RE: Remote Control PC Software
Join.me crashes, reproducibly, in my environment with win7x64. PASS. From: Cameron [mailto:cameron.orl...@gmail.com] Sent: Tuesday, September 28, 2010 9:59 AM To: NT System Admin Issues Subject: Re: Remote Control PC Software YES!! Thanks Richard! It was https://join.me https://join.me/ that I was trying to remember! Cheers! Cameron On Tue, Sep 28, 2010 at 9:42 AM, Richard Stovall rich...@gmail.com wrote: https://join.me https://join.me/ ? On Tue, Sep 28, 2010 at 9:41 AM, Cameron cameron.orl...@gmail.com wrote: Good morning all! I recall a while back that there was a discussion about remote control software (free ones) and there was one that I tried and liked (for accessing my sisters PC across the internet) and now I can't remember what the heck it was called. I've checked ShowMyPC and LogMeIn but neither of those are the one I'm thinking of. Apparently I need more coffee! TIA Cameron ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: VNC for Windows 7?
I use UltraVNC, but my biggest complaint is lack of IPv6 support. If anyone knows of a truly free VNC type system that supports IPv6 that wou;ld be great. Someone mentioned Teamviewer. Unless you pay for it, you cannot use it for commercial use. I recommend it for personal use, and it works really well. From: Todd Lemmiksoo [mailto:tlemmik...@all-mode.com] Sent: Monday, September 27, 2010 2:12 PM To: NT System Admin Issues Subject: RE: VNC for Windows 7? Still using UltraVNC on Win7 and XP. From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com] Sent: Monday, September 27, 2010 12:08 PM To: NT System Admin Issues Subject: VNC for Windows 7? I am curious - what VNC (or other remote desktop utilities) do you guys like for Win7 machines? . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: VNC for Windows 7?
A suggestion by someone who doesn't do end user support all day.. =) From: Don Guyer [mailto:don.gu...@prufoxroach.com] Sent: Monday, September 27, 2010 3:00 PM To: NT System Admin Issues Subject: RE: VNC for Windows 7? What about plain ole' RDP? Unless you need it to be interactive while the user is still logged on as themselves. GPO it and you're all set. Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com From: Jason Gauthier [mailto:jgauth...@lastar.com] Sent: Monday, September 27, 2010 2:58 PM To: NT System Admin Issues Subject: RE: VNC for Windows 7? I use UltraVNC, but my biggest complaint is lack of IPv6 support. If anyone knows of a truly free VNC type system that supports IPv6 that wou;ld be great. Someone mentioned Teamviewer. Unless you pay for it, you cannot use it for commercial use. I recommend it for personal use, and it works really well. From: Todd Lemmiksoo [mailto:tlemmik...@all-mode.com] Sent: Monday, September 27, 2010 2:12 PM To: NT System Admin Issues Subject: RE: VNC for Windows 7? Still using UltraVNC on Win7 and XP. From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com] Sent: Monday, September 27, 2010 12:08 PM To: NT System Admin Issues Subject: VNC for Windows 7? I am curious - what VNC (or other remote desktop utilities) do you guys like for Win7 machines? . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: VNC for Windows 7?
Doesn't RA require someone to initiate the assistance? That doesn't work for working on someone's computer during their scheduled lunch time, or when they're at a meeting. From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Monday, September 27, 2010 4:01 PM To: NT System Admin Issues Subject: Re: VNC for Windows 7? Isn't that what RemoteAssistance is for? On Mon, Sep 27, 2010 at 3:46 PM, Jason Gauthier jgauth...@lastar.com wrote: A suggestion by someone who doesn't do end user support all day.. =) From: Don Guyer [mailto:don.gu...@prufoxroach.com] Sent: Monday, September 27, 2010 3:00 PM To: NT System Admin Issues Subject: RE: VNC for Windows 7? What about plain ole' RDP? Unless you need it to be interactive while the user is still logged on as themselves. GPO it and you're all set. Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com From: Jason Gauthier [mailto:jgauth...@lastar.com] Sent: Monday, September 27, 2010 2:58 PM To: NT System Admin Issues Subject: RE: VNC for Windows 7? I use UltraVNC, but my biggest complaint is lack of IPv6 support. If anyone knows of a truly free VNC type system that supports IPv6 that wou;ld be great. Someone mentioned Teamviewer. Unless you pay for it, you cannot use it for commercial use. I recommend it for personal use, and it works really well. From: Todd Lemmiksoo [mailto:tlemmik...@all-mode.com] Sent: Monday, September 27, 2010 2:12 PM To: NT System Admin Issues Subject: RE: VNC for Windows 7? Still using UltraVNC on Win7 and XP. From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com] Sent: Monday, September 27, 2010 12:08 PM To: NT System Admin Issues Subject: VNC for Windows 7? I am curious - what VNC (or other remote desktop utilities) do you guys like for Win7 machines? . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Cheap/Free POP3/SMTP Server?
I love the sense of humor. From: Doug Hampshire [mailto:dhampsh...@gmail.com] Sent: Tuesday, September 21, 2010 9:41 AM To: NT System Admin Issues Subject: Re: Cheap/Free POP3/SMTP Server? Do any of these solutions have an option to insert excessively large eMails signatures into them automatically? I'm still looking for a solution that will attach a Flash based video to every eMail we send. On Mon, Sep 20, 2010 at 12:32 PM, John Aldrich jaldr...@blueridgecarpet.com wrote: How about HotPop.com? Or Google? Google will host your domain emails for you, I believe. Also, SpamCop.Net (webmail.spamcop.net) will host your email for about $25/year/mailbox, I think... including spam / virus filtering and spam reporting, if you like. From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] Sent: Monday, September 20, 2010 11:04 AM To: NT System Admin Issues Subject: Cheap/Free POP3/SMTP Server? We have a few dozen domains that are non-critical that I don't want to host on our internal Exchange system (mostly political some technical reasons i.e. I don't want some of the users anywhere near my LAN). Most of them only have the need for abuse@ and postmaster@ to be configured, but a few of the domains have some aliases setup and a couple of them have some POP3 mailboxes. I've tried hmailserver and mailenable on one of our DMZ boxes and each does the job whilst each has its quirks (I'm leaning towards hmailserver right now). Any suggestions on anything else that is cheap/free and easy to configure? MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadminimage001.jpgimage002.jpg
RE: Cheap/Free POP3/SMTP Server?
Xmail: http://www.xmailserver.org/ hmailServer http://www.hmailserver.com/ -Original Message- From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] Sent: Monday, September 20, 2010 12:13 PM To: NT System Admin Issues Subject: RE: Cheap/Free POP3/SMTP Server? Thanks Ben and sorry, I should have been more detailed in my post - right now we manage these on a CentOS/Postfix box, which works great but we have little to no combination of linux/postfix/general smtp/pop3 knowledge in our company beyond me, so if I'm not about, whilst it shouldn't need any messing with, we're kind of stuck if it does whereas most people could probably fumble their way around hmail/mailenable once logged into the server it's running on. Paul -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: 20 September 2010 16:08 To: NT System Admin Issues Subject: Re: Cheap/Free POP3/SMTP Server? On Mon, Sep 20, 2010 at 11:03 AM, Paul Hutchings paul.hutchi...@mira.co.uk wrote: Any suggestions on anything else that is cheap/free and easy to configure? Linux? :) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Trouble with Windows firewall
All, I'm troubleshooting a problem with Windows Firewall. In short, a client connected via DirectAccess is not able to ping a client on the inside running Windows Firewall configured via GPO. The GPO is actually deployed on both clients. I'll try to be brief, but specific. The settings are wide open for domain and private. Public blocks unknown. DA clients are considered public as far as I can tell, and internal hosts are considered public to DA clients. I've created an entry that allows ICMPv6 echo on all profiles for all networks. This is required for Teredo. Additionally, I've created an anything is allowed on all profiles if it comes from the following addresses: *192.168.0.0/16 *10.0.0.0/8 * 2001::/32 * 2002::/16 * internal IPv6 ranges However, when my DA client pings an internal host, I receive this: 2010-08-30 09:31:08 DROP ICMP 2001:0:4081:7510:84d:2fda:bf7e:8aec fdd2:b9ae:1ccf:feca:49b3:67d3:4726:2ad1 - - 80 - - - - 128 0 - RECEIVE 2010-08-30 09:31:08 ALLOW ICMP 2001:0:4081:7510:84d:2fda:bf7e:8aec fdd2:b9ae:1ccf:feca:49b3:67d3:4726:2ad1 - - 0 - - - - 128 0 - RECEIVE 2010-08-30 09:31:13 DROP ICMP 2001:0:4081:7510:84d:2fda:bf7e:8aec fdd2:b9ae:1ccf:feca:49b3:67d3:4726:2ad1 - - 80 - - - - 128 0 - RECEIVE When my internal client pings the DA client I get responses. However, every 10 (or so) there are 1-2 packets drops. 2010-08-30 09:48:25 ALLOW ICMP 2001:0:4081:7510:4a2:3d4f:bf7e:8a26 2001:0:4081:7510:84d:2fda:bf7e:8aec - - 0 - - - - 135 0 - SEND 2010-08-30 09:48:25 ALLOW ICMP 2001:0:4081:7510:4a2:3d4f:bf7e:8a26 2001:0:4081:7510:84d:2fda:bf7e:8aec - - 0 - - - - 128 0 - SEND 2010-08-30 09:48:26 ALLOW ICMP 2001:0:4081:7510:4a2:3d4f:bf7e:8a26 2001:0:4081:7510:84d:2fda:bf7e:8aec - - 0 - - - - 128 0 - SEND 2010-08-30 09:48:27 ALLOW ICMP 2001:0:4081:7510:4a2:3d4f:bf7e:8a26 2001:0:4081:7510:84d:2fda:bf7e:8aec - - 0 - - - - 128 0 - SEND 2010-08-30 09:48:28 ALLOW ICMP 2001:0:4081:7510:4a2:3d4f:bf7e:8a26 2001:0:4081:7510:84d:2fda:bf7e:8aec - - 0 - - - - 128 0 - SEND 2010-08-30 09:48:29 ALLOW ICMP 2001:0:4081:7510:4a2:3d4f:bf7e:8a26 2001:0:4081:7510:84d:2fda:bf7e:8aec - - 0 - - - - 128 0 - SEND 2010-08-30 09:48:30 DROP ICMP 2001:0:4081:7510:84d:2fda:bf7e:8aec 2001:0:4081:7510:4a2:3d4f:bf7e:8a26 - - 80 - - - - 135 0 - RECEIVE 2010-08-30 09:48:30 ALLOW ICMP 2001:0:4081:7510:4a2:3d4f:bf7e:8a26 2001:0:4081:7510:84d:2fda:bf7e:8aec - - 0 - - - - 128 0 - SEND 2010-08-30 09:48:31 ALLOW ICMP 2001:0:4081:7510:4a2:3d4f:bf7e:8a26 2001:0:4081:7510:84d:2fda:bf7e:8aec - - 0 - - - - 128 0 - SEND What is curious, is that it looks like it's using the Teredo interface on my local machine when I ping the DA client. Considering I've allowed these network addresses on all profiles, I'm confused why there are any drops at all. Any suggestions on what is happening would be appreciated. Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- You are currently subscribed to ntsysadmin as: arch...@mail-archive.com. To unsubscribe click here: http://lyris.sunbelt-software.com/u?id=8142875.a9cf90b99baa17cb4fcf8293a59eb3b1n=Tl=ntsysadmino=9079313 or send a blank email to leave-9079313-8142875.a9cf90b99baa17cb4fcf8293a59eb...@lyris.sunbelt-software.com
RE: Anyone Using Nagios?
