Re: New arrivals

[James Winzenz]

Congrats – being a twin myself, expect the years ahead to be challenging but 
rewarding!

James
From: Tony Patton 
Sent: Wednesday, November 24, 2010 8:20 AM
To: NT System Admin Issues 
Subject: New arrivals

Twin boys arrived at 12:30, 5lbs each, both them and Laura are doing well. More 
updates to follow :)

T

typed slowly on HTC Desire

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Linksys WAP54GX withg SRX

[James Winzenz]

?The default for the Linksys wireless routers (at least the WRT series) is 
192.168.1.1.  However, you are correct for this one.  According to 
http://homedownloads.cisco.com/downloads/userguide/1224638355687/WAP54GX_ug.pdf, 
the default for the WAP54GX is 192.168.1.245.


-Original Message- 
From: Gene Giannamore

Sent: Tuesday, November 23, 2010 11:59 AM
To: NT System Admin Issues
Subject: RE: Linksys WAP54GX withg SRX

Hmm. I thought Linksys WAPs were 192.168.1.245. A few don't even have login 
ID only password. Could be I am speaking of only the older ones.


Gene Giannamore
Abide International Inc.
Technical Support
561 1st Street West
Sonoma,Ca.95476
(707) 935-1577Office
(707) 935-9387Fax
(707) 766-4185Cell
gene.giannam...@abideinternational.com
www.abideinternational.com


From: Martin Blackstone [mailto:mblackst...@gmail.com]
Sent: Tuesday, November 23, 2010 7:12 AM
To: NT System Admin Issues
Subject: RE: Linksys WAP54GX withg SRX

Did you try http://192.168.1.1/
That's the default for Linksys I believe.

From: Stefan Jafs [mailto:stefan.j...@gmail.com]
Sent: Tuesday, November 23, 2010 7:07 AM
To: NT System Admin Issues
Subject: Linksys WAP54GX withg SRX

My boss has this in his house it lost connection he uunplugged plugged power 
back in still no go. I'm trying to check but do not know the IP I have the 
MAC address is there any way to find the IP?


--
Stefan Jafs
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/

or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/

or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/

or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Um, WTF?

[James Winzenz]

The most recent Network+ covers BGP and the other routing protocols, although 
not in great detail . . .

From: Michael B. Smith 
Sent: Thursday, November 18, 2010 10:04 AM
To: NT System Admin Issues 
Subject: RE: Um, WTF?

I’ve never seen BGP covered in networking courses. Other than advanced Cisco 
courses.

 

OSPF and RIP and IGRP – common interior protocols, yes; but not BGP.

 

You must attend a better grade of schooling than I did. J

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Thursday, November 18, 2010 11:53 AM
To: NT System Admin Issues
Subject: RE: Um, WTF?

 

Any networking course should cover BGP.

 

When I did my networking subjects, we have to cover OSPF, RIP, BGP etc.

 

Cheers

Ken

 

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Friday, 19 November 2010 12:39 AM
To: NT System Admin Issues
Subject: RE: Um, WTF?

 

If you’ve never worked for an ISP, or acquired a CCNP (or higher), or worked 
for a telecommunications company – it’s unlikely that you would’ve run into BGP 
or ASNs.

 

We all have our areas of expertise. Don’t ask me to set up KMS, for example (to 
reference another ongoing thread on this mailing list). I know zero about it.

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: David Lum [mailto:david@nwea.org] 
Sent: Thursday, November 18, 2010 11:33 AM
To: NT System Admin Issues
Subject: RE: Um, WTF?

 

Ah. I have heard that term I just didn’t connect it.

 

Why is it the more I learn the more ignorant I feel? Some days I actually think 
I do know a lot and then something like this pops up and I’m back to “eh, I’m 
just a n00b…”

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Thursday, November 18, 2010 8:28 AM
To: NT System Admin Issues
Subject: RE: Um, WTF?

 

Border Gateway Protocol

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

From: David Lum [mailto:david@nwea.org] 
Sent: Thursday, November 18, 2010 11:21 AM
To: NT System Admin Issues
Subject: RE: Um, WTF?

 

Ok so I’m behind the curve.

 

BGP?

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Home Folder Permissions reset

[James Winzenz]

I think Don was referring to the NTFS permissions, not the Share 
permissions.  Each admin has to decide whether they want their users to have 
full control to their individual user folders (business may also dictate). 
Yes, full control would allow them to change the permissions on his/her 
folder, including removing the local admin group.  From my experience, I 
usually do the following for the NTFS permissions:


-For the top-level "Homes" folder (we call it "Users"), we usually just do 
domain users - read/list folder contents plus administrators - full control
-for the individual user folders, I do administrators - full control and the 
individual user - modify.  I also remove any inherited permissions when the 
folder is originally created, including Creator/Owner.


Regarding share permissions, everyone has a different opinion on this.  Some 
go the route of just leaving the share permissions at Everyone - Full 
Control and restricting permissions using the NTFS permissions.  Some go a 
step further and restrict both Share and NTFS permissions.  The thing to 
keep in mind is that when combining Share and NTFS permissions, the most 
restrictive always wins.  So if Share permissions are set to Everyone - Full 
Control, and NTFS permissions for a certain group are set to read only, 
members of that group (assuming they don't have explicit permissions or are 
not members of another group that has more permissions) would have read only 
access.


As for SYSTEM, I did some researching on this a while back, and found that 
for a volume containing only files/folders, it does not appear to be 
necessary.  We have removed it from our data volumes without noticing any 
issues at all.


HTH,

James
-Original Message- 
From: Matthew W. Ross

Sent: Monday, November 08, 2010 10:04 AM
To: NT System Admin Issues
Subject: RE: Home Folder Permissions reset

Read access to the Share allows users to write to their home folders?

Also, doesn't full control allow a user to change his permissions?


--Matt Ross
Ephrata School District


- Original Message -
From: Don Guyer
[mailto:don.gu...@prufoxroach.com]
To: NT System Admin Issues
[mailto:ntsysad...@lyris.sunbelt-software.com]
Sent: Mon, 08 Nov 2010
08:56:43 -0800
Subject: RE: Home Folder Permissions reset



Authenticated Users should have Read access to \\SERVER\Homes, each
individual user should have Full Control to \\SERVER\Homes\username.

Don Guyer
Systems Engineer - Information Services
Prudential, Fox & Roach/Trident Group
431 W. Lancaster Avenue
Devon, PA 19333
Direct: (610) 993-3299
Fax: (610) 650-5306
don.gu...@prufoxroach.com


-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
Sent: Monday, November 08, 2010 11:48 AM
To: NT System Admin Issues
Subject: Home Folder Permissions reset

Hey list,

I'm sure this is something that has been touched on before, but my quick
search through the list archives didn't get anything concrete...

I'm looking to lock down permissions on user home folders. I'm unsure on
how, but one user was able to access the contents of another and that
will have to be stopped ASAP. I'd like some help on what are the correct
permissions, as I have a few questions.


Let me explain what things are like currently. Right now, home folder
permissions are as follows:

There is a \\SERVER\Homes share. The _sharing_ permissions on this
folder is set to "Everyone" has Change, "Domain Admins" has Full
control.

Each user has a home folder under this share (i.e.:
\\SERVER\Homes\Username) with the following permissions:

DOMAN\Username has Modify
SERVER\Administrators has Full Control
SERVER\Users has Read and Execute[1]
SYSTEM has full control
CREATOR OWNER has no permissions

And now, several questions:

A) What are the correct sharing permissions? Should "Everyone" be
changed to "Domain Users"? Should Domain Admins not be in that list?

B) What is the SYSTEM permissions for? Is it needed?

C) SERVER\Administrators vs DOMAIN\Domain Admins... Which is more
appropriate?

I'm working on a script to reset these permissions, probably with
xcacls. I need to find my old cacls script first, or write it from
scratch. If somebody has a working script for this handy, I'd love a
copy.

[1] The SERVER\Users group appears to be part of my problem, as I didn't
intend for other users to be able to read and/or execute files on
another user's home folder, but this was an inherited permission I
missed.


--Matt Ross
Ephrata School District

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click h

Re: ISAT RC1

[James Winzenz]

Couple more thoughts since the beta:

1. On slide 9, I believe the more common spelling of "high-jacked" is 
"hijacked".
2. On slide 14, there is a single quote in the front of "social 
engineering", and a double quote at the end - looks like this - 'Social 
Engineering"
3. The practice scenarios have a lot of the same answer - stop, look, and 
delete that email.  It might be good to throw in some actual legitimate 
questions so that people have to think a little harder.  The one about the 
CEO and the pdf from the BBB was a good example of this - need more like 
this.


James

-Original Message- 
From: Stu Sjouwerman

Sent: Thursday, November 04, 2010 11:10 AM
To: NT System Admin Issues
Subject: ISAT RC1

For all of you that provided feedback, here is some news:

Release Candidate 1 for the KnowBe4 ISAT course is available for
a one week review and feedback period until Nov 10, 2010. Link:
http://www.ptrain.com/isat/rc1

Warm regards,

Stu

..
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/

or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: syslog server

[James Winzenz]

Check out Splunk – www.splunk.com

From: Tom Miller 
Sent: Thursday, October 21, 2010 12:32 PM
To: NT System Admin Issues 
Subject: syslog server

Anyone have a syslog server than runs on Windows to recommend?  Free or not.  
I'm looking for something for several firewalls and anti-spam systems to 
forward events to.

Thanks,



Confidentiality Notice: This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information. Any unauthorized review, use, disclosure, or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message. 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: OT: I Thought Just The Toys Were Plastic

[James Winzenz]

Don't forget

http://www.businessinsider.com/chicken-nuggets-pink-goop-2010-10

(that would be some chicken nuggets and, of course, most hot dogs . . .)


From: Roger Wright 
Sent: Wednesday, October 13, 2010 10:55 AM
To: NT System Admin Issues 
Subject: OT: I Thought Just The Toys Were Plastic



http://www.dailymail.co.uk/news/article-1319562/McDonalds-Happy-Meal-bought-Sally-Davies-shows-sign-mould-6-months.html
 


Roger Wright
___

When it's GOOD there ain't nothin' like it, and when it's BAD there ain't 
nothin' like it!



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Could use your feedback...

[James Winzenz]

I have submitted my feedback on the name, and others have already mentioned 
about certain typos in the content.  My concern is more that the content is 
so brief that I worry about it not sinking in.  Also, in the case studies, 
you mention examples with banks, schools, and organizations - how about some 
real-world examples of how individuals were affected?  I think that it helps 
to paint a much clearer picture to someone if they see how phishing and 
social engineering directly affects them and not a faceless business or 
school.  My 2 cents . . .


--
From: "Stu Sjouwerman" 
Sent: Friday, October 08, 2010 2:03 PM
To: "NT System Admin Issues" 
Subject: Could use your feedback...



KnowBe4 will soon release it's first Internet Security Awareness Training 
product.
It will make end-users aware of the dangers of social engineering and 
spear phishing.

If you are interested, here is a beta you can check out:
http://www.ptrain.com/isat/draft1/

We need your input about the product name. Please rate these four options, 
or let

me know if you want to propose another name:
http://www.ptrain.com/isat/draft1/

Warm regards, and thanks in advance!!

Stu


..
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/

or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Interesting run-down on Stuxnet from F-Secure

[James Winzenz]

+9000

--
From: "Ben Scott" 
Sent: Friday, October 08, 2010 1:02 PM
To: "NT System Admin Issues" 
Subject: Re: Interesting run-down on Stuxnet from F-Secure


On Thu, Oct 7, 2010 at 8:08 PM, Andrew S. Baker  wrote:
And I would say that we are were we are because as consumers and 
corporate
customers, we don't push for things to be different.   Not that 
technology

companies don't have their own responsibility to do the right thing, but
they'll always favor features over security is *we* favor features over
security.


 What really sucks is that for those of us who actually care about
security, we're told that everything is fine, nothing is broken,
nobody else is worried about this, you want to much, ha ha cute little
user, etc., etc., etc.   >:-(

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/

or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: IT Solutions for a tiny Deployment

[James Winzenz]

Openfire/Spark?  Looks promising and can be put on Windows or Linux.  Looks 
like it can also integrate with AD.  Dunno if it meets all your requirements or 
not, but here's the site:

http://www.igniterealtime.org/projects/openfire/documentation.jsp


From: Sam Cayze 
Sent: Friday, October 08, 2010 9:47 AM
To: NT System Admin Issues 
Subject: IT Solutions for a tiny Deployment


Looking to utilize an IM solution for about 3 users right now.  Might expand to 
about 10 users - so please, no over the top large enterprise recommendations.

 

Requirements:

Security

Trail/Logging

Can work over WAN

I can provide a backend server if needed.

A virtual appliance would be even better.

 

Any quick pointers are appreciated in conjunction with the research I will be 
doing.

 

TIA,


Sam

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Biometric AD authentication

[James Winzenz]

Biometric AD authenticationWasn't that one on Mythbusters?


From: Steven M. Caesare 
Sent: Wednesday, September 15, 2010 11:09 AM
To: NT System Admin Issues 
Subject: RE: Biometric AD authentication


One of the exploits involved a Gummi  Bear, IIRC.

 

-sc

 

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Wednesday, September 15, 2010 1:04 PM
To: NT System Admin Issues
Subject: RE: Biometric AD authentication

 

Fingerprint as an auth method is passé. It's easily forged. I'm pretty sure 
Secunia published a study about that last year, finding that it didn't matter 
if your reader was $25 or $500 - they were easily "broken".

 

Smartcard plus PIN seems to be winning.

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: Jim Holmgren [mailto:jholmg...@xlhealth.com] 
Sent: Wednesday, September 15, 2010 12:53 PM
To: NT System Admin Issues
Subject: Biometric AD authentication

 

Greetings,

I've been tasked with coming up with some solutions for biometric AD 
authentication.

Quick background:

We are in the healthcare field and will be providing tablet PCs to some of our 
practitioners.  We have been going around about how to provide authentication 
to these folks with minimal security compromises.  The tablets will be running 
Windows 7 Pro (Dell Latitude XT2's at the moment) locked down pretty tight, but 
to avoid the 'sticky note' password keeper on a very portable device that will 
contain PHI, we are looking at requiring login with a fingerprint and pin.

Any suggestions/recommendations from those that have been-there-done-that with 
Biometric AD auth would be greatly appreciated.

Thanks,

Jim

Jim Holmgren

Manager of Server Engineering

XLHealth Corporation

The Warehouse at Camden Yards

351 West Camden Street, Suite 100

Baltimore, MD 21201 

410.625.2200 (main)

443.524.8573 (direct)

443-506.2400 (cell)

www.xlhealth.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use 
of the intended recipient(s) and may contain confidential and/or protected 
health information. Under the Federal Law (HIPAA), the intended recipient is 
obligated to keep this information secure and confidential. Any disclosure to 
third parties without authorization from the member of as permitted by law is 
prohibited and punishable under Federal Law. If you are not the intended 
recipient, please contact the sender by reply e-mail and destroy all copies of 
the original message. 

NOTA DE CONFIDENCIALIDAD: Este mensaje incluyendo cualquier anejo es para uso 
exclusivo del (los) destinatario (s) y puede incluir informaci?n confidencial 
y/o informaci?n de salud protegida. La Ley Federal (HIPAA) establece que el 
destinatario est? obligado a mantener la informaci?n confidencial y sequra. 
HIPAA proh?be y castiga cualquier divulgaci?n a terceras personas sin 
autorizaci?n del afiliado o permitido por ley. Si usted no es el destinatario, 
redirija esta mensaje al remitente, y destruye cualquier copia existente del 
mensaje original. 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: ARIN or other IP lookup?

[James Winzenz]

Sam Spade!


From: richardmccl...@aspca.org 
Sent: Friday, September 10, 2010 9:04 AM
To: NT System Admin Issues 
Subject: Re: ARIN or other IP lookup?



Thanks!  I guess I'd tried one page too far at the site.  When I "seached" on 
the blank on that page, I got a response that it could find no documents with 
that string of text. 

Anyway, it says that IP address is with APNIC.  They (ARIN) no longer has a 
functional link to APNIC.  They have a hyperlink saying "APNIC".  Clicking 
this, though, only brings one to another page within ARIN.  It tells you that 
APNIC is officed in Australia. 

Someone worked really hard to make their new web site hateful! wrote on 09/10/2010 10:56:55 AM:

> Way up in the upper right, put the ip you're interested in into the 
> box labeled "SEARCH Whois". 
> 
> I also hate their new website.

> On Fri, Sep 10, 2010 at 11:54 AM,  wrote: 
> 
> Greetings! 
> 
> A few weeks ago, ARIN had a very nice web site.  I could open my 
> book mark, enter the IP address (copy and paste) of a spam or scan 
> source, and see where it came from. It would reference me to other 
> similar agencies (RIPE, APNIC, etc) which I could then open, paste 
> in the same IP, and finish chasing. 
> 
> They (ARIN) seem to have change things a bit, and I can't figure out
> how to search for IPs anymore.  It almost looks like one needs to 
> take out some sort of subscription to search IP addresses now. 
> 
> Any hints, etc here?   Thanks...
> -- 
> Richard D. McClary 
> Systems Administrator, Information Technology Group 
> ASPCA® 
> 1717 S. Philo Rd, Ste 36 
> Urbana, IL  61802 
>   
> richardmccl...@aspca.org 
>   
> P: 217-337-9761 
> C: 217-417-1182 
> F: 217-337-9761 
> www.aspca.org 
>   
> The information contained in this e-mail, and any attachments 
> hereto, is from The American Society for the Prevention of Cruelty to Animals®
> (ASPCA®) and is intended only for use by the addressee(s) named 
> herein and may contain legally privileged and/or confidential 
> information. If you are not the intended recipient of this e-mail, 
> you are hereby notified that any dissemination, distribution, 
> copying or use of the contents of this e-mail, and any attachments 
> hereto, is strictly prohibited. If you have received this e-mail in 
> error, please immediately notify me by reply email and permanently 
> delete the original and any copy of this e-mail and any printout thereof. 
>   
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here: http://lyris.sunbelt-software.
> com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here: http://lyris.sunbelt-software.
> com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Mac and Windows mix

[James Winzenz]

Ha, my favorite was to take a screenshot of their desktop, set that to their 
desktop background, then kill exporer.exe.  Mouse still moved around, their 
desktop looked fine, but they couldn't click on anything.  Only did it once 
to a cow-orker tho . . .


--
From: "Maglinger, Paul" 
Sent: Thursday, September 09, 2010 9:01 AM
To: "NT System Admin Issues" 
Subject: RE: Mac and Windows mix


10,000 comedians out of work and we get stuck with people who think this
is funny.
That's always a joy here because then they call the Help Desk in panic
wondering what they did to cause it.
The jokester doesn't find it funny when the Help Desk gets even though.

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: Wednesday, September 08, 2010 11:17 PM
To: NT System Admin Issues
Subject: Re: Mac and Windows mix

On Thu, Sep 9, 2010 at 12:07 AM, Steven M. Caesare
 wrote:

That having been said, my favorite new Win7 shell keyboard shortcut is
Shift+Win+UpArrow.


 My favorite is Ctrl+Alt+RightArrow, which rotates the screen image
90 degrees.  Of course, I only use it on other people's computers...
;-)

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/

or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: what is the rss feed url here

[James Winzenz]

From Sunbelt's website:


"All newsletters are available through an RSS reader. However lists 
currently have RSS disabled as we await a software upgrade."


http://www.sunbeltsoftware.com/Communities/

James

--
From: "Steph Balog" 
Sent: Wednesday, September 08, 2010 8:38 AM
To: "NT System Admin Issues" 
Subject: what is the rss feed url here


I would like to add it to the ipad feedler.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/

or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: How to be a better spy...

[James Winzenz]

That's why up to 50% (or maybe more, depends on who you ask) of a hack is based 
on social engineering . . .


From: Andrew S. Baker 
Sent: Tuesday, June 29, 2010 1:55 PM
To: NT System Admin Issues 
Subject: Re: How to be a better spy...


The human element is almost always the weakest link... 

-ASB: http://XeeSM.com/AndrewBaker



On Tue, Jun 29, 2010 at 3:16 PM, Ben Scott  wrote:

  On Tue, Jun 29, 2010 at 3:13 PM, Kurt Buff  wrote:
  > http://isc.sans.edu/diary.html?storyid=9094


   I saw that, too.

   One claim I found interesting: The spies used whole-disk encryption,
  but the FBI was still able to retrieve data from the disk because they
  found the password written on a piece of paper near-by.

  -- Ben






 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Utterly OT - World Cup

[James Winzenz]

That's correct, but one of the defenders can include the goalkeeper.

Thanks,
 
James Winzenz



 


From: er...@forestpost.com
To: ntsysadmin@lyris.sunbelt-software.com
Subject: Re: Utterly OT - World Cup
Date: Fri, 11 Jun 2010 10:56:49 -0400

>From what I understand, and my understanding is admittedly limited, there must 
>be two defenders behind the offensive player.  I only saw one defender on the 
>goal line between the ball and the net.  The goal keeper was near the top of 
>the box to my eye.


Any experts care to chime in?



On Jun 11, 2010, at 10:51 AM, Don Ely wrote:
He wasn't offside...  Bad call...


On Fri, Jun 11, 2010 at 7:42 AM, Steve Ens  wrote:

Offside - Mexico goal will not stand. 





On Fri, Jun 11, 2010 at 9:40 AM, Ben Scott  wrote:


On Fri, Jun 11, 2010 at 10:21 AM, N Parr  wrote:
> Dude he was joking.  Lighten up.

 Dude, so was I.  Ditto.




-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~



 
 



 
 





Eric Brouwer
IT Manager
www.forestpost.com
er...@forestpost.com
248.855.4333



 

 

  
_
The New Busy is not the too busy. Combine all your e-mail accounts with Hotmail.
http://www.windowslive.com/campaign/thenewbusy?tile=multiaccount&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: More pain on the Windows front, possible 0 day

[James Winzenz]

Have any of you checked out the examples of the exploit on the seclists.org 
site?  It is innocuous - only spawns calc.exe, but it is a good example of what 
can be done with this exploit.  Have already passed it on to my manager to see 
if we can get a gpo implemented.

