=$true} if ($target -eq 1 -OR $target -eq 3) {$screenoutput=$true} $date = get-date -format dd/MM/ HH:mm:ss if ($flag -eq 0) { if ($fileoutput) {Write-Output $date INFO: $msg | Out-File $LogFile -append} #write to file if target flag=2 or 3 if ($screenoutput) {write-host $date INFO: $msg} #write to screen if target flag=1 or 3 } elseif ($flag -eq 1) { if ($fileoutput) {Write-Output $date WARNING: $msg | Out-File $LogFile -append} #write to file if target flag=2 or 3 if ($screenoutput) {write-host $date WARNING: $msg} #write to screen if target flag=1 or 3 } elseif ($flag -eq 2) { if ($fileoutput) {Write-Output $date ERROR: $msg | Out-File $LogFile -append} #write to file if target flag=2 or 3 if ($screenoutput) {write-host $date ERROR: $msg} #write to screen if target flag=1 or 3 } elseif ($flag -eq 3) { if ($fileoutput) {Write-Output $date DEBUG: $msg | Out-File $LogFile -append} #write to file if target flag=2 or 3 if ($screenoutput) {write-host $date DEBUG: $msg} #write to screen if target flag=1 or 3 } } ## # MAIN SCRIPT BODY # ## # Import the required AD powershell module Import-Module ActiveDirectory #
Re: in-depth AD
Actually, you do have a test environment. What you do not have is a production environment. Very ironic in this context. That quote came from one of the original AD lead dev managers, Don Hacherl. About as knowledgeable person as there is WRT AD :-) -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Wednesday, June 13, 2012 8:43 AM To: NT System Admin Issues Subject: [dkim-failure] Re: in-depth AD On Wed, Jun 13, 2012 at 9:24 AM, Daniel Chenault dchena...@lgnetworksinc.com wrote: A lab.. nice. You have one? Wish I did. I lack the hardware to set one up. Someone on one of these lists once remarked to that kind of situation: Actually, you do have a test environment. What you do not have is a production environment. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Reality check
To Hunter's point, and the gist of several of these conversations, if you minimize administrative authority through delegation, in this case, who can edit GPOs, that is poor-man's change control. You can actually wrap plenty of process around it even in the absence of AGPM or a 3rd party product. I have always used a 3rd party product but it is still coupled with lots of process, formal change management and strictly limited access to the GPOs. At the end of the day where I work, only a DA can migrate to prod or modify any production GPOs. I heard a story a long time ago about a Fortune 5 company brought to a halt on all but one continent because of an ill-conceived GPO change and they only reason they weren't completely locked out was because they got to work later in North America and were able to minimize the issue before most of their users came to work. I recently attended a Forest Recovery workshop and early on we did the risk access element with the whole likelihood x impact equation. Guess what came out with the highest risk for a disaster in AD? Hint-- it is a TLA starting with G :-) -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Monday, June 11, 2012 6:43 AM To: NT System Admin Issues Subject: RE: Reality check Only if they have AGPM installed Don... not all have it. Its definitely nice though, and helps keep GPO's controlled and audited. Z Edward Ziots CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -Original Message- From: Guyer, Don [mailto:dgu...@che.org] Sent: Monday, June 11, 2012 8:07 AM To: NT System Admin Issues Subject: RE: Reality check On top of that you can use Group Policy Management's Change Control feature for approving/unapproving remote tech's GPO submissions. Regards, Don Guyer Catholic Health East - Information Technology Enterprise Directory Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: dgu...@che.org Office: 610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440 For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839. -Original Message- From: Coleman, Hunter [mailto:hcole...@mt.gov] Sent: Friday, June 08, 2012 4:28 PM To: NT System Admin Issues Subject: RE: Reality check You can delegate off the GPO stuff as well. -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Friday, June 8, 2012 1:03 PM To: NT System Admin Issues Subject: RE: Reality check Already did exactly this for the Service Desk a couple years ago, the only different for the SE's would be allowing it to OU's the SD guys can't get to. I'd bet it'd take a while before they noticed...like the next time they went to mess with a GPO (which is rare, but it happens). Dave -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, June 08, 2012 11:47 AM To: NT System Admin Issues Subject: Re: Reality check If that's all they need, then delegation is your friend. It's pretty dang easy to set up, too. Create accounts, put them in the new groups, use the delegation wizard to add the new groups to the relevant OUs, and you're good to go. Kurt On Fri, Jun 8, 2012 at 10:40 AM, David Lum david@nwea.org wrote: That’s funny, I *JUST* had this discussion with someone else here. If they could create accounts, join machines, and install software on some systems they’d likely not know the difference.. From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, June 08, 2012 10:23 AM To: NT System Admin Issues Subject: Re: Reality check In your shoes I might be tempted to present them with a fait accompli - over the weekend strip their user accounts of DA privileges and create new accounts for them that allows them to do what they need to do. Of course, you'd want to show the manager of the department references on why you're doing it, and get his blessing. Kurt On Fri, Jun 8, 2012 at 9:29 AM, David Lum david@nwea.org wrote: “separation of privileges or separation of duties which should be firmly entrenched in most workplaces” HAHAHAHAHHAHAHHAHAHAA! Oh wait, you said “should” Dude, our users are still local admins and I’m the only one who seems to care, not one of the 5 Service Desk guys are inclined to move us in that direction, they only see it as extra work. Only one other SE has a separate DA account for Domain Admin access, the rest of ‘em they’re normal accounts are DA accounts. Hmm…that might be a vent… From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, June 08, 2012 6:57 AM To: NT System Admin Issues Subject: RE: Reality check Seems strange that business users would have admin access to a server, which wouldn’t obey separation of privileges or separation of duties which should be firmly entrenched in most workplaces ( again YMMV as stated before). Z
ADREPLSTATUS - AD Replication Status tool
Just looked at this briefly and it should prove useful, especially if you aren't used to regularly using/interpreting some of the lower level tools like repadmin. It has what looks like a great monitoring facility plus an educational element. Besides automagically discovering and monitoring it also has export function, links to explanatory articles and an error guide. Pretty cool at first glance. http://www.microsoft.com/en-us/download/details.aspx?id=30005 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: ADREPLSTATUS - AD Replication Status tool
That is so you consultant-dudes can use it on clients who don't know what they have...lol -Original Message- From: Webster [mailto:webs...@carlwebster.com] Sent: Tuesday, June 12, 2012 2:21 PM To: NT System Admin Issues Subject: RE: ADREPLSTATUS - AD Replication Status tool I like this: Supported operating systems: Undefined I hope Undefined is supposed to be Server 2012 as that is in the list of supported OS versions. Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.com -Original Message- From: Free, Bob [mailto:r...@pge.com] Subject: ADREPLSTATUS - AD Replication Status tool Just looked at this briefly and it should prove useful, especially if you aren't used to regularly using/interpreting some of the lower level tools like repadmin. It has what looks like a great monitoring facility plus an educational element. Besides automagically discovering and monitoring it also has export function, links to explanatory articles and an error guide. Pretty cool at first glance. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Reality check
Hope you keep your resume up to date. That is a recipe for disaster. I sure wouldn’t want to work in an environment where 1st tier support had power like that and there weren’t even rudimentary policies in place. From: David Lum [mailto:david@nwea.org] Sent: Friday, June 08, 2012 9:29 AM To: NT System Admin Issues Subject: RE: Reality check “separation of privileges or separation of duties which should be firmly entrenched in most workplaces” HAHAHAHAHHAHAHHAHAHAA! Oh wait, you said “should” Dude, our users are still local admins and I’m the only one who seems to care, not one of the 5 Service Desk guys are inclined to move us in that direction, they only see it as extra work. Only one other SE has a separate DA account for Domain Admin access, the rest of ‘em they’re normal accounts are DA accounts. Hmm…that might be a vent… From: Ziots, Edward [mailto:ezi...@lifespan.org]mailto:[mailto:ezi...@lifespan.org] Sent: Friday, June 08, 2012 6:57 AM To: NT System Admin Issues Subject: RE: Reality check Seems strange that business users would have admin access to a server, which wouldn’t obey separation of privileges or separation of duties which should be firmly entrenched in most workplaces ( again YMMV as stated before). Z Edward Ziots CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org From: Christopher Bodnar [mailto:christopher_bod...@glic.com]mailto:[mailto:christopher_bod...@glic.com] Sent: Friday, June 08, 2012 9:28 AM To: NT System Admin Issues Subject: Re: Reality check It depends on your environment. That's almost identical to the procedure we have here. When provisioning a new server here, part of the process is to create a new AD group with this naming convention: ACME_ADMINS_SERVERNAME This group is then placed in the local administrators group of the server. All business users that need admin access to servers have a separate account for that purpose. They submit a privileged access request, and when approved our user admin group adds them to the appropriate AD group that was created for the server. In a small environment this might be overkill. YMMV Christopher Bodnar Enterprise Achitect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto: [cid:image001.jpg@01CD455D.2E186C40] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ From:David Lum david@nwea.orgmailto:david@nwea.org To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date:06-08-12 09:14 AM Subject:Reality check A fellow team member (not an SE, but more of an application owner type of tech person) needs Local Admin access to a server to install and configure a new application on it. I understand the need and agree with it. Instead of just throwing his account into the local admin group on that server I did the following: Created a LA-servername account (LA= Local Admin) Created a security group called LA-servername_LocalAdmin, added the above to it Created a GPO to put said security group into local admins on that server My thinking is 1. This keeps him from using his daily account to be local admin on the box 2. I don’t have an individual assignment on that server In general, I view putting a user specifically into a server’s local group as the same as putting a user (instead of a group) into the ACL of an NTFS folder. If said employee leaves, it’s difficult/tedious to see where they had access TO so we have no idea where their replacement might need to be added. However, was that really too much work to give the guy the ability to log in as local admin? David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
Re: To notify, or not notify (LinkedIn)
Probably only because the system wouldn't allow it in the first place, not because some luser didn't try. Oh wait, I forgot what system we were talking about momentarily. disregard :-) lol -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Friday, June 08, 2012 9:35 AM To: NT System Admin Issues Subject: Re: To notify, or not notify (LinkedIn) On Fri, Jun 8, 2012 at 11:23 AM, Free, Bob r...@pge.com wrote: https://lastpass.com/linkedin/ password and linkedin both come up as in the list. But 12345 does not. Interesting. peekaboo was also in there. I guess someone would have guessed it, after all. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Schema upgrade/rollback
To cut to the chase- bottom line- schema rollback = forest recovery. --Additional detail All due respect to Carl's link and it's author, that is not the party line from MSIT any longer, they do not recommend taking the SM offline and as noted in the blog comments, some updates fail unless there is successful replication, PDCe is reachable etc. You will actually find a lot of the links to the older guidance on MS sites mentioned in various blogs and forums are now defunct(AKA 404) I saw Brian Puhl (Directory Services Manager in MSIT or some such title at the time) make a presentation at DEC (now TEC) 4 years ago to that effect and it is repeated and reinforced by the MS DS Product Team every year. He actually had a big red x over the How MSIT does Schema Updates blog posting on one of his slides. From that slide- 1. Admin stare compare, documentation review, understand the changes! 1. Deploy in a test environment that resembles the production domain 1. Follow change control process for notification, scheduling, etc... 1. Install Do's Communicate with the other services about what you're doing Test and Document so you know what it's supposed to do Don'ts Try to prevent the data from replicating out Install the schema, until you are SURE that you want it Think that your backout plan is anything less than a forest restore Notes: We took it off and revising it, because in the before time we would pull servers off the network, change replication topologys, and do all this crazy work... and then we found that we were way too late in the process...we should have been focusing our FUD BEFORE we ever pulled the trigger...if you want to extend the schema, but aren't sure, then you shouldn't be doing it in the first place... 1. Stare and compare - this is how we ended up finding out that Exchange was granting itself the right to manage replication - if you don't know what the prep's are doing (and it's not always all documented by MS or every other app provider) then you don't know what's in your directory - and finding out after the fact is a major hassle 2. No, ours isn't EXACT, but from the schema, security, and GPO perspective it's a match 3. The 240,000 mistake 4. If you've done your due diligence, then pull the trigger on the damn thing and let it go Comment by Laura Hunter from a thread on this topic on activdir back then- http://www.activedir.org/ListArchives/tabid/55/view/topic/postid/26689/Default.aspx 03/24/2008 3:40 PM It's actually worth noting that the MSIT guidance in that webcast is a bit outmoded (unsurprising, with it being 2 years old and all.) At Brian's How MSIT does... chat at DEC a few weeks ago, the current prevailing wisdom at MSIT on schema mods is as follows: * Decide what you want to do * Understand the ramifications of it * Test it * Test it again * Do it. (But do it with the understanding that the recovery from a bad/unwanted schema mod is, make no mistake, a -full forest recovery-.) In terms of taking the Schema Master offline/stopping outbound repl/other similar gyrations, the curent MSIT thinking seems to be We don't do that anymore, as this seemed to be adding much unnecessary FUD around the prospect of schema mods. Does this mean that the advice from 2 years ago doesn't work anymore? I would say not, and if it's a process that your org is comfortable with then for my part I would further say 'go with God'. I'm just reporting on the latest takeaway from How MSIT does..., as it's different from what was being advocated in the link listed by Ken. From: Webster [mailto:webs...@carlwebster.com] Sent: Friday, June 08, 2012 1:04 PM To: NT System Admin Issues Subject: Re: Schema upgrade/rollback http://blogs.technet.com/b/janelewis/archive/2009/05/12/schema-what-is-the-best-practise-for-updating.aspx Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.comhttp://www.carlwebster.com/ From: David Lum david@nwea.orgmailto:david@nwea.org Reply-To: NT Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date: Friday, June 8, 2012 2:32 PM To: NT Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: Schema upgrade/rollback In this day and age of VM's, what would be the simplest way to test and possibly roll back a schema extension? Would this work? Power down all DC's Snapshot schema master Power up schema master Extend schema Smoke test If there are failures revert to snapshot If all checks out OK power up remaining DC's ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally,
RE: User provisioning AD web Front End.