I use both Nagios and Cacti. The only area about Nagios that I would like more is trap management. Currently, you need to implement that process yourself and glue it together. I like Nagois. Over the years, (I've used it for half a dozen years - maybe more), I've looked at other software. Nothing beats the price/functionality/ease of use combination. From: Robert Jackson [mailto:r...@walkermartyn.co.uk] Sent: Thursday, August 05, 2010 2:00 AM To: NT System Admin Issues Subject: Anyone Using Nagios? I'm looking at setting up a Solaris 10 (x86) Nagios server. The purpose is to monitoring server, services and networking information. My problem is I can't decide on a graphing solution that will allow me to view trending information. Anyone have any ideas for the best graphing solution for Nagios? TIA. The information in this internet E-mail is confidential and is intended solely for the addressee. Access, copying or re-use of information in it by anyone else is unauthorised. Any views or opinions presented are solely those of the author and do not necessarily represent those of Walker Martyn Ltd or any of its affiliates. If you are not the intended recipient please contact administra...@walkermartyn.co.uk. Walker Martyn Ltd, company number SC197533. Company is registered in Scotland and has its registered office at 1 Park Circus Place, Glasgow G3 6AH, UK. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Anyone using Forefront UAG and Direct Access
A few question on this topic: Applications that don't work across a DirectAccess link are those which won't work over IPv6. The first one I came across was the Communicator IM client. I think VoIP apps that rely on the SIP protocol fall in to this category as well. Are you using ForeFront UAG? My understanding what that the NAT64/DNS64 and Forefront UAG product complimented this so that you could access IPv4 only systems. In reviewing my email with Tom Shinder, over at the DA team, he mentions that an IPv6 only network can be used with only DA. However, IPv4 resources need the UAG to be reachable. This doesn't specifically contradict what you are saying, but I'd say it's doable. Also, internal applications that you access by IP address only will be a problem. This is because DirectAccess makes it routing decisions based on name resolution, not IP destination. Say your corporate network is using the 10.x.x.x IPv4 address space and a domain name of internal.mycorp.com. DNS works by IP. How can you reach the DNS servers if what you are saying above is true? Thanks! Jason -Original Message- From: Malcolm Reitz [mailto:malcolm.re...@live.com] Sent: Monday, July 26, 2010 10:13 AM To: NT System Admin Issues Subject: RE: Anyone using Forefront UAG and Direct Access Smart cards are optional for DirectAccess, not required. What I was trying (poorly) to say was that Microsoft's internal implementation of DirectAccess is set up to require smart card authentication (e.g. MSFT employees must use smart cards). Our DirectAccess implementation currently does not require the users to have a smart card. Smart cards (we use .NET cards - Gemalto is the major vendor in the market) are a quite useful security tool, but they require a distribution/maintenance infrastructure that complicates their use. Applications that don't work across a DirectAccess link are those which won't work over IPv6. The first one I came across was the Communicator IM client. I think VoIP apps that rely on the SIP protocol fall in to this category as well. Also, internal applications that you access by IP address only will be a problem. This is because DirectAccess makes it routing decisions based on name resolution, not IP destination. Say your corporate network is using the 10.x.x.x IPv4 address space and a domain name of internal.mycorp.com. You can tell DirectAccess to send all traffic to *.internal.mycorp.com over the tunnel to your corporate network, but you can't tell it to route all traffic to any 10.x.x.x address across the tunnel. The only way around this is to force all communications across the tunnel (that is, disable split-tunneling). Unfortunately, this has performance implications, as it makes DirectAccess use a less-efficient protocol and increases the load on the DirectAccess servers, not to mention it sends all Internet-bound traffic from the client the long way through the corporate network and out the corporate Internet connection. Hope that makes sense... -Malcolm -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, July 23, 2010 17:43 To: NT System Admin Issues Subject: Re: Anyone using Forefront UAG and Direct Access O... Actual field experience! Did not know about the smart card requirement. That's good to know. What smart card technology are you using, if you can say? What kind of apps have you run into that don't play nice with it? Kurt On Fri, Jul 23, 2010 at 13:29, Malcolm Reitz malcolm.re...@live.com wrote: I won’t say DirectAccess is just another VPN, because it isn’t, but it is a VPN technology with pretty robust security. It isn’t an easy setup, as it requires working with IPv6 and certificates, however, once it is running, it is really slick in operation. Just connecting your laptop to the Internet and being instantly able to map corporate file shares and open intranet web apps or RDP sessions is great. Downsides to it are that not everything works with it, as not everything plays nice with IPv6, and the hardware requirements are more significant than for a traditional IPsec VPN. It also only works with Windows 7 clients. Microsoft has enhanced security on their DirectAccess implementation by requiring their people to use smart cards for DirectAccess authentication. We may do that as well. I can say that everyone using my DirectAccess POC setup is liking it so far. Because of its “always on” nature, I think it will be a great boon to our management of remote computers (they always be connected for patching, AV updates, inventory, etc.). -Malcolm From: Brumbaugh, Luke [mailto:luke.brumba...@butlerschein.com] Sent: Friday, July 23, 2010 14:51 To: NT System Admin Issues Subject: Anyone using Forefront UAG and Direct Access Thoughts? Is it a big security hole? Luke L. Brumbaugh Network Engineer Butler Animal Health Supply Ph:(614) 659-1736
RE: Anyone using Forefront UAG and Direct Access
Awesome! Great information and thanks for the elaboration. Are you using Forefront TMG? I'm kind of irked right now about the fact I can't get IPv6 traffic to flow through it. It doesn't even allow me to put IPv6 addresses on the Internal/Trusted network. -Original Message- From: Malcolm Reitz [mailto:malcolm.re...@live.com] Sent: Tuesday, July 27, 2010 11:02 AM To: NT System Admin Issues Subject: RE: Anyone using Forefront UAG and Direct Access First - There's more to it than just translating IPv4 addresses to IPv6 and back. Let me rephrase my statement and see if this works any better: Applications that depend on protocols implementations (such as the version of SIP used in MS Communicator) which don't work over IPv6 will not work over DirectAccess. In this case, you could have a completely IPv6-only local area network, with no DirectAccess involved, and Communicator will still not work. Second - DirectAccess clients are supplied with a Name Resolution Policy Table. In the NRPT, you tell the client if you are looking to resolve an *.internal.mycorp.com name, use these (internal) DNS servers and, by extension, route the traffic to that address across the secure intranet tunnel. So, by supplying the client with an name, you've given DirectAccess the information it needs to determine if the destination desired is through the intranet tunnel or to the outside world. If you only supply your client with an IP address, the lack of a name to resolve means the NRPT isn't consulted and DirectAccess assumes the destination to be in the outside world. The Cable Guy blog on TechNet has a lot of good discussion on these topics and DirectAccess in general. http://technet.microsoft.com/en-us/library/ff576611.aspx -Malcolm -Original Message- From: Jason Gauthier [mailto:jgauth...@lastar.com] Sent: Tuesday, July 27, 2010 07:58 To: NT System Admin Issues Subject: RE: Anyone using Forefront UAG and Direct Access A few question on this topic: Applications that don't work across a DirectAccess link are those which won't work over IPv6. The first one I came across was the Communicator IM client. I think VoIP apps that rely on the SIP protocol fall in to this category as well. Are you using ForeFront UAG? My understanding what that the NAT64/DNS64 and Forefront UAG product complimented this so that you could access IPv4 only systems. In reviewing my email with Tom Shinder, over at the DA team, he mentions that an IPv6 only network can be used with only DA. However, IPv4 resources need the UAG to be reachable. This doesn't specifically contradict what you are saying, but I'd say it's doable. Also, internal applications that you access by IP address only will be a problem. This is because DirectAccess makes it routing decisions based on name resolution, not IP destination. Say your corporate network is using the 10.x.x.x IPv4 address space and a domain name of internal.mycorp.com. DNS works by IP. How can you reach the DNS servers if what you are saying above is true? Thanks! Jason -Original Message- From: Malcolm Reitz [mailto:malcolm.re...@live.com] Sent: Monday, July 26, 2010 10:13 AM To: NT System Admin Issues Subject: RE: Anyone using Forefront UAG and Direct Access Smart cards are optional for DirectAccess, not required. What I was trying (poorly) to say was that Microsoft's internal implementation of DirectAccess is set up to require smart card authentication (e.g. MSFT employees must use smart cards). Our DirectAccess implementation currently does not require the users to have a smart card. Smart cards (we use .NET cards - Gemalto is the major vendor in the market) are a quite useful security tool, but they require a distribution/maintenance infrastructure that complicates their use. Applications that don't work across a DirectAccess link are those which won't work over IPv6. The first one I came across was the Communicator IM client. I think VoIP apps that rely on the SIP protocol fall in to this category as well. Also, internal applications that you access by IP address only will be a problem. This is because DirectAccess makes it routing decisions based on name resolution, not IP destination. Say your corporate network is using the 10.x.x.x IPv4 address space and a domain name of internal.mycorp.com. You can tell DirectAccess to send all traffic to *.internal.mycorp.com over the tunnel to your corporate network, but you can't tell it to route all traffic to any 10.x.x.x address across the tunnel. The only way around this is to force all communications across the tunnel (that is, disable split-tunneling). Unfortunately, this has performance implications, as it makes DirectAccess use a less-efficient protocol and increases the load on the DirectAccess servers, not to mention it sends all Internet-bound traffic from the client the long way through the corporate network and out the corporate Internet connection. Hope
RE: DHCPv6
I need to assign a static address to the server. As far as I can tell, that is against SLAAC, and everything else IPv6 is supposed to make easy. There might be a reason. I haven't uncovered it. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, July 12, 2010 10:29 PM To: NT System Admin Issues Subject: Re: DHCPv6 No familiarity with DHCPv6, so an ignorant question... What needs the static address assigned? Is it the machine handing out addresses, or the machine receiving the assignment? And, if the former, why would that be an issue? I would think it pretty much a requirement. I *did* just go to a computer user group in Seattle that had a presentation on IPv6, but aside from the fact that it allows for more addresses than we can count, and a few other tidbits like getting started with tunneling, it wasn't all that informative. For instance, he did not deal with issues like whether segmenting networks as we do now inside the enterprise at the layer2 and layer3 boundaries is still an issue in a pure IPv6 environment - I think that was beyond his experience. Kurt On Mon, Jul 12, 2010 at 19:18, Jason Gauthier jgauth...@lastar.com wrote: Well, after diligence and testing… I’ve solved this. Windows 2008 DHPCv6 will not work reliably without having a static IPv6 address assigned to it. I have not decided how I feel about that yet. From: Jason Gauthier Sent: Friday, July 09, 2010 3:12 PM To: NT System Admin Issues Subject: DHCPv6 Greetings, I’m struggling with an issue with DHCPv6. I’m using this, effectively, as stateless. I have a Cisco router set up to multicast router advertisements. It is doing so successfully, setting the options “Managed” to false, and “Other” to true. I have confirmed through network traces and Windows 7 DHCPv6 event logs that it is receiving the announcements, and setting the options correctly. This is working good! Now, here comes the part that I’m struggling with. Once the options are set, the client machine should (and does) poll for DHCPv6 options only. Again, I’ve confirmed though network traces that this is happening successfully. 15:03:45.012474 IP6 (hlim 1, next-header UDP (17) payload length: 110) fe80::188b:8ff9:305c:71a3.546 ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=fd9725 (elapsed time 3100) (client ID hwaddr/time type 1 time 316484303 00155d320606) (IA_NA IAID:369104221 T1:0 T2:0) (Client FQDN) (vendor class) (option request DNS name DNS vendor-specific info Client FQDN). My DHPCv6 server (running netmon) can definitely see the multicast requests sent to FF02:0:0:0:0:0:2:1. However, it doesn’t respond, acknowledge, or otherwise seem to care. Options 23 (DNS Recursive Name) and options 24 (Domain Search List) are set. I have done this on two different networks, two different DHCPv6 servers. Neither of them responds. Even the statistics do not count up that there was a solicit message. I am intending to open a ticket with MS, but sasupport seems to be non-functional for me at the moment. So, I thought I would ask here. All my clients are Windows 7/2008R2, and my two servers are 2008 R2. Thanks for reading. Jason ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: DHCPv6