Thanks,
 
James Winzenz



 


Subject: RE: More pain on the Windows front, possible 0 day
Date: Thu, 10 Jun 2010 11:01:26 -0400
From: ezi...@lifespan.org
To: ntsysadmin@lyris.sunbelt-software.com







I would also see phishing attacks with this type of exploit as the payload, 
along with others. Maybe they combine it with MPACK or Zues…
 
Z
 
Edward Ziots
CISSP,MCSA,MCP+I,Security +,Network +,CCA
Network Engineer
Lifespan Organization
401-639-3505
ezi...@lifespan.org
 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, June 10, 2010 10:19 AM
To: NT System Admin Issues
Subject: Re: More pain on the Windows front, possible 0 day
 
I would assume the primary method of exploitation would be through a crafted 
URL, delivered by whatever method your average virus writer chooses - email, 
IM, FaceBook, etc

On 10 June 2010 15:09, David Lum  wrote:


So I’m not clear…if someone clicks on “Help and Support” in 2003 / XP it’s 
possible for them to get exploted because they might look for something and get 
redirected to a compromised site? I’m not clear…what would my users have to go 
to get exploited?
David Lum // SYSTEMS ENGINEER 
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764
 


From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Thursday, June 10, 2010 6:46 AM


To: NT System Admin Issues
Subject: RE: More pain on the Windows front, possible 0 day
 
What I am thinking if we don’t have the spot in the registry, then maybe 
configuring your web filtering, to block all URL’s  or sequences that are 
calling HCP://

 
Per the seclist.org site the rogue html file had the following in it: 
$ cat starthelp.html 

 
But this was shown accordingly;Few users rely on Help Centre urls, it is safe 
to temporarily disable themby removing HKCR\HCP\shell\open. This modification 
can be deployed easily usingGPOs. For more information on Group Policy, see 
Microsoft's Group Policy site,here This is the exported registry per my XP SP3 
system. Windows Registry Editor Version 5.00 [hkey_classes_root\h...@="Help 
Center Pluggable Protocol""URL 
Protocol"="""EditFlags"=dword:0002"FriendlyTypeName"="@C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HCAppRes.dll,-2100"
 [HKEY_CLASSES_ROOT\HCP\shell]
 [HKEY_CLASSES_ROOT\HCP\shell\open] [HKEY_CLASSES_ROOT\HCP\shell\open\command]
@="\"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe\" -FromHCP -url 
\"%1\"" Then you can send save this .reg file for restoration procedures if 
needed.  The following the directions in http://support.microsoft.com/kb/310516 
Basically I believe it would look like the following for  HCPfix.reg 
[-hkey_classes_root\h...@="Help Center Pluggable Protocol""URL 
Protocol"="""EditFlags"=dword:0002"FriendlyTypeName"="@C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HCAppRes.dll,-2100"
 [-HKEY_CLASSES_ROOT\HCP\shell]
 [-HKEY_CLASSES_ROOT\HCP\shell\open] [-HKEY_CLASSES_ROOT\HCP\shell\open\command]
@="\"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe\" -FromHCP -url 
\"%1\"" Then do a test deploy with Startup GPO with the following as the 
script. HCPfix.cmd
regedit.exe /s HCPFIX.reg   
http://technet.microsoft.com/en-us/windowsserver/bb310732.aspx
 
 
I haven’t tried it, since I have HIPS at the workstation is a mitigation 
control, but for those who don’t this might just be the workaround you are 
going to need before M$ puts out an OOB patch if they are going too.  Depends 
on how many PCs you have at risk, how much privileges your users have and how 
much of a threat you believe them to be at against this exploit from the 
internet. 
 
Sincerely,
EZ
 
Edward Ziots

CISSP,MCSA,MCP+I,Security +,Network +,CCA
Network Engineer
Lifespan Organization
401-639-3505
ezi...@lifespan.org
 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, June 10, 2010 9:14 AM


To: NT System Admin Issues
Subject: Re: More pain on the Windows front, possible 0 day
 
I think it is just for XP/2003, and it is the MS Help Center stuff



It actually doesn't work properly on 2008, as far as I can tell - I was looking 
a bit too deep


On 10 June 2010 14:08, David W. McSpadden  wrote:




I don’t have it as well but I am win7pro and I didn’t install the HP help 
center software??
Maybe??
 
 




From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, June 10, 2010 8:38 AM



To: NT System Admin Issues
Subject: Re: More pain on the Windows front, possible 0 day


 
I can't find the protocol handler anywhere in HKCR?

On 10 June 2010 13:31, Joe Tinney  

RE: Blue screen viewer

[James Winzenz]

+2

 

You're gonna have to put your iso online pretty soon . . .

Thanks,
 
James Winzenz



 
> From: charl...@golden-eagle.org
> To: ntsysadmin@lyris.sunbelt-software.com
> Subject: RE: Blue screen viewer
> Date: Wed, 2 Jun 2010 14:55:38 -0700
> 
> +1
> 
> ***
> Charlie Kaiser
> charl...@golden-eagle.org
> Kingman, AZ
> *** 
> 
> > -Original Message-
> > From: Phillip Partipilo [mailto:p...@psnet.com] 
> > Sent: Wednesday, June 02, 2010 1:11 PM
> > To: NT System Admin Issues
> > Subject: RE: Blue screen viewer
> > 
> > I'd be really interested in the list of gadgets on this CD 
> > you speak of J (wait, people are still carrying their stuff 
> > on 5 inch wide plastic discs?)
> > 
> > 
> > 
> > 
> > 
> > Phillip Partipilo
> > 
> > Parametric Solutions Inc.
> > 
> > Jupiter, Florida
> > 
> > (561) 747-6107
> > 
> > 
> > 
> > 
> > 
> > From: Ziots, Edward [mailto:ezi...@lifespan.org]
> > Sent: Wednesday, June 02, 2010 1:00 PM
> > To: NT System Admin Issues
> > Subject: RE: Blue screen viewer
> > 
> > 
> > 
> > Dam, you beat me too it, nice utility I am putting that on my 
> > tools CD. 
> > 
> > 
> > 
> > Z
> > 
> > 
> > 
> > Edward Ziots
> > 
> > CISSP,MCSA,MCP+I,Security +,Network +,CCA
> > 
> > Network Engineer
> > 
> > Lifespan Organization
> > 
> > 401-639-3505
> > 
> > ezi...@lifespan.org
> > 
> > 
> > 
> > From: James Rankin [mailto:kz2...@googlemail.com]
> > Sent: Wednesday, June 02, 2010 11:20 AM
> > To: NT System Admin Issues
> > Subject: Blue screen viewer
> > 
> > 
> > 
> > Don't know whether anyone might find this useful for 
> > decrypting BSOD events...
> > 
> > http://searchwindowsserver.techtarget.com/tip/0,289483,sid68_g
> > ci1513765,00.html?track=NL-1455&ad=768254&asrc=EM_NLT_11694717
> > 
> > Haven't had one to test it on yet so can't speak to its effectiveness
> > 
> > --
> > "On two occasions...I have been asked, 'Pray, Mr Babbage, if 
> > you put into the machine wrong figures, will the right 
> > answers come out?' I am not able rightly to apprehend the 
> > kind of confusion of ideas that could provoke such a question."
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
  
_
Hotmail is redefining busy with tools for the New Busy. Get more from your 
inbox.
http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_2
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Great RDP Manager from Microsoft - Bink.nu

[James Winzenz]

I installed it and got all my servers added to it already - very nice!  It is 
like remote desktops, but better.  You can create multiple groups, can store 
separate login credentials per group or server, can specify if you connect to 
the console or not, etc.  And servers are automatically arranged 
alphebetically!  Plus you have the option of importing servers and groups.

Thanks,
 
James Winzenz



 
> Date: Wed, 2 Jun 2010 11:09:35 -0700
> From: jhea...@dfg.ca.gov
> To: ntsysadmin@lyris.sunbelt-software.com
> Subject: Re: Great RDP Manager from Microsoft - Bink.nu
> 
> Have any screenshots to share? I'm currently using Terminals, would this be 
> "better"?
> 
> >>> James Rankin  6/2/2010 9:33 AM >>>
> Don't know whether I'd drop it in favour of MRemote, but it looks good,
> cheers
> 
> On 2 June 2010 17:28, Sam Cayze  wrote:
> 
> >
> > http://bink.nu/news/great-rdp-manager-from-microsoft.aspx?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+binkdotnu+%28Bink.nu%29
> >  
> >
> >
> >
> >
> >
> >
> 
> 
> -- 
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
> 
  
_
Hotmail has tools for the New Busy. Search, chat and e-mail from your inbox.
http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_1
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Great RDP Manager from Microsoft - Bink.nu

[James Winzenz]

Nice - I'll have to check that out.

Thanks,
 
James Winzenz



 


Subject: Great RDP Manager from Microsoft - Bink.nu
Date: Wed, 2 Jun 2010 11:28:30 -0500
From: sam.ca...@rollouts.com
To: ntsysadmin@lyris.sunbelt-software.com





http://bink.nu/news/great-rdp-manager-from-microsoft.aspx?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+binkdotnu+%28Bink.nu%29

 

 

  
_
The New Busy is not the too busy. Combine all your e-mail accounts with Hotmail.
http://www.windowslive.com/campaign/thenewbusy?tile=multiaccount&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: OT: DVD burning software

[James Winzenz]

+1

 

I have used CDBurnerXP and ImgBurn, and I actually prefer ImgBurn.

Thanks,
 
James Winzenz



 
> Date: Thu, 27 May 2010 20:08:36 +0200
> From: peter...@gmail.com
> To: ntsysadmin@lyris.sunbelt-software.com
> Subject: Re: OT: DVD burning software
> 
> http://www.imgburn.com
> 
> --
> Peter van Houten
> 
> On the 27 May, 2010 20:04, Bill Songstad wrote the following:
> > I just rebuilt a XP workstation only to discover that I don't have the
> > Nero disk that came with the DVD burner. Does anybody have a
> > recommendation for software to use in lieu of Nero? I know I can
> > download a full version of Nero, but it is so full of bloat that if I
> > have to pay, I want something a little less full of baloney.
> > Any feedback would be appreciated,
> > Bill
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
  
_
The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with 
Hotmail. 
http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Recycler Files

[James Winzenz]

Although if it has been less than 7 days and it wasn't in the deleted items, 
but rather hard-deleted from the folder in which it resided, you can also turn 
on the dumpsteralwayson registry setting and log on to the profile again.  This 
allows you to recover from any folder on the mailbox instead of just the 
deleted items folder.

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client\Options

 

Create a new DWORD key called DumpsterAlwaysOn, and set the value to 1.

Thanks,
 
James Winzenz



 
> From: mailvor...@gmail.com
> Date: Tue, 4 May 2010 18:39:42 -0400
> Subject: Re: Recycler Files
> To: ntsysadmin@lyris.sunbelt-software.com
> 
> On Tue, May 4, 2010 at 6:32 PM, Cameron Cooper  wrote:
> > Tried that on the user's computer and there wasn't anything in
> > the Recover Deleted Items.  Exchange is set to empty that folder after 7 
> > days.
> 
> Then anything older than 7 days is gone (unless you have older
> backups and can afford to restore the entire Information Store to a
> recovery group (ick!!)).
> 
> -- Ben
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
> 
  
_
Hotmail is redefining busy with tools for the New Busy. Get more from your 
inbox.
http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_2
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Webster is now employed

[James Winzenz]

Congrats!  A little bit late to the game for me, but I spent much of yesterday 
afternoon slaving over a nasty exam.

Thanks,
 
James Winzenz



 


From: webs...@carlwebster.com
To: ntsysadmin@lyris.sunbelt-software.com
Subject: Webster is now employed
Date: Tue, 27 Apr 2010 21:05:54 -0500





Webster is now employed by LPS Integration in Nashville, TN as Sr. Citrix 
Technical Architect.  I start Friday May 7th. http://www.lpsintegration.com/
 
 
Carl Webster
Citrix Technology Professional
http://dabcc.com/Webster
 
 

 

  
_
The New Busy is not the old busy. Search, chat and e-mail from your inbox.
http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_3
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: "Professional" NetBooks?

[James Winzenz]

You should look at the E4200 as well.  It has a 12" screen, and will be the 
lightest Latitude you can get right now.

Thanks,
 
James Winzenz



 


From: jaldr...@blueridgecarpet.com
To: ntsysadmin@lyris.sunbelt-software.com
Subject: RE: "Professional" NetBooks?
Date: Wed, 14 Apr 2010 12:21:09 -0400







Thanks. I’m looking at the Latitude E4300 as recommended by someone else here 
moments ago. J
 

 

From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] 
Sent: Wednesday, April 14, 2010 12:17 PM
To: NT System Admin Issues
Subject: RE: "Professional" NetBooks?
 

Dell makes some pretty tiny little notebook computers with professional OS's on 
it.  I can't recall the series, but we have a few of them.  They're not much 
bigger than a NetBook.
-- 
Richard D. McClary 
Systems Administrator, Information Technology Group 
ASPCA® 
1717 S. Philo Rd, Ste 36 
Urbana, IL  61802 
  
richardmccl...@aspca.org 
  
P: 217-337-9761 
C: 217-417-1182 
F: 217-337-9761 
www.aspca.org 
  
The information contained in this e-mail, and any attachments hereto, is from 
The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is 
intended only for use by the addressee(s) named herein and may contain legally 
privileged and/or confidential information. If you are not the intended 
recipient of this e-mail, you are hereby notified that any dissemination, 
distribution, copying or use of the contents of this e-mail, and any 
attachments hereto, is strictly prohibited. If you have received this e-mail in 
error, please immediately notify me by reply email and permanently delete the 
original and any copy of this e-mail and any printout thereof. 
  

"John Aldrich"  wrote on 04/14/2010 11:11:40 AM:

> Thanks. I’ll keep that in mind. I just hate to change laptop brands 
> just because Dell doesn’t offer a NetBook with a professional O/S. L 
>   
> [image removed] [image removed] 
>   
> From: Eric Wittersheim [mailto:eric.wittersh...@gmail.com] 
> Sent: Wednesday, April 14, 2010 12:08 PM
> To: NT System Admin Issues
> Subject: Re: "Professional" NetBooks? 
>   
> I bought a HP mini-note 2133 that came with XP pro for my Executive 
> Director.  Works very good. 
> On Wed, Apr 14, 2010 at 11:03 AM, John Aldrich  > wrote: 
> I was just thinking that one of our senior sales managers is needing
> a new laptop relatively soon, and since we’re primarily a Dell shop,
> I thought I’d see if I could get him a new Netbook  instead of a 
> full sized laptop. Unfortunately, it seems you can either get a 
> Netbook with a Home o/s or you can get a laptop with a business O/S.
> Can’t seem to find a Netbook with a Business O/S. L 
> Any suggestions on a machine that’s small enough to be easily 
> portable, but still have a business O/S? 
>   
> [image removed] [image removed] 
>   
>   
>   
>   
>   
>   
>   
>   

 
 
 

 

  
_
The New Busy is not the old busy. Search, chat and e-mail from your inbox.
http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_3
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Users Setting NTFS Permissions

[James Winzenz]

This is what we do - we remove Creator/Owner when the server is set up, don't 
have to worry about it after that.

Thanks,
 
James Winzenz



 


Date: Wed, 13 Jan 2010 08:41:33 -0500
Subject: Re: Users Setting NTFS Permissions
From: jonathan.l...@gmail.com
To: ntsysadmin@lyris.sunbelt-software.com

That's because the parent folder has creator/owner permissions and any newly 
created folder is inheriting the permission from the parent..  In my FS where 
I've removed creator/owner from the parentI don't see this behavior.


On Wed, Jan 13, 2010 at 8:20 AM, James Rankin  wrote:

I normally just give the groups RWXD, but the Creator Owner privilege appears 
by default on newly created folders. Without removing the ability to create 
folders and/or run subinacl scripts to take ownership, I find removing the GUI 
to change the permissions is the easiest option.


2010/1/13 Jonathan Link  




Isn't that just obfuscation?  I thought the ability to change permissions was 
granted by the Full Control right.  If that's the case, pull Creator/Owner Full 
control from your file system and reassign permissions accordingly. 





On Wed, Jan 13, 2010 at 7:11 AM, James Rankin  wrote:

Prevent access to the rshx32.dll file on all your workstations and servers to 
Administrators and System only. You can do this with a GPO. The user can't 
access the security tab then and can't change permissions. Unless they know how 
to use cacls. You could lock the permissions on that file as well through Group 
Policy.


2010/1/13 Terri Esham  




We have a Windows 2008 Domain whereby we control access to folders
stored on one of the domain controllers through Active Directory
groups.  When a new folder is created on the network file server, we
grant full permissions to the associated active directory group with the
exception of the ability to set and change permissions.

We just discovered that a user can grant permissions to any folder that
they create under the primary folder because they are the folder
owner.   Obviously, I can change ownership to the domain admin, but how
in the world would I keep up with this.  I've no idea when a user might
create a sub folder.  I stumbled upon the problem because I found a
folder whereby a user had granted the everyone group full rights.  I
knew none of the domain admins would do that.  After talking with the
owner of the folder, I found out he's been doing it all along.

Wow!  This is a real problem for us because we want to control access
through groups.  This one user had shared a bunch of folders using
individual names.  Plus, he had no clue what he was doing and just
granted everyone full rights.

How in the world do you guys handle this?  Am I missing something?

Thanks, Terri

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."


 


 



 


 




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."


 

 





 

 

  
_
Hotmail: Trusted email with powerful SPAM protection.
http://clk.atdmt.com/GBL/go/196390707/direct/01/
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Hyena

[James Winzenz]

Yes - we use it.  We don't use it as much for the AD/Exchange administration as 
we do for the reporting and exporting features.

Thanks,
 
James Winzenz



 
> Date: Fri, 11 Dec 2009 08:28:10 -0600
> Subject: Hyena
> From: mqcarpen...@gmail.com
> To: ntsysadmin@lyris.sunbelt-software.com
> 
> Does anyone use Hyena in their environment to consolidate
> administrative tasks? We have tested the product and like it but would
> like feedback on comparable products in that price range ($200 per
> user)
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
  
_
Your E-mail and More On-the-Go. Get Windows Live Hotmail Free.
http://clk.atdmt.com/GBL/go/171222985/direct/01/
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Latitude access problem

[James Winzenz]

+1 on the Ultimate Boot CD.

 

Awesome tool.  If he doesn't want all the other stuff that is on it, then I 
would second the following link that Richard provided, which just contains the 
offline NT Password and Registry Editor:

 

http://pogostick.net/~pnh/ntpasswd/

Thanks,
 
James Winzenz



 


Date: Thu, 3 Dec 2009 17:07:44 -0500
Subject: Re: Latitude access problem
From: drod...@gmail.com
To: ntsysadmin@lyris.sunbelt-software.com

Use the Ultimate Boot CD for Windows. You will need a CD of Windows XP as it 
will need the i386 directory and other files from that CD. When you get that up 
and going, there is a Password Recovery option on the first menu screen. This 
utility is real good on changing the Adminstrator Password. Just 'blank' it 
out. Reboot into the main screen and login as Administrator, local account, and 
just hit Enter. Once you get into Windows, just change the Administrator 
Password and his password.


On Thu, Dec 3, 2009 at 4:45 PM, Len Hammond  wrote:


Dell Latitude Genuises:
 
Just had a call from a customer. He decided to set an account password on his 
Latitude laptop three days ago. He did this after drinking a bottle of wine, 
and now he can't remember his password. He either typed it wrong twice when 
setting it or doesn't remember it. Either way he can't get into his machine. He 
also doesn't remember or can't figure out what the Admin password is either. He 
does own the box and apparently he recently talked with Dell about this 
specific Service Tag to get drivers for a refresh. This is the box he has been 
using for some class he is taking so he needs to get the data off of it. It 
runs fine, he just can't get into it.
 
He can pull the HDD and put it in an external case and attach it to another 
machine to grab the data before he wipes and reinstalls the OS. I have never 
tried to "repair" an operating system installation to reset passwords and I 
really think that will not work.  Anyway, he is going to try a repair before he 
pulls the drive and recovers his data and then rebuilds. I believe that there 
are no viruses involved, but it did sound like alcohol was involved .
 
Anyone have any thoughts, I can try or pass on to him?
Len Hammond
CSI:Hartland
lenhamm...@gmail.com

 


 

 

 

  
_
Chat with Messenger straight from your Hotmail inbox.
http://www.microsoft.com/windows/windowslive/hotmail_bl1/hotmail_bl1.aspx?ocid=PID23879::T:WLMTAGL:ON:WL:en-ww:WM_IMHM_4:092009
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Invite to admin_misc (was [LIST ADMIN MESSAGE] RE: U.S. Marines ban Facebook, MySpace, Twitter)

[James Winzenz]

Thanks, Steven.  I had forgotten about that list for a while.  Just
re-subbed.

 

James

 

From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Tuesday, August 11, 2009 9:04 AM
To: NT System Admin Issues
Subject: RE: Invite to admin_misc (was [LIST ADMIN MESSAGE] RE: U.S. Marines
ban Facebook, MySpace, Twitter)

 

And of course I typo'ed the listserver address. It's
listser...@ultratech-llc.com

 

I'm an idiot.

 

-sc

 

From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Tuesday, August 11, 2009 12:01 PM
To: NT System Admin Issues
Cc: admin_m...@ultratech-llc.com
Subject: Invite to admin_misc (was [LIST ADMIN MESSAGE] RE: U.S. Marines ban
Facebook, MySpace, Twitter)

 

Stu-

 

Thanks for graciously hosting this list (and that great compilation of
utilities), and for giving us a least a little free reign. And not for
calling me out specifically ;-)

 

This same thing happened a decade+ ago on a similar list, and ASB created a
place for the foolishness to continue. As a result a good time was had by
all (as well as some great flamefests) and some great friendships were made.

 

So, in order to reduce the unwanted noise in this forum I'm sending an
invite out to all those who may be of (un)sound mind to ASB's "Admin_misc"
list. Be warned, it's a very high noise-to-signal ratio, and the volume at
times has been astronomical (although not recently). 

 

To subscribe send the following command to listesr...@ultratech-llc.com: sub
admin_misc

 

It's a moderated acceptance process, so give ASB a chance to approve the sub
requests.

 

Oh, and if you don't have thick skin, don't bother showing up. This means
whiners like you, Shook and TVK.

 

-sc

 

PS- In order to comply with Stu's request, please send any questions about
this to me personally, rather than on list.

 

 

 

 

From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] 
Sent: Monday, August 10, 2009 10:25 AM
To: NT System Admin Issues
Subject: [LIST ADMIN MESSAGE] RE: U.S. Marines ban Facebook, MySpace,
Twitter
Importance: High

 

Hi All,

 

A litter banter is okay, but it seems there is more than "a little"
nowadays.

 

Let's keep our list charter in mind please:

 

.  DO NOT post large articles to the list as web pages were made for that.
Send a link with the URL. 

.  DO NOT generate noise, voice your upset, flame, or make inflammatory
remarks. Save that for offline or better yet, do not do it at all. 

.  Remember to STAY ON TOPIC, LOW NOISE, and FRIENDLY! 

 

Warm regards,


Stu Sjouwerman
Founder, VP Marketing.
P: +1-727-562-0101 ext 218
F: +1-727-562-5199
s...@sunbelt-software.com


  

 

 

  _  

From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Friday, August 07, 2009 5:35 PM
To: NT System Admin Issues
Subject: RE: U.S. Marines ban Facebook, MySpace, Twitter

That's funny, because Shook told me he considers "TVK" a noun. As in "Man, I
really blew up that toilet with the TVK I just dropped."

 

Strange, huh?

 

-sc

 

From: Tim Vander Kooi [mailto:tvanderk...@expl.com] 
Sent: Friday, August 07, 2009 4:37 PM
To: NT System Admin Issues
Subject: RE: U.S. Marines ban Facebook, MySpace, Twitter

 

I consider Shook to be more of a verb than a noun (as in, "The price of gas
went up today and really made me feel like I'd been Shooked." Or "The used
car salesman really gave him the Shook.").

TVK

 

- Problems become opportunities when the right people join together.

 

From: David Lum [mailto:david@nwea.org] 
Sent: Friday, August 07, 2009 3:22 PM
To: NT System Admin Issues
Subject: RE: U.S. Marines ban Facebook, MySpace, Twitter

 

Marines = men

Army = Shook

 

From: Weatherford, Chad [mailto:cweatherf...@scvl.com] 
Sent: Friday, August 07, 2009 12:08 PM
To: NT System Admin Issues
Subject: RE: U.S. Marines ban Facebook, MySpace, Twitter

 

Hey now, the Marines may go in first but they wouldn't hold the ground
without the Army coming in behind them!