Which we replaced DRA with over time. I've heard it's improved but went through a lot of hoops to get rid of DRA back in the day when it was acquired and rebranded. From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Tuesday, April 17, 2012 8:36 PM To: NT System Admin Issues Subject: RE: User provisioning AD web Front End. Quest also has similar tools Cheers Ken From: Christopher Bodnar [mailto:christopher_bod...@glic.com]mailto:[mailto:christopher_bod...@glic.com] Sent: Wednesday, 18 April 2012 3:27 AM To: NT System Admin Issues Subject: Re: User provisioning AD web Front End. I've used NetIQ's product DRA before: http://www.netiq.com/products/dra/default.asp#http://www.netiq.com/products/dra/default.asp Not cheap, but it works well. Christopher Bodnar Enterprise Achitect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto: [cid:image001.jpg@01CD1D36.1D91B420] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ From:justino garcia jgarciaitl...@gmail.commailto:jgarciaitl...@gmail.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date:04/17/2012 03:19 PM Subject:User provisioning AD web Front End. Anyone here used a User provision platformat like http://www.webactivedirectory.com/products/peopleprovision/screenshots -- Justin IT-TECH ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: [dkim-failure] Re: Domain local vs. global vs. universal
Good choice. That was and awesome finale. Especially the dis-arming From: William Robbins [mailto:dangerw...@gmail.com] Sent: Thursday, April 12, 2012 6:41 PM To: NT System Admin Issues Subject: [dkim-failure] Re: Domain local vs. global vs. universal Nope. Instead I'm going to catch the season finale of Justified. :P - Will On Thu, Apr 12, 2012 at 20:04, Free, Bob r...@pge.commailto:r...@pge.com wrote: Nah, I'm just misbehaving. The NewAndImprovedWill(tm) won't rise to the bait anyway. From: Lora Cates [mailto:lora.ca...@rocketmail.commailto:lora.ca...@rocketmail.com] Sent: Thursday, April 12, 2012 5:14 PM To: NT System Admin Issues Subject: Re: Domain local vs. global vs. universal Did I just sense a disturbance in the force? -lc From: Free, Bob r...@pge.commailto:r...@pge.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 6:15 PM Subject: RE: Domain local vs. global vs. universal Fires up the jiffypop lol From: Lora Cates [mailto:lora.ca...@rocketmail.com]mailto:[mailto:lora.ca...@rocketmail.com] Sent: Thursday, April 12, 2012 2:41 PM To: NT System Admin Issues Subject: Re: Domain local vs. global vs. universal So I take it you lost? :) What, dare I ask, was your position on said matter in the arena? -lc From: William Robbins dangerw...@gmail.commailto:dangerw...@gmail.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 3:45 PM Subject: Re: Domain local vs. global vs. universal I'm not entering into the empty root arena again. :) I will answer the last query. He is that Brian Desmond...which is why I shan't enter that arena again. - Will On Thu, Apr 12, 2012 at 15:08, Lora Cates lora.ca...@rocketmail.commailto:lora.ca...@rocketmail.com wrote: Well I've inherited what I'll kindly refer to as a mess. I'm still in the information gathering phase myself as I haven't quite been here 12 days yet, and only found this list recently. So I'll apologize in advance for my faux pas. Basically I was hired to consolidate a plethora of disparate AD domains/forests in several geographically dispersed hospital groups into a single forest. I still haven't met with the networking folks, so I don't know what shape the WAN is in. My predecessor went so far as to set up the CompanyX.comhttp://CompanyX.com parent domain and it's empty save the defaults, there is also a child domain of US.companyX.comhttp://US.companyX.com with what appears to be the users from corporate. I've read several debates regarding an empty root. Is there a consensus on yea vs. nay? Speaking of reading, and apologies for any offense, are you this Brian Desmond? Active Directory: Designing, Deploying, and Running Active Directory, Fourth Edition -lc From: Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 2:16 PM Subject: RE: Domain local vs. global vs. universal Well the impact is that all uni group membership changes replicate to every GC. If you've got concerns around WAN utilization, availability, latency, etc., then this could be worth looking at. In quite a lot of scenarios, the WAN issues that existed circa Windows 2000 don't exist anymore which makes this a less interesting discussion point. Without knowing about your customer's environment and scale it's hard to say. I would say that it's highly unlikely that I would design a new multi-domain forest except for some pretty isolated and specific design requirements these days. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438tel:312.625.1438 | c - 312.731.3132tel:312.731.3132 From: Lora Cates [mailto:lora.ca...@rocketmail.commailto:lora.ca...@rocketmail.com] Sent: Thursday, April 12, 2012 1:05 PM To: NT System Admin Issues Subject: Re: Domain local vs. global vs. universal I too am looking into this for a coming migration I've been asked to design for a customer. What's the impact to GC's by making everything Universal Groups? Especially in a multi domain, multi forest environment? -lc From: Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 12:02 PM Subject: RE: Domain local vs. global vs. universal In a single domain forest (or even many multi-domain domain forests today), I would just do all uni groups. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438tel:312.625.1438 | c - 312.731.3132tel:312.731.3132
Re: GPO weirdness
Read Jerry's article there entitled Loopback 101for all the nitty gritty http://www.gpoguy.com/MailList/tabid/58/forumid/1/postid/3803/view/topic/Default.aspx From: Anders Blomgren [mailto:chanks...@gmail.com] Sent: Friday, April 13, 2012 6:46 AM To: NT System Admin Issues Subject: [dkim-failure] Re: GPO weirdness No, you need the gpo yodas at gptalk. See http://www.gpoguy.com/GPTalk-Subscribe.aspx#GPTALK The list is low volume but a truly excellent gpo resource. Or I can ask since I don't know the definite answer. :) But I still recommend joining. -Anders Sent from my iPhone On 13 apr 2012, at 15:41, James Rankin kz2...@googlemail.commailto:kz2...@googlemail.com wrote: That's not how I understood it (I could be wrong), but as I said previously I've had it working before without having to add computer accounts. Maybe need one of the AD Yodas to provide a definitive answer :-) On 13 April 2012 13:54, Mayo, Bill bem...@pittcountync.govmailto:bem...@pittcountync.gov wrote: Loopback processing always ups the confusion for me (so I could be way off), but isn't that the likely reason for it? Loopback processing says to use the policy applied to the computer, not the user, so it would not apply the policy in question unless it also applied to the computer being logged onto. If the restriction didn't apply to the computer, it therefore wouldn't be applied, right? Bill Mayo From: James Rankin [mailto:kz2...@googlemail.commailto:kz2...@googlemail.com] Sent: Friday, April 13, 2012 8:31 AM To: NT System Admin Issues Subject: Re: GPO weirdness Both. Settings aren't applied, and the GPO doesn't show as being applied in gpresult. On 13 April 2012 13:13, Christopher Bodnar christopher_bod...@glic.commailto:christopher_bod...@glic.com wrote: Just read your disclaimer, funny stuff, extraterrestrial eggplants? OK back to your issue. When you say the GPO does not apply do you mean that the settings dont' get enforced, or that the GPO doesn't show up as being applied in the output of GPRESULT? Christopher Bodnar Enterprise Achitect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459tel:610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto:christopher_bod...@glic.com image001.jpg The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ From:James Rankin kz2...@googlemail.commailto:kz2...@googlemail.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date:04-13-12 05:12 AM Subject:GPO weirdness I have a GPO with user settings that I am applying to an OU with Terminal Servers in it (Loopback Policy Processing is configured in another GPO on the same OU). I also want to apply a security filter to the user settings OU so that only a certain AD group are subject to it. However, whenever I change the security filter from Authenticated Users, the GPO does not apply even though the user is a member of the AD group in the security filter. The only way I can get it to work is by adding the computer accounts for the Terminal Servers to the security filter, which has me baffled because these are user settings and shouldn't be applied to the computer accounts, should they? I could be utterly wrong but I have checked GPOs I used in other, similar environments and I never had to add computer accounts specifically to a security filter for a user settings GPO to work. Can anyone confirm if this is expected behaviour or not? TIA, JRR -- http://appsensebigot.blogspot.co.ukhttp://appsensebigot.blogspot.co.uk/ IMPORTANT INFORMATION/DISCLAIMER I certainly don't have time to monitor the content of e-mail sent and received via this account for the purposes of ensuring compliance with anyone's policies and procedures. I am pretty sure that somewhere in UK legislation there is some politically-correct drivel that stipulates I must never send or store e-mails or attachments that are obscene, indecent, sexist, racist, defamatory, abusive, in breach of copyright, encrypted, amusing, overly long, slightly opinionated, anonymous, likely to harm animals or hurt the feelings of an as-yet-unspecified or as-yet-nonexistent minority (such as extraterrestrial eggplants). Emails of this nature sent in or out of this account may be intercepted and stopped by the system, but it's a long shot. This being the UK, even if I was prosecuted for breach of said email guidelines, I'd probably walk with a suspended sentence anyway, but if I'd forgotten to pay my car insurance, I'd most certainly be hung, drawn and quartered. I am not responsible for any changes made to the message after it has been sent, in more or less the same way that cyclozine manufacturers aren't responsible for drug addicts mixing it with methadone and overdosing, so I'm glad I
Re: GPO weirdness
Gpresult output is very dependent on how you are running it, permissions, arguments, UAC potentially and varies by OS...uh oh...the ubiquitous more-info. gpresult with the proper arguments and /v redirected to a file can be very illuminating. Also don't forget you now have very extensive event logging of GP processing by default in win7/2k8 You need at least one GPO that has Read-Apply for the comp accounts, with the computer portion enabled and containing your loopback setting, that basically tells the system to re-process the links to see what user policies apply (subject to filtering). I believe you will also find the link Andres provided is correct. We user either Domain Computers or targeted security groups comprised of both user computers in win7/2008 loopback user policy sec filters, this wasn't necessary in earlier OSs. Merge and replace can get tricky esp depending on the entire hierarchy of policies linked above. * Replace mode: Only user-settings in GPOs that are linked to the loopback-enabled computer account will apply to users logging into the loopback computer. * Merge mode: User-settings in GPOs that are linked to user's AD object will process first (as would normally happen on non-loopback machines) and then those user-settings in GPOs that are linked to the loopback-enabled computer account process second. Given the last writer-wins rule of GP precedence-any conflicting settings in the latter set of user settings would overwrite the user's normal settings. This mode can have unintended consequences. For example, if you have logon scripts that are linked to GPOs at the domain level, these would potentially run twice (once for the computer and then once for the user) in merge mode. From: James Rankin [mailto:kz2...@googlemail.com] Sent: Friday, April 13, 2012 6:13 AM To: NT System Admin Issues Subject: [dkim-failure] Re: GPO weirdness No. I don't see the GPO at all in gpresult. That's what threw me off for half a day - I thought I was looking at an AD replication issue. On 13 April 2012 13:54, Christopher Bodnar christopher_bod...@glic.commailto:christopher_bod...@glic.com wrote: OK, that's a step in the right direction. If the GPO isn't applied the settings can't be enforced. So... in GPRESULT do you see that GPO as filtered out like this? No The following GPOs were not applied because they were filtered out --- ACME-2008-Policy1 Filtering: Not Applied (Empty) Christopher Bodnar Enterprise Achitect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459tel:610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto:christopher_bod...@glic.com [cid:image001.jpg@01CD1949.5462A3B0] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ From:James Rankin kz2...@googlemail.commailto:kz2...@googlemail.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date:04/13/2012 08:49 AM Subject:Re: GPO weirdness Both. Settings aren't applied, and the GPO doesn't show as being applied in gpresult. On 13 April 2012 13:13, Christopher Bodnar christopher_bod...@glic.commailto:christopher_bod...@glic.com wrote: Just read your disclaimer, funny stuff, extraterrestrial eggplants? OK back to your issue. When you say the GPO does not apply do you mean that the settings dont' get enforced, or that the GPO doesn't show up as being applied in the output of GPRESULT? Christopher Bodnar Enterprise Achitect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459tel:610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto:christopher_bod...@glic.com [cid:image001.jpg@01CD1949.5462A3B0] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ From:James Rankin kz2...@googlemail.commailto:kz2...@googlemail.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date:04-13-12 05:12 AM Subject:GPO weirdness I have a GPO with user settings that I am applying to an OU with Terminal Servers in it (Loopback Policy Processing is configured in another GPO on the same OU). I also want to apply a security filter to the user settings OU so that only a certain AD group are subject to it. However, whenever I change the security filter from Authenticated Users, the GPO does not apply even though the user is a member of the AD group in the security filter. The only way I can get it to work is by adding the computer accounts for the Terminal Servers to the security filter, which has me baffled because these