SLAAC can operate under two models. 1) It will generate based on the hardware MAC address. 2) It will generate based on some other token. Microsoft uses Some other token. So, there shouldn't be a conflict with MAC addresses under that platform. -Original Message- From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Tuesday, July 13, 2010 12:06 AM To: NT System Admin Issues Subject: RE: DHCPv6 So SLAAC will only work if you have unique MAC addresses? If you use Hyper-V, then the pool of MAC addresses assigned to the guests is based off a pool generated from the host's IP address. If you build servers in a build factory, then you'll end up with duplicate MAC addresses for your guests. Cheers Ken -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, 13 July 2010 11:00 AM To: NT System Admin Issues Subject: Re: DHCPv6 On Mon, Jul 12, 2010 at 10:29 PM, Kurt Buff kurt.b...@gmail.com wrote: No familiarity with DHCPv6, so an ignorant question... This is currently the subject of holy wars on forums such as NANOG. An IPv6 node can discover the network number, network mask, and local routers by using router solicitation. This is part of the core IP protocol, and in theory should be part of every implementation. The IPv6 node can then use its MAC address to generate a unique address on the local network (this is called SLAAC (StateLess Address Auto-Configuration)). So an IPv6 node can get a working network layer on any network, without DHCPv6. However, you still need DHCPv6 to find out things like DNS servers. So SLAAC is only good for layer 3, not for higher layer stuff. This has lead to a feud between those who think IPv6 address assignment should work just like IPv4 -- via DHCP -- since that's what everyone's infrastructure is built around, and thus SLAAC is just a waste of resources, vs those who think addresses should come from SLAAC and DHCPv6 should only be used to discover higher layer stuff. Implementations behave according to which armed camp they align with. Things haven't shaken out yet. Until they do, I expect IPv6 client-vs-network interoperability (i.e., How do I configure my pee sea for your net work?) to be a clusterfsck. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: DHCPv6
Yes, but DHCP doesn't auto assign itself a useable network address, so it's not very comparative. From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Tuesday, July 13, 2010 12:50 AM To: NT System Admin Issues Subject: Re: DHCPv6 DHCP v4 needed the same thing as well did it not??? Only issue I had was getting former work place higher up the ladder to issue us IP v6 ranges. They did not want to issue any due to security issues. Jon On Mon, Jul 12, 2010 at 10:18 PM, Jason Gauthier jgauth...@lastar.com wrote: Well, after diligence and testing... I've solved this. Windows 2008 DHPCv6 will not work reliably without having a static IPv6 address assigned to it. I have not decided how I feel about that yet. From: Jason Gauthier Sent: Friday, July 09, 2010 3:12 PM To: NT System Admin Issues Subject: DHCPv6 Greetings, I'm struggling with an issue with DHCPv6. I'm using this, effectively, as stateless. I have a Cisco router set up to multicast router advertisements. It is doing so successfully, setting the options Managed to false, and Other to true. I have confirmed through network traces and Windows 7 DHCPv6 event logs that it is receiving the announcements, and setting the options correctly. This is working good! Now, here comes the part that I'm struggling with. Once the options are set, the client machine should (and does) poll for DHCPv6 options only. Again, I've confirmed though network traces that this is happening successfully. 15:03:45.012474 IP6 (hlim 1, next-header UDP (17) payload length: 110) fe80::188b:8ff9:305c:71a3.546 ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=fd9725 (elapsed time 3100) (client ID hwaddr/time type 1 time 316484303 00155d320606) (IA_NA IAID:369104221 T1:0 T2:0) (Client FQDN) (vendor class) (option request DNS name DNS vendor-specific info Client FQDN). My DHPCv6 server (running netmon) can definitely see the multicast requests sent to FF02:0:0:0:0:0:2:1. However, it doesn't respond, acknowledge, or otherwise seem to care. Options 23 (DNS Recursive Name) and options 24 (Domain Search List) are set. I have done this on two different networks, two different DHCPv6 servers. Neither of them responds. Even the statistics do not count up that there was a solicit message. I am intending to open a ticket with MS, but sasupport seems to be non-functional for me at the moment. So, I thought I would ask here. All my clients are Windows 7/2008R2, and my two servers are 2008 R2. Thanks for reading. Jason ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: DHCPv6
It just seems counter intuitive that I do not need to assign static addresses on my routers, but I do on a DHCP server. It receives multicast addresses, and it should respond to multicast addresses... it's assigned address shouldn't matter (to me) -Original Message- From: Phil Brutsche [mailto:p...@optimumdata.com] Sent: Tuesday, July 13, 2010 1:51 AM To: NT System Admin Issues Subject: Re: DHCPv6 Why? It's not any different from the static IP requirements in IPv4 networks. On 7/12/2010 9:18 PM, Jason Gauthier wrote: Well, after diligence and testing... I've solved this. Windows 2008 DHPCv6 will not work reliably without having a */_static_/* IPv6 address assigned to it. I have not decided how I feel about that yet. -- Phil Brutsche p...@optimumdata.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: DHCPv6
Well, after diligence and testing... I've solved this. Windows 2008 DHPCv6 will not work reliably without having a static IPv6 address assigned to it. I have not decided how I feel about that yet. From: Jason Gauthier Sent: Friday, July 09, 2010 3:12 PM To: NT System Admin Issues Subject: DHCPv6 Greetings, I'm struggling with an issue with DHCPv6. I'm using this, effectively, as stateless. I have a Cisco router set up to multicast router advertisements. It is doing so successfully, setting the options Managed to false, and Other to true. I have confirmed through network traces and Windows 7 DHCPv6 event logs that it is receiving the announcements, and setting the options correctly. This is working good! Now, here comes the part that I'm struggling with. Once the options are set, the client machine should (and does) poll for DHCPv6 options only. Again, I've confirmed though network traces that this is happening successfully. 15:03:45.012474 IP6 (hlim 1, next-header UDP (17) payload length: 110) fe80::188b:8ff9:305c:71a3.546 ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=fd9725 (elapsed time 3100) (client ID hwaddr/time type 1 time 316484303 00155d320606) (IA_NA IAID:369104221 T1:0 T2:0) (Client FQDN) (vendor class) (option request DNS name DNS vendor-specific info Client FQDN). My DHPCv6 server (running netmon) can definitely see the multicast requests sent to FF02:0:0:0:0:0:2:1. However, it doesn't respond, acknowledge, or otherwise seem to care. Options 23 (DNS Recursive Name) and options 24 (Domain Search List) are set. I have done this on two different networks, two different DHCPv6 servers. Neither of them responds. Even the statistics do not count up that there was a solicit message. I am intending to open a ticket with MS, but sasupport seems to be non-functional for me at the moment. So, I thought I would ask here. All my clients are Windows 7/2008R2, and my two servers are 2008 R2. Thanks for reading. Jason ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
DHCPv6
Greetings, I'm struggling with an issue with DHCPv6. I'm using this, effectively, as stateless. I have a Cisco router set up to multicast router advertisements. It is doing so successfully, setting the options Managed to false, and Other to true. I have confirmed through network traces and Windows 7 DHCPv6 event logs that it is receiving the announcements, and setting the options correctly. This is working good! Now, here comes the part that I'm struggling with. Once the options are set, the client machine should (and does) poll for DHCPv6 options only. Again, I've confirmed though network traces that this is happening successfully. 15:03:45.012474 IP6 (hlim 1, next-header UDP (17) payload length: 110) fe80::188b:8ff9:305c:71a3.546 ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=fd9725 (elapsed time 3100) (client ID hwaddr/time type 1 time 316484303 00155d320606) (IA_NA IAID:369104221 T1:0 T2:0) (Client FQDN) (vendor class) (option request DNS name DNS vendor-specific info Client FQDN). My DHPCv6 server (running netmon) can definitely see the multicast requests sent to FF02:0:0:0:0:0:2:1. However, it doesn't respond, acknowledge, or otherwise seem to care. Options 23 (DNS Recursive Name) and options 24 (Domain Search List) are set. I have done this on two different networks, two different DHCPv6 servers. Neither of them responds. Even the statistics do not count up that there was a solicit message. I am intending to open a ticket with MS, but sasupport seems to be non-functional for me at the moment. So, I thought I would ask here. All my clients are Windows 7/2008R2, and my two servers are 2008 R2. Thanks for reading. Jason ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Patch Management - again
Except that doesn't upgrade the kernel or any other OS libraries. It's not full patch management. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Saturday, June 12, 2010 8:58 PM To: NT System Admin Issues Subject: Re: Patch Management - again 'portupgrade -a' FreeBSD is ridiculously easy to maintain. And, for monitoring programs installed from ports, there's portaudit, which sends a daily email. Kurt On Fri, Jun 11, 2010 at 12:59, Alex Eckelberry al...@sunbelt-software.com wrote: WSUS. What do you do about non-Windows patching? Alex -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Thursday, June 10, 2010 11:30 AM To: NT System Admin Issues Subject: Re: Patch Management - again On Thu, Jun 10, 2010 at 11:17 AM, Joseph Heaton jhea...@dfg.ca.gov wrote: What are you guys using for automating patch management for your servers? WSUS. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: OTish: Wireless network configuration
You use NMAP to do network scans to determine what is accessible and what isn't. -Original Message- From: Joe Tinney [mailto:jtin...@lastar.com] Sent: Wednesday, June 09, 2010 3:04 PM To: NT System Admin Issues Subject: RE: OTish: Wireless network configuration I wasn't involved in the implementation, so I really couldn't say how it was done here. I know that I can't get to any of our 'protected' network segments but I haven't done any scientific pen testing. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, June 09, 2010 2:18 PM To: NT System Admin Issues Subject: Re: OTish: Wireless network configuration Understand that - how do you verify it that it works as designed? On Wed, Jun 9, 2010 at 06:33, Joe Tinney jtin...@lastar.com wrote: Access control and routing is done by our core firewall and router for all of our networks. This is the configuration that Phil is referring to. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, June 08, 2010 10:34 PM To: NT System Admin Issues Subject: Re: OTish: Wireless network configuration I wonder how you verify the security of such an arrangement? On Tue, Jun 8, 2010 at 19:20, Joe Tinney jtin...@lastar.com wrote: While I'm not the one that configured them, our Cisco wireless access points are configured with two SSID's: one on a VLAN that goes to our transparent proxy and without access to our other networks and the other on a VLAN that functions just like our client wired network segment. The first one is an open Guest network and the latter is WPA2 secured. I'm not sure what your network devices would enable you to do but this has been rock solid configuration for us. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, June 08, 2010 7:29 PM To: NT System Admin Issues Subject: OTish: Wireless network configuration All, We've got a decent wireless network at $WORK, but I'm dissatisified with it, because it lacks good guest access. We have 18 Cisco 1240ag WAPs talking with 3 HP POE switches, which currently are in our HP 3400cl layer 3 switch on our production network. There's a single SSID across all of them, and I've got them all configured on a single VLAN. Works great, but as mentioned there is no guest access. I could just stick them all physically outside our firewall, and give the wireless users an IPSec VPN client, but I really would prefer not to do that. I've been doing some reading, but don't have a good handle on how to move to a configuration that would work well - without the VPN, that is. I'm casting about for ideas - anyone have a solution they like? Preferably without spending tons of money, of course. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: OTish: Wireless network configuration
You should provide specifics, instead of ambiguity. Ambiguity helps no one, last I checked. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, June 09, 2010 4:50 PM To: NT System Admin Issues Subject: Re: OTish: Wireless network configuration And more than that will be needed, as well. On Wed, Jun 9, 2010 at 13:44, Phil Brutsche p...@optimumdata.com wrote: Or use Wireshark to make sure you don't see traffic you shouldn't. On 6/9/2010 3:41 PM, Jason Gauthier wrote: You use NMAP to do network scans to determine what is accessible and what isn't. -- Phil Brutsche p...@optimumdata.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Windows 2008 - Page file