 

cw

  _  

From: Brumbaugh, Luke [mailto:luke.brumba...@butlerahs.com] 
Sent: Friday, August 07, 2009 2:00 PM
To: NT System Admin Issues
Subject: RE: U.S. Marines ban Facebook, MySpace, Twitter

 

The Grunt I meant was Army (slang   for
an infantryman  )

 

 

 

From: David W. McSpadden [mailto:dav...@imcu.com] 
Sent: Friday, August 07, 2009 2:54 PM
To: NT System Admin Issues
Subject: Re: U.S. Marines ban Facebook, MySpace, Twitter

 

I think that was actually someone in the Army or Navy.

We don't have time to change the channel.

:-)

- Original Message - 

From: Brumbaugh, Luke   

To: NT System Admin Issues   

Sent: Friday, August 07, 2009 2:50 PM

Subject: RE: U.S. Marines ban Facebook, MySpace, Twitter

 

I give you that one. Wasn't it the grunts who tried the find out where to
change the channel.

 

 

From: David W. McSpadden [mailto:dav...@imcu.org] 
S

RE: Friday Funny - Banned From Wal-Mart

[James Winzenz]

ROFL!  Thanks for a good laugh, Sherry!

 

From: Sherry Abercrombie [mailto:saber...@gmail.com] 
Sent: Friday, July 17, 2009 7:06 AM
To: NT System Admin Issues
Subject: OT: Friday Funny - Banned From Wal-Mart

 

Mr. Caesare, this is especially for you since you need a laugh or two to get
you through the long day/night you have scheduled.  Warning, some may find
this politically, moraly or gender(ly) incorrect, but it's one of the
funniest things I've read since the squirrel & motorcycle story.(1, 3 &
12 are my personal favorites).

BANNED FROM WAL-MART

This is why women should not take men shopping against their will.

After I retired, my wife insisted that I accompany her on her trips to
Wal-Mart. Unfortunately, like most men, I found shopping boring and
preferred to get in and get out.

Equally unfortunately, my wife is like most women - she loved to browse.
Yesterday my dear wife received the following letter from the local
Wal-Mart:

Dear Mrs. Samsel,

Over the past six months, your husband has been causing quite a commotion in
our store. We cannot tolerate this behavior and have been forced to ban both
of you from the store. Our complaints against Mr. Samsel are listed below
and are documented by our video surveillance cameras.

1. June 15: Took 24 boxes of condoms and randomly put them in people's carts
when they weren't looking.

2 . July 2: Set all the alarm clocks in Housewares to go off at 5-minute
intervals.

3. July 7: Made a trail of tomato juice on the floor leading to the women's
restroom.

4. July 19: Walked up to an employee and told her in an official voice,
'Code 3 in Housewares. Get on it right away. '

5. August 4: Went to the Service Desk and tried to put a bag of M&M's on
layaway.

6. August 14: Moved a 'CAUTION - WET FLOOR' sign to a carpeted area.

7. August 15: Set up a tent in the camping department and told other
shoppers he'd invite them in if they would bring pillows and blankets from
the bedding department.

8. August 23: When a clerk asked if they could help him, he began crying and
screamed, 'Why can't you people just leave me alone?'

9. September 4: Looked right into the security camera and used it as a
mirror while he picked his nose.

10. September 10: While handling guns in the hunting department, he asked
the clerk where the antidepressants were.

11. October 3: Darted around the store suspiciously while loudly humming the
' Mission Impossible' theme.

12. October 6: In the auto department, he practiced his 'Madonna look' by
using different sizes of funnels.

13. October 18: Hid in a clothing rack and when people browsed through,
yelled 'PICK ME! PICK ME!'

14. October 21: When an announcement came over the loud speaker, he assumed
a fetal position and screamed 'OH NO! IT'S THOSE VOICES AGAIN!'

And last, but not least .

15. October 23: Went into a fitting room, shut the door, waited awhile, then
yelled very loudly, 'Hey! There's no toilet paper in here!'


-- 
Sherry Abercrombie

"Any sufficiently advanced technology is indistinguishable from magic." 
Arthur C. Clarke
Sent from Haslet, TX, United States 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Who deleted files

[James Winzenz]

Be careful of what you turn on with auditing - you can really add clutter to
the event logs if you just enable everything.  You will also have to enable
audit object access in the audit policy as well as configuring auditing on
the folder(s) in question.

 

From: Robert LeBlanc [mailto:robert.lebl...@aanmpc.com] 
Sent: Wednesday, July 15, 2009 9:47 AM
To: NT System Admin Issues
Subject: RE: Who deleted files

 

Snookered is right I do not have auditing on but will turn it on. Never had
this issue but now I know why it's there. I have my suspicions on the user
only because they were called out on a bunch of non work related things
being done during the work day, but no concrete evidence..

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Wednesday, July 15, 2009 10:27 AM
To: NT System Admin Issues
Subject: Re: Who deleted files

 

Unless you have file auditing turned on, I believe you're kinda snookered.
Anyone with the Delete privilege is a suspect

2009/7/15 Robert LeBlanc 

Hi all,

 

Is there an easy way to see who deleted files from a networks drive. I've
been able to restore the files from backup but we'd like to know who deleted
initially. The server is Win2K.

 

Thanks, Robert

 

Robert LeBlanc

Network Administrator MCP,MCSE

Anesthesia Associates of New Mexico, P.C.

(P)505-260-4300

(F)505-260-4338

(E)robert.lebl...@aanmpc.com

 







Please note that the information contained in this message may be privileged
and confidential and protected from disclosure.  If the reader of this
message is not the intended recipient, or an employee or agent responsible
for delivering this message to the intended recipient, you are hereby
notified that any dissemination, distribution or copying of this
communication is strictly prohibited.  If you have received this
communication in error, please notify us by replying to the message and
deleting it from your computer.  Thank you. Anesthesia Associates of New
Mexico, P.C.

 

 

 

 

 

 




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

http://raythestray.blogspot.com

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Enterprise password management

[James Winzenz]

We actually use this.  Reasonably priced, does a good job for securely storing 
passwords.  You can set up groups and permissions fairly similar to what you 
would see with share and ntfs permissions.  There is even a bit for storing 
personal passwords.  Just don't expect it to change your passwords for you . . .

Thanks,
 
James Winzenz



 


Subject: Enterprise password management
Date: Mon, 6 Jul 2009 09:13:09 +0100
From: mark.kel...@confused.com
To: ntsysadmin@lyris.sunbelt-software.com





Our environment has grown over the past year and we have many new usernames and 
passwords to access our test and development environment.  Not a fan of people 
having them all written down on scraps of paper littered around their desks.
 
I am looking for an application that I can deploy that will allow specific 
users access to specific lists of usernames and passwords to get their job 
done.   Web based with a SQL backend would be best as I would not like to have 
to deploy any apps to client machines.
 
I found this through Google:  http://www.enterprise-password-safe.com/
 
It looks pretty good but want to run the idea by the list and see if anyone 
else has deployed something similar.
 
 
Thanks,
 
Mark
 
 
** This email is sent for and on behalf of Inspop.com Limited ** 

Authorised and regulated by the Financial Services Authority. Registration no. 
310635.

Inspop.com Limited [also trading as "Confused.com"] is registered in England 
and Wales at 2nd Floor, Friary House, Greyfriars Road, Cardiff, CF10 3AE [Reg. 
No. 03857130]. Any opinions expressed in this email are those of the individual 
and not necessarily the company. This email and any files transmitted with it, 
including replies and forwarded copies [which may contain alterations] 
subsequently transmitted from the Company, are confidential and solely for the 
use of the intended recipient. It may contain material protected by 
attorney-client privilege. If you are not the intended recipient or the person 
responsible for delivering to the intended recipient, be advised that you have 
received this email in error and that any use is strictly prohibited. 

If you have received this email in error please notify the Information Security 
Officer by telephone on +44 [0] 29 2043 4372. Please then delete this email and 
destroy any copies of it. This email has been swept for viruses before leaving 
our system.

Security Warning: Please note that this email has been created in the knowledge 
that Internet email is not a 100% secure communications medium. We advise that 
you understand and accept this lack of security when emailing us.

Viruses: Although we have taken steps to ensure that this email and any 
attachments are free from any virus, we advise that in keeping with good 
computing practice the recipient should ensure they are actually virus free.

We may monitor the content of E-mails sent and received via our network for 
viruses or unauthorised use and for other lawful business purposes.

 


This e-mail has been scanned for all viruses by Messagelabs. The
service is powered by MessageLabs. 


 

 


_
Windows Live™ SkyDrive™: Get 25 GB of free online storage.
http://windowslive.com/online/skydrive?ocid=TXT_TAGLM_WL_SD_25GB_062009
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Best Verizon Smartphone?

[James Winzenz]

I love my XV6900.  Syncs with Exchange, has the full Office mobile suite, 
Remote Desktop, etc.  Even has the option to join a domain (kinda).  
Personally, I like the touchscreen quite a bit.  I have also gotten used to the 
touch keyboard that comes with it, and it works quite well.  I have heard lots 
of good things about the Touch Diamond and the Touch Pro.  My brother has the 
Touch Diamond with Sprint and loves it.  Touch Pro has a slide-out keyboard 
which could certainly come in very handy if it is used a lot for email.  I 
probably would have gone with the touch diamond or the touch pro if I had been 
willing to spend a couple hundred bucks, since those are not on sale, but I got 
my XV6900 for only 39.99.  That was too good of a deal for me to pass up.

Thanks,

James Winzenz
Infrastructure Systems Engineer II - Security
Pulte Homes Information Services
From: Chyka, Robert [mailto:bch...@medaille.edu]
Sent: Thursday, June 18, 2009 5:13 AM
To: NT System Admin Issues
Subject: Best Verizon Smartphone?

Some of our Treo 700's are pas their prime and breaking down at our place and 
we are looking at new smartphones.  We have Verizon for a carrier and was 
wondering which Verizon smartphone everyone likes the best.  I have read 
reviews on the web, but I always like to get reviews from people that actually 
"use" the phones.  We mainly use them for enterprise communication functions: 
internet, e-mail (Exchange Server 2003), text, vpn would be nice but not 
totally necessary.

I also would like to hear from people who aren't suing Blackberry.  Opinions on 
Windows-based Verizon smartphones?

Thanks for your input...






CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited. If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer. Thank 
you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Smartphone

[James Winzenz]

I have the XV6900 (HTC Touch) and love it.  No issues with it at all.  There is 
even a WM 6.1 upgrade for it, and you can get a cooked ROM that allows you to 
use the GPS without having to use Verizon's VZ Navigator service.  I probably 
would have gotten the Omnia if I could have justified the expense.


Thanks,



James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services


From: Glen Johnson [mailto:gjohn...@vhcc.edu]
Sent: Wednesday, June 03, 2009 5:42 AM
To: NT System Admin Issues
Subject: Smartphone

I'm looking for a new smartphone/pda and I remember some discussions on here 
recently so I figure I can get some good opinions.
I missed an important event last night so I need something to carry with me 
that can sync with my outlook calendar.
I'm in a contract with Verizon for another 18 months, just got a plain ole dumb 
phone and so I'm going to have to buy on fleabay or some other second source to 
get a decent price.
I've been looking at the Samsung Omnia, but the support guy at our local store 
said they had seen lots of returns of those.
I've found a few negative comments online re this one but most are positive.
Anyone here have experience with this one, good or bad.
Any other recommendations for a phone that works with VZ?
Don't want a keyboard, like the BB or the slider on the HTC 6700 or 6800.  
Touch screen is fine.
Music playback with Bluetooth is a plus as well as memory expansion.  I don't 
like the fact that the Omnia doesn't have a standard 3.5mm earphone jack but I 
can live with that omission.
Thanks guys and gals.






CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited. If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer. Thank 
you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Haw-haw: New Mac OS X email worm discovered

[James Winzenz]

Don't call me Shirley!

Thanks,


James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services


From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
Sent: Friday, May 15, 2009 1:35 PM
To: NT System Admin Issues
Subject: Re: Haw-haw: New Mac OS X email worm discovered

Surely you cant be serious?

--
ME2

On Fri, May 15, 2009 at 4:07 PM, Kurt Buff 
mailto:kurt.b...@gmail.com>> wrote:
Shaka, or Aga?

On Fri, May 15, 2009 at 12:59, Micheal Espinola Jr
mailto:michealespin...@gmail.com>> wrote:
> KHAAANNN!!!
>
> --
> ME2
>
>
> On Fri, May 15, 2009 at 3:56 PM, Sherry Abercrombie 
> mailto:saber...@gmail.com>>
> wrote:
>>
>> Must resisturge   to   correct   misquotation
>>
>> On Fri, May 15, 2009 at 2:51 PM, John Cook 
>> mailto:john.c...@pfsf.org>> wrote:
>>>
>>> I don't think you know what that word really means..
>>> John W. Cook
>>> Systems Administrator
>>> Partnership For Strong Families
>>> Sent to you from my Blackberry in the Cloud
>>>
>>> 
>>> From: Sherry Abercrombie
>>> To: NT System Admin Issues
>>> Sent: Fri May 15 15:30:45 2009
>>> Subject: Re: Haw-haw: New Mac OS X email worm discovered
>>>
>>> Inconceivable.
>>>
>>> On Fri, May 15, 2009 at 2:20 PM, Jonathan Link 
>>> mailto:jonathan.l...@gmail.com>>
>>> wrote:
>>>>
>>>> The most famous is never get involved in a land war in Asia, but only
>>>> slightly less well known is this: Never get in a grammar war on Sunbelt's
>>>> NTSysadmin list.
>>>>
>>>>
>>>> On Fri, May 15, 2009 at 3:13 PM, Micheal Espinola Jr
>>>> mailto:michealespin...@gmail.com>> wrote:
>>>>>
>>>>> I would like to apologize for being the apparent cause of a Latin
>>>>> grammar war. It was never my intent for anyone to get nasty.
>>>>>
>>>>> --
>>>>> ME2
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Sherry Abercrombie
>>>
>>> "Any sufficiently advanced technology is indistinguishable from magic."
>>> Arthur C. Clarke
>>> Sent from Haslet, TX, United States
>>>
>>>
>>>
>>>
>>>
>>> 
>>> CONFIDENTIALITY STATEMENT: The information transmitted, or contained or
>>> attached to or with this Notice is intended only for the person or entity to
>>> which it is addressed and may contain Protected Health Information (PHI),
>>> confidential and/or privileged material. Any review, transmission,
>>> dissemination, or other use of, and taking any action in reliance upon this
>>> information by persons or entities other than the intended recipient without
>>> the express written consent of the sender are prohibited. This information
>>> may be protected by the Health Insurance Portability and Accountability Act
>>> of 1996 (HIPAA), and other Federal and Florida laws. Improper or
>>> unauthorized use or disclosure of this information could result in civil
>>> and/or criminal penalties.
>>> Consider the environment. Please don't print this e-mail unless you
>>> really need to.
>>>
>>>
>>>
>>>
>>
>>
>> --
>> Sherry Abercrombie
>>
>> "Any sufficiently advanced technology is indistinguishable from magic."
>> Arthur C. Clarke
>> Sent from Haslet, TX, United States
>>
>>
>>
>>
>
>
>
>
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~







CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited. If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer. Thank 
you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Windows 7 RC

[James Winzenz]

http://www.microsoft.com/windows/windows-7/download.aspx

For the non-technet subscribers (like myself)

Thanks,

James Winzenz
Infrastructure Systems Engineer II - Security
Pulte Homes Information Services

-Original Message-
From: Angus Scott-Fleming [mailto:angu...@geoapps.com]
Sent: Friday, May 08, 2009 10:44 AM
To: NT System Admin Issues
Subject: Re: Windows 7 RC

On 5 May 2009 at 8:09, Len Hammond  wrote:

> Anyone have a link to the download site for RC? I have my keys but can't
> seem to find the download.

Windows 7 RC | Support, Deployment, Resources
http://technet.microsoft.com/en-us/windows/dd361745.aspx?ITPID=mscomsc

Windows 7 Release Candidate
http://technet.microsoft.com/en-us/evalcenter/dd353205.aspx?ITPID=wcfeed

64-bit product key:
https://www.microsoft.com/betaexperience/productkeys/win7-rc-64/enus/

64-bit RC iso: http://tinyurl.com/Win7RC64
Actual URL:
http://wb.dlservice.microsoft.com/download/release/windows7/e/b/5/eb58e76e
-17fa-409b-855f-11fbe84d1c93/7100.0.090421-1700_x64fre_client_en-us_retail
_ultimate-grc1culxfrer_en_dvd.iso?lcid=1033&RURL=https://www.microsoft
.com/betaexperience/productkeys/win7-rc-64/enus/


32-bit product key:
https://www.microsoft.com/betaexperience/productkeys/win7-rc-32/enus/

32-bit RC iso: http://tinyurl.com/Win7RC32
Actual URL:
http://wb.dlservice.microsoft.com/download/release/windows7/4/0/c/40c1e714
-7910-4b38-9b5e-67fa522e6a44/7100.0.090421-1700_x86fre_client_en-us_retail
_ultimate-grc1culfrer_en_dvd.iso?lcid=1033&RURL=https://www.microsoft.
com/betaexperience/productkeys/win7-rc-32/enus/


--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
+---+




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Managing your passwords was (RE:Password Policy - - how do you handle this?)

[James Winzenz]

Oh yeah, and the database is triple encrypted for added security, and if you go 
with AD integration for the authentication, users have to synchronize their old 
and new AD passwords when they log in to prevent malicious tampering with a 
user's account.

Thanks,

James Winzenz
Infrastructure Systems Engineer II - Security
Pulte Homes Information Services

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Tuesday, April 28, 2009 2:07 PM
To: NT System Admin Issues
Subject: Re: Managing your passwords was (RE:Password Policy - - how do you 
handle this?)

How much for this?

I've been longing for a decent (any!) OSS heirarchical password
manager, where the super user has access to all passwords, and other
have access to only the passwords they've been granted.

Haven't found one yet.

On Tue, Apr 28, 2009 at 10:40, James Winzenz  wrote:
> We use a web-based tool called Enterprise Password Safe.  It allows us to
> store both personal passwords as well as passwords for service accounts that
> need to be shared between groups of IS employees.  It can use either its own
> authentication mechanism or active directory authentication for accessing
> the website.  As it does not effectively tie into other systems, it is not
> an enterprise password manager (which we would prefer, but too expensive),
> but it does a good job for the price.
>
>
>
> http://www.enterprise-password-safe.com/
>
>
>
> Thanks,
>
>
>
> James Winzenz
>
> Infrastructure Systems Engineer II - Security
>
> Pulte Homes Information Services
>
> 
>
> From: Jonathan Link [mailto:jonathan.l...@gmail.com]
> Sent: Tuesday, April 28, 2009 10:33 AM
> To: NT System Admin Issues
> Subject: Managing your passwords was (RE:Password Policy - - how do you
> handle this?)
>
>
>
> I thought I'd hijack this thread and ask how others manage the myriad
> passwords they have.
>
>
>
> I did something crazy when I got to 10+ passwords, I started writing them
> down.  I have two lists, one is a list of sites, the other is a list of
> passwords.  The list of sites is stored in my network share, the passwords
> are actually stored in a handwritten note in my wallet.  Neither us useful
> without the other, and in the event I'm mugged for my wallet, I have a
> relatively convenient listing of all the myriad passwords I need to set
> about changing.  And to answer a question, no, my work account password
> isnt' stored anywhere except in my head.  I've also found I'm much less
> likely to recycle a password accidentally using this method.
>
>
>
> I have no idea where I came up with this, I doubt I'm creative enough to
> think of this on my own.
>
>
>
> -Jonathan
>
>
>
> On Tue, Apr 28, 2009 at 1:09 PM, Ben Scott  wrote:
>
> On Tue, Apr 28, 2009 at 12:28 PM, Jeremy Anderson 
> wrote:
>> Passowrd Policy is that password expires after 90 days, 10 passwords
>> remembered, Min Password age 0.  On the 89th day the user changes their
>> password 11 times back to the expiring password.  Changein the Min
>> password
>> age to 1 would prevent that from happening.
>
>  That's it exactly.
>
>  For some of our government interest systems, it's min age 7 days, 24
> passwords remembered.  That's about half a year's worth of weekly
> password cycling to reuse the same password.  Also max age 90 days, 12
> character minimum, complexity checking enabled.  There are several
> such systems, and you're not supposed to use the same passwords across
> multiple systems.  Oy, passwords coming out my ears.
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
>
>
>
>
>
>
> 
> CONFIDENTIALITY NOTICE: This email may contain confidential and privileged
> material for the sole use of the intended recipient(s). Any review, use,
> distribution or disclosure by others is strictly prohibited. If you have
> received this communication in error, please notify the sender immediately
> by email and delete the message and any file attachments from your computer.
> Thank you.
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Managing your passwords was (RE:Password Policy - - how do you handle this?)

[James Winzenz]

For US Dollars:

$45/user license (minimum 5, I think,)
$1100 support
$1100 software maintenance

http://www.enterprise-password-safe.com/order_enter_USD.php

They may also have discounts for large numbers of licenses - I don't remember 
how much we paid, but we definitely like it.  We actually have separate 
accounts for our own passwords, plus admin accounts to allow us to perform 
setup and admin-type functions.  Oh, and you can also designate users as 
"password administrators" for their folders, which allows them to be able to 
add, edit and delete passwords for their folder only, plus they can set the 
permissions themselves (we have had to work on training even our IT users on 
this to make sure they are using it properly).  All in all, a pretty cool tool 
for what it does.  We are hoping to be able to move up to a real password 
manager that can integrate with all our systems and automatically change 
system/service account passwords at some point, but can't yet justify the 100K+ 
for one.

Thanks,

James Winzenz
Infrastructure Systems Engineer II - Security
Pulte Homes Information Services

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Tuesday, April 28, 2009 2:07 PM
To: NT System Admin Issues
Subject: Re: Managing your passwords was (RE:Password Policy - - how do you 
handle this?)

How much for this?

I've been longing for a decent (any!) OSS heirarchical password
manager, where the super user has access to all passwords, and other
have access to only the passwords they've been granted.

Haven't found one yet.