RE: Domain local vs. global vs. universal
I made no such claim :-p From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Friday, April 13, 2012 10:26 AM To: NT System Admin Issues Subject: RE: Domain local vs. global vs. universal Ain’t no man on this list (of which I am aware) a “gentleman” regardless of what he may have attempted to tell you. From: Lora Cates [mailto:lora.ca...@rocketmail.com]mailto:[mailto:lora.ca...@rocketmail.com] Sent: Friday, April 13, 2012 12:38 PM To: NT System Admin Issues Subject: Re: Domain local vs. global vs. universal Thanks, I was enlightened off-list as well by a kind gentleman. :) -lc From: Webster webs...@carlwebster.commailto:webs...@carlwebster.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Friday, April 13, 2012 10:50 AM Subject: Re: Domain local vs. global vs. universal Fixed That For You. Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.comhttp://www.carlwebster.com/ From: Lora Cates lora.ca...@rocketmail.commailto:lora.ca...@rocketmail.com Reply-To: NT Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date: Friday, April 13, 2012 10:02 AM To: NT Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: Domain local vs. global vs. universal FTFY? -lc From: Steven M. Caesare scaes...@caesare.commailto:scaes...@caesare.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Friday, April 13, 2012 8:55 AM Subject: RE: [dkim-failure] Re: Domain local vs. global vs. universal FTFY -Original Message- From: Lora Cates [mailto:lora.ca...@rocketmail.commailto:lora.ca...@rocketmail.com] Sent: Friday, April 13, 2012 9:08 AM To: NT System Admin Issues Subject: Re: [dkim-failure] Re: Domain local vs. global vs. universal I shall see you in court then. Will you be administering lashes as well? -lc From: Steven M. Caesare scaes...@caesare.commailto:scaes...@caesare.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 10:27 PM Subject: RE: [dkim-failure] Re: Domain local vs. global vs. universal The injunction has already been filed. -sc From:Webster [mailto:webs...@carlwebster.commailto:webs...@carlwebster.com] Sent: Thursday, April 12, 2012 8:30 PM To: NT System Admin Issues Subject: RE: [dkim-failure] Re: Domain local vs. global vs. universal Andrew prefers “Sir lord most royal highness of knowledge [1]” but none of us stoop that low. BTW, ASB has a trademark on “Indeed ™”. Any time you use “Indeed ™” ASB must be sent a check [2] for $0.02US. BTW #2, -sc has patented the use of -?c or the use of the “-” followed by any Unicode character followed by a “c”. That is patent infringement and you will probably be hearing from -sc’s lawyer tomorrow (as soon as he[3] sobers up). Carl Webster Consultant and Citrix Technology Professional http://www.carlwebster.com/ http://www.carlwebster.com/%0d%0a 1. Indeed ™ 2. Indeed ™ 3. The lawyer that is. -sc is rarely sober. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt- http://lyris.sunbelt-%0d%0a software.com/read/my_forums/http://software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ http://lyris.sunbelt-software.com/read/my_forums/%0d%0a or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
RE: Domain local vs. global vs. universal
Hey now. You may be within arm’s reach soon if I’m not mistaken… From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Friday, April 13, 2012 2:19 PM To: NT System Admin Issues Subject: RE: Domain local vs. global vs. universal Bob is known for that. From: Lora Cates [mailto:lora.ca...@rocketmail.com]mailto:[mailto:lora.ca...@rocketmail.com] Sent: Friday, April 13, 2012 4:55 PM To: NT System Admin Issues Subject: Re: Domain local vs. global vs. universal See...now you've outed yourself. -lc From: Free, Bob r...@pge.commailto:r...@pge.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Friday, April 13, 2012 3:34 PM Subject: RE: Domain local vs. global vs. universal I made no such claim :-p From: Michael B. Smith [mailto:mich...@smithcons.com]mailto:[mailto:mich...@smithcons.com] Sent: Friday, April 13, 2012 10:26 AM To: NT System Admin Issues Subject: RE: Domain local vs. global vs. universal Ain’t no man on this list (of which I am aware) a “gentleman” regardless of what he may have attempted to tell you. From: Lora Cates [mailto:lora.ca...@rocketmail.com]mailto:[mailto:lora.ca...@rocketmail.com] Sent: Friday, April 13, 2012 12:38 PM To: NT System Admin Issues Subject: Re: Domain local vs. global vs. universal Thanks, I was enlightened off-list as well by a kind gentleman. :) -lc From: Webster webs...@carlwebster.commailto:webs...@carlwebster.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Friday, April 13, 2012 10:50 AM Subject: Re: Domain local vs. global vs. universal Fixed That For You. Carl Webster Consultant and Citrix Technology Professional http://www.carlwebster.com/ From: Lora Cates lora.ca...@rocketmail.commailto:lora.ca...@rocketmail.com Reply-To: NT Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date: Friday, April 13, 2012 10:02 AM To: NT Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: Domain local vs. global vs. universal FTFY? -lc From: Steven M. Caesare scaes...@caesare.commailto:scaes...@caesare.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Friday, April 13, 2012 8:55 AM Subject: RE: [dkim-failure] Re: Domain local vs. global vs. universal FTFY -Original Message- From: Lora Cates [mailto:lora.ca...@rocketmail.commailto:lora.ca...@rocketmail.com] Sent: Friday, April 13, 2012 9:08 AM To: NT System Admin Issues Subject: Re: [dkim-failure] Re: Domain local vs. global vs. universal I shall see you in court then. Will you be administering lashes as well? -lc From: Steven M. Caesare scaes...@caesare.commailto:scaes...@caesare.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 10:27 PM Subject: RE: [dkim-failure] Re: Domain local vs. global vs. universal The injunction has already been filed. -sc From:Webster [mailto:webs...@carlwebster.commailto:webs...@carlwebster.com] Sent: Thursday, April 12, 2012 8:30 PM To: NT System Admin Issues Subject: RE: [dkim-failure] Re: Domain local vs. global vs. universal Andrew prefers “Sir lord most royal highness of knowledge [1]” but none of us stoop that low. BTW, ASB has a trademark on “Indeed ™”. Any time you use “Indeed ™” ASB must be sent a check [2] for $0.02US. BTW #2, -sc has patented the use of -?c or the use of the “-” followed by any Unicode character followed by a “c”. That is patent infringement and you will probably be hearing from -sc’s lawyer tomorrow (as soon as he[3] sobers up). Carl Webster Consultant and Citrix Technology Professional http://www.carlwebster.com/%0d%0a 1. Indeed ™ 2. Indeed ™ 3. The lawyer that is. -sc is rarely sober. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-%0d%0a software.com/read/my_forums/http://software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/%0d%0a or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http
RE: Domain local vs. global vs. universal
sniffle. I will miss seeing you. Hope your priors are good ones. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Friday, April 13, 2012 3:39 PM To: NT System Admin Issues Subject: RE: Domain local vs. global vs. universal Nope. I declined speaking at TEC. I had prior obligations. From: Free, Bob [mailto:r...@pge.com]mailto:[mailto:r...@pge.com] Sent: Friday, April 13, 2012 6:32 PM To: NT System Admin Issues Subject: RE: Domain local vs. global vs. universal Hey now. You may be within arm’s reach soon if I’m not mistaken… From: Michael B. Smith [mailto:mich...@smithcons.com]mailto:[mailto:mich...@smithcons.com] Sent: Friday, April 13, 2012 2:19 PM To: NT System Admin Issues Subject: RE: Domain local vs. global vs. universal Bob is known for that. From: Lora Cates [mailto:lora.ca...@rocketmail.com]mailto:[mailto:lora.ca...@rocketmail.com] Sent: Friday, April 13, 2012 4:55 PM To: NT System Admin Issues Subject: Re: Domain local vs. global vs. universal See...now you've outed yourself. -lc From: Free, Bob r...@pge.commailto:r...@pge.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Friday, April 13, 2012 3:34 PM Subject: RE: Domain local vs. global vs. universal I made no such claim :-p From: Michael B. Smith [mailto:mich...@smithcons.com]mailto:[mailto:mich...@smithcons.com] Sent: Friday, April 13, 2012 10:26 AM To: NT System Admin Issues Subject: RE: Domain local vs. global vs. universal Ain’t no man on this list (of which I am aware) a “gentleman” regardless of what he may have attempted to tell you. From: Lora Cates [mailto:lora.ca...@rocketmail.com]mailto:[mailto:lora.ca...@rocketmail.com] Sent: Friday, April 13, 2012 12:38 PM To: NT System Admin Issues Subject: Re: Domain local vs. global vs. universal Thanks, I was enlightened off-list as well by a kind gentleman. :) -lc From: Webster webs...@carlwebster.commailto:webs...@carlwebster.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Friday, April 13, 2012 10:50 AM Subject: Re: Domain local vs. global vs. universal Fixed That For You. Carl Webster Consultant and Citrix Technology Professional http://www.carlwebster.com/ From: Lora Cates lora.ca...@rocketmail.commailto:lora.ca...@rocketmail.com Reply-To: NT Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date: Friday, April 13, 2012 10:02 AM To: NT Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: Domain local vs. global vs. universal FTFY? -lc From: Steven M. Caesare scaes...@caesare.commailto:scaes...@caesare.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Friday, April 13, 2012 8:55 AM Subject: RE: [dkim-failure] Re: Domain local vs. global vs. universal FTFY -Original Message- From: Lora Cates [mailto:lora.ca...@rocketmail.commailto:lora.ca...@rocketmail.com] Sent: Friday, April 13, 2012 9:08 AM To: NT System Admin Issues Subject: Re: [dkim-failure] Re: Domain local vs. global vs. universal I shall see you in court then. Will you be administering lashes as well? -lc From: Steven M. Caesare scaes...@caesare.commailto:scaes...@caesare.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 10:27 PM Subject: RE: [dkim-failure] Re: Domain local vs. global vs. universal The injunction has already been filed. -sc From:Webster [mailto:webs...@carlwebster.commailto:webs...@carlwebster.com] Sent: Thursday, April 12, 2012 8:30 PM To: NT System Admin Issues Subject: RE: [dkim-failure] Re: Domain local vs. global vs. universal Andrew prefers “Sir lord most royal highness of knowledge [1]” but none of us stoop that low. BTW, ASB has a trademark on “Indeed ™”. Any time you use “Indeed ™” ASB must be sent a check [2] for $0.02US. BTW #2, -sc has patented the use of -?c or the use of the “-” followed by any Unicode character followed by a “c”. That is patent infringement and you will probably be hearing from -sc’s lawyer tomorrow (as soon as he[3] sobers up). Carl Webster Consultant and Citrix Technology Professional http://www.carlwebster.com/%0d%0a 1. Indeed ™ 2. Indeed ™ 3. The lawyer that is. -sc is rarely sober. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-%0d%0a software.com/read/my_forums/http://software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana
RE: Domain local vs. global vs. universal