To consolidate all questions: How large is the volume? Is it Basic, Dynamic, or GPT? 34G, Basic. Windows x64 Is this a physical machine or a Hyper-V VM? It's a VM. A -- Can you make it a smaller number? Say, 2GB or 4GB? Nope, I cannot. I tried several volumes, even a 1G file does not create. B -- What are the permissions on the root of D:\ ? The Same as C: (without printing them here) - SYSTEM has full access. Thanks! From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, February 03, 2010 7:11 AM To: NT System Admin Issues Subject: Re: Windows 2008 - Page file A -- Can you make it a smaller number? Say, 2GB or 4GB? B -- What are the permissions on the root of D:\ ? -ASB: http://XeeSM.com/AndrewBaker On Tue, Feb 2, 2010 at 4:29 PM, Jason Gauthier jgauth...@lastar.com wrote: All, I've hit a road block. I'm trying to set Windows 2008 (x64) to use a page file on the D: drive. However, it just does not seem to want to comply. First, I used the built in GUI tools. I set the C: drive to 800-1024, and the D: drive to 34000. I committed my settings with Set and rebooted. After reboot, C: was set to 800, but nothing was changed on D:. I verified in the registry, and the settings are accurate. (Also in the GUI still) I've check drive permissions, but they seem to be in order. So, I removed the page file on D: and I attempted to set it with wmic: wmic.exe pagefileset create name=D:\pagefile.sys wmic pagefileset where name=D:\\pagefile.sys set InitialSize=17000,MaximumSize=17000 Both commands came back successful. I rebooted. Nothing on D:, but the GUI and registry setting complement each other. I removed the page file from C: and tried to set it on D: only. After rebooting windows reports that a temporary page file was created. Sure enough. On my C: drive is a page file that is 16G (the equivalent of physical memory) I've tried other drives that I attached as well. Same situation. What is going on here? I appreciate the help. Thanks, Jason ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Windows 2008 - Page file
No, there isn't.. but it does not work on any volume other than C:! I have 4 other volumes attached. But, what the heck. It's something to try! From: Richard Stovall [mailto:rich...@gmail.com] Sent: Wednesday, February 03, 2010 9:09 AM To: NT System Admin Issues Subject: Re: Windows 2008 - Page file Is there anything else on D: ? If not, you could always delete the volume and start over. On Wed, Feb 3, 2010 at 8:51 AM, Jason Gauthier jgauth...@lastar.com wrote: To consolidate all questions: How large is the volume? Is it Basic, Dynamic, or GPT? 34G, Basic. Windows x64 Is this a physical machine or a Hyper-V VM? It's a VM. A -- Can you make it a smaller number? Say, 2GB or 4GB? Nope, I cannot. I tried several volumes, even a 1G file does not create. B -- What are the permissions on the root of D:\ ? The Same as C: (without printing them here) - SYSTEM has full access. Thanks! From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, February 03, 2010 7:11 AM To: NT System Admin Issues Subject: Re: Windows 2008 - Page file A -- Can you make it a smaller number? Say, 2GB or 4GB? B -- What are the permissions on the root of D:\ ? -ASB: http://XeeSM.com/AndrewBaker On Tue, Feb 2, 2010 at 4:29 PM, Jason Gauthier jgauth...@lastar.com wrote: All, I've hit a road block. I'm trying to set Windows 2008 (x64) to use a page file on the D: drive. However, it just does not seem to want to comply. First, I used the built in GUI tools. I set the C: drive to 800-1024, and the D: drive to 34000. I committed my settings with Set and rebooted. After reboot, C: was set to 800, but nothing was changed on D:. I verified in the registry, and the settings are accurate. (Also in the GUI still) I've check drive permissions, but they seem to be in order. So, I removed the page file on D: and I attempted to set it with wmic: wmic.exe pagefileset create name=D:\pagefile.sys wmic pagefileset where name=D:\\pagefile.sys set InitialSize=17000,MaximumSize=17000 Both commands came back successful. I rebooted. Nothing on D:, but the GUI and registry setting complement each other. I removed the page file from C: and tried to set it on D: only. After rebooting windows reports that a temporary page file was created. Sure enough. On my C: drive is a page file that is 16G (the equivalent of physical memory) I've tried other drives that I attached as well. Same situation. What is going on here? I appreciate the help. Thanks, Jason ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Windows 2008 - Page file
Wow. That was it! Had to be IDE. Amazing. Thanks! From: Richard Stovall [mailto:rich...@gmail.com] Sent: Wednesday, February 03, 2010 9:33 AM To: NT System Admin Issues Subject: Re: Windows 2008 - Page file Related? http://social.technet.microsoft.com/Forums/en/windowsserver2008r2virtual ization/thread/5f2e9099-907d-4d84-8736-ed99f66f8328 On Wed, Feb 3, 2010 at 9:25 AM, Jason Gauthier jgauth...@lastar.com wrote: No, there isn't.. but it does not work on any volume other than C:! I have 4 other volumes attached. But, what the heck. It's something to try! From: Richard Stovall [mailto:rich...@gmail.com] Sent: Wednesday, February 03, 2010 9:09 AM To: NT System Admin Issues Subject: Re: Windows 2008 - Page file Is there anything else on D: ? If not, you could always delete the volume and start over. On Wed, Feb 3, 2010 at 8:51 AM, Jason Gauthier jgauth...@lastar.com wrote: To consolidate all questions: How large is the volume? Is it Basic, Dynamic, or GPT? 34G, Basic. Windows x64 Is this a physical machine or a Hyper-V VM? It's a VM. A -- Can you make it a smaller number? Say, 2GB or 4GB? Nope, I cannot. I tried several volumes, even a 1G file does not create. B -- What are the permissions on the root of D:\ ? The Same as C: (without printing them here) - SYSTEM has full access. Thanks! From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, February 03, 2010 7:11 AM To: NT System Admin Issues Subject: Re: Windows 2008 - Page file A -- Can you make it a smaller number? Say, 2GB or 4GB? B -- What are the permissions on the root of D:\ ? -ASB: http://XeeSM.com/AndrewBaker On Tue, Feb 2, 2010 at 4:29 PM, Jason Gauthier jgauth...@lastar.com wrote: All, I've hit a road block. I'm trying to set Windows 2008 (x64) to use a page file on the D: drive. However, it just does not seem to want to comply. First, I used the built in GUI tools. I set the C: drive to 800-1024, and the D: drive to 34000. I committed my settings with Set and rebooted. After reboot, C: was set to 800, but nothing was changed on D:. I verified in the registry, and the settings are accurate. (Also in the GUI still) I've check drive permissions, but they seem to be in order. So, I removed the page file on D: and I attempted to set it with wmic: wmic.exe pagefileset create name=D:\pagefile.sys wmic pagefileset where name=D:\\pagefile.sys set InitialSize=17000,MaximumSize=17000 Both commands came back successful. I rebooted. Nothing on D:, but the GUI and registry setting complement each other. I removed the page file from C: and tried to set it on D: only. After rebooting windows reports that a temporary page file was created. Sure enough. On my C: drive is a page file that is 16G (the equivalent of physical memory) I've tried other drives that I attached as well. Same situation. What is going on here? I appreciate the help. Thanks, Jason ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Windows 2008 - Page file
All, I've hit a road block. I'm trying to set Windows 2008 (x64) to use a page file on the D: drive. However, it just does not seem to want to comply. First, I used the built in GUI tools. I set the C: drive to 800-1024, and the D: drive to 34000. I committed my settings with Set and rebooted. After reboot, C: was set to 800, but nothing was changed on D:. I verified in the registry, and the settings are accurate. (Also in the GUI still) I've check drive permissions, but they seem to be in order. So, I removed the page file on D: and I attempted to set it with wmic: wmic.exe pagefileset create name=D:\pagefile.sys wmic pagefileset where name=D:\\pagefile.sys set InitialSize=17000,MaximumSize=17000 Both commands came back successful. I rebooted. Nothing on D:, but the GUI and registry setting complement each other. I removed the page file from C: and tried to set it on D: only. After rebooting windows reports that a temporary page file was created. Sure enough. On my C: drive is a page file that is 16G (the equivalent of physical memory) I've tried other drives that I attached as well. Same situation. What is going on here? I appreciate the help. Thanks, Jason ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Windows 2008 - Page file
Yes, NTFS.. and SQUAT in the event log! From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Tuesday, February 02, 2010 4:55 PM To: NT System Admin Issues Subject: RE: Windows 2008 - Page file Nothing in the Event Logs? Chris Bodnar, MCSE Sr. Systems Engineer Infrastructure Service Delivery Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 From: james.h...@superamart.com.au [mailto:james.h...@superamart.com.au] Sent: Tuesday, February 02, 2010 4:39 PM To: NT System Admin Issues Subject: RE: Windows 2008 - Page file Haven't seen that one. I know this isn't any help but I have changed the page file to a different drive on and 08 box via the gui and it worked. So as you already know, it should work. From: Jason Gauthier [mailto:jgauth...@lastar.com] Sent: Wednesday, 3 February 2010 7:30 AM To: NT System Admin Issues Subject: Windows 2008 - Page file All, I've hit a road block. I'm trying to set Windows 2008 (x64) to use a page file on the D: drive. However, it just does not seem to want to comply. First, I used the built in GUI tools. I set the C: drive to 800-1024, and the D: drive to 34000. I committed my settings with Set and rebooted. After reboot, C: was set to 800, but nothing was changed on D:. I verified in the registry, and the settings are accurate. (Also in the GUI still) I've check drive permissions, but they seem to be in order. So, I removed the page file on D: and I attempted to set it with wmic: wmic.exe pagefileset create name=D:\pagefile.sys wmic pagefileset where name=D:\\pagefile.sys set InitialSize=17000,MaximumSize=17000 Both commands came back successful. I rebooted. Nothing on D:, but the GUI and registry setting complement each other. I removed the page file from C: and tried to set it on D: only. After rebooting windows reports that a temporary page file was created. Sure enough. On my C: drive is a page file that is 16G (the equivalent of physical memory) I've tried other drives that I attached as well. Same situation. What is going on here? I appreciate the help. Thanks, Jason This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Microsoft 24x7 Problem Resolution
All, I am looking for a little help. As many of you are aware MS changed their Software Assurance site. It just so happens, that I am a new EA customer. I wanted to use the unlimited web tickets resource. In order to do that, I need to activate my benefits. However, due to a system failure on their end, I cannot. Is there any way to use the web ticket functionality without going through this process? Thanks, Jason ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Symlinks.. UNC... Possibilities
All, Using Windows 2008's ability to create symlinks I would like to achieve the following goal: Using SCVMM's library features, create a symlink in the directory that points to my storage of ISOs on another server. (I do not want to duplicate ISOs). What I have done: * I have created symlinking ability with fsutil. I've enabled all the policies. * I have changed the system service accounts of VMM, and given the paths the appropriate permissions * I have verified the user can browse locally. What doesn't work, but I expect it should: * Browsing to the library. When I select the Symlink I get The symbolic link cannot be followed because its type is disallowed I read this is solved by enabling the policies with fsutil.. I did that (L2L, R2L, L2R, and R2R all set to 1) * When refreshing the SCVMM library, I receive an error: VMM could not find the specified path \\VM-SysCen-01.ctg.com\MSSCVMMLibrary\VLK ISOs\Windows 2008\Windows_Svr_2008R2_64-bit.ISO on the VM-SysCen-01.ctg.com server. Ensure that you have specified a valid file name parameter, and then try the operation again. ID: 2904 Details: The system cannot find the path specified (0x80070003) This is not a specific file issue. I've tried to put a different one there. Additionally, when refreshing, procmon gives a few interesting things: 5:13:18.9492881 PM vmmAgent.exe 1924 CreateFile\\itnas\it\VLK ISOs\Windows 2008 REPARSE Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: unknown 5:13:18.9577624 PM vmmAgent.exe 1924 CreateFile\\itnas\it\VLK ISOs\Windows 2008 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened 5:13:18.9600948 PM vmmAgent.exe 1924 QueryDirectory \\itnas\it\VLK ISOs\Windows 2008\* SUCCESS Filter: *, 1: . 5:13:18.9615475 PM vmmAgent.exe 1924 QueryDirectory \\itnas\it\VLK ISOs\Windows 2008 SUCCESS 0: .., 1: Windows_Svr_2008R2_64-bit.ISO, 2: VLK.txt 5:13:18.9652212 PM vmmAgent.exe 1924 QueryDirectory \\itnas\it\VLK ISOs\Windows 2008 NO MORE FILES 5:13:18.9652664 PM vmmAgent.exe 1924 CloseFile \\itnas\it\VLK ISOs\Windows 2008 SUCCESS Any assistance in this would be greatly appreciated. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: RSAT For windows 7 RC
Stephen, I downloaded the file from there, but it tells me that it is not applicable to my system! Don, x64! I would appreciate it! And since my zip scanner is aggressive, would you rename the file extension to something like .txt? ;) Much appreciated! Jason From: Stephen Wimberly [mailto:riverside...@gmail.com] Sent: Tuesday, October 06, 2009 9:34 AM To: NT System Admin Issues Subject: Re: RSAT For windows 7 RC Try this: http://www.microsoft.com/downloads/details.aspx?displaylang=enFamilyID= 7d2f6ad7-656b-4313-a005-4e344e43997d I saved this from my windows 7 x64 install and it's working just fine! On Tue, Oct 6, 2009 at 8:33 AM, Don Guyer don.gu...@prufoxroach.com wrote: Jason, X86 or 64-bit? I'll Zip it and send offline. Thx, Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com From: Jason Gauthier [mailto:jgauth...@lastar.com] Sent: Monday, October 05, 2009 7:00 PM To: NT System Admin Issues Subject: RSAT For windows 7 RC All, MS has pulled the RC RSAT tools since the RTM. Anyone have it or a link? I had to reinstall my RC, and alas.. no tools! Thanks, Jason ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: RSAT For windows 7 RC