On Tue, Apr 28, 2009 at 10:40, James Winzenz  wrote:
> We use a web-based tool called Enterprise Password Safe.  It allows us to
> store both personal passwords as well as passwords for service accounts that
> need to be shared between groups of IS employees.  It can use either its own
> authentication mechanism or active directory authentication for accessing
> the website.  As it does not effectively tie into other systems, it is not
> an enterprise password manager (which we would prefer, but too expensive),
> but it does a good job for the price.
>
>
>
> http://www.enterprise-password-safe.com/
>
>
>
> Thanks,
>
>
>
> James Winzenz
>
> Infrastructure Systems Engineer II - Security
>
> Pulte Homes Information Services
>
> 
>
> From: Jonathan Link [mailto:jonathan.l...@gmail.com]
> Sent: Tuesday, April 28, 2009 10:33 AM
> To: NT System Admin Issues
> Subject: Managing your passwords was (RE:Password Policy - - how do you
> handle this?)
>
>
>
> I thought I'd hijack this thread and ask how others manage the myriad
> passwords they have.
>
>
>
> I did something crazy when I got to 10+ passwords, I started writing them
> down.  I have two lists, one is a list of sites, the other is a list of
> passwords.  The list of sites is stored in my network share, the passwords
> are actually stored in a handwritten note in my wallet.  Neither us useful
> without the other, and in the event I'm mugged for my wallet, I have a
> relatively convenient listing of all the myriad passwords I need to set
> about changing.  And to answer a question, no, my work account password
> isnt' stored anywhere except in my head.  I've also found I'm much less
> likely to recycle a password accidentally using this method.
>
>
>
> I have no idea where I came up with this, I doubt I'm creative enough to
> think of this on my own.
>
>
>
> -Jonathan
>
>
>
> On Tue, Apr 28, 2009 at 1:09 PM, Ben Scott  wrote:
>
> On Tue, Apr 28, 2009 at 12:28 PM, Jeremy Anderson 
> wrote:
>> Passowrd Policy is that password expires after 90 days, 10 passwords
>> remembered, Min Password age 0.  On the 89th day the user changes their
>> password 11 times back to the expiring password.  Changein the Min
>> password
>> age to 1 would prevent that from happening.
>
>  That's it exactly.
>
>  For some of our government interest systems, it's min age 7 days, 24
> passwords remembered.  That's about half a year's worth of weekly
> password cycling to reuse the same password.  Also max age 90 days, 12
> character minimum, complexity checking enabled.  There are several
> such systems, and you're not supposed to use the same passwords across
> multiple systems.  Oy, passwords coming out my ears.
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
>
>
>
>
>
>
> 
> CONFIDENTIALITY NOTICE: This email may contain confidential and privileged
> material for the sole use of th

RE: Managing your passwords was (RE:Password Policy - - how do you handle this?)

[James Winzenz]

We use a web-based tool called Enterprise Password Safe.  It allows us to store 
both personal passwords as well as passwords for service accounts that need to 
be shared between groups of IS employees.  It can use either its own 
authentication mechanism or active directory authentication for accessing the 
website.  As it does not effectively tie into other systems, it is not an 
enterprise password manager (which we would prefer, but too expensive), but it 
does a good job for the price.

http://www.enterprise-password-safe.com/


Thanks,



James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services


From: Jonathan Link [mailto:jonathan.l...@gmail.com]
Sent: Tuesday, April 28, 2009 10:33 AM
To: NT System Admin Issues
Subject: Managing your passwords was (RE:Password Policy - - how do you handle 
this?)

I thought I'd hijack this thread and ask how others manage the myriad passwords 
they have.

I did something crazy when I got to 10+ passwords, I started writing them down. 
 I have two lists, one is a list of sites, the other is a list of passwords.  
The list of sites is stored in my network share, the passwords are actually 
stored in a handwritten note in my wallet.  Neither us useful without the 
other, and in the event I'm mugged for my wallet, I have a relatively 
convenient listing of all the myriad passwords I need to set about changing.  
And to answer a question, no, my work account password isnt' stored anywhere 
except in my head.  I've also found I'm much less likely to recycle a password 
accidentally using this method.

I have no idea where I came up with this, I doubt I'm creative enough to think 
of this on my own.

-Jonathan

On Tue, Apr 28, 2009 at 1:09 PM, Ben Scott 
mailto:mailvor...@gmail.com>> wrote:
On Tue, Apr 28, 2009 at 12:28 PM, Jeremy Anderson 
mailto:jer...@mapiadmin.net>> wrote:
> Passowrd Policy is that password expires after 90 days, 10 passwords
> remembered, Min Password age 0.  On the 89th day the user changes their
> password 11 times back to the expiring password.  Changein the Min password
> age to 1 would prevent that from happening.
 That's it exactly.

 For some of our government interest systems, it's min age 7 days, 24
passwords remembered.  That's about half a year's worth of weekly
password cycling to reuse the same password.  Also max age 90 days, 12
character minimum, complexity checking enabled.  There are several
such systems, and you're not supposed to use the same passwords across
multiple systems.  Oy, passwords coming out my ears.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~







CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited. If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer. Thank 
you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Ntfs ace inheritance

[James Winzenz]

I believe Dumpsec will also provide this information . . . free utility.

http://www.somarsoft.com/

Thanks,

James Winzenz
Infrastructure Systems Engineer II - Security
Pulte Homes Information Services

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Thursday, April 23, 2009 1:50 PM
To: NT System Admin Issues
Subject: Re: Ntfs ace inheritance

fileacl.exe should help here. Google for it - the docs are pretty good
on it, and perusing the output will prove very enlightening.

On Thu, Apr 23, 2009 at 13:24, Eisenberg, Wayne
 wrote:
> OK, here's a quizzler for you, I hope it's easy for someone!
>
> I am trying to investigate the NTFS permissions on a folder set. (I am
> trying to ferret out inconsistencies in our folder structure.) It is easy
> enough to see what the ACL is for a given folder or set of folders using
> cacls or xcacls. What I am trying to find out via the command line
> (batch/vbs job) is whether or not a given directory is allowing the
> inheritance of ACEs from parent folders. The output of cacls/xcacls doesn't
> give me that. It will tell me if a given ACE is set to be inheritable by
> objects below it, but not if the ACE was assigned explicitly or inherited.
>
> Any ideas on how to solve it?
>
> Thanks,
> Wayne
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Free dvd/cd burning ware

[James Winzenz]

CDBurnerXP.  Works like a champ for me, burns both CD's and DVD's.  And it 
works on Vista as well.

http://cdburnerxp.se/


Thanks,



James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services


From: Joe Tinney [mailto:jtin...@lastar.com]
Sent: Tuesday, March 17, 2009 2:09 PM
To: NT System Admin Issues
Subject: RE: Free dvd/cd burning ware

IMGBurn works fine for me on Vista. It complains/won't work if you have Windows 
Media Player or Windows Media Center open (by design).

From: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
Sent: Tuesday, March 17, 2009 5:05 PM
To: NT System Admin Issues
Subject: Free dvd/cd burning ware

I have tried the usual suspects, deepburner, infrarecorder and had some issues 
on some HP wkst running Vista. Was isolated to the machine I was using or do 
you guys know of a free package that supports Vista properly?
Thanks!
jlc












CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited. If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer. Thank 
you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Account lockouts

[James Winzenz]

What's the event ID number?  Is it 12294?  Are there any other
associated events listed at the same time?  Look for 1083, 1955 in the
File Replication log indicating replication conflicts.  What's your
domain/forest functional level at?  Do you have any corresponding 680's
or 539's/644's indicating failed logins/account lockouts for the
accounts that are locking out that might provide additional information?
What about the possibility of an infected PC on your network?

Thanks,

James Winzenz
Infrastructure Systems Engineer II - Security
Pulte Homes Information Services

-Original Message-
From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
Sent: Tuesday, March 10, 2009 8:53 AM
To: NT System Admin Issues
Subject: Account lockouts

I am getting hammered with these in the event log:

The SAM database was unable to lockout the account of USERNAME due to a
resource error, such as a hard disk write failure (the specific error
code is in the error data) . Accounts are locked after a certain number
of bad passwords are provided so please consider resetting the password
of the account mentioned above.


And accounts are getting locked out left and right, others are not. I
have reset the passwords on some of them and disabled/enabled and they
still remain locked out.

At first glance you/I might think a dictionary attack, but it feels more
like Kerberos blowing up...

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Password Policy Change

[James Winzenz]

One thing you will need to be aware of (and may work in your favor):

When you uncheck the "password never expires" box, AD automatically
forces an immediate password change.  If you don't want to force them to
immediately change their passwords, you can probably script something
that would turn off the password never expires flag and then would turn
off the user must change password at next logon flag.  Otherwise this
could be a good opportunity to kill two birds with one stone.  You can
apply the policy without it affecting them initially, but when you go
back and change the password never expires flag, they will be forced to
change their passwords.   As a practice here, whenever we find a
non-service account (or non-authorized account) that has the password
set to never expire, we uncheck it and force the user to immediately
change their password.

Thanks,

James Winzenz
Infrastructure Systems Engineer II - Security
Pulte Homes Information Services


-Original Message-
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, March 04, 2009 10:16 AM
To: NT System Admin Issues
Subject: RE: Password Policy Change

Thanks for the tips.

We have accounts that haven't had their passwords changed in years. And
99% haven't been changed within 90 days, so if I set the policy to 90
days pretty much everyone's would expire at that time.

Everyone's account is configured with the "Password never expires"
option enabled. Earlier today I had gotten some tips on how to disable
that option for everyone at once. But now I'm thinking the thing to do
is to disable it for smaller groups of users at a time.




-Original Message-
From: Scott Kaufman at HQ [mailto:skauf...@ittesi.com]
Sent: Wednesday, March 04, 2009 12:10 PM
To: NT System Admin Issues
Subject: RE: Password Policy Change

It's not 90 days from when you set the policy, it's 90 days from the
last password change on the user account.
If you change the policy to be 90 days, all user accounts that have the
password last set date that is greater than 90 days will immediately get
set to change password at next logon.

Unless you can guarantee that all user account passwords were changed
within 90 days, I'd start with a long time frame, like 200 days, and
each month (or two weeks) keep reducing it down until you get to 90
days.  Or be prepared for a lot of helpdesk calls & user complaining.
Also check any service accounts, as those accounts will get the same
thing & services will start failing.

Lived through this a few times from "consultants" changing it because
upper management said to change it based on a recommendation/report from
another third party blah blah blah, but didn't take the time to look
at the user accounts & determine how many would get affected by the
change.

It will be a great test of your customer service skills & resolve if you
just implement the change :)


Scott Kaufman
Lead Network Analyst
ITT ESI, Inc.


-Original Message-
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, March 04, 2009 11:03 AM
To: NT System Admin Issues
Subject: RE: Password Policy Change

You mean, 90 days from the day you set the policy?



-Original Message-
From: Cameron Cooper [mailto:ccoo...@aurico.com]
Sent: Wednesday, March 04, 2009 10:59 AM
To: NT System Admin Issues
Subject: RE: Password Policy Change

If I remember correctly, when we implemented this (every 90 days) the
passwords would change after the time frame was set to expire.

___
Cameron Cooper
IT Director - CompTIA A+ Certified
Aurico Reports, Inc
Phone: 847-890-4021Fax: 847-255-1896
ccoo...@aurico.com



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Password Policy Change

[James Winzenz]

Individual user accounts with the "password never expires" option
checked will override the domain password policy you specify.  And yes,
you can only set one policy, and it must be at the domain level.
Interestingly enough, I believe in order to set the granular policies in
Windows 2008, both your forest and domain functional level must be 2008.

Thanks,

James Winzenz
Infrastructure Systems Engineer II - Security
Pulte Homes Information Services


-Original Message-
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, March 04, 2009 9:32 AM
To: NT System Admin Issues
Subject: RE: Password Policy Change

One other question about this.

My understanding is that I can only set one policy for the domain, and
it will apply to everyone (we're not at a 2008 functional level, so I
can't use fine grained password policies).

If I configure Group Policy to have passwords expire by have the
"Password never expires" option selected for an account, which setting
wins? Does the "Password never expires" option overrule the GPO?



-Original Message-
From: John Hornbuckle
Sent: Wednesday, March 04, 2009 10:52 AM
To: 'NT System Admin Issues'
Subject: Password Policy Change

Right now, our users' passwords don't expire. We're looking at changing
that.

My question is this... If I decide to enable password expiration, how is
the expiration date calculated for my users?

Let's say that today I set passwords to expire every 60 days. Will all
current users' passwords expire 60 days from today? Or will all current
users' passwords expire today, if those passwords are 60 days or older?



John Hornbuckle
MIS Department
Taylor County School District
318 North Clark Street
Perry, FL 32347

www.taylor.k12.fl.us




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: OOO responsibility

[James Winzenz]

Whenever we get this type of request, we tell them they have to get it
approved by corporate HR and corporate legal.  That usually ends up
discouraging most requests . . .

 

Thanks,

 

James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services

 



From: Jason Gauthier [mailto:jgauth...@lastar.com] 
Sent: Monday, February 23, 2009 7:06 AM
To: NT System Admin Issues
Subject: OOO responsibility

 

All,

 

 Wanted to take a poll.

 

  How many of you in IT positions are responsible for setting other
people's OOO when they forget?

This has been a recent point of irritation for me.

 

Thanks!

 

Jason 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: GPO to select users in multiple OUs

[James Winzenz]

If the users are spread across multiple OU's, and you apply the GPO to a
new OU that they are not in, it is not going to work, because it is only
linked to that OU.  I believe you would have to link the GPO at the
domain level (or at least at an OU level that contains the OU's in which
these users are located) and then allow read and process group policy to
only that group you created.  At least, that's my 2 cents . . .

 

Thanks,

 

James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services

 



From: Bob Fronk [mailto:b...@btrfronk.com] 
Sent: Tuesday, February 10, 2009 10:10 AM
To: NT System Admin Issues
Subject: GPO to select users in multiple OUs

 

Maybe I am a bit rusty and forgot something...

 

Normally my GPOs apply to an OU or multiple OUs -easy.

 

This time, I need to apply a GPO for IE Proxy settings to a select group
of users that are in multiple other OUs.  I don't want to have to
manually select and or deny the GPO on all these OUs.  

 

So, I created a group and added the users as members of the group, then
added the group to a new OU and applied the GPO to the new OU.

 

However the proxy setting is not occurring on the users' PC.  

 

Ideas? 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Preventing user from changing login name

[James Winzenz]

+2

You are trying to address a behavioral issue with a technological one.
HR is the appropriate venue for this.  Maybe some security awareness
training as well . . .

On a side note, if the other user account that this person is using is
not supposed to log on to that computer, you can also set the login
restrictions for that account to prevent it from logging into the
computer in question.  But the password would still need to be changed .
. .

Thanks,

James Winzenz
Infrastructure Systems Engineer II - Security
Pulte Homes Information Services


-Original Message-
From: Sean Rector [mailto:sean.rec...@vaopera.org] 
Sent: Wednesday, February 04, 2009 11:30 AM
To: NT System Admin Issues
Subject: RE: Preventing user from changing login name

+1

Sean Rector, MCSE


-Original Message-
From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] 
Sent: Wednesday, February 04, 2009 1:28 PM
To: NT System Admin Issues
Subject: RE: Preventing user from changing login name

1) Have HR tell him not to do this.
2) Change the password on the account he is not supposed to be using.
3) Have HR fire him if he does it again.


> -Original Message-
> From: Pierre Camilleri [mailto:pierre.camill...@fosterclark.com]
> Sent: Wednesday, February 04, 2009 1:22 PM
> To: NT System Admin Issues
> Subject: RE: Preventing user from changing login name
> 
> They are using someone else's login name. That is why I wish to
prevent
> the user from changing his/her login name. I would like that he/she
> would only be able to enter the password. Possible?
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

> 2008-2009 Season:  Tosca | The Barber of Seville
> Recently Announced:  Virginia Opera's 35th Anniversary Season
2009-2010
Visit us online at www.vaopera.org or call 1.866.OPERA.VA

This e-mail and any attached files are confidential and intended solely
for the intended recipient(s). Unless otherwise specified, persons
unnamed as recipients may not read, distribute, copy or alter this
e-mail. Any views or opinions expressed in this e-mail belong to the
author and may not necessarily represent those of Virginia Opera.
Although precautions have been taken to ensure no viruses are present,
Virginia Opera cannot accept responsibility for any loss or damage that
may arise from the use of this e-mail or attachments.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~ 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: List of Exclusive rights of Windows 2003 Administrators???

[James Winzenz]

If you delegate them rights, they can do this for the users in the OU(s)
they are delegated rights to.  In addition, you can use ADSIEdit to get
real granular with the permissions you grant them if you want to be
nitpicky.  The delegation wizard is just a simple way of using built-in
templates to apply permissions.

Thanks,

James Winzenz
Infrastructure Systems Engineer II - Security
Pulte Homes Information Services


-Original Message-
From: Jay Kulsh [mailto:a...@kulsh.com] 
Sent: Friday, January 23, 2009 2:10 PM
To: NT System Admin Issues
Subject: RE: List of Exclusive rights of Windows 2003 Administrators???

Thanks Z. I will let them have DHCP read only rights. My search had
shown that unless I make them member of Accounts Operator, they cannot
unlock a locked-out user.

Jay
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~ 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Server Room fire pictures

[James Winzenz]

And also a greenhouse gas . . . save the planet!  Step away from the
chili!  Or at least take some beano before consuming . . . :D

Thanks,

James Winzenz
Infrastructure Systems Engineer II - Security
Pulte Homes Information Services


-Original Message-
From: Joe Heaton [mailto:jhea...@etp.ca.gov] 
Sent: Friday, January 16, 2009 11:27 AM
To: NT System Admin Issues
Subject: RE: Server Room fire pictures

No Shook, methane is flammable...

Joe Heaton
Employment Training Panel


-Original Message-
From: Andy Shook [mailto:andy.sh...@peak10.com] 
Sent: Friday, January 16, 2009 10:21 AM
To: NT System Admin Issues
Subject: RE: Server Room fire pictures

SOoo does this mean after chili night, I am my own FM200 system? :) 

Shook
-Original Message-
From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] 
Sent: Friday, January 16, 2009 12:50 PM
To: NT System Admin Issues
Subject: Re: Server Room fire pictures

You dont want to price Halon.  Its out-dated and needlessly expensive
because of the man-made chemicals that are used.  FM200 uses naturally
occuring gases, which significantly reduced your fill costs.

--
ME2



On Fri, Jan 16, 2009 at 12:27 PM, Andy Ognenoff 
wrote:
> Pretty much same boat here, except we have one sprinkler in our server
room
> (which was converted to that from being an office.)
>
> For those that have FM200 or Halon, anyone have a ballpark of what
> installing a basic suppression system for a 12x12 room would cost? I'm
just
> curios if it's even something we could look into budget-wise.
>
>  - Andy O.
> 
> From: James Kerr [mailto:cluster...@gmail.com]
> Sent: Friday, January 16, 2009 11:10 AM
> To: NT System Admin Issues
> Subject: Re: Server Room fire pictures
>
> I meant CO2 system, not Halon, I don't think you can suffocate with
Halon.
> If my server room goes on fire it will be a total loss. We don't even
have
> sprinklers in our office. :-O
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~ 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Folder access question

[James Winzenz]

I know that we do this exact thing with terminated employees' user
folders - we move them to a new folder that only has the local
administrators group granted full control, nothing else, and grant the
supervisor access to the user folder, and send them a link.  It works
for us.  Is the shortcut directly to the subfolder?  Can you try with a
link to the full path?  Are there any spaces in the folder name or path?

 

Thanks,

 

James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services

 



From: Joe Heaton [mailto:jhea...@etp.ca.gov] 
Sent: Friday, January 16, 2009 10:41 AM
To: NT System Admin Issues
Subject: RE: Folder access question

 

There are no deny permissions on the shared folder above the one I need
them to access.  Or further up from there...

 

Joe Heaton

Employment Training Panel

 

From: James Winzenz [mailto:james.winz...@pulte.com] 
Sent: Friday, January 16, 2009 9:21 AM
To: NT System Admin Issues
Subject: RE: Folder access question

 

Are you setting up the permissions exclusively using NTFS permissions,
or are you using share permissions as well on the shared folder?  Share
permissions and NTFS permissions can conflict with each other, with the
most restrictive winning out.  Are you denying the user access to the
shared folder, or just ensuring he/she does not have permissions?  With
no permissions defined on the parent, but only on the child, this should
work, as the user is allowed to traverse a directory they do not have
access to in order to access a child directory via a link.

 

Thanks,

 

James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services

 



From: Joe Heaton [mailto:jhea...@etp.ca.gov] 
Sent: Friday, January 16, 2009 10:11 AM
To: NT System Admin Issues
Subject: Folder access question

 

I need to give a user access to a folder below a shared folder, but not
access to the shared folder itself, or any other folders below the
share.

 

i.e  

 

Shared Folder - No access for this user

|

--->acccessible folder - Read permissions for this user

 

 

I've done the NTFS permissions, and then I thought I could just create a
shortcut on the user's desktop, but when I try it says the folder can't
be found.  So how can I do this?

 

Joe Heaton

AISA

Employment Training Panel

1100 J Street, 4th Floor

Sacramento, CA  95814

(916) 327-5276

jhea...@etp.ca.gov

 

 

 

 


CONFIDENTIALITY NOTICE:  This email may contain confidential and
privileged material for the sole use of the intended recipient(s).  Any
review, use, distribution or disclosure by others is strictly
prohibited.  If you have received this communication in error, please
notify the sender immediately by email and delete the message and any
file attachments from your computer.  Thank you. 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Folder access question

[James Winzenz]

Are you setting up the permissions exclusively using NTFS permissions,
or are you using share permissions as well on the shared folder?  Share
permissions and NTFS permissions can conflict with each other, with the
most restrictive winning out.  Are you denying the user access to the
shared folder, or just ensuring he/she does not have permissions?  With
no permissions defined on the parent, but only on the child, this should
work, as the user is allowed to traverse a directory they do not have
access to in order to access a child directory via a link.

 

Thanks,

 

James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services

 



From: Joe Heaton [mailto:jhea...@etp.ca.gov] 
Sent: Friday, January 16, 2009 10:11 AM
To: NT System Admin Issues
Subject: Folder access question

 

I need to give a user access to a folder below a shared folder, but not
access to the shared folder itself, or any other folders below the
share.

 

i.e  

 

Shared Folder - No access for this user

|

--->acccessible folder - Read permissions for this user

 

 

I've done the NTFS permissions, and then I thought I could just create a
shortcut on the user's desktop, but when I try it says the folder can't
be found.  So how can I do this?

 

Joe Heaton

AISA

Employment Training Panel

1100 J Street, 4th Floor

Sacramento, CA  95814

(916) 327-5276

jhea...@etp.ca.gov 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Now that Win7 is out , whos running it?

[James Winzenz]

>From the Windows 7 page:

 


Windows Live


If you are using Windows 7, you'll want to get Windows Live Essentials
<http://download.live.com> . It's free! One easy download gives you
Windows Live Photo Gallery, Mail, Messenger, Movie Maker, and more.
Plus, with Windows Live there's one place to go online to IM, e-mail,
share photos and files you create, and stay connected with the people
and things that matter to you.

 

Thanks,

 

James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services

 



From: David McSpadden [mailto:dav...@imcu.org] 
Sent: Wednesday, January 14, 2009 11:03 AM
To: NT System Admin Issues
Subject: RE: Now that Win7 is out , whos running it?

 

Is Windows Mail included?

I don't see it anywhere.

 



From: David Lum [mailto:david@nwea.org] 
Sent: Tuesday, January 13, 2009 4:45 PM
To: NT System Admin Issues
Subject: RE: Now that Win7 is out , whos running it?

 

Upgraded to a beta? Seems like an oxymoron :-)

David Lum // SYSTEMS ENGINEER 
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764

 

 

 

From: David L Herrick [mailto:davidherr...@nincal.com] 
Sent: Tuesday, January 13, 2009 12:53 PM
To: NT System Admin Issues
Subject: RE: Now that Win7 is out , whos running it?

 

Was Dual booting xp & Vista upgraded Vista to W7 so far no problems

 

From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Monday, January 12, 2009 7:08 AM
To: NT System Admin Issues
Subject: RE: Now that Win7 is out , whos running it?

 

I'm dual booting with Vista.  

 

Vista did a create job of setting up a dual boot system for XP and Vista
in the past, I'm sure Win7 will too.