Trying not embarrass a newcomer should not be misconstrued as an attempt to curry favour :-p From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Friday, April 13, 2012 1:56 PM To: NT System Admin Issues Subject: RE: Domain local vs. global vs. universal I didn’t SAY that, but I sure did imply it. From: Lora Cates [mailto:lora.ca...@rocketmail.com]mailto:[mailto:lora.ca...@rocketmail.com] Sent: Friday, April 13, 2012 3:48 PM To: NT System Admin Issues Subject: Re: Domain local vs. global vs. universal Are you saying a male IT Professional may go out of his way to garner favor with a female IT Professional? Say it ain't so... -lc From: Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Friday, April 13, 2012 12:26 PM Subject: RE: Domain local vs. global vs. universal Ain’t no man on this list (of which I am aware) a “gentleman” regardless of what he may have attempted to tell you. From: Lora Cates [mailto:lora.ca...@rocketmail.com]mailto:[mailto:lora.ca...@rocketmail.com] Sent: Friday, April 13, 2012 12:38 PM To: NT System Admin Issues Subject: Re: Domain local vs. global vs. universal Thanks, I was enlightened off-list as well by a kind gentleman. :) -lc From: Webster webs...@carlwebster.commailto:webs...@carlwebster.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Friday, April 13, 2012 10:50 AM Subject: Re: Domain local vs. global vs. universal Fixed That For You. Carl Webster Consultant and Citrix Technology Professional http://www.carlwebster.com/ From: Lora Cates lora.ca...@rocketmail.commailto:lora.ca...@rocketmail.com Reply-To: NT Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date: Friday, April 13, 2012 10:02 AM To: NT Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: Domain local vs. global vs. universal FTFY? -lc From: Steven M. Caesare scaes...@caesare.commailto:scaes...@caesare.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Friday, April 13, 2012 8:55 AM Subject: RE: [dkim-failure] Re: Domain local vs. global vs. universal FTFY -Original Message- From: Lora Cates [mailto:lora.ca...@rocketmail.commailto:lora.ca...@rocketmail.com] Sent: Friday, April 13, 2012 9:08 AM To: NT System Admin Issues Subject: Re: [dkim-failure] Re: Domain local vs. global vs. universal I shall see you in court then. Will you be administering lashes as well? -lc From: Steven M. Caesare scaes...@caesare.commailto:scaes...@caesare.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 10:27 PM Subject: RE: [dkim-failure] Re: Domain local vs. global vs. universal The injunction has already been filed. -sc From:Webster [mailto:webs...@carlwebster.commailto:webs...@carlwebster.com] Sent: Thursday, April 12, 2012 8:30 PM To: NT System Admin Issues Subject: RE: [dkim-failure] Re: Domain local vs. global vs. universal Andrew prefers “Sir lord most royal highness of knowledge [1]” but none of us stoop that low. BTW, ASB has a trademark on “Indeed ™”. Any time you use “Indeed ™” ASB must be sent a check [2] for $0.02US. BTW #2, -sc has patented the use of -?c or the use of the “-” followed by any Unicode character followed by a “c”. That is patent infringement and you will probably be hearing from -sc’s lawyer tomorrow (as soon as he[3] sobers up). Carl Webster Consultant and Citrix Technology Professional http://www.carlwebster.com/%0d%0a 1. Indeed ™ 2. Indeed ™ 3. The lawyer that is. -sc is rarely sober. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-%0d%0a software.com/read/my_forums/http://software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/%0d%0a or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions
RE: PC power management
Our desktop team settled on a product called Night Watchman. I believe it meets all your requirements. I know very little about it other than the fact there is a web page that I can power up my remote desktop from if I need it :) From: Tom Miller [mailto:tmil...@hnncsb.org] Sent: Thursday, April 12, 2012 4:41 AM To: NT System Admin Issues Subject: PC power management Are any of you using power management products? These would be products that remotely power on/off, enable monitor shutdown, and such. Our KBox can take advantage of WOL, but I've found in testing that it's not always reliable with IP changes from DHCP. We tested a few products and I like one called Greentrac. This uses an agent and has been very reliable in testing the hosted version. Unfortunately, they run on Ubuntu and XenServer does not officially support that, and I'm not inclined to purchase VMWare for a single installation. There is no other installation option. Suggestions anyone? I'm looking for products that shut down PCs after inactivity, starting at a certain time of the day, can put the monitor to sleep, can power on PC and power off. Recommendations appreciated. Thanks Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Domain local vs. global vs. universal
Volumes have been written about this. There are even those who gasp disagree with Brian's recommendation. I'm not saying any of it is good or bad but a lot of smart folks have argued pros and cons of various methodologies over the years. You might want to read up on it a little for your own edification. From: David Lum [mailto:david@nwea.org] Sent: Thursday, April 12, 2012 11:12 AM To: NT System Admin Issues Subject: RE: Domain local vs. global vs. universal Sotechnically what is happening when you click that little radio button to change group type Local/Global/Universal? What's happening behind the scenes? Universal's get copied to GC's and others don't, but what else? Dave From: Brian Desmond [mailto:br...@briandesmond.com]mailto:[mailto:br...@briandesmond.com] Sent: Thursday, April 12, 2012 10:03 AM To: NT System Admin Issues Subject: RE: Domain local vs. global vs. universal In a single domain forest (or even many multi-domain domain forests today), I would just do all uni groups. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: David Lum [mailto:david@nwea.org]mailto:[mailto:david@nwea.org] Sent: Thursday, April 12, 2012 11:28 AM To: NT System Admin Issues Subject: Domain local vs. global vs. universal Today I found a global group in my AD (created by an SE that wasn't me), but for this function I needed to add a domain local group to it and for course, that's not possible. Someplace I heard in AD pretty much every group you use should be domain local unless it's used for Exchange in which case you use Universal. All groups I create are domain local and it simply works, but I know that doesn't mean it's right. Before sending a note to the SE team on this I wanted to get a consensus from you guys. Comments? David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: [dkim-failure] Re: Domain local vs. global vs. universal
Indeed(r) I resisted the urge to regurgitate the age-old more info link :) oops, it leaked in http://kb.ultratech-llc.com/~moreinfo.txt From: William Robbins [mailto:dangerw...@gmail.com] Sent: Thursday, April 12, 2012 11:52 AM To: NT System Admin Issues Subject: [dkim-failure] Re: Domain local vs. global vs. universal Recommendations do vary largely depending on requirement's...which are lacking in the OP, but since the OP was about right in a general sense it makes any recommendations subjective. :) - Will [http://sale.images.woot.com/Air_Quothhs7Detail.png] On Thu, Apr 12, 2012 at 13:38, Free, Bob r...@pge.commailto:r...@pge.com wrote: Volumes have been written about this. There are even those who gasp disagree with Brian's recommendation. I'm not saying any of it is good or bad but a lot of smart folks have argued pros and cons of various methodologies over the years. You might want to read up on it a little for your own edification. From: David Lum [mailto:david@nwea.orgmailto:david@nwea.org] Sent: Thursday, April 12, 2012 11:12 AM To: NT System Admin Issues Subject: RE: Domain local vs. global vs. universal Sotechnically what is happening when you click that little radio button to change group type Local/Global/Universal? What's happening behind the scenes? Universal's get copied to GC's and others don't, but what else? Dave From: Brian Desmond [mailto:br...@briandesmond.com]mailto:[mailto:br...@briandesmond.com] Sent: Thursday, April 12, 2012 10:03 AM To: NT System Admin Issues Subject: RE: Domain local vs. global vs. universal In a single domain forest (or even many multi-domain domain forests today), I would just do all uni groups. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438tel:312.625.1438 | c - 312.731.3132tel:312.731.3132 From: David Lum [mailto:david@nwea.org]mailto:[mailto:david@nwea.org] Sent: Thursday, April 12, 2012 11:28 AM To: NT System Admin Issues Subject: Domain local vs. global vs. universal Today I found a global group in my AD (created by an SE that wasn't me), but for this function I needed to add a domain local group to it and for course, that's not possible. Someplace I heard in AD pretty much every group you use should be domain local unless it's used for Exchange in which case you use Universal. All groups I create are domain local and it simply works, but I know that doesn't mean it's right. Before sending a note to the SE team on this I wanted to get a consensus from you guys. Comments? David Lum Systems Engineer // NWEATM Office 503.548.5229tel:503.548.5229 // Cell (voice/text) 503.267.9764tel:503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Domain local vs. global vs. universal
Lora meet Brian Desmond, author, Directory Services MVP, Conference Speaker and all around GoodGuy™ Consensus on empty root these days is pretty much against unless you have a really good reason. I have 2 forests built that way in the past here back when that was the prescriptive guidance but the last one I did was a single domain. Many discussions on activdir over the years on the subject, one fairly recently. If you want to see some prolonged discussions look in the archives there. google ‘empty forest root site:activedir.org’ From: Lora Cates [mailto:lora.ca...@rocketmail.com] Sent: Thursday, April 12, 2012 1:09 PM To: NT System Admin Issues Subject: Re: Domain local vs. global vs. universal Well I've inherited what I'll kindly refer to as a mess. I'm still in the information gathering phase myself as I haven't quite been here 12 days yet, and only found this list recently. So I'll apologize in advance for my faux pas. Basically I was hired to consolidate a plethora of disparate AD domains/forests in several geographically dispersed hospital groups into a single forest. I still haven't met with the networking folks, so I don't know what shape the WAN is in. My predecessor went so far as to set up the CompanyX.com parent domain and it's empty save the defaults, there is also a child domain of US.companyX.com with what appears to be the users from corporate. I've read several debates regarding an empty root. Is there a consensus on yea vs. nay? Speaking of reading, and apologies for any offense, are you this Brian Desmond? Active Directory: Designing, Deploying, and Running Active Directory, Fourth Edition -lc From: Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 2:16 PM Subject: RE: Domain local vs. global vs. universal Well the impact is that all uni group membership changes replicate to every GC. If you’ve got concerns around WAN utilization, availability, latency, etc., then this could be worth looking at. In quite a lot of scenarios, the WAN issues that existed circa Windows 2000 don’t exist anymore which makes this a less interesting discussion point. Without knowing about your customer’s environment and scale it’s hard to say. I would say that it’s highly unlikely that I would design a new multi-domain forest except for some pretty isolated and specific design requirements these days. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 From: Lora Cates [mailto:lora.ca...@rocketmail.com]mailto:[mailto:lora.ca...@rocketmail.com] Sent: Thursday, April 12, 2012 1:05 PM To: NT System Admin Issues Subject: Re: Domain local vs. global vs. universal I too am looking into this for a coming migration I've been asked to design for a customer. What's the impact to GC's by making everything Universal Groups? Especially in a multi domain, multi forest environment? -lc From: Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 12:02 PM Subject: RE: Domain local vs. global vs. universal In a single domain forest (or even many multi-domain domain forests today), I would just do all uni groups. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 From: David Lum [mailto:david@nwea.org] Sent: Thursday, April 12, 2012 11:28 AM To: NT System Admin Issues Subject: Domain local vs. global vs. universal Today I found a global group in my AD (created by an SE that wasn’t me), but for this function I needed to add a domain local group to it and for course, that’s not possible. Someplace I heard in AD pretty much every group you use should be domain local unless it’s used for Exchange in which case you use Universal. All groups I create are domain local and it simply works, but I know that doesn’t mean it’s right. Before sending a note to the SE team on this I wanted to get a consensus from you guys. Comments? David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here:
RE: [dkim-failure] Re: GPO Reporting
Maybe you could get the trial and prove the value? Otherwise my offer of getreportsforallgpos.wsf for free from MS still stands :-] You might find the capability in SCM, I don't use it because I have a commercial GPO product but it looks pretty interesting. Our desktop guy uses it in his offline dev forest and what I've seen over some conf calls looked interesting. http://www.grouppolicy.biz/2012/04/security-compliance-manager-scm-v2-5-out-now/ From: James Kerr [mailto:cluster...@gmail.com] Sent: Thursday, April 12, 2012 1:11 PM To: NT System Admin Issues Subject: [dkim-failure] Re: GPO Reporting Yeah my budget is zero dollars on this unfortunately. On Thu, Apr 12, 2012 at 11:28 AM, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com wrote: Yep - call Darren @ sdmsoftware.com. He's got the tools to do this right. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438tel:312.625.1438 | c - 312.731.3132tel:312.731.3132 From: Free, Bob [mailto:r...@pge.commailto:r...@pge.com] Sent: Thursday, April 12, 2012 9:38 AM To: NT System Admin Issues Subject: RE: GPO Reporting There are free scripts provided with GPMC that will pull reports on the cheap that you could massage. The one called getreportsforallgpos.wsf (from memory, you need to verify exact name) will dump them all into html files in a jiffy. If you need a more elegant solution, I'd definitely look at Darren's offerings that Chris pointed out. From what I've seen it does a better job of reporting in many ways than the full featured GPO management tools and I toy with the idea of trying to augment the tools I use with it. From: James Kerr [mailto:cluster...@gmail.com] Sent: Thursday, April 12, 2012 7:01 AM To: NT System Admin Issues Subject: [dkim-failure] GPO Reporting Heh guys, I'm looking for a way to have some kind of report that would look into specified GPOs and list the settings they have. Specifically, I'm trying to look at a list of GPOs and determine what drive maps they have. Thanks for any assistance. James ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: [dkim-failure] Re: Domain local vs. global vs. universal