I wonder if I am missing something? I realized it was too large as well.. just a moment too late. It's like 220M! From: Don Guyer [mailto:don.gu...@prufoxroach.com] Sent: Tuesday, October 06, 2009 12:02 PM To: NT System Admin Issues Subject: RE: RSAT For windows 7 RC Too large to e-mail. I got the file from that same website originally. Sorry, Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com From: Don Guyer [mailto:don.gu...@prufoxroach.com] Sent: Tuesday, October 06, 2009 11:50 AM To: NT System Admin Issues Subject: RE: RSAT For windows 7 RC Will do. Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com From: Jason Gauthier [mailto:jgauth...@lastar.com] Sent: Tuesday, October 06, 2009 11:49 AM To: NT System Admin Issues Subject: RE: RSAT For windows 7 RC Stephen, I downloaded the file from there, but it tells me that it is not applicable to my system! Don, x64! I would appreciate it! And since my zip scanner is aggressive, would you rename the file extension to something like .txt? ;) Much appreciated! Jason From: Stephen Wimberly [mailto:riverside...@gmail.com] Sent: Tuesday, October 06, 2009 9:34 AM To: NT System Admin Issues Subject: Re: RSAT For windows 7 RC Try this: http://www.microsoft.com/downloads/details.aspx?displaylang=enFamilyID= 7d2f6ad7-656b-4313-a005-4e344e43997d I saved this from my windows 7 x64 install and it's working just fine! On Tue, Oct 6, 2009 at 8:33 AM, Don Guyer don.gu...@prufoxroach.com wrote: Jason, X86 or 64-bit? I'll Zip it and send offline. Thx, Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com From: Jason Gauthier [mailto:jgauth...@lastar.com] Sent: Monday, October 05, 2009 7:00 PM To: NT System Admin Issues Subject: RSAT For windows 7 RC All, MS has pulled the RC RSAT tools since the RTM. Anyone have it or a link? I had to reinstall my RC, and alas.. no tools! Thanks, Jason ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: RSAT For windows 7 RC
I have a 64 and 32 bit Win7 RC. I've downloaded both, and both give the same results on both systems. The actual file in those downloads must now be for the RTM. They definitely do not work on the RC. From: Richard Stovall [mailto:richard.stov...@researchdata.com] Sent: Tuesday, October 06, 2009 12:06 PM To: NT System Admin Issues Subject: RE: RSAT For windows 7 RC Did you download the one for 64 bit systems? amd64fre_GRMRSATX_MSU.msu From: Jason Gauthier [mailto:jgauth...@lastar.com] Sent: Tuesday, October 06, 2009 12:05 PM To: NT System Admin Issues Subject: RE: RSAT For windows 7 RC I wonder if I am missing something? I realized it was too large as well.. just a moment too late. It's like 220M! From: Don Guyer [mailto:don.gu...@prufoxroach.com] Sent: Tuesday, October 06, 2009 12:02 PM To: NT System Admin Issues Subject: RE: RSAT For windows 7 RC Too large to e-mail. I got the file from that same website originally. Sorry, Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com From: Don Guyer [mailto:don.gu...@prufoxroach.com] Sent: Tuesday, October 06, 2009 11:50 AM To: NT System Admin Issues Subject: RE: RSAT For windows 7 RC Will do. Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com From: Jason Gauthier [mailto:jgauth...@lastar.com] Sent: Tuesday, October 06, 2009 11:49 AM To: NT System Admin Issues Subject: RE: RSAT For windows 7 RC Stephen, I downloaded the file from there, but it tells me that it is not applicable to my system! Don, x64! I would appreciate it! And since my zip scanner is aggressive, would you rename the file extension to something like .txt? ;) Much appreciated! Jason From: Stephen Wimberly [mailto:riverside...@gmail.com] Sent: Tuesday, October 06, 2009 9:34 AM To: NT System Admin Issues Subject: Re: RSAT For windows 7 RC Try this: http://www.microsoft.com/downloads/details.aspx?displaylang=enFamilyID= 7d2f6ad7-656b-4313-a005-4e344e43997d I saved this from my windows 7 x64 install and it's working just fine! On Tue, Oct 6, 2009 at 8:33 AM, Don Guyer don.gu...@prufoxroach.com wrote: Jason, X86 or 64-bit? I'll Zip it and send offline. Thx, Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com From: Jason Gauthier [mailto:jgauth...@lastar.com] Sent: Monday, October 05, 2009 7:00 PM To: NT System Admin Issues Subject: RSAT For windows 7 RC All, MS has pulled the RC RSAT tools since the RTM. Anyone have it or a link? I had to reinstall my RC, and alas.. no tools! Thanks, Jason ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: RSAT For windows 7 RC
In the subject and the email body :P From: Richard Stovall [mailto:richard.stov...@researchdata.com] Sent: Tuesday, October 06, 2009 12:13 PM To: NT System Admin Issues Subject: RE: RSAT For windows 7 RC Ah. Sorry. I missed the part about it being installed on RC1. From: Jason Gauthier [mailto:jgauth...@lastar.com] Sent: Tuesday, October 06, 2009 12:11 PM To: NT System Admin Issues Subject: RE: RSAT For windows 7 RC I have a 64 and 32 bit Win7 RC. I've downloaded both, and both give the same results on both systems. The actual file in those downloads must now be for the RTM. They definitely do not work on the RC. From: Richard Stovall [mailto:richard.stov...@researchdata.com] Sent: Tuesday, October 06, 2009 12:06 PM To: NT System Admin Issues Subject: RE: RSAT For windows 7 RC Did you download the one for 64 bit systems? amd64fre_GRMRSATX_MSU.msu From: Jason Gauthier [mailto:jgauth...@lastar.com] Sent: Tuesday, October 06, 2009 12:05 PM To: NT System Admin Issues Subject: RE: RSAT For windows 7 RC I wonder if I am missing something? I realized it was too large as well.. just a moment too late. It's like 220M! From: Don Guyer [mailto:don.gu...@prufoxroach.com] Sent: Tuesday, October 06, 2009 12:02 PM To: NT System Admin Issues Subject: RE: RSAT For windows 7 RC Too large to e-mail. I got the file from that same website originally. Sorry, Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com From: Don Guyer [mailto:don.gu...@prufoxroach.com] Sent: Tuesday, October 06, 2009 11:50 AM To: NT System Admin Issues Subject: RE: RSAT For windows 7 RC Will do. Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com From: Jason Gauthier [mailto:jgauth...@lastar.com] Sent: Tuesday, October 06, 2009 11:49 AM To: NT System Admin Issues Subject: RE: RSAT For windows 7 RC Stephen, I downloaded the file from there, but it tells me that it is not applicable to my system! Don, x64! I would appreciate it! And since my zip scanner is aggressive, would you rename the file extension to something like .txt? ;) Much appreciated! Jason From: Stephen Wimberly [mailto:riverside...@gmail.com] Sent: Tuesday, October 06, 2009 9:34 AM To: NT System Admin Issues Subject: Re: RSAT For windows 7 RC Try this: http://www.microsoft.com/downloads/details.aspx?displaylang=enFamilyID= 7d2f6ad7-656b-4313-a005-4e344e43997d I saved this from my windows 7 x64 install and it's working just fine! On Tue, Oct 6, 2009 at 8:33 AM, Don Guyer don.gu...@prufoxroach.com wrote: Jason, X86 or 64-bit? I'll Zip it and send offline. Thx, Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com From: Jason Gauthier [mailto:jgauth...@lastar.com] Sent: Monday, October 05, 2009 7:00 PM To: NT System Admin Issues Subject: RSAT For windows 7 RC All, MS has pulled the RC RSAT tools since the RTM. Anyone have it or a link? I had to reinstall my RC, and alas.. no tools! Thanks, Jason ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RSAT For windows 7 RC
All, MS has pulled the RC RSAT tools since the RTM. Anyone have it or a link? I had to reinstall my RC, and alas.. no tools! Thanks, Jason ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Windows 7 RC
All, I've been waiting to see if any one reported. Will the beta keys work with the RC? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Error authenticating to exchange
Hey all, I'm having a strange authentication problem. I created a DC, and moved it into a lab. I removed all other DCs from it, and secluded it. I did a system state restore of my exchange server and restored the exchange database. This seemed to go well, except the exchange server did not quite negotiate the secure channel properly. I'm not sure why, I do not usually have that problem with this process. I used net to remove it and rejoin it to the domain. It *appears* to work fine. I can log in, and the services run. I installed Office onto the DC so I can do some tests with outlook. When my MAPI profile attempts to connect to exchange, I am prompted for a password. I enter my credentials, my exchange service account credentials, and anything that will work. however, none do :( I see the event log below. Things of interest to note. The Logon Process text is high ascii. The status code 0xC06D usually means bad username/password. That is definitely not the case here. Any suggestions? Dcdiag, netdiag all pass basic tests. All servers are win2k3 with SP2. Exchange is also 2003 with SP2. Thanks for any help! Logon Failure: Reason: An error occurred during logon User Name: jgauthier Domain: CTG Logon Type: 3 Logon Process:�0 Authentication Package: NTLM Workstation Name: LABDC Status code: 0xC06D Substatus code: 0x0 Caller User Name: - Caller Domain:- Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 192.168.50.10 Source Port: 4086 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Error authenticating to exchange
Slap me silly and hand me a Barbi but I can never get netdom resetpwd to work. EVER. The machine account password for the local machine could not be reset. The specified domain either does not exist or could not be contacted. The command failed to complete successfully. How would you approach it? This process is usually perfect for me to get a lab instance of my domain and exchange. m open to alternatives. From: Michael B. Smith [mailto:mich...@owa.smithcons.com] Sent: Tuesday, April 21, 2009 4:18 PM To: NT System Admin Issues Subject: RE: Error authenticating to exchange There are SO many potential problems here, it isn't even funny. Try a netdom resetpwd. If that doesn't work - I'd probably approach this problem differently. From: Jason Gauthier [jgauth...@lastar.com] Sent: Tuesday, April 21, 2009 4:15 PM To: NT System Admin Issues Subject: Error authenticating to exchange Hey all, It *appears* to work f I can log in, and the services ru I installed Office onto the DC so I can do some tests with outlook. When my MAPI profile attempts to connect to exchange, I am prompted for a passw I enter my credentials, my exchange service account credentials, and anything that will work. however, none do :( I see the event log below Things of interest to note The Logon Process text is high asc The status code 0xC06D usually means bad username/passwor That is definitely not the case here. Any suggestion Dcdiag, netdiag all pass basic tes All servers are win2k3 with Exchange is also 2003 with SP2. Thanks for any help! Logon Failure: Workstation Name: LABDC Status c 0xC06D Transited Service - ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Error authenticating to exchange
Huh. I thought it was concerned with the GUID. Alright. I will give that a try. Thanks. From: Michael B. Smith [mailto:mich...@owa.smithcons.com] Sent: Tuesday, April 21, 2009 4:32 PM To: NT System Admin Issues Subject: RE: Error authenticating to exchange Database portability works fine. So...you are fine with your DC process (as long as you make it a GC first before disconnecting it from the domain). Then delete the exchange server from the lab ad. build a new server, name it the same thing, join it to the lab ad, and then restore the database. Exchange doesn't care about the server GUID. Only it's name. From: Jason Gauthier [jgauth...@lastar.com] Sent: Tuesday, April 21, 2009 4:25 PM To: NT System Admin Issues Subject: RE: Error authenticating to exchange Slap me silly and hand me a Ba but I can never get netdom resetpwd to work. EVER. The machine account password for the local machine could not be reset. The specified domain either does not exist or could not be contacted. The command failed to complete successfully. How would you approach it This process is usually perfect for me to get a lab instance of my domain and exchange. Im open to alternatives. From: Michael B. Smith [mailto:mich...@owa.smithcons.com] Sent: Tuesday, April 21, 2009 4:18 PM To: NT System Admin Issues Subject: RE: Error authenticating to exchange There are SO many potential problems here, it isn't even funny. Try a netdom resetpwd. If that doesn't work - I'd probably approach this problem differently. From: Jason Gauthier [jgauth...@lastar.com] Sent: Tuesday, April 21, 2009 4:15 PM To: NT System Admin Issues Subject: Error authenticating to exchange Hey all, It *appears* to work f I can log in, and the services ru I installed Office onto the DC so I can do some tests with outlook. When my MAPI profile attempts to connect to exchange, I am prompted for a passw I enter my credentials, my exchange service account credentials, and anything that will work. however, none do :( I see the event log below Things of interest to note The Logon Process text is high asc The status code 0xC06D usually means bad username/passwor That is definitely not the case here. Any suggestion Dcdiag, netdiag all pass basic tes All servers are win2k3 with Exchange is also 2003 with SP2. Thanks for any help! Logon Failure: Workstation Name: LABDC Status c 0xC06D Transited Service - ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Bind Errors