 

From: Todd Lemmiksoo [mailto:tlemmik...@all-mode.com] 
Sent: Monday, January 12, 2009 8:53 AM
To: NT System Admin Issues
Subject: RE: Now that Win7 is out , whos running it?

 

Has anyone tried a dual boot with XP? I do not have a test machine do a
new install.

 

Todd

 



From: David Lum [mailto:david@nwea.org] 
Sent: Monday, January 12, 2009 9:24 AM
To: NT System Admin Issues
Subject: RE: Now that Win7 is out , whos running it?

VM'd a 64-bit one with VMWare Workstation on Friday from an ISO, took 18
minutes from ISO boot to desktop on a modern hardware w/ 8GB RAM.

 

"Vista R2" is a good way to describe initial impressions.

David Lum // SYSTEMS ENGINEER 
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764

From: Christopher J. Bosak [mailto:cbo...@vector-co.com] 
Sent: Monday, January 12, 2009 5:09 AM
To: NT System Admin Issues
Subject: RE: Now that Win7 is out , whos running it?

 

Been running smoothly here. Have it both on a test desktop, and threw it
on my laptop. Both have been running smoothly for now. IE8 is too buggy
for me, installed FireFox. Office 2007 works with no problems. So far, I
have not come across any software that I use normally that does not run
in Windows 7. Much quicker boot time than XP/Vista on the same machine.
Getting in the lower teens for boot time on the desktop, low 20's on the
laptop.

 

So... so far, so good.

 

Christopher J. Bosak

Vector Company

c. 847.603.4673

cbo...@vector-co.com

 

"You need to install an RTFM Interface, due to an LBNC issue."

- B.O.F.H. (Merged 2 into 1) - Me

 

From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Monday, January 12, 2009 07:00 hrs
To: NT System Admin Issues
Subject: RE: Now that Win7 is out , whos running it?

 

We've had builds for about 4 months via TAP. Been running it on my main
machine for several weeks now.

 

The icon grouping thing takes a while getting used to (some ways it's
faster, but if you had pet ways of using the older-style taskbar, some
things are slower). Explorer doesn't lose folder column preferences
anymore (thank goodness). IE8 has a bunch of bugs (and the IE task bar
icon randomly doesn't display some tabs, which is really annoying). The
positioning of the "show desktop" in the bottom right corner is great
(you can drag your mouse there) unless you have a second monitor that
extends your desktop to the right. Dunno if it's my chipset drivers but
I have a heap of problems with USB power after a random number of
sleep/resume cycles. 

 

Cheers

Ken

 

From: Benjamin Zachary - Lists [mailto:li...@levelfive.us] 
Sent: Sunday, 11 January 2009 2:58 AM
To: NT System Admin Issues
Subject: Now that Win7 is out , whos running it?

 

I loaded win7 in a vm the other day (I got my hands on it on Wed), and
it took everything I pretty much *needed*. Quickbooks 9, Office 2007 etc
etc.

 

Sooo yesterday I dropped a new drive in and loaded it directly on my box
(quad 9950, Geforce 9600, 3gb ram, 2x22' dvi screens, asus onboard
audio/nic)

 

System came right up, Nvidia already has a driver in Windows Update,
M

RE: Windows 7 On TechNet Now

[James Winzenz]

You're missing the .ISO at the end . . .

Thanks,

James Winzenz
Infrastructure Systems Engineer II - Security
Pulte Homes Information Services


-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Friday, January 09, 2009 2:23 PM
To: NT System Admin Issues
Subject: Re: Windows 7 On TechNet Now

On Fri, Jan 9, 2009 at 4:12 PM, James Winzenz 
wrote:
> BTW, as soon as I put that URL into my download manager, it
immediately
> started downloading.

  Not me.  :-(  I get an HTTP 404.  Between that and the suddenly
mostly-blanked web page about the beta, I suspect some datacenter
manager somewhere cried "Uncle!" and they yanked everything.

  From my Linux box at home, on a Comcast feed, in NH, US:

blackfire$ wget -i win7
--16:19:11--
http://download.microsoft.com/download/6/3/3/633118BD-6C3D-45A4-B985-F0F
DFFE1B021/EN/7000.0.081212-1400_client_en-us_Ultimate-GB1CULXFRE_EN_DVD
   =>
`7000.0.081212-1400_client_en-us_Ultimate-GB1CULXFRE_EN_DVD'
Resolving download.microsoft.com... 65.54.81.52, 65.54.81.51
Connecting to download.microsoft.com|65.54.81.52|:80... connected.
HTTP request sent, awaiting response... 404 Not Found
16:19:12 ERROR 404: Not Found.

blackfire$

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~ 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Windows 7 On TechNet Now

[James Winzenz]

BTW, as soon as I put that URL into my download manager, it immediately
started downloading.  YAY!  Now to just get a key . . .

Thanks,

James Winzenz
Infrastructure Systems Engineer II - Security
Pulte Homes Information Services


-Original Message-
From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Friday, January 09, 2009 2:08 PM
To: NT System Admin Issues
Subject: RE: Windows 7 On TechNet Now

I recall back in the day them providing a download manager for a ISO
file off technet, or software assurance licensing portal or something.
Not sure if it used bits or not... But it could resume, etc.

"logic designed to not impact "user experience""

I think what they need here is something that does not impact
"datacenter experience" and "burstable bandwidth bills experience"  :)







-Original Message-
From: Michael B. Smith [mailto:mich...@theessentialexchange.com] 
Sent: Friday, January 09, 2009 3:01 PM
To: NT System Admin Issues
Subject: RE: Windows 7 On TechNet Now

BITS can do peer-to-peer and I know it can do the multiple-master thing;
but I can't claim to be anything close to an expert on it.

I do know that it has mucho logic designed to not impact "user
experience"
while file transfers are ongoing.

DFS R2 is a BITS server. It can be securely exposed (so say the white
papers), but I've never done it.

I'm not qualified to compare BITS to BT, but I think it's a "neato"
technology to have built-in to Windows.

Regards,

Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog:
http://TheEssentialExchange.com/blogs/michael
I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php


-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: Friday, January 09, 2009 3:47 PM
To: NT System Admin Issues
Subject: Re: Windows 7 On TechNet Now

On Fri, Jan 9, 2009 at 3:32 PM, Michael B. Smith
 wrote:
> MSFT has its own technology for this "Background Intelligent Transfer 
> Service" - BITS.

  Oh!  I forgot about BITS.  And doesn't BITS in Vista SP1 have the
capability of doing peer-to-peer file sharing, just like BitTorrent
does?  Microsoft could release a stand-alone BITS client to let people
without Vista download big things like this Win 7 Beta.  They could even
offer a stand-alone BITS *server* for other companies to use.
That would be downright useful.

  (Just to tie in to a previous topic in this thread: But instead of
that, Vista gives us transparent window trim.)

> More than likely, the assumption is that most folks are not going to 
> want to wait for a couple of days while BITS transfers huge files in 
> the background.

  BitTorrent can generally deliver a 650 MB CD image in around ten
minutes on my nuttin' special cable Internet feed.  And unlike
conventional file transfer methods, the more people downloading a
torrent at once, the *faster* it goes.

  I dunno if BITS was intended for that kind of massive share swarm,
high-speed transfer though.  BitTorrent has caused a lot of cheap
routers and network drivers to fail under the load it can generate.
Trying to use BITS that way might violate the design assumption.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~ 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Windows 7 On TechNet Now

[James Winzenz]

Not working for me . . . I get the file download popup, but when I save
it, there's nothing in it.

Thanks,

James Winzenz
Infrastructure Systems Engineer II - Security
Pulte Homes Information Services


-Original Message-
From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Friday, January 09, 2009 1:34 PM
To: NT System Admin Issues
Subject: RE: Windows 7 On TechNet Now

Working link: 
http://download.microsoft.com/download/6/3/3/633118BD-6C3D-45A4-B985-F0F
DFFE1B021/EN/7000.0.081212-1400_client_en-us_Ultimate-GB1CULXFRE_EN_DVD.
ISO

I'm getting 1100 KB/s on the whopping 3.2GB download.

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Friday, January 09, 2009 2:19 PM
To: NT System Admin Issues
Subject: Re: Windows 7 On TechNet Now

On Fri, Jan 9, 2009 at 3:03 PM, Sam Cayze 
wrote:
> Why don't they just embrace bit torrent and alleviate their network
> congestion?

  Just a guess, but: Microsoft, like a lot of companies, suffers from
NIH syndrome (Not Invented Here).  They don't have a BitTorrent
client/server of their own.  Until and unless that happens, they won't
use it.  Intel's the same way.  Heck, look at Apple, they consider NIH
syndrome a feature.

> a product activation system that doesn't get cracked in the first 5
> minutes of their release.

  Product Activation is software trying to determine the
trustworthiness of the operator while it's running on hardware the
operator controls.  Any security analyst will tell you that you will
*ALWAYS* loose that battle.  There isn't anything Microsoft can do
about this.  The failure of PA is one thing that's not Microsoft's
fault.  (The fact that they keep trying anyway *is*, of course.)

  (And actually, there is one thing Microsoft could do: Get the
industry to adopt standard hardware-based controls (i.e., DRM) in the
CPU and/or motherboard core logic.  That's what TPM (Trusted Platform
Module) is all about, and why there's so little interest in it outside
of software publishers: It's all about making your computer into
something that's not entirely yours anymore.  It's like buying a car
with a padlock on the hood, and only the dealer has the key.)

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~ 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Windows 7 On TechNet Now

[James Winzenz]

I get all the way to the end, then:

Error
The site is currently experiencing technical difficulties, please check
back in the next business day.

Lovely.  Heh.  Anyone else able to start the download?

James Winzenz
Infrastructure Systems Engineer II - Security
Pulte Homes Information Services


-Original Message-
From: Christopher J. Bosak [mailto:cbo...@vector-co.com] 
Sent: Friday, January 09, 2009 11:28 AM
To: NT System Admin Issues
Subject: RE: Windows 7 On TechNet Now

http://technet.microsoft.com/en-us/evalcenter/dd353205.aspx

Done

Christopher J. Bosak
Vector Company
c. 847.603.4673
cbo...@vector-co.com

"You need to install an RTFM Interface, due to an LBNC issue."
- B.O.F.H. (Merged 2 into 1) - Me


-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Friday, January 09, 2009 11:40 hrs
To: NT System Admin Issues
Subject: Re: Windows 7 On TechNet Now

On Fri, Jan 9, 2009 at 12:18 PM, Christopher J. Bosak
 wrote:
> Really? I still don't see a download link.

  First one to find the download link for the general public beta
release, please post it so we can avoid all the "I still don't see it"
messages.

  P.S.: I still don't see it.  ;-)

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~ 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Windows 7 On TechNet Now

[James Winzenz]

Makes me want to think about ponying up for a TechNet subscription . . .

Thanks,

James Winzenz
Infrastructure Systems Engineer II - Security
Pulte Homes Information Services


-Original Message-
From: Alex Carroll [mailto:acarr...@crabco.net] 
Sent: Friday, January 09, 2009 9:40 AM
To: NT System Admin Issues
Subject: RE: Windows 7 On TechNet Now

I do not think it is live quite yet.  It looks as though everyone keeps
hitting "Refresh" on the page.. it is quite slow to come up.

http://www.microsoft.com/windows/windows-7/ - it sounds like it will be
posted here sometime this afternoon.  Whether that be Redmond time or
not, I do not know.

Alex Carroll
Software Support
Crabtree Companies, Inc.
651-688-2727

-Original Message-
From: Phil Labonte [mailto:philfromw...@gmail.com] 
Sent: Friday, January 09, 2009 10:35 AM
To: NT System Admin Issues
Subject: Re: Windows 7 On TechNet Now

Is the public beta live now I cannot find it...

On Thu, Jan 8, 2009 at 9:19 AM, Christopher J. Bosak
 wrote:
> Public beta tomorrow.
>
> I'll have to wait as I don't have MSDN.
>
>
>
> Christopher J. Bosak
>
> Vector Company
>
> c. 847.603.4673
>
> cbo...@vector-co.com
>
>
>
> "You need to install an RTFM Interface, due to an LBNC issue."
>
> - B.O.F.H. (Merged 2 into 1) - Me
>
>
>
> From: Michael Hoffman [mailto:m...@drumbrae.net]
> Sent: Thursday, January 08, 2009 08:17 hrs
> To: NT System Admin Issues
> Subject: Windows 7 On TechNet Now
>
>
>
> Enjoy
>
>
>
> Mike
>
>
>
> Mike Hoffman
>
> Drum Brae Solutions Ltd
>
>
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~ 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Windows 7 On TechNet Now

[James Winzenz]

Me neither - not on the main windows 7 page, where they said it would be
. . .

Thanks,

James Winzenz
Infrastructure Systems Engineer II - Security
Pulte Homes Information Services


-Original Message-
From: Phil Labonte [mailto:philfromw...@gmail.com] 
Sent: Friday, January 09, 2009 9:35 AM
To: NT System Admin Issues
Subject: Re: Windows 7 On TechNet Now

Is the public beta live now I cannot find it...

On Thu, Jan 8, 2009 at 9:19 AM, Christopher J. Bosak
 wrote:
> Public beta tomorrow.
>
> I'll have to wait as I don't have MSDN.
>
>
>
> Christopher J. Bosak
>
> Vector Company
>
> c. 847.603.4673
>
> cbo...@vector-co.com
>
>
>
> "You need to install an RTFM Interface, due to an LBNC issue."
>
> - B.O.F.H. (Merged 2 into 1) - Me
>
>
>
> From: Michael Hoffman [mailto:m...@drumbrae.net]
> Sent: Thursday, January 08, 2009 08:17 hrs
> To: NT System Admin Issues
> Subject: Windows 7 On TechNet Now
>
>
>
> Enjoy
>
>
>
> Mike
>
>
>
> Mike Hoffman
>
> Drum Brae Solutions Ltd
>
>
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~ 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: IT Departmental Meetings

[James Winzenz]

We have bi-weekly staff meetings here for our department where we
discuss what we are doing and our boss fills us in on any other details
we need to know about.  Once a month, we have an all-IT meeting with our
CIO where he talks about the business and each of the managers provides
some updates.  We also have change control twice a week, plus there is
an architect meeting for the architects, and an infrastructure readiness
to discuss and approves changes to our infrastructure.  Several of these
meetings are cross-departmental and allow for collaboration.  In
addition, we have a weekly email that is sent out with each team's
updates.  All of these things server to break things up a bit.  We stay
in the loop with any new projects that may affect us by rotating which
member of our team will be involved in the project, preferably from the
design phase.

 

Thanks,

 

James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services

 



From: Chyka, Robert [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, November 11, 2008 6:30 AM
To: NT System Admin Issues
Subject: IT Departmental Meetings

 

Hi Everyone,

 

Right now we have the most boring meetings for our IT Dept.  We have
weekly meetings with 15 members of our staff in them from the CIO to
lower level techs and everyone in between.  We fill out an agenda with
what we are working on etc.  The meeting lasts forever and the DBAs
don't want to hear what the Network guys are doing and the techs don't
want to hear what the systems guys are doing etc. etc.  just awful
meetings and nothing gets accomplished.  We were told since we don't
like the meetings and they are highly ineffective to come up with a
better way to hold them.  I was thinking about every 2 weeks have the
CIO meet with the management in each division together so we still know
what is going on with the "team".  Every week is way too often and
doesn't give enough time to report on completed projects etc.

 

I was wondering how dept. meetings are held at your places of employment
for the IT dept.

 

Thanks..BC 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Spam:Firewall reporting

[James Winzenz]

Check out Bluecoat too.  We are considering switching to them from
Websense.

 

James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services

 



From: Joe Heaton [mailto:[EMAIL PROTECTED] 
Sent: Friday, October 31, 2008 11:01 AM
To: NT System Admin Issues
Subject: RE: Spam:Firewall reporting

 

Websense?  It's what we use, for content filtering, etc.  Has great
reporting

 

Joe Heaton

Employment Training Panel

 

From: Chinnery, Paul [mailto:[EMAIL PROTECTED] 
Sent: Friday, October 31, 2008 10:18 AM
To: NT System Admin Issues
Subject: Spam:Firewall reporting

 

I am in need of a good reporting tool that will allow me to track users'
use of the internet; sites visited, times, etc.

Preferably, this would be something I could d/l my syslogs to.  

Paul Chinnery 
Network Administrator 
Memorial Medical Center 
231-845-2319 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Unknown account created and added to local admins group

[James Winzenz]

Yeah - time to wipe and reload . . .

Thanks,

James Winzenz
Infrastructure Systems Engineer II - Security
Pulte Homes Information Services


-Original Message-
From: Phil Brutsche [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, October 29, 2008 12:17 PM
To: NT System Admin Issues
Subject: Re: Unknown account created and added to local admins group

I bet that's what the event log would look like if a rootkit running as
SYSTEM added local administrator accounts...

Clubber Lang wrote:
> Thanks, James. Yeah, the user was the same for all events: NT
> AUTHORITY\SYSTEM
> 
> 624 - User Account Created - 9:19:13 AM
> 626 - User Account Enabled - 9:19:13 AM
> 642 - User Account Changed - 9:19:13 AM
> 628 - User Account Password Set - 9:19:13 AM
> 636 - Security Enabled Local Group Member Added - 9:19:14 AM
> 637 - Security Enabled Local Group Member Removed - 9:21:28 AM
> 633 - Security Enabled Global Group Member Removed - 9:21:28 AM
> 630 - User Account Deleted - 9:21:28 AM

-- 

Phil Brutsche
[EMAIL PROTECTED]

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~ 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Unknown account created and added to local admins group

[James Winzenz]

Wait a sec - the event showing when the account was created (624) should
contain information on who created the account.  Likewise with the
password set, which would be a 628.  When we change the local admin
password on our servers, these events are logged, and it tells us who
performed the action.  See below for an example - I just created a test
account on my workstation and got the below event ID 624.

 

Event Type:Success Audit

Event Source: Security

Event Category: Account Management 

Event ID:624

Date: 10/29/2008

Time:7:04:52 AM

User: \

Computer: 

Description:

User Account Created:

New Account Name:   testadmin

New Domain: 

New Account ID:\testadmin

Caller User Name:  

Caller Domain:   

Caller Logon ID: (0x0,0x53444)

Privileges  -

 

Hope this information helps.  Object auditing is going to tell you if
the new account is accessing or doing anything to files/folders.  The
naming convention for your account sounds extremely suspicious - I would
be concerned about a virus infection on that PC.

 

Thanks,

 

James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services

 



From: Clubber Lang [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, October 28, 2008 7:14 PM
To: NT System Admin Issues
Subject: Re: Unknown account created and added to local admins group 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Alerts on Install or Elevation of Priviledges

[James Winzenz]

Well, you'd have to have access to his event logs on his computer -
might be a bit more difficult since it is not on the domain, unless you
have the administrator password or you have an administrative account.
But you should be able to look for a couple of things:  1) in the
security log, you could look for logins by the administrator and 2) in
the system log, there should be some entries when an application is
installed.  You might also check the local users  to see if there is
another admin-equivalent account he might be using . . .

Thanks,

James Winzenz
Infrastructure Systems Engineer II - Security
Pulte Homes Information Services


-Original Message-
From: Andy Ognenoff [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, October 28, 2008 7:55 AM
To: NT System Admin Issues
Subject: Alerts on Install or Elevation of Priviledges

I have a user that is somehow installing stuff but his account is only a
standard restricted user. This is a standalone laptop, not on the domain
at
all. Anyone know of a way I could send myself an alert via email if he
installs something or logs on as a different account than he should? 

Only thing I can think of is that he somehow got a hold of the local
admin
password but I can't see how - yes we disable the LM hash.

 - Andy O.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~ 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Log Management Suggestions?

[James Winzenz]

How much money do you have to spend?  How many servers?  Are you looking
to collect logs from workstations as well?  If so, how many?  Do you
want router, firewall, web (IIS, Apache, etc.), plus other kinds of
logs, or are there specific logs you are looking at?  Answering these
questions may very well determine what kind of log management system you
get.  We have an appliance-based system (RSA envision) right now which
we are hoping to upgrade, but we are looking at spending nearly 500K.
Then again, it does all kinds of stuff.  Depending on what you need,
they have different flavors that are less expensive.  Some options I
know of:

 

Kiwi Syslog (free)

Splunk (not too expensive for the enterprise version, but a beast to
configure from my experience, plus buggy with the wmi plugin)

GFI LanGuard

EventLog Analyzer

LogLogic

RSA envision (what we use right now)

 

I am sure there are plenty of others out there - just depends on what
you need it to do and how much you are willing to pay.  This is one area
where, IMHO, you truly get what you pay for.  Here's a link to an
article that may provide some information (although they don't include
envision):

 

http://windowsitpro.com/Files/40712/40712.pdf 

 

Thanks,

 

James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services

 

-Original Message-
From: James Edwards [mailto:[EMAIL PROTECTED] 
Sent: Friday, October 24, 2008 3:36 PM
To: NT System Admin Issues
Subject: Log Management Suggestions?

 

I'm on a committee looking into log management systems, and looking for 

any suggestions from those using one now.

 

Ideally it should be xplatform (Win, OSX, Linux, Solaris). Able to 

notify Admins vis e-mail, text message, pager or console, and have 

customizable filters.

 

Time to go home for the week end, but, early Monday...

 

Thanks guys!!

Jim

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~

~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~ 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: AD GPO to lock screen

[James Winzenz]

You could also push out the .scr file via a startup or login script - just pop 
it in the netlogon share.  There are all sorts of things you can do, but this 
starts straying into the realm of behavioral problems that would then need to 
be solved by disciplinary action.  'Course, this is also another argument for 
not allowing users to have admin rights.

>From Ed Crowley:  "There are seldom good technological solutions to behavioral 
>problems."

James Winzenz
Infrastructure Systems Engineer II - Security
Pulte Homes Information Services


From: Christopher Boggs [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, October 21, 2008 2:06 PM
To: NT System Admin Issues
Subject: RE: AD GPO to lock screen

Savvy users (with admin rights) will come to realize all they have to do to 
change the screensaver is replace whatever file you specify in the GPO with 
whatever file they want..  ☺

From: Tom Miller [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, October 21, 2008 3:54 PM
To: NT System Admin Issues
Subject: RE: AD GPO to lock screen

Thanks.  That what I was thinking.  We currently used a forced screen saver so 
this change will be of no consequence to my user community.

>>> "James Winzenz" <[EMAIL PROTECTED]> 10/21/2008 4:48 PM >>>
You would actually need to specify the following settings, if you want to a) 
ensure that a screensaver is specified and b) that it is password protected, 
forcing the user to unlock their workstation when resuming from the 
screensaver.  All options are under the following:
 
User Configuration | Administrative Templates | Control Panel | Display
 
Screen Saver (enabled turns on screensavers, prevents users from changing)
Screen Saver executable name (requires you to specify a standard screensaver 
that is going to be on all desktops)
Password protect the screen saver (to force the user to press Ctr+Alt+Del and 
unlock their workstation)
Screen Saver timeout (how long to wait before the screensaver turns on and 
therefore locks the workstation)
 
You can get away with not specifying #2, but if a user does not have a 
screensaver specified and you turn on the other settings, no screensaver will 
be selected.  The best option is to do all of these, but this will kill any 
users’ special screensavers (prolly a good thing, come to mind . . .)
 