Totally in jest, very old behavior. Some many years ago the standard come back here was “What OS What SP” or “more info please” when more info was required to formulate an effective answer. Being the detail oriented fellow he is, Andrew came up with that article ☺ From: Lora Cates [mailto:lora.ca...@rocketmail.com] Sent: Thursday, April 12, 2012 1:41 PM To: NT System Admin Issues Subject: Re: [dkim-failure] Re: Domain local vs. global vs. universal Well though I think intended partly in jest, that was a good article. Thanks. Like I mentioned before, I'm still gathering info myself, and this topic was apropos to the research and planning I'll be doing to consolidate AD gone wild here. -lc From: Free, Bob r...@pge.commailto:r...@pge.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 2:15 PM Subject: RE: [dkim-failure] Re: Domain local vs. global vs. universal Indeed® I resisted the urge to regurgitate the age-old more info link ☺ oops, it leaked in http://kb.ultratech-llc.com/~moreinfo.txt From: William Robbins [mailto:dangerw...@gmail.com]mailto:[mailto:dangerw...@gmail.com] Sent: Thursday, April 12, 2012 11:52 AM To: NT System Admin Issues Subject: [dkim-failure] Re: Domain local vs. global vs. universal Recommendations do vary largely depending on requirement's...which are lacking in the OP, but since the OP was about right in a general sense it makes any recommendations subjective. :) - Will On Thu, Apr 12, 2012 at 13:38, Free, Bob r...@pge.commailto:r...@pge.com wrote: Volumes have been written about this. There are even those who gasp disagree with Brian’s recommendation. I’m not saying any of it is good or bad but a lot of smart folks have argued pros and cons of various methodologies over the years. You might want to read up on it a little for your own edification. From: David Lum [mailto:david@nwea.orgmailto:david@nwea.org] Sent: Thursday, April 12, 2012 11:12 AM To: NT System Admin Issues Subject: RE: Domain local vs. global vs. universal So….technically what is happening when you click that little radio button to change group type Local/Global/Universal? What’s happening behind the scenes? Universal’s get copied to GC’s and others don’t, but what else? Dave From: Brian Desmond [mailto:br...@briandesmond.com]mailto:[mailto:br...@briandesmond.com] Sent: Thursday, April 12, 2012 10:03 AM To: NT System Admin Issues Subject: RE: Domain local vs. global vs. universal In a single domain forest (or even many multi-domain domain forests today), I would just do all uni groups. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 From: David Lum [mailto:david@nwea.org]mailto:[mailto:david@nwea.org] Sent: Thursday, April 12, 2012 11:28 AM To: NT System Admin Issues Subject: Domain local vs. global vs. universal Today I found a global group in my AD (created by an SE that wasn’t me), but for this function I needed to add a domain local group to it and for course, that’s not possible. Someplace I heard in AD pretty much every group you use should be domain local unless it’s used for Exchange in which case you use Universal. All groups I create are domain local and it simply works, but I know that doesn’t mean it’s right. Before sending a note to the SE team on this I wanted to get a consensus from you guys. Comments? David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana
RE: Domain local vs. global vs. universal
Will would be one happy fella once again. From: Lora Cates [mailto:lora.ca...@rocketmail.com] Sent: Thursday, April 12, 2012 2:17 PM To: NT System Admin Issues Subject: Re: Domain local vs. global vs. universal My, my! What happens were I to like it? ;) -lc From: William Robbins dangerw...@gmail.commailto:dangerw...@gmail.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 3:26 PM Subject: Re: Domain local vs. global vs. universal It happens...just don't let it happen again or there will be lashes assessed. :P - Will On Thu, Apr 12, 2012 at 14:55, Lora Cates lora.ca...@rocketmail.commailto:lora.ca...@rocketmail.com wrote: Apologies, asked question before reading article. (Face, meet palm) -lc From: William Robbins dangerw...@gmail.commailto:dangerw...@gmail.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 2:04 PM Subject: Re: Domain local vs. global vs. universal From the article ma'am: When you enable this feature on a domain operating in Windows Server 2003 or higher functional level, any domain controller can resolve logon requests locally without having to go through the global catalog server. As to the DC/GC query, like I stated earlier, it depends on your infrastructure and design requirements...and phase of the moon. (Save the Infrastructure FSMO, if you have multiple DC's, etc etc etc.) - Will On Thu, Apr 12, 2012 at 13:48, Lora Cates lora.ca...@rocketmail.commailto:lora.ca...@rocketmail.com wrote: Ah ha! Thank you , my misunderstanding on caching. Just so I'm clear this can be enabled on any DC, correct? Is there any reason to not have every DC also be a GC? -lc From: William Robbins dangerw...@gmail.commailto:dangerw...@gmail.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 1:37 PM Subject: Re: Domain local vs. global vs. universal Understanding group types: http://technet.microsoft.com/en-us/library/cc755692(WS.10).aspx Understanding caching of universal groups: http://technet.microsoft.com/en-us/magazine/ff797984.aspx - Will On Thu, Apr 12, 2012 at 13:32, Lora Cates lora.ca...@rocketmail.commailto:lora.ca...@rocketmail.com wrote: From my reading that's basically it. But do GC's always get them, or only when enabled for universal group caching? -lc From: David Lum david@nwea.orgmailto:david@nwea.org To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 1:12 PM Subject: RE: Domain local vs. global vs. universal So….technically what is happening when you click that little radio button to change group type Local/Global/Universal? What’s happening behind the scenes? Universal’s get copied to GC’s and others don’t, but what else? Dave From: Brian Desmond [mailto:br...@briandesmond.commailto:br...@briandesmond.com] Sent: Thursday, April 12, 2012 10:03 AM To: NT System Admin Issues Subject: RE: Domain local vs. global vs. universal In a single domain forest (or even many multi-domain domain forests today), I would just do all uni groups. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 From: David Lum [mailto:david@nwea.org]mailto:[mailto:david@nwea.org] Sent: Thursday, April 12, 2012 11:28 AM To: NT System Admin Issues Subject: Domain local vs. global vs. universal Today I found a global group in my AD (created by an SE that wasn’t me), but for this function I needed to add a domain local group to it and for course, that’s not possible. Someplace I heard in AD pretty much every group you use should be domain local unless it’s used for Exchange in which case you use Universal. All groups I create are domain local and it simply works, but I know that doesn’t mean it’s right. Before sending a note to the SE team on this I wanted to get a consensus from you guys. Comments? David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to
RE: Domain local vs. global vs. universal
Fires up the jiffypop lol From: Lora Cates [mailto:lora.ca...@rocketmail.com] Sent: Thursday, April 12, 2012 2:41 PM To: NT System Admin Issues Subject: Re: Domain local vs. global vs. universal So I take it you lost? :) What, dare I ask, was your position on said matter in the arena? -lc From: William Robbins dangerw...@gmail.commailto:dangerw...@gmail.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 3:45 PM Subject: Re: Domain local vs. global vs. universal I'm not entering into the empty root arena again. :) I will answer the last query. He is that Brian Desmond...which is why I shan't enter that arena again. - Will On Thu, Apr 12, 2012 at 15:08, Lora Cates lora.ca...@rocketmail.commailto:lora.ca...@rocketmail.com wrote: Well I've inherited what I'll kindly refer to as a mess. I'm still in the information gathering phase myself as I haven't quite been here 12 days yet, and only found this list recently. So I'll apologize in advance for my faux pas. Basically I was hired to consolidate a plethora of disparate AD domains/forests in several geographically dispersed hospital groups into a single forest. I still haven't met with the networking folks, so I don't know what shape the WAN is in. My predecessor went so far as to set up the CompanyX.comhttp://CompanyX.com parent domain and it's empty save the defaults, there is also a child domain of US.companyX.comhttp://US.companyX.com with what appears to be the users from corporate. I've read several debates regarding an empty root. Is there a consensus on yea vs. nay? Speaking of reading, and apologies for any offense, are you this Brian Desmond? Active Directory: Designing, Deploying, and Running Active Directory, Fourth Edition -lc From: Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 2:16 PM Subject: RE: Domain local vs. global vs. universal Well the impact is that all uni group membership changes replicate to every GC. If you’ve got concerns around WAN utilization, availability, latency, etc., then this could be worth looking at. In quite a lot of scenarios, the WAN issues that existed circa Windows 2000 don’t exist anymore which makes this a less interesting discussion point. Without knowing about your customer’s environment and scale it’s hard to say. I would say that it’s highly unlikely that I would design a new multi-domain forest except for some pretty isolated and specific design requirements these days. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 From: Lora Cates [mailto:lora.ca...@rocketmail.commailto:lora.ca...@rocketmail.com] Sent: Thursday, April 12, 2012 1:05 PM To: NT System Admin Issues Subject: Re: Domain local vs. global vs. universal I too am looking into this for a coming migration I've been asked to design for a customer. What's the impact to GC's by making everything Universal Groups? Especially in a multi domain, multi forest environment? -lc From: Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 12:02 PM Subject: RE: Domain local vs. global vs. universal In a single domain forest (or even many multi-domain domain forests today), I would just do all uni groups. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 From: David Lum [mailto:david@nwea.org] Sent: Thursday, April 12, 2012 11:28 AM To: NT System Admin Issues Subject: Domain local vs. global vs. universal Today I found a global group in my AD (created by an SE that wasn’t me), but for this function I needed to add a domain local group to it and for course, that’s not possible. Someplace I heard in AD pretty much every group you use should be domain local unless it’s used for Exchange in which case you use Universal. All groups I create are domain local and it simply works, but I know that doesn’t mean it’s right. Before sending a note to the SE team on this I wanted to get a consensus from you guys. Comments? David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally,
RE: [dkim-failure] Re: Domain local vs. global vs. universal
Think I'm going to need a steady supply so I'm ordering jiffypop from Amazon on Subscribe and Save :-] From: William Robbins [mailto:dangerw...@gmail.com] Sent: Thursday, April 12, 2012 3:54 PM To: NT System Admin Issues Subject: [dkim-failure] Re: Domain local vs. global vs. universal Wow... First you don't read the articles I send, now you infer I'm a loser? Harsh. :) - Will On Thu, Apr 12, 2012 at 16:40, Lora Cates lora.ca...@rocketmail.commailto:lora.ca...@rocketmail.com wrote: So I take it you lost? :) What, dare I ask, was your position on said matter in the arena? -lc From: William Robbins dangerw...@gmail.commailto:dangerw...@gmail.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 3:45 PM Subject: Re: Domain local vs. global vs. universal I'm not entering into the empty root arena again. :) I will answer the last query. He is that Brian Desmond...which is why I shan't enter that arena again. - Will On Thu, Apr 12, 2012 at 15:08, Lora Cates lora.ca...@rocketmail.commailto:lora.ca...@rocketmail.com wrote: Well I've inherited what I'll kindly refer to as a mess. I'm still in the information gathering phase myself as I haven't quite been here 12 days yet, and only found this list recently. So I'll apologize in advance for my faux pas. Basically I was hired to consolidate a plethora of disparate AD domains/forests in several geographically dispersed hospital groups into a single forest. I still haven't met with the networking folks, so I don't know what shape the WAN is in. My predecessor went so far as to set up the CompanyX.comhttp://CompanyX.com parent domain and it's empty save the defaults, there is also a child domain of US.companyX.comhttp://US.companyX.com with what appears to be the users from corporate. I've read several debates regarding an empty root. Is there a consensus on yea vs. nay? Speaking of reading, and apologies for any offense, are you this Brian Desmond? Active Directory: Designing, Deploying, and Running Active Directory, Fourth Edition -lc From: Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 2:16 PM Subject: RE: Domain local vs. global vs. universal Well the impact is that all uni group membership changes replicate to every GC. If you've got concerns around WAN utilization, availability, latency, etc., then this could be worth looking at. In quite a lot of scenarios, the WAN issues that existed circa Windows 2000 don't exist anymore which makes this a less interesting discussion point. Without knowing about your customer's environment and scale it's hard to say. I would say that it's highly unlikely that I would design a new multi-domain forest except for some pretty isolated and specific design requirements these days. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Lora Cates [mailto:lora.ca...@rocketmail.commailto:lora.ca...@rocketmail.com] Sent: Thursday, April 12, 2012 1:05 PM To: NT System Admin Issues Subject: Re: Domain local vs. global vs. universal I too am looking into this for a coming migration I've been asked to design for a customer. What's the impact to GC's by making everything Universal Groups? Especially in a multi domain, multi forest environment? -lc From: Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 12:02 PM Subject: RE: Domain local vs. global vs. universal In a single domain forest (or even many multi-domain domain forests today), I would just do all uni groups. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: David Lum [mailto:david@nwea.org] Sent: Thursday, April 12, 2012 11:28 AM To: NT System Admin Issues Subject: Domain local vs. global vs. universal Today I found a global group in my AD (created by an SE that wasn't me), but for this function I needed to add a domain local group to it and for course, that's not possible. Someplace I heard in AD pretty much every group you use should be domain local unless it's used for Exchange in which case you use Universal. All groups I create are domain local and it simply works, but I know that doesn't mean it's right. Before sending a note to the SE team on this I wanted to get a consensus from you guys. Comments? David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