Hey all, I have a system that stopped being able to bind to domain controllers recently.I was thinking initially the problem was the domain controllers. Both had gone through a few patches. But even removing the patches did not seem to resolve the problem. Since the server itself was a simple IAS system (remote access - no firewall), I went ahead and just reinstalled it on a different server. I exported and imported the Remote Access and DHCP Server configs and was up and running in no time. Immediately, the same problem started to occur. I believe now, it's a specific problem with IAS. Using ntdsutil for simple binding I am seeing this: H:\ntdsutil ntdsutil: meta clean metadata cleanup: connect server connections: connect to server serverx1 Binding to serverx1... DsBindW error 0x6d9(There are no more endpoints available from the endpoint mapp er.) server connections: connect to server serverx2 Binding to serverx2... DsBindW error 0x6d9(There are no more endpoints available from the endpoint mapp er.) server connections: connect to server serverx3 Binding to serverx3 ... Connected to serverx3 using credentials of locally logged on user. server connections: As you can see, the third server worked! Does anyone have any suggestions? My x1 and x2 are the primaries at this site. Thanks, Jason ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
SAML Tokens
All, Any there any versions of Windows server that can issue SAML tokens? Thanks! Jason ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
OOO responsibility
All, Wanted to take a poll. How many of you in IT positions are responsible for setting other people's OOO when they forget? This has been a recent point of irritation for me. Thanks! Jason ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: OOO responsibility
My users can too.. but not when they go on vacation and forget. -Original Message- From: Cameron Cooper [mailto:ccoo...@aurico.com] Sent: Monday, February 23, 2009 9:57 AM To: NT System Admin Issues Subject: RE: OOO responsibility All our users can set this themselves. Being a small company it allows us to go around and teach everyone on new policies/technologies. ___ Cameron Cooper IT Director - CompTIA A+ Certified Aurico Reports, Inc Phone: 847-890-4021Fax: 847-255-1896 ccoo...@aurico.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: And now for something completely different... Apple's Revolutionary New Product
It's the onion. -Original Message- From: Brumbaugh, Luke [mailto:luke.brumba...@butlerahs.com] Sent: Tuesday, January 13, 2009 11:13 AM To: NT System Admin Issues Subject: RE: And now for something completely different... Apple's Revolutionary New Product Is this a joke, 'a few hundred turns of wheel', 'hummingbird lasts a full 18 min before a recharge', 'for people who do work and not just dicking around' -Original Message- From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Tuesday, January 13, 2009 10:46 AM To: NT System Admin Issues Subject: RE: And now for something completely different... Apple's Revolutionary New Product WAY back in the mid-50's (yeah, some of us truly ARE grouchy old men!), a neighbor had a toy typewriter like this. It was cased in lithographed tin, had a wheel with the letters on it, and a button which would move the head between the ink pad and the paper. (Sort-of like the old Dyno tape lable makers.) Slow, messy, and we cut ourselves frequently on the exposed tin edges, but hey, we were pre-schoolers and couldn't read anyway! It'd be ironic if someone representing Hasboro or Marx went after Apple claiming intellectual property rights! -- Richard McClary, Systems Administrator ASPCA Knowledge Management 1717 S Philo Rd, Ste 36, Urbana, IL 61802 217-337-9761 http://www.aspca.org Todd Lemmiksoo tlemmik...@all-mode.com wrote on 01/12/2009 04:27:10 PM: 45 minutes for one e-mail! Did write a book in the email? From: Michael B. Smith [mailto:mich...@theessentialexchange.com] Sent: Monday, January 12, 2009 5:17 PM To: NT System Admin Issues Subject: And now for something completely different... Apple's Revolutionary New Product http://www.theonion.com/content/video/apple_introduces_revolutionary Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ** CONFIDENTIALITY NOTICE: The information transmitted in this message is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy all copies of this document. Thank you. Butler Animal Health Supply ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Windows 7 On TechNet Now
I've watched that stupid site all day. I have the ISO. Where/how do I get myself a key? And so far, a lot of apps I've tested work. It seems to completely stop working on this Dimension 3000 when it goes into standby. I disabled powersave. -Original Message- From: Free, Bob [mailto:r...@pge.com] Sent: Friday, January 09, 2009 6:45 PM To: NT System Admin Issues Subject: RE: Windows 7 On TechNet Now The workaround I've used for a long time is a little program called UrlRunAddIn, it adds itself to the right-click menu in Outlook and works like a champ. I'm sure I heard about it here years ago. Seems there are numerous utilities with the name urlrun kicking around that do variations on the theme involving the clipboard if you aren't using Outlook. http://www.cheztabor.com/UrlRunAddIn/ -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Friday, January 09, 2009 2:09 PM To: NT System Admin Issues Subject: Re: Windows 7 On TechNet Now On Fri, Jan 9, 2009 at 4:59 PM, Murray Freeman mfree...@alanet.org wrote: BTW, what is the trick to making wrap-around links work? Most versions of Outlook insert hard line breaks to wrap lines in all plain text messages you send. It tries to do this at spaces, but if there aren't any spaces (like in a URL), it will just chop up the line. (Most other mail programs will leave long lines intact if there aren't any spaces to wrap on.) Workarounds include: * Use another mail program (always, or just for that message) * Use HTML format in Outlook (always, or just for that message) * Adjust Outlook's line wrap width (location of the setting varies) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Windows 7 On TechNet Now
What version is the beta? Is it 7000, or whatever was leaked a week or two ago? From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Friday, January 09, 2009 11:59 AM To: NT System Admin Issues Subject: RE: Windows 7 On TechNet Now I haven't, nor have I heard of any. Because Win7 isn't fundamentally different from Vista, I'd be surprised if it broke apps that were Vista-compatible. Which is why people who are skipping Vista to wait for Win7 aren't going to see huge advantages to waiting, as far as I can tell. Although I suppose that those who have avoided Vista this long might as well wait a few more months. John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us From: Tim Vander Kooi [mailto:tvanderk...@expl.com] Sent: Friday, January 09, 2009 11:45 AM To: NT System Admin Issues Subject: RE: Windows 7 On TechNet Now Has anyone found any apps that don't run on Win7 yet? Everything I have tried so far runs great as long as it was Vista-capable to begin with. TVK ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: WPAD Proxy Config
I don't prefer the DHCP method. Visitors also receive this setting, and if you use any kind of authentication it just causes pain and additional support. We moved strictly to GPO configuration with some issues, that we've pretty much worked out. I will admit, I have a few system where IE just completely ignores the settings even when entered manually. Also, for those visitors, we implemented a transparent proxy using squid, wccp, and a cisco ASA. I'll be honest, it was actually a very tricky networking situation (because it's used for ALL networks, not just visitors). After ironing out issues with it, it seems pretty solid. It's used mostly to protect, not cache, though. The ASA has several known WCCP issues, and it did not actually work until I moved to 7.2.3 some time ago. Jason -Original Message- From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Thursday, January 08, 2009 4:45 PM To: NT System Admin Issues Subject: RE: WPAD Proxy Config Well, my firefox clients pick up the settings but not ie7. I am using the dns (cname) / dhcp option 252 method. How are you doing it, and do you have it working with ie7? Thanks! jlc -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Thursday, January 08, 2009 2:38 PM To: NT System Admin Issues Subject: Re: WPAD Proxy Config On Thu, Jan 8, 2009 at 4:08 PM, Joseph L. Casale jcas...@activenetwerx.com wrote: Anyone here doing wpad in their org for configuring a proxy for borwsers? Yes. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: WPAD Proxy Config
jlc, A simple echo N | gpupdate /force /target:whatever will allow it to process what it can and forces a N. But, if you do a gpupdate /force without a target you will get two prompts, and the simple echo N | isn't going to cut it. Doing the /force and then a single reboot seems to work every time. Sometimes people would complain the applying process would take time, but not always. Now it always seems to take some time. Personally, I feel that the trade off of a guaranteed applied policy is worth it. Also, some settings *are* immediate. Some are 3 reboots away.. some are a reboot after a /force. I would *love* to see a detailed document of the policy settings and under what circumstance it would decide to apply it. Jason -Original Message- From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Thursday, January 08, 2009 6:19 PM To: NT System Admin Issues Subject: RE: WPAD Proxy Config Priceless, I just got off the phone with someone regarding increased boot and loading times with the computers displaying 'Applying Computer Settings...' :) I noticed the /force target:computer got the sttings in immediately but never waited a full 3 reboots to see. Did you *only* notice the lengthy times once you applied the script changes? How does that work as a /force has an interactive prompt for a y/n? Is that the reason for the timeout? I don't have any of that in my login/startup scripts. Yet I still have these delays now... jlc -Original Message- From: Joe Tinney [mailto:jtin...@lastar.com] Sent: Thursday, January 08, 2009 4:02 PM To: NT System Admin Issues Subject: RE: WPAD Proxy Config We use WPAD, also. We've found that it takes at least 3 reboots for the GPO to take over in IE7. See thread gpupdate/GPO from Jason Gauthier (jgauth...@lastar.com) regarding the issues we were seeing with that. We had found that when we manually changed our proxy settings that it was not resetting itself in a timely fashion. After some testing it was found that it was taking (for us) at least 3 reboots for them to kick in. There were many possible reasons given as to why. We ended up putting a gpupdate /force /target:computer in an hourly script that runs on all of our workstations and gpupdate /force /target:user in the login script. The changes to the proxy settings required a reboot to take effect, but only one this time and not 3. The downside, we've discovered, is increased boot and loading times with the computers displaying 'Applying Computer Settings...' for several minutes on every boot now. HTH. -Original Message- From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Thursday, January 08, 2009 5:51 PM To: NT System Admin Issues Subject: RE: WPAD Proxy Config Ok, Theoretically I have covered both since my dns has the cname wpad redirecting to my webserver which dishes out wpad.dat from its root and my dhcp server has option 252 referencing that complete url.:) My wpad file looks similar to yours as well. I see some issues searching the net on ie7 though, I just found that the GPO setting for it is rather flaky, sigh... Thanks! jlc -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Thursday, January 08, 2009 3:37 PM To: NT System Admin Issues Subject: Re: WPAD Proxy Config On Thu, Jan 8, 2009 at 4:45 PM, Joseph L. Casale jcas...@activenetwerx.com wrote: Well, my firefox clients pick up the settings but not ie7. I am using the dns (cname) / dhcp option 252 method. How are you doing it, and do you have it working with ie7? We haven't deployed MSIE 7 here yet. I'll see if I can get a sandbox VM running with it to test. MSIE 6 and Firefox 3.x on Win XP Pro SP2 both work fine. Here's what we did: We implemented the DNS method of WPAD. We didn't even bother with DHCP; the DNS method has worked fine for us for everything. I seem to recall reading that the DHCP method isn't as widely implemented in clients, but I could be wrong on that. We created a CNAME record named wpad.corp.example.com., where corp.example.com. is our Active Directory domain name, and the default DNS suffix for our LAN. Thus, clients attempting to do WPAD via DNS end up requesting http://wpad.corp.example.com/wpad.dat. The right-hand-side of the CNAME record specifies foo.corp.example.com., where foo is our proxy server. Our proxy server also runs an Apache web server, which is configured with an alias such that /wpad.dat redirects to /proxy.pac. That's our proxy auto-config script. Apache also knows that a *.pac file is of MIME type application/x-ns-proxy-autoconfig. To do that, the following was added to the Apache config file: AddType application/x-ns-proxy-autoconfig .pac Redirect /wpad.dat http://foo/proxy.pac Our proxy auto-config script looks like this: function FindProxyForURL(url, host) { if (isPlainHostName(host) || dnsDomainIs(host
RE: gpupdate/GPO