Thanks,
 
James Winzenz
Infrastructure Systems Engineer II - Security
Pulte Homes Information Services
 

From: Tom Miller [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, October 21, 2008 1:11 PM
To: NT System Admin Issues
Subject: AD GPO to lock screen
 
Hi Folks,
 
I am looking for the GPO setting to lock the computer so as the user is 
required to press control-alt-delete to unlock the screen.  I see the GPO 
settings under User | Policies | Admin Templates | Control Panel | Display | 
Screen saver timeout, but this doesn't look like what I'm looking for.
 
 
 
Tom Miller
Engineer, Information Technology
Hampton-Newport News Community Services Board
757-788-0528 
 
Confidentiality Notice: This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information. Any unauthorized review, use, disclosure, or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message. 
 
 
 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

 
 

Confidentiality Notice: This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information. Any unauthorized review, use, disclosure, or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message. 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: AD GPO to lock screen

[James Winzenz]

You would actually need to specify the following settings, if you want
to a) ensure that a screensaver is specified and b) that it is password
protected, forcing the user to unlock their workstation when resuming
from the screensaver.  All options are under the following:

 

User Configuration | Administrative Templates | Control Panel | Display

 

Screen Saver (enabled turns on screensavers, prevents users from
changing)

Screen Saver executable name (requires you to specify a standard
screensaver that is going to be on all desktops)

Password protect the screen saver (to force the user to press
Ctr+Alt+Del and unlock their workstation)

Screen Saver timeout (how long to wait before the screensaver turns on
and therefore locks the workstation)

 

You can get away with not specifying #2, but if a user does not have a
screensaver specified and you turn on the other settings, no screensaver
will be selected.  The best option is to do all of these, but this will
kill any users' special screensavers (prolly a good thing, come to mind
. . .)

 

Thanks,

 

James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services

 



From: Tom Miller [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, October 21, 2008 1:11 PM
To: NT System Admin Issues
Subject: AD GPO to lock screen

 

Hi Folks,

 

I am looking for the GPO setting to lock the computer so as the user is
required to press control-alt-delete to unlock the screen.  I see the
GPO settings under User | Policies | Admin Templates | Control Panel |
Display | Screen saver timeout, but this doesn't look like what I'm
looking for.

 

 

 

Tom Miller
Engineer, Information Technology
Hampton-Newport News Community Services Board
757-788-0528 

 

Confidentiality Notice: This e-mail message, including attachments, is
for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure, or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message. 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Password management app?

[James Winzenz]

Enterprise Password Safe.  It does everything you are asking for and
more.

 

http://www.enterprise-password-safe.com/

 

IIRC, it was not too pricey.  We are rolling this out to all of our IT
departments right now.

 

Thanks,

 

James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services

 



From: Damien Solodow [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, October 21, 2008 7:22 AM
To: NT System Admin Issues
Subject: Password management app?

 

I'm looking for some suggestions for a password management program. 

 

I use KeePass for my own things, but am looking for something a little
different for the IT department. Ideally it would be able to use AD/LDAP
for user authentication and all different access levels based on user or
group.

 

For example, I'd like to be able to make only a subset of password
available to the Helpdesk, and a different subset to the network guys.

 

Free or OSS would be great, but willing to buy something if it's not too
pricey, and has a trial or eval available.

 

Suggestions, preferences, etc?

TIA

 

Damien Solodow

Senior System Administrator

Infrastructure Services Group

Information Services

Indiana Business College

[EMAIL PROTECTED]

Direct - (317) 217-6881

We are the Foundation of how Business Gets Done! 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Directory permissions black magic

[James Winzenz]

Creator/Owner is by default granted full control, unless you explicitly
remove it.

Thanks,

James Winzenz
Infrastructure Engineer - Security
Pulte Homes Information Services


-Original Message-
From: Kurt Buff [mailto:[EMAIL PROTECTED] 
Posted At: Friday, September 26, 2008 11:10 AM
Posted To: NTSysadmin
Conversation: Directory permissions black magic
Subject: Directory permissions black magic

I've been reviewing permissions in staff home directories on our file
server, and found something that I haven't been able to figure out.

Home directories are on h:, connected to \\fileserver\home\username

Permissions on that directory for each user are Full Control for
admins, Change for the user.

The weird part is that I am frequently seeing Full Control on
subdirectories - \\fileserver\home\username\project

How the heck is that happening? They are only writing/copying files
from their workstations.

Thoughts?

Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~ 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Duplicated File Finder

[James Winzenz]

I would be wary of using any product to check for duplicate files.  How
do you *know* they are duplicate files?  How is it checking?  Filename,
last modified date, size, etc. could all be the same, but the files
could still be different.  Unless your program has a way of scanning the
content of the files (scary!) to confirm all of the data is exactly the
same, I would be leery of any results, and I certainly wouldn't use this
for any sort of data cleanup effort unless it were just to notify the
user(s) and ask them to check those files and remove any duplicates.
That being said, I have never used said program, so I don't know
anything about the way it works.  But we have seen other programs that
claim to find duplicate files (Treesize Pro, have used Bindview (now
Symantec Control Compliance Suite)), and none of them work to the level
where I would completely trust the results.

 

Thanks,

 

James Winzenz

Infrastructure Engineer - Security

Pulte Homes Information Services

 



From: Stefan Jafs [mailto:[EMAIL PROTECTED] 
Posted At: Wednesday, September 24, 2008 8:42 AM
Posted To: NTSysadmin
Conversation: Duplicated File Finder
Subject: RE: Duplicated File Finder
  

I'm running it on 2003, it's amazing how some users have to have the
same files in so many different folder! I guess they user belt and
suspenders also!

 

__
Stefan Jafs

 

From: Michael B. Smith [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, September 24, 2008 11:38
To: NT System Admin Issues
Subject: RE: Duplicated File Finder

 

Bah. It doesn't understand the file and directory links used by Vista
and Server 2008. It seriously over-reports disk usage and finds
duplicate files that aren't actually duplicates.

 

Regards,

 

Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP

My blog: http://TheEssentialExchange.com/blogs/michael

Link with me at: http://www.linkedin.com/in/theessentialexchange

 

From: Stefan Jafs [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, September 23, 2008 1:59 PM
To: NT System Admin Issues
Subject: RE: Duplicated File Finder

 

Thanks, seems to work good!

 

__
Stefan Jafs

 

From: Liu, David [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, September 23, 2008 12:18
To: NT System Admin Issues
Subject: RE: Duplicated File Finder

 

Disk recon. Its cheap & you can do other storage mgmt/reports

 

From: Stefan Jafs [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, September 23, 2008 12:02 PM
To: NT System Admin Issues
Subject: Duplicated File Finder

 

What do you guys use to find duplicated files on your file server?

 

__
Stefan Jafs 

 

This email and any attached files are confidential and intended solely
for the intended recipient(s). If you are not the named recipient you
should not read, distribute, copy or alter this email. Any views or
opinions expressed in this email are those of the author and do not
represent those of the Amico Corporation. Warning: Although precautions
have been taken to make sure no viruses are present in this email, the
company cannot accept responsibility for any loss or damage that arise
from the use of this email or attachments.

 

 

 

 

 

 

This email and any attached files are confidential and intended solely
for the intended recipient(s). If you are not the named recipient you
should not read, distribute, copy or alter this email. Any views or
opinions expressed in this email are those of the author and do not
represent those of the Amico Corporation. Warning: Although precautions
have been taken to make sure no viruses are present in this email, the
company cannot accept responsibility for any loss or damage that arise
from the use of this email or attachments.

 

 

 

 

 

 

This email and any attached files are confidential and intended solely
for the intended recipient(s). If you are not the named recipient you
should not read, distribute, copy or alter this email. Any views or
opinions expressed in this email are those of the author and do not
represent those of the Amico Corporation. Warning: Although precautions
have been taken to make sure no viruses are present in this email, the
company cannot accept responsibility for any loss or damage that arise
from the use of this email or attachments. 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Magazine subscriptions

[James Winzenz]

You have to scroll all the way down to the bottom of the page.

 

Thanks,

 

James Winzenz

Infrastructure Engineer - Security

Pulte Homes Information Services

 

 

-Original Message-
From: Liu, David [mailto:[EMAIL PROTECTED] 
Posted At: Tuesday, September 23, 2008 9:17 AM
Posted To: NTSysadmin
Conversation: Magazine subscriptions
Subject: RE: Magazine subscriptions

 

Just tried...nada

http://64.233.169.104/search?q=cache:experts-exchange.com/Apple/Operatin

g_Systems/Q_23547249.html 

 

> -Original Message-

> From: Joe Heaton [mailto:[EMAIL PROTECTED]

> Sent: Tuesday, September 23, 2008 12:11 PM

> To: NT System Admin Issues

> Subject: RE: Magazine subscriptions

> 

> With Experts-exchange, just open the cached version from Google.  It

> gives you the full discussion that way.

> 

> -Original Message-

> From: Andy Ognenoff [mailto:[EMAIL PROTECTED]

> Sent: Monday, September 22, 2008 2:43 PM

> To: NT System Admin Issues

> Subject: RE: Magazine subscriptions

> 

> >Like experts-exchange.com. They are everywhere. Anyone use them? Are

> they

> >worthwhile to have a sub for?

> 

> Exactly, but I signed up with them when it was new and free and

> answered

> a

> couple questions so now I can view all answers to questions without

> paying

> anything. :)

> 

>  - Andy O.

> 

> 

> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~

> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

> 

> No virus found in this incoming message.

> Checked by AVG - http://www.avg.com

> Version: 8.0.169 / Virus Database: 270.7.0/1684 - Release Date:

> 9/22/2008 6:39 AM

> 

> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~

> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~

~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~ 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: logging deleted files

[James Winzenz]

You shouldn't have to wait for the server to reboot for the GPO to be
updated - if you want, you can force the group policy settings to be
refreshed sooner than the default group policy refresh interval.

 

Thanks,

 

James Winzenz

Infrastructure Engineer - Security

Pulte Homes Information Services

 



From: Paul Everett [mailto:[EMAIL PROTECTED] 
Posted At: Thursday, September 18, 2008 2:12 PM
Posted To: NTSysadmin
Conversation: logging deleted files
Subject: RE: logging deleted files
  

I don't know if that would be a nightmare or a revelation to find out
that my DC wasn't my DC, but alas it is.  It just doesn't show either of
the Domain Security Policy's in Admin Tools.  I did however find the
Domain Controller Security Policy in the GP of the Domain Controllers in
Active Directory.  I made the change and expect it to show up with my
next Server roboot.

Thanks!

 



From: Steve Moffat [mailto:[EMAIL PROTECTED] On Behalf Of NTSysAdmin
Sent: Thursday, September 18, 2008 4:22 PM
To: NT System Admin Issues
Subject: RE: logging deleted files

 

If it's a DC then you "should" have both Domain Controller Security
Policy and Domain Security Policy in Admin Tools, if not, it's not your
DC.

 

S

 

From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Thursday, September 18, 2008 3:34 PM
To: NT System Admin Issues
Subject: RE: logging deleted files

 

I don't have a Domain Controller Security Policy in Admin Tools, just
Local Security Policy and "yes" the "Define these policy settings" box
is missing.

I just meant the files in question are on the DC.

 



From: Ralph Smith [mailto:[EMAIL PROTECTED] 
Sent: Thursday, September 18, 2008 2:15 PM
To: NT System Admin Issues
Subject: RE: logging deleted files

 

I think you want to go to 

 

Administrative Tools > Domain Controller Security Policy > Local
Security Policy

 

if this applies to the domain controller.

 

There should be a box for "Define these policy settings".  Is that
what's missing?

 

I'm not sure what you mean by the file being located in the Domain Group
Policy on the DC.  Do you mean the file is on the Domain Controller
under the C:\WINDOWS\SYSVOL\domain\Policies folder?

Ralph Smith
Gateway Community Industries
845-331-1261 x234

 



From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Thursday, September 18, 2008 1:31 PM
To: NT System Admin Issues
Subject: RE: logging deleted files

 

Thanks for the link Ralph.

 

I have auditing from the folder in question's Properties enabled and
also in Domain Group Policy on the DC, which is were the file is
located.

I can't get anything to show up in event log.

 

In the Local Security Policy the "audit local object" success and
failures are grayed out with no "enable" box.

 

 



From: Ralph Smith [mailto:[EMAIL PROTECTED] 
Sent: Thursday, September 18, 2008 11:47 AM
To: NT System Admin Issues
Subject: RE: logging deleted files

 

http://sogeeky.blogspot.com/2006/07/how-to-audit-and-track-file-deletion
s.html

 

Ralph Smith
Gateway Community Industries
845-331-1261 x234

 



From: James Rankin [mailto:[EMAIL PROTECTED] 
Sent: Thursday, September 18, 2008 10:43 AM
To: NT System Admin Issues
Subject: Re: logging deleted files

 

 You can turn on file auditing for particular folders if you know which
folders are at risk

Right-click folder Properties, Security, Advanced, Auditing

2008/9/18 Paul Everett <[EMAIL PROTECTED]>

Is there anything that logs the event when files are deleted over the
network?

 

A user in one of our departments is deleting files, either
unintentionally or not.  The best I can do is check my daily backups to
find out which day it happened, but we'd like to find out who it is.  We
don't need something to recover deleted network files, just something
that logs the event that includes the username.  Is there anything out
there that can do this?

We have a 2003 AD Domain.

Thanks,

Paul Everett 
IS Dept. 


Confidentiality Notice:  This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information.  Any unauthorized review, use,
disclosure, or distribution is prohibited.   If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message, including attachments.

 

 

 

 

 

 

 

 

 

 

Confidentiality Notice:

**

This communication, including any attachments, may contain confidential
information and is intended only for the individual or entity to whom it
is addressed. Any review, dissemination, or copying of this
communication by anyone other than the intended re

RE: logging deleted files

[James Winzenz]

Check the following Group Policy Objects to see if you have auditing
enabled:

 

1.  Default Domain Controllers Policy
2.  Default Server Policy
3.  Default Computer Policy

 

Do you have auditing enabled for the Default Domain Policy?  Which
specific GPO do you have this setting applied to?  BTW, our Default
Domain Controllers Policy has the audit object access set to No
Auditing.  If yours is configured this way, it would override any domain
gpo if "No Override" is not specified, and I really don't think you
would want to do that with your domain controller(s).  Since the Default
Domain Controllers Policy is linked to the Domain Controllers OU, it
would take precedence over the Default Domain Policy.

 

The audit setting (as previously mentioned) is audit object access, and
you would at least need to enable for success.  Then on the folder (and
subfolders and files) in question, you would need to configure auditing
for delete, delete subfolder and files.  You would also need to specify
the individual (or group) that should be audited against.  It appears
this would be logged under event ID 560.  

 

Thanks,

 

James Winzenz

Infrastructure Engineer - Security

Pulte Homes Information Services

 



From: Paul Everett [mailto:[EMAIL PROTECTED] 
Posted At: Thursday, September 18, 2008 11:34 AM
Posted To: NTSysadmin
Conversation: logging deleted files
Subject: RE: logging deleted files
  

I don't have a Domain Controller Security Policy in Admin Tools, just
Local Security Policy and "yes" the "Define these policy settings" box
is missing.

I just meant the files in question are on the DC.

 



From: Ralph Smith [mailto:[EMAIL PROTECTED] 
Sent: Thursday, September 18, 2008 2:15 PM
To: NT System Admin Issues
Subject: RE: logging deleted files

 

I think you want to go to 

 

Administrative Tools > Domain Controller Security Policy > Local
Security Policy

 

if this applies to the domain controller.

 

There should be a box for "Define these policy settings".  Is that
what's missing?

 

I'm not sure what you mean by the file being located in the Domain Group
Policy on the DC.  Do you mean the file is on the Domain Controller
under the C:\WINDOWS\SYSVOL\domain\Policies folder?

Ralph Smith
Gateway Community Industries
845-331-1261 x234

 



From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Thursday, September 18, 2008 1:31 PM
To: NT System Admin Issues
Subject: RE: logging deleted files

 

Thanks for the link Ralph.

 

I have auditing from the folder in question's Properties enabled and
also in Domain Group Policy on the DC, which is were the file is
located.

I can't get anything to show up in event log.

 

In the Local Security Policy the "audit local object" success and
failures are grayed out with no "enable" box.

 

 



From: Ralph Smith [mailto:[EMAIL PROTECTED] 
Sent: Thursday, September 18, 2008 11:47 AM
To: NT System Admin Issues
Subject: RE: logging deleted files

 

http://sogeeky.blogspot.com/2006/07/how-to-audit-and-track-file-deletion
s.html

 

Ralph Smith
Gateway Community Industries
845-331-1261 x234

 



From: James Rankin [mailto:[EMAIL PROTECTED] 
Sent: Thursday, September 18, 2008 10:43 AM
To: NT System Admin Issues
Subject: Re: logging deleted files

 

 You can turn on file auditing for particular folders if you know which
folders are at risk

Right-click folder Properties, Security, Advanced, Auditing

2008/9/18 Paul Everett <[EMAIL PROTECTED]>

Is there anything that logs the event when files are deleted over the
network?

 

A user in one of our departments is deleting files, either
unintentionally or not.  The best I can do is check my daily backups to
find out which day it happened, but we'd like to find out who it is.  We
don't need something to recover deleted network files, just something
that logs the event that includes the username.  Is there anything out
there that can do this?

We have a 2003 AD Domain.

Thanks,

Paul Everett 
IS Dept. 


Confidentiality Notice:  This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information.  Any unauthorized review, use,
disclosure, or distribution is prohibited.   If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message, including attachments.

 

 

 

 

 

 

 

 

 

 

Confidentiality Notice:

**

This communication, including any attachments, may contain confidential
information and is intended only for the individual or entity to whom it
is addressed. Any review, dissemination, or copying of this
communication by anyone other than the intended recipient is 

RE: Security group / dist list

[James Winzenz]

We preface our distribution groups with the word (List).  It also has
the added benefit of putting the distribution lists first in the GAL.

 

Thanks,

 

James Winzenz

Infrastructure Engineer - Security

Pulte Homes Information Services

 



From: Ziots, Edward [mailto:[EMAIL PROTECTED] 
Posted At: Thursday, September 11, 2008 9:40 AM
Posted To: NTSysadmin
Conversation: Security group / dist list
Subject: RE: Security group / dist list
  

Put a Prefix on them like DG_ for Distrubution Group and SG_ for
Security group. Quick easy and pretty well understood :-)

Z

 

Edward E. Ziots

Network Engineer

Lifespan Organization

MCSE,MCSA,MCP,Security+,Network+,CCA

Phone: 401-639-3505



From: David Lum [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, September 10, 2008 12:08 PM
To: NT System Admin Issues
Subject: Security group / dist list

 

How do you guys differentiate your security group names from
distribution list names in AD?

David Lum
SYSTEMS ENGINEER // NORTHWEST EVALUATION ASSOCIATION
[EMAIL PROTECTED] // 971.222.1025 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Folders moveing themselves

[James Winzenz]

I agree - auditing is your friend here.

James Winzenz
Infrastructure Systems Engineer II - Security
Pulte Homes Information Services


-Original Message-
From: René de Haas [mailto:[EMAIL PROTECTED] 
Posted At: Thursday, July 31, 2008 5:35 AM
Posted To: NTSysadmin
Conversation: Folders moveing themselves
Subject: RE: Folders moveing themselves

What I have seen is users unintentionally drag folders to a different spot.
Though them reappearing in the correct folder would argue against accidents 
like that.

I'd turn on auditing and wait for a reoccurance.

-Original Message-
From: Gavin Wilby [mailto:[EMAIL PROTECTED] 
Sent: Thursday, July 31, 2008 1:00 PM
To: NT System Admin Issues
Subject: Folders moveing themselves

Bear with me here guys. before I start I think that there is an errant
user at fault. However.

Windows 2003 SBS, with SEP and Bex11d.

There is a share called \\server\data\company\a, and in that folder
all companies that start with A live in there. This directory structre
goes from A-Z.

When a company gioes belly up, or simply falls out of scope of the
site that company then goes and lives in folder called
\\server\data\company\dead.

Its just been noticed that some folders from the "dead" folder have
reappeared randomly back in the original folders that they were in.

I have gone back as far as shadow copy will allow and this shows they
were there for the last month. No restores have been done and the boss
is convinced due to the randomness of the way they have reappered that
it wasnt a user. all users have full access to the files, and no,
there is no auditing switched on.

Has anyone come across this and got to the bottom of it?

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~


***
The information in this e-mail is confidential and intended solely for the 
individual or entity to whom it is addressed.  If you have received this e-mail 
in error please notify the sender by return e-mail delete this e-mail and 
refrain from any disclosure or action based on the information.
***

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~ 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: RDP question

[James Winzenz]

That is actually something that we should look into - I am going to
mention that to our infrastructure group.

 

Thanks,

 

James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services

 



From: James Rankin [mailto:[EMAIL PROTECTED] 
Posted At: Wednesday, June 11, 2008 3:40 PM
Posted To: NTSysadmin
Conversation: RDP question
Subject: Re: RDP question 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: RDP question

[James Winzenz]

Oh, nothing real serious, he was just exploiting an account that has
been around for a very long time - which happens to have *domain admin*
rights . . .

 

(I was being sarcastic about the serious part . . .)

 

James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services

 



From: Troy Meyer [mailto:[EMAIL PROTECTED] 
Posted At: Wednesday, June 11, 2008 3:35 PM
Posted To: NTSysadmin
Conversation: RDP question
Subject: RE: RDP question
  

James,

 

This kind of stuff intrigues me.  Without giving up details can you tell
us what he was doing and what type of account he was exploiting?

 

Many times I have found issues in my own setup listening to what is
vulnerable on other networks.

 

Thanks

 

Troy

 

 

From: James Winzenz [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, June 11, 2008 3:26 PM
To: NT System Admin Issues
Subject: RE: RDP question

 

We do have that set up in our audit policy, and the logon was indeed a
528; the problem was that the guy didn't use his own account.  He also
had no business doing what he did.  Luckily the terminal services logon
event provided the ip address that connected, so we were able to track
it down to the person who did it and report them.  As to what happens
now, anyone's guess.  I highly doubt he will be fired, although if it
were me, that is what I would recommend, due to the nature of the
account he used and the actions he took.  At least we are going to be
able to get rid of another generic account . . .

 

James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services

 



From: Bob Fronk [mailto:[EMAIL PROTECTED] 
Posted At: Monday, June 09, 2008 10:40 AM
Posted To: NTSysadmin
Conversation: RDP question
Subject: RE: RDP question
  

The default.rdp will help, but for future, you probably need to set a
GPO to audit logon events.  If this already exists, just look on the
security log for the event.  (I think it is 528, but from memory so not
positive)

 

Bob Fronk

[EMAIL PROTECTED]

 

From: James Winzenz [mailto:[EMAIL PROTECTED] 
Sent: Monday, June 09, 2008 1:07 PM
To: NT System Admin Issues
Subject: RDP question

 

RDP question for everyone - is there a file on the client (log or other
file type) that shows a client's most recent rdp sessions?  When I click
on my remote desktop connection, it always shows me my the name of the
last server I RDP'd into, but I am looking to see if that is stored
somewhere on the local computer.  We had some inappropriate activity
using a service account and don't yet have enough information to prove
that a certain person did something they should not have.  The more
information I can obtain, the better.  The client was XP Pro SP2, if
that helps any.  I have viewed the event logs on the server they logged
into, and it unfortunately does not provide the computer name that
connected to it, just the IP address.  I want irrefutable proof, and
this, in combination with the DHCP logs, does not quite provide that.  I
have been unable to find anything yet in Google using multiple different
search strings.