RE: [dkim-failure] Re: Domain local vs. global vs. universal
Indeed. I will try to behave. You may now return to your regular programming. From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Thursday, April 12, 2012 5:12 PM To: NT System Admin Issues Subject: [dkim-failure] Re: Domain local vs. global vs. universal Bob you are having way too much fun. Jon On Thu, Apr 12, 2012 at 7:15 PM, Free, Bob r...@pge.commailto:r...@pge.com wrote: Fires up the jiffypop lol From: Lora Cates [mailto:lora.ca...@rocketmail.commailto:lora.ca...@rocketmail.com] Sent: Thursday, April 12, 2012 2:41 PM To: NT System Admin Issues Subject: Re: Domain local vs. global vs. universal So I take it you lost? :) What, dare I ask, was your position on said matter in the arena? -lc From: William Robbins dangerw...@gmail.commailto:dangerw...@gmail.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 3:45 PM Subject: Re: Domain local vs. global vs. universal I'm not entering into the empty root arena again. :) I will answer the last query. He is that Brian Desmond...which is why I shan't enter that arena again. - Will On Thu, Apr 12, 2012 at 15:08, Lora Cates lora.ca...@rocketmail.commailto:lora.ca...@rocketmail.com wrote: Well I've inherited what I'll kindly refer to as a mess. I'm still in the information gathering phase myself as I haven't quite been here 12 days yet, and only found this list recently. So I'll apologize in advance for my faux pas. Basically I was hired to consolidate a plethora of disparate AD domains/forests in several geographically dispersed hospital groups into a single forest. I still haven't met with the networking folks, so I don't know what shape the WAN is in. My predecessor went so far as to set up the CompanyX.comhttp://CompanyX.com parent domain and it's empty save the defaults, there is also a child domain of US.companyX.comhttp://US.companyX.com with what appears to be the users from corporate. I've read several debates regarding an empty root. Is there a consensus on yea vs. nay? Speaking of reading, and apologies for any offense, are you this Brian Desmond? Active Directory: Designing, Deploying, and Running Active Directory, Fourth Edition -lc From: Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 2:16 PM Subject: RE: Domain local vs. global vs. universal Well the impact is that all uni group membership changes replicate to every GC. If you've got concerns around WAN utilization, availability, latency, etc., then this could be worth looking at. In quite a lot of scenarios, the WAN issues that existed circa Windows 2000 don't exist anymore which makes this a less interesting discussion point. Without knowing about your customer's environment and scale it's hard to say. I would say that it's highly unlikely that I would design a new multi-domain forest except for some pretty isolated and specific design requirements these days. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438tel:312.625.1438 | c - 312.731.3132tel:312.731.3132 From: Lora Cates [mailto:lora.ca...@rocketmail.commailto:lora.ca...@rocketmail.com] Sent: Thursday, April 12, 2012 1:05 PM To: NT System Admin Issues Subject: Re: Domain local vs. global vs. universal I too am looking into this for a coming migration I've been asked to design for a customer. What's the impact to GC's by making everything Universal Groups? Especially in a multi domain, multi forest environment? -lc From: Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 12:02 PM Subject: RE: Domain local vs. global vs. universal In a single domain forest (or even many multi-domain domain forests today), I would just do all uni groups. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438tel:312.625.1438 | c - 312.731.3132tel:312.731.3132 From: David Lum [mailto:david@nwea.org] Sent: Thursday, April 12, 2012 11:28 AM To: NT System Admin Issues Subject: Domain local vs. global vs. universal Today I found a global group in my AD (created by an SE that wasn't me), but for this function I needed to add a domain local group to it and for course, that's not possible. Someplace I heard in AD pretty much every group you use should be domain local unless it's used for Exchange in which case you use Universal. All groups I create are domain local and it simply works, but I know that doesn't mean it's right. Before sending a note to the SE team on this I wanted to get a consensus from you
RE: Domain local vs. global vs. universal
Nah, I’m just misbehaving. The NewAndImprovedWill™ won’t rise to the bait anyway. From: Lora Cates [mailto:lora.ca...@rocketmail.com] Sent: Thursday, April 12, 2012 5:14 PM To: NT System Admin Issues Subject: Re: Domain local vs. global vs. universal Did I just sense a disturbance in the force? -lc From: Free, Bob r...@pge.commailto:r...@pge.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 6:15 PM Subject: RE: Domain local vs. global vs. universal Fires up the jiffypop lol From: Lora Cates [mailto:lora.ca...@rocketmail.com]mailto:[mailto:lora.ca...@rocketmail.com] Sent: Thursday, April 12, 2012 2:41 PM To: NT System Admin Issues Subject: Re: Domain local vs. global vs. universal So I take it you lost? :) What, dare I ask, was your position on said matter in the arena? -lc From: William Robbins dangerw...@gmail.commailto:dangerw...@gmail.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 3:45 PM Subject: Re: Domain local vs. global vs. universal I'm not entering into the empty root arena again. :) I will answer the last query. He is that Brian Desmond...which is why I shan't enter that arena again. - Will On Thu, Apr 12, 2012 at 15:08, Lora Cates lora.ca...@rocketmail.commailto:lora.ca...@rocketmail.com wrote: Well I've inherited what I'll kindly refer to as a mess. I'm still in the information gathering phase myself as I haven't quite been here 12 days yet, and only found this list recently. So I'll apologize in advance for my faux pas. Basically I was hired to consolidate a plethora of disparate AD domains/forests in several geographically dispersed hospital groups into a single forest. I still haven't met with the networking folks, so I don't know what shape the WAN is in. My predecessor went so far as to set up the CompanyX.comhttp://CompanyX.com parent domain and it's empty save the defaults, there is also a child domain of US.companyX.comhttp://US.companyX.com with what appears to be the users from corporate. I've read several debates regarding an empty root. Is there a consensus on yea vs. nay? Speaking of reading, and apologies for any offense, are you this Brian Desmond? Active Directory: Designing, Deploying, and Running Active Directory, Fourth Edition -lc From: Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 2:16 PM Subject: RE: Domain local vs. global vs. universal Well the impact is that all uni group membership changes replicate to every GC. If you’ve got concerns around WAN utilization, availability, latency, etc., then this could be worth looking at. In quite a lot of scenarios, the WAN issues that existed circa Windows 2000 don’t exist anymore which makes this a less interesting discussion point. Without knowing about your customer’s environment and scale it’s hard to say. I would say that it’s highly unlikely that I would design a new multi-domain forest except for some pretty isolated and specific design requirements these days. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 From: Lora Cates [mailto:lora.ca...@rocketmail.commailto:lora.ca...@rocketmail.com] Sent: Thursday, April 12, 2012 1:05 PM To: NT System Admin Issues Subject: Re: Domain local vs. global vs. universal I too am looking into this for a coming migration I've been asked to design for a customer. What's the impact to GC's by making everything Universal Groups? Especially in a multi domain, multi forest environment? -lc From: Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 12, 2012 12:02 PM Subject: RE: Domain local vs. global vs. universal In a single domain forest (or even many multi-domain domain forests today), I would just do all uni groups. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 From: David Lum [mailto:david@nwea.org] Sent: Thursday, April 12, 2012 11:28 AM To: NT System Admin Issues Subject: Domain local vs. global vs. universal Today I found a global group in my AD (created by an SE that wasn’t me), but for this function I needed to add a domain local group to it and for course, that’s not possible. Someplace I heard in AD pretty much every group you use should be domain local unless it’s used for Exchange in which case you use Universal. All groups I create are domain local
Re: BB curve 9300 installation
The something fancier mode may need drivers, but the ordinary USB flash drive mode does not. AKA- MTP vs MSC--Media Transfer Protocol (commonly referred to as MTP) is part of the Windows Media framework vs USB mass-storage device class (MSC) -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, March 27, 2012 2:21 PM To: NT System Admin Issues Subject: [dkim-failure] Re: BB curve 9300 installation On Tue, Mar 27, 2012 at 4:38 PM, Joseph L. Casale jcas...@activenetwerx.com wrote: He claims its plugged in to his laptop via USB but wont charge. You have forgotten the Seventh Universal Truth of Information Technology: Users lie. (see: http://trioptimum.com/truth/) My first guess: The phone will charge just fine without a driver. It's just Windows is prompting for a driver to make all the other magic BlackBerry stuff work, and the user assumes that means it won't work without one. My second guess: Try fiddling with the Mass Storage Device settings of the Blackberry. Depending on how it's configured, the BlackBerry will present itself as either an ordinary USB flash drive, or as something fancier. The something fancier mode may need drivers, but the ordinary USB flash drive mode does not. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: [dkim-failure] Re: OT: Re: OldCmp.exe
It'd Friday dude, I was just yanking your chain and trying to keep the message count up so we could snivel about fr|gg|n lyris all in jest P.S. joe is Always lower case :) From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Friday, March 23, 2012 11:22 AM To: NT System Admin Issues Subject: [dkim-failure] Re: OT: Re: OldCmp.exe I could've been clearer. I don't know how the error handling is built, if it's just passing error codes based on results from AD queries or what. So if it is passing on the errors AD is throwing, then yes, it's a Microsoft product applies. No offense was meant to be extended to Joe, I was thinking about the product it was designed to work with. On Fri, Mar 23, 2012 at 2:07 PM, Free, Bob r...@pge.commailto:r...@pge.com wrote: oldcmp is hardly a MS product...one can only hope joe doesn't see this :) in this case it was the age old problem of pebcak.. as always, the condition is technology agnostic From: Jonathan Link [mailto:jonathan.l...@gmail.commailto:jonathan.l...@gmail.com] Sent: Friday, March 23, 2012 9:18 AM To: NT System Admin Issues Subject: [dkim-failure] Re: OldCmp.exe It is a Microsoft product! On Fri, Mar 23, 2012 at 11:39 AM, David Lum david@nwea.orgmailto:david@nwea.org wrote: And the error messages generated don't always correspond to what the real problem is :) From: Webster [mailto:webs...@carlwebster.commailto:webs...@carlwebster.com] Sent: Friday, March 23, 2012 8:29 AM To: NT System Admin Issues Subject: RE: OldCmp.exe Computers are like women, they make no sense at all no matter how long you have been around them! Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.comhttp://www.carlwebster.com/ From: David Lum [david@nwea.orgmailto:david@nwea.org] Sent: Friday, March 23, 2012 10:14 AM To: NT System Admin Issues Subject: OldCmp.exe Thanks for not reading the e-mail I didn't send because I figured it out myself while typing the e-mail I cancelled, but did you know if you use DN= instead of DC= in when specifying a BaseDN it won't work? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: GPO puzzle solved, but why.