The GPO kicked in after 3 reboots. Funny, this is NOT a new GPO at all. it's at least a year old. I guess that's the beat of the GPO drum. I went ahead and put a gpupdate /target:user /force in my login script. I also have an hourly task that runs at the administrative level and am executing gpupdate /target:computer /force in it. This should help get it down to the 'next' reboot, as I discovered in my testing. Thanks a lot, all. Jason From: MarvinC [mailto:marv...@gmail.com] Sent: Thursday, January 01, 2009 5:32 PM To: NT System Admin Issues Subject: Re: gpupdate/GPO Test a workstation by running gpupdate /force /sync and continue with the reboot. If the policy still doesn't apply then make sure that pc is communicating with its local DC. Run gpresult to see what policies, if any are being applied on a test workstation. Download the GPOTool and install it to perform a test to see where policies are failing. Are the PC assigned to an OU and the policy being applied to that OU or do you have a flat structure where all PC's sit in the same OU? Open the GPMC and make sure the PC is sitting in the correct OU. and the beat goes on... gl... On Wed, Dec 31, 2008 at 4:20 PM, Ben Scott mailvor...@gmail.com wrote: On Wed, Dec 31, 2008 at 3:07 PM, Jason Gauthier jgauth...@lastar.com wrote: I have one, or many, GPOs that are not apparently being applied on workstations. Through some testing, I have specifically found that IE settings are not really taking effect. That is, until, I manually run a gpupdate /force, and the reboot or logoff. GPO application can be tricky. Some[1] computer settings can only get applied during startup processing.If a GPO update comes in while the computer is running, it won't take affect until the next boot, when startup processing runs again. If you make a GPO modification, it will get posted to one DC by {DSA,GPMC,GPEDIT,.MSC}. You may then have to wait various amounts of time for that change to get replicated to all your other DCs. If a workstation happens to pick one of those other DCs during its boot, before replication is finished, the startup processing won't even see the change until the next reboot. Normal startup processing frequently needs multiple passes for a GPO to work, i.e., two (re)boots. The first time, it sees the update GPO, and gets the settings, but can't apply them until the next (re)boot for some reason. (Microsoft sure does love 'dem reboots.) You can help reduce the need for multiple reboots by setting the various GPO startup options for synchronous and foreground policy/script processing. This serializes everything during the boot process, instead of the fire-and-forget scenario Windows defaults to. Makes debugging easier, too. I suggest this as a best practice. There is some GPO stuff which only gets processed the first time a GPO is applied on a computer. You have to do a GPUPDATE /FORCE for it to be re-processed. For example, we get some service control permissions in one of our GPOs. If the service in question doesn't exist when the GPO is first applied, too bad. If the service later gets installed, it won't get the custom control permissions until we GPUPDATE /FORCE it. == Footnotes == [1] Or maybe it's actually all computer settings. I forget. I've been assuming all for years, since all you need is the one you care about, and the details were not well-documented when AD came out. Maybe things have become clearer since then. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
gpupdate/GPO
All, I have one, or many, GPOs that are not apparently being applied on workstations. Through some testing, I have specifically found that IE settings are not really taking effect. That is, until, I manually run a gpupdate /force, and the reboot or logoff. Obviously, this is not really desired. Does anyone know why this would be happening, and how I can solve it? A GPO should be applied appropriately, without me mandating a forced update and reboot. Thanks, Jason ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: gpupdate/GPO
Wouldn't that group policy not get applied under that theory though? Or any new GP at all? Furthermore, the GPO should be reset every 15 minutes, however some settings are not actually applied until the force+reboot. From: gswe...@actsconsulting.net [mailto:gswe...@actsconsulting.net] Sent: Wednesday, December 31, 2008 3:16 PM To: NT System Admin Issues Subject: RE: gpupdate/GPO On occasion it takes 2 reboot cycles for GPO's to be applied. You can help mitigate that by making the computer wait for network on startup under the computer section, System/Group Policy ADM's. Some computers do not get the NIC started before GP settings would be applied hence requiring a 2nd reboot to get the gp settings to take effect. From: Jason Gauthier [mailto:jgauth...@lastar.com] Sent: Wednesday, December 31, 2008 3:07 PM To: NT System Admin Issues Subject: gpupdate/GPO All, I have one, or many, GPOs that are not apparently being applied on workstations. Through some testing, I have specifically found that IE settings are not really taking effect. That is, until, I manually run a gpupdate /force, and the reboot or logoff. Obviously, this is not really desired. Does anyone know why this would be happening, and how I can solve it? A GPO should be applied appropriately, without me mandating a forced update and reboot. Thanks, Jason ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: gpupdate/GPO
When you say the NIC has not come active are you talking about the PC/drivers, etc.. or are you talking about the time it might take the switch to bring the link up? I know some switches take longer than XP to boot due to STP. If it's the latter, it can be mitigated with switch config changes. If it's the prior, then you're right. I will need to employ some other trickiness.. which I should have ready to go anyway. Thanks! From: gswe...@actsconsulting.net [mailto:gswe...@actsconsulting.net] Sent: Wednesday, December 31, 2008 3:26 PM To: NT System Admin Issues Subject: RE: gpupdate/GPO Not all GPO's are applied in a background refresh. Many do require a reboot to take effect, Offline files being one for example. The GPO would not apply in the initial reboot because the computer does not get the update since the NIC has not come active yet. Then it pulls down the update and it requires a 2nd reboot to actually make the changes happen. We pretty much now only require a reboot to make all our GPO's take effect when enabling the Wait on Network option. From: Jason Gauthier [mailto:jgauth...@lastar.com] Sent: Wednesday, December 31, 2008 3:19 PM To: NT System Admin Issues Subject: RE: gpupdate/GPO Wouldn't that group policy not get applied under that theory though? Or any new GP at all? Furthermore, the GPO should be reset every 15 minutes, however some settings are not actually applied until the force+reboot. From: gswe...@actsconsulting.net [mailto:gswe...@actsconsulting.net] Sent: Wednesday, December 31, 2008 3:16 PM To: NT System Admin Issues Subject: RE: gpupdate/GPO On occasion it takes 2 reboot cycles for GPO's to be applied. You can help mitigate that by making the computer wait for network on startup under the computer section, System/Group Policy ADM's. Some computers do not get the NIC started before GP settings would be applied hence requiring a 2nd reboot to get the gp settings to take effect. From: Jason Gauthier [mailto:jgauth...@lastar.com] Sent: Wednesday, December 31, 2008 3:07 PM To: NT System Admin Issues Subject: gpupdate/GPO All, I have one, or many, GPOs that are not apparently being applied on workstations. Through some testing, I have specifically found that IE settings are not really taking effect. That is, until, I manually run a gpupdate /force, and the reboot or logoff. Obviously, this is not really desired. Does anyone know why this would be happening, and how I can solve it? A GPO should be applied appropriately, without me mandating a forced update and reboot. Thanks, Jason ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: gpupdate/GPO
I can't say no.. but I don't know what would. I can open the registry editor, run a gpupdate /force and the changes are not there. So, I base it off that fact alone. This is just proxy/autoconfig settings too.. nothing fancy at all. From: Sam Cayze [mailto:sam.ca...@rollouts.com] Sent: Wednesday, December 31, 2008 4:13 PM To: NT System Admin Issues Subject: RE: gpupdate/GPO I would think IE settings wouldn't need a reboot... Many programs can try to adjust IE settings. AV programs, Spybot, Desktop Search, etc... could anything be overwriting the settings you are trying to adjust? From: Jason Gauthier [mailto:jgauth...@lastar.com] Sent: Wednesday, December 31, 2008 2:29 PM To: NT System Admin Issues Subject: RE: gpupdate/GPO When you say the NIC has not come active are you talking about the PC/drivers, etc.. or are you talking about the time it might take the switch to bring the link up? I know some switches take longer than XP to boot due to STP. If it's the latter, it can be mitigated with switch config changes. If it's the prior, then you're right. I will need to employ some other trickiness.. which I should have ready to go anyway. Thanks! From: gswe...@actsconsulting.net [mailto:gswe...@actsconsulting.net] Sent: Wednesday, December 31, 2008 3:26 PM To: NT System Admin Issues Subject: RE: gpupdate/GPO Not all GPO's are applied in a background refresh. Many do require a reboot to take effect, Offline files being one for example. The GPO would not apply in the initial reboot because the computer does not get the update since the NIC has not come active yet. Then it pulls down the update and it requires a 2nd reboot to actually make the changes happen. We pretty much now only require a reboot to make all our GPO's take effect when enabling the Wait on Network option. From: Jason Gauthier [mailto:jgauth...@lastar.com] Sent: Wednesday, December 31, 2008 3:19 PM To: NT System Admin Issues Subject: RE: gpupdate/GPO Wouldn't that group policy not get applied under that theory though? Or any new GP at all? Furthermore, the GPO should be reset every 15 minutes, however some settings are not actually applied until the force+reboot. From: gswe...@actsconsulting.net [mailto:gswe...@actsconsulting.net] Sent: Wednesday, December 31, 2008 3:16 PM To: NT System Admin Issues Subject: RE: gpupdate/GPO On occasion it takes 2 reboot cycles for GPO's to be applied. You can help mitigate that by making the computer wait for network on startup under the computer section, System/Group Policy ADM's. Some computers do not get the NIC started before GP settings would be applied hence requiring a 2nd reboot to get the gp settings to take effect. From: Jason Gauthier [mailto:jgauth...@lastar.com] Sent: Wednesday, December 31, 2008 3:07 PM To: NT System Admin Issues Subject: gpupdate/GPO All, I have one, or many, GPOs that are not apparently being applied on workstations. Through some testing, I have specifically found that IE settings are not really taking effect. That is, until, I manually run a gpupdate /force, and the reboot or logoff. Obviously, this is not really desired. Does anyone know why this would be happening, and how I can solve it? A GPO should be applied appropriately, without me mandating a forced update and reboot. Thanks, Jason ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Replicating WINS
Hey all- I'm trying to set up a secondary WINS server to ues as replication. The two databases will be replicating back and forth. Sounds Pretty easy so far. We've had one for quite awhile. So I installed WINS on a second server. Added the primary WINS server. I then selected each WINS servers and made it a push and pull partner to the other WINS server. I made the replication start time 1:00am with 15 minute intervals, and set the trigger count to 20. (The default) They are not replicating. I've forced replication, I've waited several hours, overnight. Nothing. The second server still doesn't have the first ones database. The eventlog, on either system, has no messages in it regarding WINS. Any ideas? Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: Replicating WINS
After enabling it I forced replication of my primary WINS. I see this on the secondary: The WINS got an update notification from WINS with address (192.168.1.23). The WINS accepted it. And then: WINS has pulled records from a WINS while doing Pull replication. The partner's address and the address of the owner whose records were pulled are given below in the data section (2 and 3rd DWORD respectively). The number of records pulled is in the 4th DWORD below. However, selecting the Secondary and showing it's database... It's not there.. at all. Thanks! -Original Message-From: Scott Erwin [mailto:[EMAIL PROTECTED]]Sent: Friday, September 28, 2001 9:59 AMTo: NT System Admin IssuesSubject: RE: Replicating WINS Do you have logging and detailed logging enabled under Server / Configuration / Advanced? Scott -Original Message-From: Jason Gauthier [mailto:[EMAIL PROTECTED]]Sent: Friday, September 28, 2001 8:34 AMTo: NT System Admin IssuesSubject: Replicating WINS Hey all- I'm trying to set up a secondary WINS server to ues as replication. The two databases will be replicating back and forth. Sounds Pretty easy so far. We've had one for quite awhile. So I installed WINS on a second server. Added the primary WINS server. I then selected each WINS servers and made it a push and pull partner to the other WINS server. I made the replication start time 1:00am with 15 minute intervals, and set the trigger count to 20. (The default) They are not replicating. I've forced replication, I've waited several hours, overnight. Nothing. The second server still doesn't have the first ones database. The eventlog, on either system, has no messages in it regarding WINS. Any ideas?Want to unsub? Do that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try this one first:http://www.ultratech-llc.com/KB/Want to unsub? Do that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try this one first:http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: Anyone know of a linux VPN server that will allow Windows cli nts to connect ?
FreeS/wan http://www.freeswan.org/ BTW, it's not the client that matters it's the protocol. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, September 28, 2001 9:34 AM To: NT System Admin Issues Subject: RE: Anyone know of a linux VPN server that will allow Windows cli nts to connect ? anyone know of an ipsec based vpn server package for linux that will work with the ipsec client of win2k? -Original Message- From: Don Collier (Intermap Denver) [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 12:52 PM To: NT System Admin Issues Subject: RE: Anyone know of a linux VPN server that will allow Windows cli nts to connect ? Poptop. http://poptop.lineo.com/download_pptp.html _ Don Collier Network Administrator Intermap Technologies Inc. Voice: 303-708-0955 x-207 Fax:303-708-0952 [EMAIL PROTECTED] www.intermaptechnologies.com -Original Message- From: Scott Wilson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 10:14 AM To: NT System Admin Issues Subject: Anyone know of a linux VPN server that will allow Windows clints to connect ? Anyone know of a linux VPN server that will allow Windows clints to connect.? Thanks Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: Anyone know of a linux VPN server that will allow Windows cli nts to connect ?