 

Thanks,

 

James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services

Telefax: (602) 797-5823

 

 

 


CONFIDENTIALITY NOTICE:  This email may contain confidential and
privileged material for the sole use of the intended recipient(s).  Any
review, use, distribution or disclosure by others is strictly
prohibited.  If you have received this communication in error, please
notify the sender immediately by email and delete the message and any
file attachments from your computer.  Thank you.

 

 

 

 


CONFIDENTIALITY NOTICE:  This email may contain confidential and
privileged material for the sole use of the intended recipient(s).  Any
review, use, distribution or disclosure by others is strictly
prohibited.  If you have received this communication in error, please
notify the sender immediately by email and delete the message and any
file attachments from your computer.  Thank you. 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~<>

RE: RDP question

[James Winzenz]

We do have that set up in our audit policy, and the logon was indeed a
528; the problem was that the guy didn't use his own account.  He also
had no business doing what he did.  Luckily the terminal services logon
event provided the ip address that connected, so we were able to track
it down to the person who did it and report them.  As to what happens
now, anyone's guess.  I highly doubt he will be fired, although if it
were me, that is what I would recommend, due to the nature of the
account he used and the actions he took.  At least we are going to be
able to get rid of another generic account . . .

 

James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services

 



From: Bob Fronk [mailto:[EMAIL PROTECTED] 
Posted At: Monday, June 09, 2008 10:40 AM
Posted To: NTSysadmin
Conversation: RDP question
Subject: RE: RDP question
  

The default.rdp will help, but for future, you probably need to set a
GPO to audit logon events.  If this already exists, just look on the
security log for the event.  (I think it is 528, but from memory so not
positive)

 

Bob Fronk

[EMAIL PROTECTED]

 

From: James Winzenz [mailto:[EMAIL PROTECTED] 
Sent: Monday, June 09, 2008 1:07 PM
To: NT System Admin Issues
Subject: RDP question

 

RDP question for everyone - is there a file on the client (log or other
file type) that shows a client's most recent rdp sessions?  When I click
on my remote desktop connection, it always shows me my the name of the
last server I RDP'd into, but I am looking to see if that is stored
somewhere on the local computer.  We had some inappropriate activity
using a service account and don't yet have enough information to prove
that a certain person did something they should not have.  The more
information I can obtain, the better.  The client was XP Pro SP2, if
that helps any.  I have viewed the event logs on the server they logged
into, and it unfortunately does not provide the computer name that
connected to it, just the IP address.  I want irrefutable proof, and
this, in combination with the DHCP logs, does not quite provide that.  I
have been unable to find anything yet in Google using multiple different
search strings.

 

Thanks,

 

James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services

Telefax: (602) 797-5823

 

 

 


CONFIDENTIALITY NOTICE:  This email may contain confidential and
privileged material for the sole use of the intended recipient(s).  Any
review, use, distribution or disclosure by others is strictly
prohibited.  If you have received this communication in error, please
notify the sender immediately by email and delete the message and any
file attachments from your computer.  Thank you. 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~<>

RE: RDP question

[James Winzenz]

That does appear to contain the information on the most recent server
that was connected to.  When I double-clicked that file on the client in
question, it asked me for credentials to the server that was connected
to when the dirty deed was done . . . still not sure if that would count
as irrefutable proof, but it's definitely a start . . .

 

Thanks,

 

James Winzenz

Infrastructure Engineer - Security

Pulte Homes Information Services

 



From: Kennedy, Jim [mailto:[EMAIL PROTECTED] 
Posted At: Monday, June 09, 2008 10:09 AM
Posted To: NTSysadmin
Conversation: RDP question
Subject: RE: RDP question
  

Default.rdp in my documents might be what you are looking for. It is a
hidden file.

 

 

 

From: James Winzenz [mailto:[EMAIL PROTECTED] 
Sent: Monday, June 09, 2008 1:07 PM
To: NT System Admin Issues
Subject: RDP question

 

RDP question for everyone - is there a file on the client (log or other
file type) that shows a client's most recent rdp sessions?  When I click
on my remote desktop connection, it always shows me my the name of the
last server I RDP'd into, but I am looking to see if that is stored
somewhere on the local computer.  We had some inappropriate activity
using a service account and don't yet have enough information to prove
that a certain person did something they should not have.  The more
information I can obtain, the better.  The client was XP Pro SP2, if
that helps any.  I have viewed the event logs on the server they logged
into, and it unfortunately does not provide the computer name that
connected to it, just the IP address.  I want irrefutable proof, and
this, in combination with the DHCP logs, does not quite provide that.  I
have been unable to find anything yet in Google using multiple different
search strings.

 

Thanks,

 

James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services

Telefax: (602) 797-5823

 

 

 


CONFIDENTIALITY NOTICE:  This email may contain confidential and
privileged material for the sole use of the intended recipient(s).  Any
review, use, distribution or disclosure by others is strictly
prohibited.  If you have received this communication in error, please
notify the sender immediately by email and delete the message and any
file attachments from your computer.  Thank you. 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~<>

RDP question

[James Winzenz]

RDP question for everyone - is there a file on the client (log or other
file type) that shows a client's most recent rdp sessions?  When I click
on my remote desktop connection, it always shows me my the name of the
last server I RDP'd into, but I am looking to see if that is stored
somewhere on the local computer.  We had some inappropriate activity
using a service account and don't yet have enough information to prove
that a certain person did something they should not have.  The more
information I can obtain, the better.  The client was XP Pro SP2, if
that helps any.  I have viewed the event logs on the server they logged
into, and it unfortunately does not provide the computer name that
connected to it, just the IP address.  I want irrefutable proof, and
this, in combination with the DHCP logs, does not quite provide that.  I
have been unable to find anything yet in Google using multiple different
search strings.

 

Thanks,

 

James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services

Telefax: (602) 797-5823 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~<>

RE: Domain Admin monkey business

[James Winzenz]

By OU delegation, are you referring to the delegation wizard, or just
the ability to set permissions on specific OU's?  Either would suffice
to allow someone the ability to perform such actions, whether or not
they were a member of the account operators group.  Take a look at the
advanced permissions of one of the user accounts they can modify, sort
by name, and see if either their names or a group they are in shows up
with permissions.

James Winzenz
Infrastructure Engineer - Security
Pulte Homes Information Services


-Original Message-
From: Kurt Buff [mailto:[EMAIL PROTECTED] 
Posted At: Monday, May 05, 2008 10:49 AM
Posted To: NTSysadmin
Conversation: Domain Admin monkey business
Subject: Re: Domain Admin monkey business

Just did - they're not in there either.

On Mon, May 5, 2008 at 10:37 AM, Barsodi.John <[EMAIL PROTECTED]>
wrote:
> Check the Account Operators group?
>
>
>
>  -Original Message-
>  From: Kurt Buff [mailto:[EMAIL PROTECTED]
>  Sent: Monday, May 05, 2008 10:30 AM
>  To: NT System Admin Issues
>  Subject: Domain Admin monkey business
>
>  I've been on vacation for a couple of weeks, and came back to a bit
of
>  a situation. The helpdesk staff now seem to be able to control
>  accounts in the domain - they can set/reset passwords, disable/enable
>  accounts, update group memberships, etc.
>
>  I've looked, and domain admins looks as expected.
>
>  Am I correct in believing that the only other way this can happen is
>  through OU delegation? If so, how do I check to see what's changed
WRT
>  delegation - how do I audit that?
>
>  Kurt
>
>  ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
>  ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~
>
>  ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
>  ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~
>

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~ 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: AD groups Domain local, global, universal

[James Winzenz]

No need for domain local if only users from the domain will be accessing
the share.  Global Security group, add members to the group, assign
appropriate NTFS permissions to the group on the network share.  The old
NT4 strategy was

 

AGDLP (Accounts --> Global groups, Global groups --> Domain Local
groups, permissions --> Domain Local groups).  You don't need the Domain
Local part any more, especially since both the server and the accounts
are in the same domain.

 

James Winzenz

Infrastructure Engineer - Security

Pulte Homes Information Services

 



From: David Lum [mailto:[EMAIL PROTECTED] 
Posted At: Tuesday, April 29, 2008 1:01 PM
Posted To: NTSysadmin
Conversation: AD groups Domain local, global, universal
Subject: AD groups Domain local, global, universal
  

Scenario: Two domains, domain.local and a child domain called subdomain.


 

All users in the company are in subdomain.domain.local, Exchange servers
are in subdomain as well. Effectively *everything* is in subdomain

 

I have a share \\ServerA.subdomain.domain.local\share
  and I want to create a
security group to access this share. I'll name it _Servername\Share. A
quick Goggle-fu refresher makes me think in my case the security groups
should be domain local and distribution lists should be global.

 

I have a separate forest (otherdomain.local) that sometimes
subdomain.domain accounts hit, but I don't think it has any bearing on
this decision.

 

Comments?

 

Dave Lum  - Systems Engineer 
[EMAIL PROTECTED] - (971)-222-1025
"When you step on the brakes your life is in your foot's hands" 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: KillDisk and Symantec Ghost?

[James Winzenz]

I thought that the DOD no longer recognized disk wiping as an acceptable
means of sanitization, and that the only recognized methods now included
physical destruction of said disk?  Or maybe that was the Pentagon . . .
btw, that document is over 2 years old . . .

James Winzenz
Infrastructure Engineer - Security
Pulte Homes Information Services


-Original Message-
From: Joe Heaton [mailto:[EMAIL PROTECTED] 
Posted At: Tuesday, April 29, 2008 10:34 AM
Posted To: NTSysadmin
Conversation: KillDisk and Symantec Ghost?
Subject: RE: KillDisk and Symantec Ghost?

Right, I meant sanitization when I said wipe.  I've looked at those
pages, and agree with the requirements, but there's really nothing
specified in that document on how a hard drive should be erased, simply
that "IS resources shall be sanitized before they are released from
classified information controls or released for use at a lower
classification level."

I'm just not sure why you're using that as an end-all/be-all reference
in your statement "Accept no substitutes."  Wouldn't it be better to
have some sort of reference that tells you to what degree you have to go
in order to declare the media sanitized?  I'm not trying to flame you,
or anything, but it just kind of bothers me that people cite references
that don't really say anything.


Joe Heaton

-Original Message-
From: David W. McSpadden [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, April 29, 2008 9:55 AM
To: NT System Admin Issues
Subject: Re: KillDisk and Symantec Ghost?

53,54,58-61,66,69,84 all talk about media an in 58-61 it talks about
cleaning and sanitation of the media but wiping is not mentioned
- Original Message -
From: "Joe Heaton" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" 
Sent: Tuesday, April 29, 2008 12:25 PM
Subject: RE: KillDisk and Symantec Ghost?


Where exactly in that 106 page document does it tell you about hard
drive erasure, other than the one liner that says that media should be
wiped?  Maybe I just missed it...


Joe Heaton

-Original Message-
From: Christopher J. Bosak [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 29, 2008 7:49 AM
To: NT System Admin Issues
Subject: RE: KillDisk and Symantec Ghost?

DoD Requirements for Hard Drive erasure.
Accept no substitutes.
http://www.dtic.mil/whs/directives/corres/pdf/522022mchaps.pdf

Either that, or as Terry stated, destroy the drive and buy a new one.

Christopher J. Bosak
Vector Company
c. 847.603.4673
[EMAIL PROTECTED]

"You need to install an RTFM Interface, due to an LBNC issue."
- B.O.F.H. (Merged 2 into 1) - Me

-Original Message-
From: Terry Dickson [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 29, 2008 09:45 hrs
To: NT System Admin Issues
Subject: RE: KillDisk and Symantec Ghost?

I do not think you are defeating anything putting a ghost image back on.
We also use Killdisk for our Sata Drives we have a hardware device for
the IDE Drives.  These programs and devices make it harder to recover
old data.  I have heard the data can be written over 7 or more times and
still be recovered under the right circumstances.

Complying with the Auditors usually makes you life easier.  I would
continue to do this unless you come up with something better, and by
better I would say maybe more secure like a 7 or more times wipe.  Or
just remove and destroy the drive.  At the current price of new drives
it would be almost cheaper to replace the drive with a new one rather
than taking the time to wipe 3+ times.



-Original Message-
From: David W. McSpadden [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 29, 2008 9:36 AM
To: NT System Admin Issues
Subject: KillDisk and Symantec Ghost?

I have KillDisk and run it three times on a machine. (Free version) Then
I ghost an image onto the machine.
Am I defeating the KillDisk by using the ghosted image of an old machine
or could I even reimage the machine after KillDisking and Ghosting the
old image to create a new KillDisked/Ghosted machine?

I am wanting to comply with auditors on wiping the drive at least three
times and putting XP pro back on the machine using a ghosted image.

Any recommendations?





IT works,
but keeping IT working is the hard part.

Automation is great,
until it breaks.




~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

__

This e-mail and any files transmitted with it are property of Indiana
Members Credit Union, are confidential, and are intended solely for the
use of the individual or entity to whom this e-mail

RE: KillDisk and Symantec Ghost?

[James Winzenz]

DBAN supports multiple passes (as well as multiple methods), and it is
also free.  You can burn it to CD/DVD or to a USB flash drive as well as
the traditional floppy media.

 

James Winzenz

Infrastructure Engineer - Security

Pulte Homes Information Services

 



From: David W. McSpadden [mailto:[EMAIL PROTECTED] 
Posted At: Tuesday, April 29, 2008 7:36 AM
Posted To: NTSysadmin
Conversation: KillDisk and Symantec Ghost?
Subject: KillDisk and Symantec Ghost?
  

I have KillDisk and run it three times on a machine. (Free version)
Then I ghost an image onto the machine.

Am I defeating the KillDisk by using the ghosted image of an old machine
or could I even reimage the machine

after KillDisking and Ghosting the old image to create a new
KillDisked/Ghosted machine?

 

I am wanting to comply with auditors on wiping the drive at least three
times and putting XP pro back on the machine using a ghosted image.

 

Any recommendations?

 

 

 

 

 

IT works, 
but keeping IT working is the hard part.  

 

Automation is great, 
until it breaks. 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: Dump of All Groups and Their Membership

[James Winzenz]

Hyena also has an exporter pro function, we have used it before.  It is
built into the Hyena license, but you can also purchase it separately.
You have your choice of formats to export to, IIRC.

http://www.systemtools.com/exporter/index.html

US $99.00 per license (although Hyena is only $199/license, and less if
you get more)

James Winzenz
Infrastructure Engineer - Security
Pulte Homes Information Services


-Original Message-
From: Rankin, James R [mailto:[EMAIL PROTECTED] 
Posted At: Thursday, April 17, 2008 3:22 AM
Posted To: NTSysadmin
Conversation: Dump of All Groups and Their Membership
Subject: RE: Dump of All Groups and Their Membership

Have you tried DameWare's export function? There are probably better
ways however...

-Original Message-
From: Terri.Esham [mailto:[EMAIL PROTECTED] 
Sent: 17 April 2008 11:16
To: NT System Admin Issues
Subject: Dump of All Groups and Their Membership

What's the best utility to use to export all Active Directory Groups and
their membership?   I know how to do it by doing each group separately,
but I'd like a way to do all groups at one time.  Any help will be
greatly appreciated.

Thanks, Terri

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~ 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: Miami Salary survey?

[James Winzenz]

Just move to Arizona, you don't have to get a new Driver's license until
you are 65!  I'll be the first to admit I think that is an extremely
stupid law, but I occasionally get kicks out of seeing a license that
doesn't expire until 2038 . . .

 

James Winzenz

Infrastructure Engineer - Security

Pulte Homes Information Services

 



From: Ziots, Edward [mailto:[EMAIL PROTECTED] 
Posted At: Tuesday, April 15, 2008 5:54 AM
Posted To: NTSysadmin
Conversation: Miami Salary survey?
Subject: RE: Miami Salary survey?
  

Aint that the truth. 

 

NO wonder when I go get my License renewed at the DMV they are the most
unpleasant folks, rude and snappy. 

 

Z

 

Edward E. Ziots

Network Engineer

Lifespan Organization

MCSE,MCSA,MCP,Security+,Network+,CCA

Phone: 401-639-3505

-Original Message-
From: Benjamin Zachary [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, April 15, 2008 8:50 AM
To: NT System Admin Issues
Subject: RE: Miami Salary survey?

 

I never deal with state employees, I always look for aggressive go
getters. Working those hours and money your being walked on compared to
what's in the business sector (my opinion of course)

 

Remember government business runs contrary to private business. 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: Password screensaver GPO

[James Winzenz]

Here's what GPMC says about the screensaver timeout setting:

 

This setting has no effect under any of the following circumstances:

- The setting is disabled or not configured.

- The wait time is set to zero.

- The "No screen saver" setting is enabled.

- Neither the "Screen saver executable name" setting nor the Screen
Saver tab of the client computer's Display Properties dialog box
specifies a valid existing screensaver program on the client.

 

And here's what it says about the screensaver setting:

 

If you enable it, a screensaver runs, provided the following two
conditions hold: First, a valid screensaver on the client is specified
through the "Screensaver executable name" setting or through Control
Panel on the client computer. Second, the screensaver timeout is set to
a nonzero value through the setting or Control Panel.

 

And finally, here's what it says about password protecting the
screensaver:

 

To ensure that a computer will be password protected, also enable the
"Screen Saver" setting and specify a timeout via the "Screen Saver
timeout" setting.

 

So it sounds like "technically" you could just enable the screensaver
setting and set the timeout and password protected settings, but not
*specify* a screensaver and allow users to specify their own, although
some testing would probably be in order.

 

HTH,

 

James Winzenz

Infrastructure Engineer - Security

Pulte Homes Information Services

 



From: David Lum [mailto:[EMAIL PROTECTED] 
Posted At: Friday, April 11, 2008 8:07 AM
Posted To: NTSysadmin
Conversation: Password screensaver GPO
Subject: Password screensaver GPO
  

If a workstation has no screensaver set, what happens if you GPO a
screensaver timeout and password protect? Is there a way to specify one
ONLY if the user hasn't already specified one? I'd like to have my user
be able to choose their own screensaver and only specify one if none is
selected. If we specify one in the GPO it forces it for everybody.

 

Anyone? Anyone? Bueller? Bueller?

 

Dave Lum  - Systems Engineer 
[EMAIL PROTECTED] - (971)-222-1025
"When you step on the brakes your life is in your foot's hands" 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: RSAT for Vista (Remote Server Administration Tools)

[James Winzenz]

I particularly like the title bar . . . I didn't know there was an
86-bit Edition of Windows Vista :-)

 

 

 

James Winzenz

Infrastructure Engineer - Security

Pulte Homes Information Services

 



From: Christopher M. Nicholson [mailto:[EMAIL PROTECTED] 
Posted At: Tuesday, March 25, 2008 7:53 PM
Posted To: NTSysadmin
Conversation: RSAT for Vista (Remote Server Administration Tools)
Subject: RSAT for Vista (Remote Server Administration Tools)
  

Thought some of you out there might be interested to know that RSAT is
now available from M$.

 

Here's the link:

 

http://www.microsoft.com/downloads/details.aspx?FamilyID=9ff6e897-23ce-4
a36-b7fc-d52065de9960&DisplayLang=en

 

Watch the wrapage!

 

Cheers!

Chris Nicholson

Lead, Infrastructure Sustainment (Wintel)

IT Infrastructure Delivery
SHAW ) Communications
*:  (403) 716-6527

Cell: (403) 470-9816
Fax: (403) 781-4965
* [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> 

ACCOUNTABLEBALANCECUSTOMER FOCUSEDINTEGRITYLOYALTY
POSITIVE, CAN DO ATTITUDETEAM PLAYER

 "There are 10 types of people in the world; those who understand
binary, and those who don't" 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~<>

RE: Rouge Computer

[James Winzenz]

Send it a remote shutdown request? 

 

James Winzenz

Infrastructure Engineer - Security

Pulte Homes Information Services

 



From: James Kerr [mailto:[EMAIL PROTECTED] 
Posted At: Tuesday, March 25, 2008 1:32 PM
Posted To: NTSysadmin
Conversation: Rouge Computer
Subject: Re: Rouge Computer
  

Tried ping -a but it didn't reveal anything. I didn't see anything in
DNS for that IP. The dhcp database did reveal a MAC address at least but
I'm not sure what I can do with that though.

- Original Message - 

From: Michael Ross <mailto:[EMAIL PROTECTED]>  

To: NT System Admin Issues
<mailto:ntsysadmin@lyris.sunbelt-software.com>  

Sent: Tuesday, March 25, 2008 4:25 PM

Subject: RE: Rouge Computer

 

Ping -a?

Look in the dhcp database?

See if it registerd in WINS or DNS?

 

From: John Cook [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, March 25, 2008 2:56 PM
To: NT System Admin Issues
Subject: RE: Rouge Computer

 

Angry IP scanner?

 

John W. Cook

System Administrator

Partnership For Strong Families

315 SE 2nd Ave

Gainesville, Fl 32601

Office (352) 393-2741 x320

Cell (352) 215-6944

Fax (352) 393-2746

MCSE, MCTS, MCP+I,CompTIA A+, N+

 

From: James Kerr [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, March 25, 2008 3:52 PM
To: NT System Admin Issues
Subject: Rouge Computer

 

I believe I have a PC at one of our branch offices that is
plugged into our LAN that doesnt belong to our company. It has got an IP
address from our DHCP server. I was trying to see if I could at least
get the computers name so I could try to figure out who it is. We dont
have managed switches at that location :(

 

Anyone have any tips?

 

James 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: Termination Process

[James Winzenz]

Since we have a whole slew of applications, some externally facing, our
termination process is quite convoluted.  In a nutshell:

 

1st day (day of termination)

1.  Disable and rename account, hide from address books, remove
dialin/VPN access
2.  remove from all distribution lists
3.  delete blackberry account, if applicable
4.  remove access to all externally facing applications that do not
use AD authentication, also remove access to any financial applications

3rd business day after termination

1.  grant supervisor access to home directory
2.  grant access to mailbox, if requested, for a period of 30 days
(no exceptions)
3.  remove access to any other internal applications

Final delete - 10 business days after termination, unless mailbox access
has been granted

1.  delete AD and postini account

 

We do not archive the mailbox to pst.  In addition, our field techs have
a process they follow to wipe and reimage the hard drive of the
terminated employee within 30 days of termination, and before
redeploying the computer to another employee.

 

We literally have a 30-page process document dealing with terminations.
Our market HR representatives are trained on requesting terminations,
and know that their requests are subject to audit.

 

James Winzenz

Infrastructure Engineer - Security

Pulte Homes Information Services

 



From: Roger Wright [mailto:[EMAIL PROTECTED] 
Posted At: Tuesday, March 25, 2008 7:35 AM
Posted To: NTSysadmin
Conversation: Termination Process
Subject: Termination Process
  

Do any of you have a process you can share for IT responsibilities when
employees are terminated?  I.E., disabling the account, archiving  PST
and Document files, removing account from DLs, etc.?

 

Roger Wright

Network Administrator

727.572.7076  x388



The only problem with seeing too much is that it makes you insane.
--Phaedrus 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~<>

RE: Windows Auditing... What do you audit?