I have tried to fix it with those suggestions, I'd rather shove an icepick in my ear than ever touch that junk again. From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu] Sent: Friday, March 23, 2012 12:33 PM To: NT System Admin Issues Subject: RE: GPO puzzle solved, but why. Have a read of the Word document-it's interesting how they discuss seeing erratic behavior when more than one IE Maint. policy is applied under various scenarios. http://blogs.technet.com/b/perfguru/archive/2008/04/26/how-to-troubleshoot-internet-explorer-s-maintenance-group-policy.aspx From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]mailto:[mailto:kennedy...@elyriaschools.org] Sent: Friday, March 23, 2012 11:53 AM To: NT System Admin Issues Subject: GPO puzzle solved, but why. I have had a bit of a puzzle today, I have it solved but I don't know why it was behaving this way. IE Maintenance policy set at the domain level. Not the default domain policy, a created policy. It had some popup settings that I needed to change. But prior to changing them I wanted to test them on a group of users. So I put a new IE Maintenance policy on a child OU that had the correct settings. There is no enforcement on either policy, there is no loopback on either policy and there is no inheritance blocking in the path. And there is no WMI or Security settings on either policy. The settings did not apply. GPOResult shows both being applied but the Domain policy as the winner. Which as I understand precedence is not correct. The OU should have applied last and over wrote it. As soon as I remove the domain level policy from the domain level and put it on an OU and then move my new policy to a child they apply as I expect. Now, at the domain level it would be applying to my machines, but as I said there is no loopback on it. But the behavior is just like loopback was enabled. With the way our OU's are set up it can stay where it is at, I don't need anything really at the Domain level, but I am curious why I am seeing this. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: GPO puzzle solved, but why.
If you can't tell, I've had some bad experiences with IEMaint . OTOH, I was very, very happy to come across that article a couple of years ago, it certainly explains a lot. In a normal world it might help, in the environment I was dealing with all bets were off. Ever since I established the IE Maint just not gonna happen on my watch policy my life has been much simpler. From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu] Sent: Friday, March 23, 2012 1:55 PM To: NT System Admin Issues Subject: RE: GPO puzzle solved, but why. LOL, I was just talking about READING it =) From: Free, Bob [mailto:r...@pge.com]mailto:[mailto:r...@pge.com] Sent: Friday, March 23, 2012 1:00 PM To: NT System Admin Issues Subject: RE: GPO puzzle solved, but why. I have tried to fix it with those suggestions, I'd rather shove an icepick in my ear than ever touch that junk again. From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu]mailto:[mailto:mille...@mukilteo.wednet.edu] Sent: Friday, March 23, 2012 12:33 PM To: NT System Admin Issues Subject: RE: GPO puzzle solved, but why. Have a read of the Word document-it's interesting how they discuss seeing erratic behavior when more than one IE Maint. policy is applied under various scenarios. http://blogs.technet.com/b/perfguru/archive/2008/04/26/how-to-troubleshoot-internet-explorer-s-maintenance-group-policy.aspx From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]mailto:[mailto:kennedy...@elyriaschools.org] Sent: Friday, March 23, 2012 11:53 AM To: NT System Admin Issues Subject: GPO puzzle solved, but why. I have had a bit of a puzzle today, I have it solved but I don't know why it was behaving this way. IE Maintenance policy set at the domain level. Not the default domain policy, a created policy. It had some popup settings that I needed to change. But prior to changing them I wanted to test them on a group of users. So I put a new IE Maintenance policy on a child OU that had the correct settings. There is no enforcement on either policy, there is no loopback on either policy and there is no inheritance blocking in the path. And there is no WMI or Security settings on either policy. The settings did not apply. GPOResult shows both being applied but the Domain policy as the winner. Which as I understand precedence is not correct. The OU should have applied last and over wrote it. As soon as I remove the domain level policy from the domain level and put it on an OU and then move my new policy to a child they apply as I expect. Now, at the domain level it would be applying to my machines, but as I said there is no loopback on it. But the behavior is just like loopback was enabled. With the way our OU's are set up it can stay where it is at, I don't need anything really at the Domain level, but I am curious why I am seeing this. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: (homedrive)
It sounds like Bob had a WDRAP Actually we had some use-it-or-lose-it PSS hours left over and I had a one day engagement with an AD PFE for some issues I wanted to go over. He said he did the desktop optimization stuff when he was bored or when there were AD implications (go away Carl) Our desktop folks who are struggling with poor startup times on XP had a similar engagement to the WDRAP last year but I believe they totally focused on slow startup. Needless to say, the fellow we had showed us some things with xperf in just a couple of minutes that weren't part of the takeaway for the desktop guy I discussed it with. As you said, almost all of the countless things that were contributors had nothing to do with AD or the network, rather the configuration of various workstation elements. -Original Message- From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Tuesday, March 13, 2012 3:53 PM To: NT System Admin Issues Subject: RE: (homedrive) Second the xperf tracing here - you can get a lot of insight. There are countless components that play into the logon and startup processes outside of this. It sounds like Bob had a WDRAP which is a good use of premier dollars if you have such a contract in place. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 -Original Message- From: Free, Bob [mailto:r...@pge.com] Sent: Tuesday, March 13, 2012 12:12 PM To: NT System Admin Issues Subject: RE: (homedrive) The way it was explained to me was if the profile tab was used in ADUC to make the setting, that it is legacy NT. Makes sense when you think about other methods to do it that than the legacy ones, such as GPP or GPO login scripts. In our case we were only talking about the home directory and login script. Profiles or software installation are another case. I've been discussing it offline with Brian D and he said he had reached out to someone, he has a pretty long reach so I expect some better answers are forthcoming. :-) If you are struggling with slow logins, I'd strongly suggest getting familiar with xperf. It's an amazing tool. The Dude where's my PFE blog is a great resource for xperf. http://blogs.technet.com/b/jeff_stokes/archive/2011/12/05/xperf-o-rama.aspx -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Tuesday, March 13, 2012 9:31 AM To: NT System Admin Issues Subject: RE: (homedrive) I've been following this thread very closely as we've experienced extremely slow logins and yes we use the roaming profile and home directory settings on the profile tab in ADUC. Does anyone know what the statement, When a user has a roaming user profile or a home directory for logon purposes, actually means? Specifically the part, for logon purposes? Does it just mean that if the user has a home directory or profile defined or something totally different? Also, what is the recommended way to do home directory mapping and profiles, if not in the profile tab? From some of the links, I'm guessing a group policy preference, but not sure. -Original Message- From: Free, Bob [mailto:r...@pge.com] Sent: Tuesday, March 13, 2012 11:11 AM To: NT System Admin Issues Subject: RE: (homedrive) Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.210.3.203] Content-Type: multipart/alternative; boundary=_000_748CF90EABA4224ABF3D957402E1271515146A84EXCHMBFF123Util_ MIME-Version: 1.0 X-CFilter-Loop: Forwarded --_000_748CF90EABA4224ABF3D957402E1271515146A84EXCHMBFF123Util_ Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Better link than the one from MSDN http://technet.microsoft.com/en-us/library/cc758898(v=3Dws.10).aspx Fast Logon Optimization is always off during logon under the following cond= itions: When a user *first* logs on to a computer. (the MSDN link leaves out the o= perative word...doh) When a user has a roaming user profile or a home directory for logon purpos= es. When a user has synchronous logon scripts. From: Free, Bob Sent: Tuesday, March 13, 2012 7:39 AM To: 'NT System Admin Issues' Subject: RE: (homedrive) When he told us about it, I figured out the reg keys associated with logon = optimization from something Darren had blogged and tested it and sure enoug= h, when I removed the logon script and home folder in ADUC and rebooted 2x = the key changed state, my logon was faster and without the applying your s= ettings screen or whatever it is on XP. This guy knew his stuff about slo= w logons and gave us a whirlwind tour of xperf from another customer engage= ment. Very cool tool. Unbelievable amount of detail about startup is availa= ble from it. I did a cursory search back then for something more authoritative than thi= s PFE told me and found this http://msdn.microsoft.com/en-us/library/windo= ws/desktop/aa374350(v=3Dvs.85).aspx I haven't had time
Re: (homedrive)
Using it is painful enough I would hate to have to administer it Sent from my iPhone On Mar 13, 2012, at 10:46 PM, Ken Schaefer k...@adopenstatic.commailto:k...@adopenstatic.com wrote: You have never configured BMC Remedy then :) Cheers Ken From: Jeff Brown [mailto:jbr...@webcoindustries.com] Sent: Wednesday, 14 March 2012 2:47 AM To: NT System Admin Issues Subject: RE: (homedrive) It’s TOTALLY Citrix’s fault :) VBG Because they made citrix config so complicated that only a genius like Carl Webster can get it configured correctly!! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
] Re: List Speed?
do the potty mouth thing and you will get a rise out of someone ... maybe by tomorrow when they get the emailLOL From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Wednesday, March 14, 2012 11:23 AM To: NT System Admin Issues Subject: [dkim-failure] Re: List Speed? In the absence of updates and information rumors and dark thoughts grow... On Wed, Mar 14, 2012 at 1:20 PM, Paul Hutchings paul.hutchi...@mira.co.ukmailto:paul.hutchi...@mira.co.uk wrote: Cynical as I am I wouldn't attribute to malice what can be attributed to poor software or a configuration problem :) From: Jonathan Link [jonathan.l...@gmail.commailto:jonathan.l...@gmail.com] Sent: 14 March 2012 2:17 PM To: NT System Admin Issues Subject: Re: List Speed? I'd rather have fast list response and associated griping than the current situation. My cynical mind? GFI doesn't want to maintain the lists, or at least not do it for free. Sunbelt built a lot of goodwill by hosting the list and getting free advertising out of it. Since GFI has taken over, I see very little marketing to the lists, so I can't help but wonder if the lists are just being squeeze out. That's me. I'm a cynical guy. Note, it's not unreasonable for GFI to not want to continue hosting the list. They don't owe us anything. However, the reverse is true. And a lot of goodwill will end up getting trashed if the list response time isn't fixed, and it continues to hobble along like this for a while. I'm saying, in response to Richard's post, that I am willing to pay a little money for continued access to this community. I don't mind the OT posts, and a moderator can always step in and say, cool it, whether it is free or subscriber sponsored On Wed, Mar 14, 2012 at 9:37 AM, Maglinger, Paul pmaglin...@scvl.commailto:pmaglin...@scvl.com wrote: Yeah, but then everyone would feel justified in griping about OT posts. (I'm paying good money for this?!?!) -Paul From: Guyer, Donald [mailto:dgu...@che.orgmailto:dgu...@che.org] Sent: Wednesday, March 14, 2012 7:54 AM To: NT System Admin Issues Subject: RE: List Speed? I'd be in for an annual fee. The (useful and applicable) knowledge I've gained participating in this list far outweighs any other source I've been exposed to, ever. Regards, Don Guyer Directory and Messaging Services Catholic Health East, ITSS From: Jonathan Link [mailto:jonathan.l...@gmail.com]mailto:[mailto:jonathan.l...@gmail.com] Sent: Tuesday, March 13, 2012 10:57 PM To: NT System Admin Issues Subject: Re: List Speed? I'd pay. Even annually. The utility of this list is approaching nil. Yeah, I go off-topic, I admit it. Find a frequent contributor who doesn't... Waiting 4 or more hours for a reply, seeing multiple postings about the same item (Dell acquiring Sonicwall) is something I can do without. On Tue, Mar 13, 2012 at 8:23 PM, Richard Stovall rich...@gmail.commailto:rich...@gmail.com wrote: $.02 It's a disaster anymore. Throw in something like the BBQ discussion, or any other topic which generates a lot of traffic, and it's all over for hours. Why this has persisted for so long is incomprehensible to me. I realize that the lists are a free service, and I am truly, truly grateful for them. And the simple matter of the fact is that they're just not working very effectively anymore. My vote is to either kill the lists or fix them.* I think a lot of people would be somewhat saddened to see the Sunbelt lists go away after all this time, but I also feel confident that most everyone would resubscribe somewhere else pretty darn quickly if an alternative presented itself and was made known to all the members. * Would I pay a voluntary one-time fee of $5 or $10 to help defray the cost of upgrading friggin' Lyris? Yes. Yes I would. /$.02 2012/3/13 Paul Hutchings paul.hutchi...@mira.co.ukmailto:paul.hutchi...@mira.co.uk Did we ever get anywhere with list speed? A post today took an hour to show up (and before I started to receive any out-of-office replies so that's not just the time taken to make it to my Inbox). I know there was a thread that mentioned issues with a Lyris upgrade, but I don't remember seeing anything beyond that? Respectfully, the delays are really starting to make me think twice about posting as I find myself thinking It'll take an hour to appear, someone will have already responded by then. MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 100 1464 84 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
RE: (homedrive)
The way it was explained to me was if the profile tab was used in ADUC to make the setting, that it is legacy NT. Makes sense when you think about other methods to do it that than the legacy ones, such as GPP or GPO login scripts. In our case we were only talking about the home directory and login script. Profiles or software installation are another case. I've been discussing it offline with Brian D and he said he had reached out to someone, he has a pretty long reach so I expect some better answers are forthcoming. :-) If you are struggling with slow logins, I'd strongly suggest getting familiar with xperf. It's an amazing tool. The Dude where's my PFE blog is a great resource for xperf. http://blogs.technet.com/b/jeff_stokes/archive/2011/12/05/xperf-o-rama.aspx -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Tuesday, March 13, 2012 9:31 AM To: NT System Admin Issues Subject: RE: (homedrive) I've been following this thread very closely as we've experienced extremely slow logins and yes we use the roaming profile and home directory settings on the profile tab in ADUC. Does anyone know what the statement, When a user has a roaming user profile or a home directory for logon purposes, actually means? Specifically the part, for logon purposes? Does it just mean that if the user has a home directory or profile defined or something totally different? Also, what is the recommended way to do home directory mapping and profiles, if not in the profile tab? From some of the links, I'm guessing a group policy preference, but not sure. -Original Message- From: Free, Bob [mailto:r...@pge.com] Sent: Tuesday, March 13, 2012 11:11 AM To: NT System Admin Issues Subject: RE: (homedrive) Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.210.3.203] Content-Type: multipart/alternative; boundary=_000_748CF90EABA4224ABF3D957402E1271515146A84EXCHMBFF123Util_ MIME-Version: 1.0 X-CFilter-Loop: Forwarded --_000_748CF90EABA4224ABF3D957402E1271515146A84EXCHMBFF123Util_ Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Better link than the one from MSDN http://technet.microsoft.com/en-us/library/cc758898(v=3Dws.10).aspx Fast Logon Optimization is always off during logon under the following cond= itions: When a user *first* logs on to a computer. (the MSDN link leaves out the o= perative word...doh) When a user has a roaming user profile or a home directory for logon purpos= es. When a user has synchronous logon scripts. From: Free, Bob Sent: Tuesday, March 13, 2012 7:39 AM To: 'NT System Admin Issues' Subject: RE: (homedrive) When he told us about it, I figured out the reg keys associated with logon = optimization from something Darren had blogged and tested it and sure enoug= h, when I removed the logon script and home folder in ADUC and rebooted 2x = the key changed state, my logon was faster and without the applying your s= ettings screen or whatever it is on XP. This guy knew his stuff about slo= w logons and gave us a whirlwind tour of xperf from another customer engage= ment. Very cool tool. Unbelievable amount of detail about startup is availa= ble from it. I did a cursory search back then for something more authoritative than thi= s PFE told me and found this http://msdn.microsoft.com/en-us/library/windo= ws/desktop/aa374350(v=3Dvs.85).aspx I haven't had time to visit it further but one of our very sharp desktop gu= ys is. The above is all null and void if you are planning on blaming AD for the mi= sbehavior of Citrix :-p From: Webster [mailto:webs...@carlwebster.com]mailto:[mailto:webster@carlw= ebster.com] Sent: Tuesday, March 13, 2012 4:03 AM To: NT System Admin Issues Subject: RE: (homedrive) Bob, I am giving a Geek Speak session at Citrix Synergy in May. My GoogleFu isn= 't turning up anything on this. I would like to add this to my It's Not C= itrix, It's Your !@#$%^ AD talk. (well I was told I can't use that title= but that is what I call it. Actually I think that was MBS' idea for my se= ssion title.) Do you have a reference for this I could link to in my talk or maybe even s= end me a LMGTFY link? Thanks Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.com From: Free, Bob [mailto:r...@pge.com]mailto:[mailto:r...@pge.com] Subject: RE: (homedrive) We had a PSS PFE onsite recently for an AD engagement and we were discussin= g slow boots during a break in the action and he brought up something I had= never heard of before. I was always under the assumption that we had what is known as Fast Logon O= ptimization on our XP systems that allows GPOs to process asynchronously in= the background. He told us that it is disabled in our environment because we use the profil= e settings to map homeDir and specify login script. Basically anything that is set
RE: (homedrive)
That is the non-legacy way :-) And it makes Citrix look better EG j/k -Original Message- From: Webster [mailto:webs...@carlwebster.com] Sent: Tuesday, March 13, 2012 11:25 AM To: NT System Admin Issues Subject: RE: (homedrive) I always do home directories and profiles via GPO. Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.com From: Glen Johnson [gjohn...@vhcc.edu] Subject: RE: (homedrive) I've been following this thread very closely as we've experienced extremely slow logins and yes we use the roaming profile and home directory settings on the profile tab in ADUC. Does anyone know what the statement, When a user has a roaming user profile or a home directory for logon purposes, actually means? Specifically the part, for logon purposes? Does it just mean that if the user has a home directory or profile defined or something totally different? Also, what is the recommended way to do home directory mapping and profiles, if not in the profile tab? From some of the links, I'm guessing a group policy preference, but not sure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Proxy server and ISA
Why do you need the registry value? My answer would be -- Because IE Maint policy is total bunk and it's way better to figure out the keys involved and use GPPs to manage them. I refuse to enter that branch of the editor anymore, been burned way too many times. It is the biggest piece of dung MS ever created in the GPO realm. From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Monday, March 12, 2012 9:44 AM To: NT System Admin Issues Subject: Re: Proxy server and ISA If you know the GPO is here: Group Policy - User Configuration - Windows Settings - Internet Explorer Maintenance - Connection - Proxy Settings Why do you need the registry value? Which I believe is here: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings Christopher Bodnar Enterprise Achitect I, Corporate Office of Technology Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto: [cid:493090219@12032012-1E9E] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ From:Gavin Wilby gavin.wi...@gmail.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date:03/12/2012 12:09 PM Subject:Proxy server and ISA Hi, I have implemented an install of GFI Web Monitor on a server that runs ISA2004. Due to the fact that the ISA has to be set to require auth, for the users to get logged, I need to set IE for all users to Bypass Proxy Connections for Loacl Addresses under the Connections for the LAN. I can see how to policy this out and I cant find the right key to fix the registry. Help please? -- Gavin Wilby, Twitter: http://twitter.com/gavin_wilby ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: ATT1.jpg
RE: Proxy server and ISA
My experience is that if you open it once and never ever touch it again it may work. There were not too many other options early in the W2K era but there are way too many other options now to even consider using it. A few quotes I've gathered over the years from Darren Mar-Elia who is a Group Policy MVP and makes a living selling GPO management software: IE Maintenance, is, to put it bluntly, a pile of crap code. So, you often have to torture it to get it to do what you want. I would suggest sticking with Admin Templates, because the IE maintenance CSE is, if you'll excuse the expression, a buggy piece of cow dung. Sigh. I truly wish MS would either fix IE maintenance policy or just kill it because it's just the buggiest piece of insert expletive here around. It is a mess, frankly. IE Maintenance policy is one of the buggier pieces of policy I've seen, which doesn't help the situation. XP, SP2 then introduced all these additional admin. Template policy settings for IE and so you have to pick through which you can set in which area. My advice is to start with the Admin. Template settings--and try and do everything there. Ignore IE Maintenance unless you absolutely positively have to set it there. From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Monday, March 12, 2012 1:02 PM To: NT System Admin Issues Subject: RE: Proxy server and ISA I didn't specifically implement them, since these are desktop user settings, but I know they are enforced in our environment and that they do work. So I can't speak for any challenges that group may have had implementing them. YMMV Christopher Bodnar Enterprise Achitect I, Corporate Office of Technology Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto: [cid:image001.jpg@01CD0068.4738DC80] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ From:Webster webs...@carlwebster.commailto:webs...@carlwebster.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date:03/12/2012 03:40 PM Subject:RE: Proxy server and ISA IE Maintenance policies just do not work. Never have and probably never will. That may a specific set of issues in the TS/RDS/Citrix/VDI world but I stay away from IE Maintenance policies like I stay away from Carolina BBQ Sauce. Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.comhttp://www.carlwebster.com/ From: Christopher Bodnar [christopher_bod...@glic.com] Sent: Monday, March 12, 2012 11:44 AM To: NT System Admin Issues Subject: Re: Proxy server and ISA If you know the GPO is here: Group Policy - User Configuration - Windows Settings - Internet Explorer Maintenance - Connection - Proxy Settings Why do you need the registry value? Which I believe is here: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings From:Gavin Wilby gavin.wi...@gmail.commailto:gavin.wi...@gmail.com Subject:Proxy server and ISA Hi, I have implemented an install of GFI Web Monitor on a server that runs ISA2004. Due to the fact that the ISA has to be set to require auth, for the users to get logged, I need to set IE for all users to Bypass Proxy Connections for Loacl Addresses under the Connections for the LAN. I can see how to policy this out and I cant find the right key to fix the registry. Help please? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/