[James Winzenz]

I second the windows 2003 security guide as giving you a good baseline
for security auditing.  Here are some other good links:

 

http://technet2.microsoft.com/WindowsServer/en/Library/5658fae8-985f-48c
c-b1bf-bd47dc2109161033.mspx?pf=true

 

http://www.windowsecurity.com/articles/Windows-Active-Directory-Auditing
.html

 

http://www.microsoft.com/technet/security/guidance/serversecurity/tcg/tc
gch03n.mspx

 

As Z said, what you audit for depends on your needs, but these should be
some good resources to help you determine what you want to do.  On top
of that, if you can swing it, I would highly recommend a centralized log
management solution, free or otherwise, to collect your event logs into
one location.  Makes it much easier for analysis and correlation.

 

James Winzenz

Infrastructure Engineer - Security

Pulte Homes Information Services

 



From: Ziots, Edward [mailto:[EMAIL PROTECTED] 
Posted At: Wednesday, March 12, 2008 12:45 PM
Posted To: NTSysadmin
Conversation: Windows Auditing... What do you audit?
Subject: RE: Windows Auditing... What do you audit?
Importance: High
  

Depends on what you need to audit, for compliance or otherwise. 

 

Usually a good rule of thumb is the following: 

 

1)Account Login ( Success and Failure) ( The downsize is that
the noise from the success audits is going to fill the audit log quick
if you don't have a way to archive it. ) ( also can use auditusr to only
audit certain users reguardless of success auditing being turned on. (
Win2k3 only)

2)   Account Management ( success and failure) ( domain accounts and
local accounts if you are using them) 

3)   Audit Directory Service access ( success and failure)

4)   Login access (Failure) ( Might want to do both success and
failure at server level, again you are going to get a lot of audit
entries with success turned on)

5)   Audit policy change ( success and failure)

6)   Audit Privilege Use ( Failure only) (If you turn on success
your audit log with basically fill up and quick)

7)   Audit Process tracking ( None) ( Failure if you really want to
see information about processes, buty it will fill up quicker if you
turn it on and definitely success will overflow it) 

8)   Audit System Events ( Success and Failure) 

 

Also look into Windows 2003 Security Guide they have good guidelines
about baseline auditing. 

 

I can send you a home-grown auditing documentation guide offline, just
email me... I am sure it will be a valuable resource. 

 

Z

 

Edward E. Ziots

Network Engineer

Lifespan Organization

MCSE,MCSA,MCP,Security+,Network+,CCA

Phone: 401-639-3505

-Original Message-
From: Matthew W. Ross [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, March 12, 2008 3:13 PM
To: NT System Admin Issues
Subject: Windows Auditing... What do you audit?

 

Hey List.

I'm learning about Windows auditing. As I read up on the subject, I'm
curios what most of you guys are auditing...

Login attempts? Failures?
File access attempts for all users?
Do you log only on the servers, or workstations as well?
How big do you make your security event log?
Is there a bunch of "noise" in the log from various cache files?

Thanks for the info.

--Matt Ross 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: IT Salary Survey (Cost of living)

[James Winzenz]

Yeah, or tell the investors to stop speculating with oil, now that they
have gone and destroyed the housing market!  There is actually plenty of
supply - it does not support the current price of oil.  Not that I
disagree about the need to use less . . . $3.02 here in Phoenix area
(Mesa, actually).

 

James Winzenz

Infrastructure Engineer - Security

Pulte Homes Information Services

 



From: David Mazzaccaro [mailto:[EMAIL PROTECTED] 
Posted At: Monday, March 10, 2008 1:19 PM
Posted To: NTSysadmin
Conversation: IT Salary Survey (Cost of living)
Subject: RE: IT Salary Survey (Cost of living)
  

The only way to bring it down is to use less!

 

 



From: Joe Heaton [mailto:[EMAIL PROTECTED] 
Sent: Monday, March 10, 2008 4:17 PM
To: NT System Admin Issues
Subject: RE: IT Salary Survey (Cost of living)

 

I wish it was that low here.  Sacramento, CA :  $3.44 over the weekend
at the local Arco station (BP gasoline company)

 

Joe Heaton

 

 



From: David Mazzaccaro [mailto:[EMAIL PROTECTED] 
Sent: Monday, March 10, 2008 12:52 PM
To: NT System Admin Issues
Subject: RE: IT Salary Survey (Cost of living)

$3.29 here (Connecticut)

D

 



From: Ziots, Edward [mailto:[EMAIL PROTECTED] 
Sent: Monday, March 10, 2008 3:08 PM
To: NT System Admin Issues
Subject: RE: IT Salary Survey (Cost of living)

 

Its 3.24 here. 

 

Z

 

Edward E. Ziots

Netwok Engineer

Lifespan Organization

MCSE,MCSA,MCP,Security+,Network+,CCA

Phone: 401-639-3505

-Original Message-
From: Scot Parsons [mailto:[EMAIL PROTECTED] 
Sent: Monday, March 10, 2008 1:27 PM
To: NT System Admin Issues
Subject: RE: IT Salary Survey (Cost of living)

 

Gasoline here in SC is about $3.10/gallon. 

 

From: Ziots, Edward [mailto:[EMAIL PROTECTED] 
Sent: Monday, March 10, 2008 1:15 PM
To: NT System Admin Issues
Subject: RE: IT Salary Survey (Cost of living)

 

New England Area, 

 

3Bed, 2Bath, 2K SQ feet is about 300K-350K, taxes 5K a year, in good
neighborhoods. 

 

Cost of living is high in NE Area.  

 

Z

 

Edward E. Ziots

Netwok Engineer

Lifespan Organization

MCSE,MCSA,MCP,Security+,Network+,CCA

Phone: 401-639-3505

-Original Message-
From: David Lum [mailto:[EMAIL PROTECTED] 
Sent: Monday, March 10, 2008 11:54 AM
To: NT System Admin Issues
Subject: RE: IT Salary Survey (Cost of living)

 

Portland, OR area. Very modest 1500sq ft house built in 1969 (modernized
however) paid about $225K three years ago. Property tax is in the
$2K/year range. No sales tax on products or cars (we pay state income
tax though). Portland metro house prices have gone crazy in the last 10
years (we blame Kalifornians :-)). Nine years ago a similar house we
paid $130K. There are areas you can get similar houses for $160-ish, but
you're either in a bad part of town, adding 30 minutes to your commute,
or both. *Extremely* diligent looking can still snag you a good deal at
a good place, but you have to be very quick and a little lucky. Finding
a foreclosure wouldn't hurt, either.

 

Dave

 

From: Scot Parsons [mailto:[EMAIL PROTECTED] 
Sent: Monday, March 10, 2008 8:37 AM
To: NT System Admin Issues
Subject: RE: IT Salary Survey

 

I'm in SC...state employee. Make about $52K. Have had offers in the
$70s, but would have to work longer hours and travel some. At this point
I prefer to spend time with my sons. My benefits are better than I would
find elsewhere. I get 5 weeks paid vacation, 3 weeks paid sick leave,
holidays, and a retirement plan. My share of my health insurance is
$90/month. 

 

I'm curious about the cost of living/housing in various places. I live
in a 2500 sq. ft. brick house with a pool. It last appraised at about
$200K...county property tax $1200/year. My wife just bought a 2008
Toyota Corolla for about $16K...county property tax this year was $350.
I don't live in the city limits, so no city taxes. Sales tax 5-8 percent
depending on what you're buying...car sales tax maximum $300. 

 

From: David Lum [mailto:[EMAIL PROTECTED] 
Sent: Monday, March 10, 2008 9:46 AM
To: NT System Admin Issues
Subject: RE: IT Salary Survey

 

Amazed how many people stated their salary ranges, I love it. High
school, no college, CNA (Novell 4.x)13 years ago but no certs. 13 years
experience (unless you count playing with PC's as a hobby before that
from 1988-ish).

In 1996 I started at a division with 37 users and one Novell 3.12 server
and $23K/yr

1997 I broke $30K/yr

I think around 2002 I broke $50K/yr

Currently comfortably over $60k, but not quite as much as EZ. Changed
jobs last year from CSC to the non-profit I'm at, salary did not change.

 

That's my day job - my own side biz  I bill $75/hr which, if you do the
math and I did 40hrs/week would be $156K/yr. Some things in life (like
low stress) are more important than money, so I let my day job pay for
health 

RE: Google/Dell rant

[James Winzenz]

Dell also works with enterprise customers to put custom images on the
workstations - I believe this is what we do with Dell for all of our
desktops/laptops.

 

James Winzenz

Infrastructure Engineer - Security

Pulte Homes Information Services

 



From: Sean Houston [mailto:[EMAIL PROTECTED] 
Posted At: Thursday, March 06, 2008 11:07 AM
Posted To: NTSysadmin
Conversation: Google/Dell rant
Subject: Re: Google/Dell rant 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: Security log question

[James Winzenz]

Depends on your audit policy.  You would need to have audit account
logon events and maybe also audit logon events enabled (at least for
success) in your default computer policy (which would apply to all
non-Domain Controllers in your domain.  Check your default computer
policy (or whatever you use in its place) for the audit policy settings.
It is in the following section:  

Computer Configuration\Windows Settings\Security Settings\Local
Policies/Audit Policies section.

If it is not currently enabled, highly recommended that you take a look
at your audit policy and make changes.

Thanks,

James Winzenz
Infrastructure Engineer - Security
Pulte Homes Information Services


-Original Message-
From: Joe Heaton [mailto:[EMAIL PROTECTED] 
Posted At: Wednesday, March 05, 2008 11:24 AM
Posted To: NTSysadmin
Conversation: Security log question
Subject: RE: Security log question

Hmm, is that something I need to tell my machine to log?  Looking at my
own machine, which I turn off each night, I don't see any 528 entries. 


Joe Heaton

-Original Message-
From: James Winzenz [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, March 05, 2008 10:12 AM
To: NT System Admin Issues
Subject: RE: Security log question

I think really the best method is to look at the security logs for the
machine in question.  Look for Event ID 528 on the workstation, with a
logon type of 7 (indicates the workstation was unlocked).  Especially if
the user left his machine on all night, it will periodically generate
account logon events on the domain controller throughout the night, so
the DC logs won't really tell you what is going on here.  If the user
logs off his computer and logs back in the next day, you would look for
a logon type of 2 for interactive login.

James Winzenz
Infrastructure Engineer - Security
Pulte Homes Information Services


-Original Message-
From: Ben Scott [mailto:[EMAIL PROTECTED] Posted At: Wednesday,
March 05, 2008 10:57 AM Posted To: NTSysadmin
Conversation: Security log question
Subject: Re: Security log question

On Wed, Mar 5, 2008 at 12:48 PM, Joe Heaton <[EMAIL PROTECTED]> wrote:
> For instance, there's a handful of entries for one of our developers, 
> all saying Account Login, for today, but he left his machine on all 
> night, and unlocked it this morning, so he hasn't logged into the 
> network at all.

  I believe unlocking a session only generates an Event Viewer entry on
the host being unlocked, not on the DC.  The Event ID is the same as a
regular initial logon, but the text details show a different logon type.
Not very helpful, if you ask me.  The consensus seems to be forward
events from workstations to a central event collection machine, and then
filter there.  I've seen suggestions of DIY solutions using an Event
Log-to-syslog agent and any of the various syslog watching tools, or
commercial products that do it all for you.

-- Ben

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~ 

CONFIDENTIALITY NOTICE:  This email may contain confidential and
privileged material for the sole use of the intended recipient(s).  Any
review, use, distribution or disclosure by others is strictly
prohibited.  If you have received this communication in error, please
notify the sender immediately by email and delete the message and any
file attachments from your computer.  Thank you.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~ 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: Security log question

[James Winzenz]

I think really the best method is to look at the security logs for the
machine in question.  Look for Event ID 528 on the workstation, with a
logon type of 7 (indicates the workstation was unlocked).  Especially if
the user left his machine on all night, it will periodically generate
account logon events on the domain controller throughout the night, so
the DC logs won't really tell you what is going on here.  If the user
logs off his computer and logs back in the next day, you would look for
a logon type of 2 for interactive login.

James Winzenz
Infrastructure Engineer - Security
Pulte Homes Information Services


-Original Message-
From: Ben Scott [mailto:[EMAIL PROTECTED] 
Posted At: Wednesday, March 05, 2008 10:57 AM
Posted To: NTSysadmin
Conversation: Security log question
Subject: Re: Security log question

On Wed, Mar 5, 2008 at 12:48 PM, Joe Heaton <[EMAIL PROTECTED]> wrote:
> For instance, there's a handful of entries for one of our developers,
> all saying Account Login, for today, but he left his machine on
> all night, and unlocked it this morning, so he hasn't logged into
> the network at all.

  I believe unlocking a session only generates an Event Viewer entry
on the host being unlocked, not on the DC.  The Event ID is the same
as a regular initial logon, but the text details show a different
logon type.  Not very helpful, if you ask me.  The consensus seems to
be forward events from workstations to a central event collection
machine, and then filter there.  I've seen suggestions of DIY
solutions using an Event Log-to-syslog agent and any of the various
syslog watching tools, or commercial products that do it all for you.

-- Ben

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~ 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: dns reports

[James Winzenz]

I have used Sam Spade in the past, works pretty well (and is free)

 

http://www.softpedia.com/get/Network-Tools/Network-Tools-Suites/Sam-Spad
e.shtml (link may wrap)

 

James Winzenz

Infrastructure Engineer - Security

Pulte Homes Information Services

 



From: Benjamin Zachary [mailto:[EMAIL PROTECTED] 
Posted At: Monday, March 03, 2008 8:35 PM
Posted To: NTSysadmin
Conversation: dns reports
Subject: RE: dns reports
  

Yeah, well who else can convert 15 servers in a weekend? :-). I thought
you got off cheap I even took naps on the office floor haha

 

I looked at dnsreport/dnsstuff today and they wanted 80 bux for the dns
lookup tool. 40 bux I would pay. I just don't have time to deal with
poking around I just wanted to buy it and forget it already. I think Ill
go buy a product I can install on my box. 

 

Anyone check out packetrap? Looks like a decent util

 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Monday, March 03, 2008 9:54 PM
To: NT System Admin Issues
Subject: RE: dns reports

 

Ben,

 

I thought you had all kinds of time..refer to earlier
post..hehehe..Remind me to negotiate your rate next time you do a
conversion project for me down there

"Funny, on a Sat night when Im in the middle of a project converting 15
boxes to vm's at 100/hr to go point/click, point/click.  Oh yah all from
home"

 

 

From: Benjamin Zachary [mailto:[EMAIL PROTECTED] 
Sent: Monday, March 03, 2008 5:14 PM
To: NT System Admin Issues
Subject: RE: dns reports

 

I found checkdns.net wasn't too bad about 10 mins after I posted it. I
was thinking of getting a tool to do stuff like visual trace route and
such, bah who has  time. 

 



From: Blake R. Fowkes [mailto:[EMAIL PROTECTED] 
Sent: Monday, March 03, 2008 5:01 PM
To: NT System Admin Issues
Subject: RE: dns reports

 

Used this one the other day.

 

http://network-tools.com/

 



From: Benjamin Zachary [mailto:[EMAIL PROTECTED] 
Sent: Monday, March 03, 2008 3:59 PM
To: NT System Admin Issues
Subject: dns reports

Anyone have a site besides dnsreport.com ? they moved their single use
ip lookup tool to pay only which would be fine but they want 80 bux a
year for the professional toolkit. I just need something similar to the
dnsreport's lookup feature . For something I use about once every few
weeks I don't mind paying a little but 80/yr seems a little much. Im
sure there are downloadable toolkits to do the same thing. Like maybe
Sam Spade and stuff?

 

Thx 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: You WILL be assimilated....

[James Winzenz]

That is just creepy . . .

 

James Winzenz

Infrastructure Engineer - Security

Pulte Homes Information Services

 



From: Sherry Abercrombie [mailto:[EMAIL PROTECTED] 
Posted At: Friday, February 22, 2008 7:25 AM
Posted To: NTSysadmin
Conversation: You WILL be assimilated
Subject: OT: You WILL be assimilated 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: software to monitor users login and logoff

[James Winzenz]

I second that - there are a lot of logon events that are not going to be
logged on a DC - locking and unlocking the computer for example.  In
addition, the logon event from the DC does not tell you what computer
they logged on to, plus there are a ton of different scenarios where
authentication is required, resulting in a logon event being recorded on
the DC.  Grabbing the event logs from the computer(s) in question is the
best way to know when a user actually logged on, imho.  BTW, we had to
do this last year for a HR issue involving an employee they did not
think was performing their job.  Event id 528 would be the login, but
within that 528, login type 2 would be the console login, login type 7
would be unlocking the workstation, and login type 11 would be the
cached interactive login where the user logs in with cached credentials
and later authenticates to the DC.

Thanks,

James Winzenz
Infrastructure Engineer - Security
Pulte Homes Information Services


-Original Message-
From: Kurt Buff [mailto:[EMAIL PROTECTED] 
Posted At: Thursday, February 07, 2008 9:56 PM
Posted To: NTSysadmin
Conversation: software to monitor users login and logoff
Subject: Re: software to monitor users login and logoff

On 2/7/08, [EMAIL PROTECTED] <[EMAIL PROTECTED]>
wrote:
> Remember that if you have multiple DC's that the last logon is
> registered on the DC they authenticated to and it doesn't replicate to
> other DC's.  There are scripts out there that will poll all the DC's
and
> give you that info but you have to put it together.

That's why I said: " Actually, you might want to put the Snare client
on the workstations instead."

That way you can capture logon events more directly. Of course, it
means setting auditing for each of the workstations, but that's not
terribly onerous, and the Snare client includes facilities for remote
self-installation. Should be pretty painless, really.

Kurt

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~ 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: Computer pranks (was: Computer Haikus)

[James Winzenz]

My buddy at work has a program that allows you to change the actual
keyboard key values in windows on a remote computer - could really
create havoc if one of the keys you change is one that he uses for his
password . . .

Thanks,

James Winzenz
Infrastructure Engineer - Security
Pulte Homes Information Services


-Original Message-
From: Christopher Boggs [mailto:[EMAIL PROTECTED] 
Posted At: Wednesday, February 06, 2008 10:50 AM
Posted To: NTSysadmin
Conversation: Computer pranks (was: Computer Haikus)
Subject: RE: Computer pranks (was: Computer Haikus)

Change the keyboard layout to another language.

That always pisses them off, especially when they try to type passwords!


-Original Message-
From: Ben Scott [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, February 06, 2008 11:43 AM
To: NT System Admin Issues
Subject: Computer pranks (was: Computer Haikus)

On Feb 6, 2008 12:10 AM,  <[EMAIL PROTECTED]> wrote:
> Okay anyone who has great scripts or practical jokes I can pull off on
his
> computer ...

  Fake desktop: Open a few windows.  Take a screenshot of his entire
Windows screen.  Set that as the desktop background.  Set desktop
icons to hidden.  Unlock the taskbar and resize it to the smallest
size (a few pixels high).  Minimize all his windows.  Now he's got an
image on his screen that looks just like a running computer, but will
be completely unresponsive.

  Change his region/language settings so dates are backwards (DD/MM vs
MM/DD).

  Set his mouse acceleration and/or double-click speed to insanely
high or low values.

  Rename the "My Computer" icon to "Recycle Bin", and vice versa.
Change the icons, too, if you have program to do that.

  Rename various desktop icons in subtle ways.  For example, "Network"
to "Netwrok".  See how long it takes for him to notice.

  Set the sound properties to make rude sounds on window resize, new
mail, etc.

  Under Internet Properties, change the settings to disable
everything.  No images, no downloads, no colors.  Security,
accessibility, and advanced settings all play to this.

-- Ben

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~ 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: Question on Account Management in AD

[James Winzenz]

Seems like that level of auditing should do the trick - you just need it
enabled on your domain controllers.  Default domain policy would set it
on all computer in your domain (not necessarily a bad thing, but not
necessary in this case).  Filter for event ID 627 or 628 in your
security logs for your domain controllers.

 

James Winzenz

Infrastructure Engineer - Security

Pulte Homes Information Services

 



From: Ziots, Edward [mailto:[EMAIL PROTECTED] 
Posted At: Friday, February 01, 2008 11:07 AM
Posted To: NTSysadmin
Conversation: Question on Account Management in AD
Subject: Question on Account Management in AD
Importance: High
  

 

Folks, 

 

I have been asked to try and find who changed a password to a user
account in AD. 

 

At the Domain Controllers Policy Level ( Account Management is Success
and Failure) 

 

When I look at the accounts the auditing is for success and failure. 

 

Do I also need to enable this at the Default Domain Policy *( I don't
think I do, but just need a quick sanity check) 

 

Z

 

Edward E. Ziots

Netwok Engineer

Lifespan Organization

MCSE,MCSA,MCP,Security+,Network+,CCA

Phone: 401-639-3505 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: Tracking user logins

[James Winzenz]

The problem I have seen is that the DC security logs do not show which
workstation someone authenticated from.  You should be able to find out
when user x authenticated from the security logs (depending on your
event log size as well as how fast logs are overwritten).  You can use
the filter view for the specific username IF said user actually logged
onto and authenticated to your network.  If someone decided to bring in
a personal computer and just plugged in, well, that's a different story.
How many computers at the remote site?  Any chance of pulling a copy of
their event logs and looking at them?  Interactive logons are only
logged on the machine that was logged on to, AFAIK.  There are lots of
options here, this is just a start.

 

James Winzenz

Infrastructure Engineer - Security

Pulte Homes Information Services

 



From: Joe Heaton [mailto:[EMAIL PROTECTED] 
Posted At: Friday, February 01, 2008 9:44 AM
Posted To: NTSysadmin
Conversation: Tracking user logins
Subject: Tracking user logins
  

 

I would like to be able to see when User X logged into the network.  I'd
also like to see on Date Y, who logged into the network, and at what
time.

 

Here's what I'm looking at:

 

I get automated router bandwidth reports from our ISP on a monthly
basis.  At one of our remote sites, there is a huge inbound traffic
spike on a couple of weekend days.  We don't work on the weekend, so I'd
like to try to figure out where these spikes came from.  I've looked at
the Security log on my DC, but that's about as helpful as, well I'm
Shook could come up with a funny line there... anyway, does the Security
log track the information I'm looking for, and if so, how can I actually
get to it?

 

Joe Heaton

AISA

Employment Training Panel

1100 J Street, 4th Floor

Sacramento, CA  95814

(916) 327-5276

[EMAIL PROTECTED] 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: Corporate CD/DVD writing solution

[James Winzenz]

CDBurner XP Pro 3 here as well.

Works great.  Is free, burns both CD's and DVD's and is faster, from my
observations, than Roxio and Nero, and you don't get all that bloatware
that is completely unnecessary when all you need to do is burn
CD's/DVD's.

James Winzenz
Infrastructure Engineer - Security
Pulte Homes Information Services


-Original Message-
From: Gary [mailto:[EMAIL PROTECTED] 
Posted At: Thursday, January 31, 2008 8:47 AM
Posted To: NTSysadmin
Conversation: Corporate CD/DVD writing solution
Subject: Corporate CD/DVD writing solution

Currently looking to change an old version of Roxio. Seems that Easy
Media Creator 10 and Nero 8 are very bloated with links to MySpace,
YouTube etc. and tools for editing audio and video unless you customise
the install.

I have briefly looked into cd burner xp, cool cd burner, cheetah and
others but I'm concerned regarding licencing and support.

Just want to find out what other people have for users to create CD/DVDs
and their thoughts?

Gary
~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~ 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~