That sight is about IP masquerading with Linux. Not a VPN server solution. -Original Message- From: Kent Spencer [mailto:[EMAIL PROTECTED]] Sent: Friday, September 28, 2001 11:50 AM To: NT System Admin Issues Subject: RE: Anyone know of a linux VPN server that will allow Windows cli nts to connect ? I posted yesterday http://www.e-infomax.com/ipmasq/ It is supposed to work with PPTP and IPSEC. Kent --- [EMAIL PROTECTED] wrote: anyone know of an ipsec based vpn server package for linux that will work with the ipsec client of win2k? -Original Message- From: Don Collier (Intermap Denver) [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 12:52 PM To: NT System Admin Issues Subject: RE: Anyone know of a linux VPN server that will allow Windows cli nts to connect ? Poptop. http://poptop.lineo.com/download_pptp.html _ Don Collier Network Administrator Intermap Technologies Inc. Voice: 303-708-0955 x-207 Fax:303-708-0952 [EMAIL PROTECTED] www.intermaptechnologies.com -Original Message- From: Scott Wilson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 10:14 AM To: NT System Admin Issues Subject: Anyone know of a linux VPN server that will allow Windows clints to connect ? Anyone know of a linux VPN server that will allow Windows clints to connect.? Thanks Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ __ Do You Yahoo!? Listen to your Yahoo! Mail messages from any phone. http://phone.yahoo.com Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
VPN routing
This is a somewhat involved problem, so I'll try to give as much detail as possible to help paint a picture. We've got several internal subnets. (i.e., 192.168.1.x, 192.168.2.x, 192.168.3.x and so forth) We have a firewall device terminating the VPN connections. The pool of IP addresses assigned for this are in our primary subnet. (192.168.1.x). By default, the W2k PPTP client adds a route to the network your VPN device is assigned. So, now all traffic destined for 192.168.1.x via the VPN connection works great. However, any communications to the other subnets will try and find their way using my default route. My ISP.. and they won't get anywhere. I can remedy this problem manually pretty easily: ipconfig /all get IP address of VPN interface route add 192.168.0.0 MASK 255.255.0.0 [ip address of VPN interface] However, This is not a sufficient task to ask my remote end users. I'm looking for a way to automatically execute this command after the VPN connection is established. Even a batch file they can run manually would be acceptable. The problem I've run into, is that Windows does not have very advanced text handling routines as commands. So stripping the IP address from ipconfig to save into a variable is nearly impossible. Thoughts, ideas, suggestions? Jason Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=english
RE: Attack and Gas Prices
Title: RE: Attack and Gas Prices What? 87: 1.69 89: 1.79 93: 1.79 I got 93 this morning for the first time in a year. -Original Message-From: Laura Swartout [mailto:[EMAIL PROTECTED]]Sent: Wednesday, September 12, 2001 9:49 AMTo: NT System Admin IssuesSubject: RE: Attack and Gas Prices Gas prices in the Midwest rose sharply before the Labor Day weekend. We were paying $1.96 for 87 unleaded octane. All day yesterday it was down to 1.67. This morning it's back up to almost 2 bucks. Lines were long at the pumps in La Crosse, WI but Winona, MN hasn't panicked yet. I think most people are taking a "wait and see" attitude. -Original Message-From: RAMSEY, CAROLYN [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 12, 2001 8:26 AMTo: NT System Admin IssuesSubject: RE: Attack and Gas Prices Price gouching (raising prices for pure greed) has been declared illegal in TX and OK, attorney generals have sworn to prosecute as needed and reported. Lines were long yesterday, but only heard about 10 cent increases. Carolyn Ramsey Texoma HealthCare System Denison, Texas 75020 MIS Support 903-416-4175 -Original Message- From: Martin Blackstone [SMTP:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 3:46 PM To: NT System Admin Issues Subject: RE: Attack and Gas Prices Exactly. It is pure greed. There is no shortage. There is no reason to oil to be held up. There is no reason to raise the price. It is pure greed -Original Message- From: Senter, John M [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 1:44 PM To: NT System Admin Issues Subject: RE: Attack and Gas Prices There is no reason for the gas price to jump, except the greed of people to try and make money off of other peoples loss. It makes me sick on how some people try and make money. js -Original Message- From: David James [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 3:40 PM To: NT System Admin Issues Subject: RE: Attack and Gas Prices Oklahoma city supposedly. Topeka KS, 5.00 a gallon... I'm not sure, I haven't been out yet. Guess I'll run out and fill up in case... -Original Message- From: David N. Precht [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 3:27 PM To: NT System Admin Issues Subject: RE: Attack and Gas Prices Like where ... -Original Message- From: David James [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 16:11 To: NT System Admin Issues Subject: Attack and Gas Prices Can anyone confirm that gas prices are going up around the country? Supposedly it's around $6.00 a gallon already in some places... http://www.sunbelt-software.com/ntsysadmin_list_charter.htm _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: NewYork Terrorist Attack
Woah there. No one has said there are 20,000 people dead. There were 20,000 poeple in the towers when the first plane hit. I beleive Tower 1 was being evacuated when it was hit. -Original Message- From: Dennis Atherton [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 12:59 PM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack And you don't think, that with over 20,000 people dead, World War 3 has not been started on our shores now -Original Message- From: Murray Binette [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 9:56 AM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack Well, I just hope that Bush (or the 'Puppet' as many Canadians refer to him as) doesn't fly off the handle and start WWIII. -Original Message- From: Andrew Baker [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 10:08 AM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack I would say that the US already feels pretty alienated right now - ASB -Original Message- From: Richard McClary [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 11:51 AM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack Well, that's one of the reactions terrorism is trying to provoke. Most of the world finds US policy to be obnoxious, and a violent large scale reaction will effectively alienate the US from the rest of the world. I don't mean to promote war, but we as a country HAVE to retaliate to this... F00k the 3rd world countries that harbor terrorists... http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: telnet client
I would forgo SSH in favor of OpenSSH. http://www.openssh.org -Original Message- From: Michael L. Callahan [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 06, 2001 10:11 PM To: NT System Admin Issues Subject: RE: telnet client I would forgo telnet in favor of Secure Shell. http://www.ssh.com -Original Message- From: Jim Busick [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 06, 2001 5:46 PM To: NT System Admin Issues Subject: telnet client Any suggestions for an alternative telnet client for Win2k? http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Remote changing of password
Can anyone explain, and offer a solution to why this situation occurs? (Primarily concern with 2000) Remote user connected with VPN password expires/is about to expire User presses ctrl-alt-del, select change password and proceeds to change their password. A couple days later the same user calls me back and says his password isn't working. Upon troubleshooting, I've determined it was the first time the user has rebooted his system. It's now at the login prompt. He presses ctrl-alt-del, uses his OLD password, logs in, and then needs to authenticate with our VPN using his NEW password. We've had this problem since we've installed NT/2000, really. With dial-up users as well. It seems changing the password remotely does not change the client machine's cached profile. This is really a burden. Advice welcome. Jason http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Remote changing of password
Typically, remote users authenticate logging into the domain using cached profile information on their machines. -Original Message- From: Ryan McBride [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 04, 2001 9:34 AM To: NT System Admin Issues Subject: RE: Remote changing of password Is this a domian or are they logining into a local machine. Can u give us a bit of a run down on your network lay out. It might help Ryan -Original Message- From: Jason Gauthier [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 4 September 2001 11:28 PM To: NT System Admin Issues Subject: Remote changing of password Can anyone explain, and offer a solution to why this situation occurs? (Primarily concern with 2000) Remote user connected with VPN password expires/is about to expire User presses ctrl-alt-del, select change password and proceeds to change their password. A couple days later the same user calls me back and says his password isn't working. Upon troubleshooting, I've determined it was the first time the user has rebooted his system. It's now at the login prompt. He presses ctrl-alt-del, uses his OLD password, logs in, and then needs to authenticate with our VPN using his NEW password. We've had this problem since we've installed NT/2000, really. With dial-up users as well. It seems changing the password remotely does not change the client machine's cached profile. This is really a burden. Advice welcome. Jason http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Is it a bird... is it a worm??
Yeah, this was has been around for a little while.. I *think* it's sircam. -Original Message-From: EALES, Jack / RSAIFS - IOM [mailto:[EMAIL PROTECTED]]Sent: Friday, August 31, 2001 12:19 PMTo: NT System Admin IssuesSubject: Is it a bird... is it a worm?? One of our users has received a number of identical messages from unrelated contacts that he (and I) is rather disturbed by... it looks like some sort of worm / buffer overflow - maybe? I'm no expert... but I sure there might be one or two of you out there ;-) The attachment (which isn't attached) name changes from message to message, but the bulk of the text of the message is the same and is as follows: snip --1E6A12EB_Outlook_Express_message_boundary Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: message text Hi! How are you=3F I send you this file in order to have your advice See you later=2E Thanks --1E6A12EB_Outlook_Express_message_boundary /snip There then follows a stream ofseveral hundred / thousand (no time to count - trust me it's lots!!) lines with seemingly random characters. I've hacked all this out as the list thinks I'm sending an attachmentand refuses to post it. Does this mean anything/ look familiar to anyone? If you want the full text let me know and I'll send it off-list Jack Jack Eales Senior PC / Network Project Analyst Tel: +44 1624 821236 Mob: +44 7624 450125 Fax: +44 1624 824405 Royal SunAlliance International Financial Serviceshttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: NT 4 VPN and TCP/IP only
Title: NT 4 VPN and TCP/IP only Can you explain the setup of the network a little? Are the clients gettingIP addresses on the same subnet as the server? Or different? can you ping the server from the clieht by name? can you ping the client from the server by name? -Original Message-From: Blake R. Fowkes [mailto:[EMAIL PROTECTED]]Sent: Wednesday, August 29, 2001 8:56 AMTo: NT System Admin IssuesSubject: NT 4 VPN and TCP/IP only I have just setup a VPN server in our office and am having problems browsing. When a client connects he is not able to browse the network and the logon script does not run. When he connects everything appears to be fine. My server is NT 4 SP 6a and the clients are W2K and Win 95/98. All of the clients are having this problem. We are not running Wins and I do not want to load it. Does anyone know what I am doing wrong or setting that I need to change to get the logon scripts to run and the browsing to work properly? Thanks, Blake Fowkes Waid and Associates http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: NT 4 VPN and TCP/IP only
Title: NT 4 VPN and TCP/IP only Well, as much as you hate it, the best practice solutions I can think of would be installing and configuring WINS. Or else install LMHOSTS files on all remote computers. (A potential administrative nightmare, especially adding/removing and changing servers' IP addresses) Good luck, Jason -Original Message-From: Blake R. Fowkes [mailto:[EMAIL PROTECTED]]Sent: Wednesday, August 29, 2001 9:10 AMTo: NT System Admin IssuesSubject: RE: NT 4 VPN and TCP/IP only Yes the clients are getting an IP from the same subnet. No I am not able to ping from the client to the server (or any other machine) by name. Unless it if one of my entries in hosts/lmhosts. Not sure from server to client. I will try that one right now. Thanks, Blake Fowkes Waid and Associates -Original Message-From: Jason Gauthier [mailto:[EMAIL PROTECTED]]Sent: Wednesday, August 29, 2001 8:02 AMTo: NT System Admin IssuesSubject: RE: NT 4 VPN and TCP/IP only Can you explain the setup of the network a little? Are the clients gettingIP addresses on the same subnet as the server? Or different? can you ping the server from the clieht by name? can you ping the client from the server by name? -Original Message-From: Blake R. Fowkes [mailto:[EMAIL PROTECTED]]Sent: Wednesday, August 29, 2001 8:56 AMTo: NT System Admin IssuesSubject: NT 4 VPN and TCP/IP only I have just setup a VPN server in our office and am having problems browsing. When a client connects he is not able to browse the network and the logon script does not run. When he connects everything appears to be fine. My server is NT 4 SP 6a and the clients are W2K and Win 95/98. All of the clients are having this problem. We are not running Wins and I do not want to load it. Does anyone know what I am doing wrong or setting that I need to change to get the logon scripts to run and the browsing to work properly? Thanks, Blake Fowkes Waid and Associates http://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: SMTP Servers
Are there any requirements other than cheap/free and users? POP3, IMAP, contacts, calendar? As much info as possible... If you are looking for a straight SMTP mail server... I would just install one of those snazzy free unixes with sendmail on it. -Original Message- From: Paul Armstrong [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 28, 2001 10:36 PM To: NT System Admin Issues Subject: SMTP Servers Hello All, Does anybody know of any good alternatives to Exchange. I have a client that has about 5 users and doesn't want to pay the price for Exchange so i am searching for a cheaper, or better yet free, alternative. Any recommendations? i⠊0⡞˧mm㲇 r홉2࠱fyb!j醻^f http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Authenticating from a subnet without a BDC.
A recent change in my network has caused some interesting issues, and I wanted to get some advice. We've recently added a 3rd interface to our PIX 520 firewall. We stuck our web servers on it. (We only have one domain, and kept these part of it) I've allowed traffic from the web servers to the domain controllers for authentication purposes. (There is no BDC on the subnet with the web servers. The other subnets do have BDC's) Last week things appeared to be working correctly. I could log into the servers (not using a cached profile) and from my inside subnet I could browse the machines. (The PIX does some funky things with IP address aliasing on a DMZ like this.) Now, I come in monday morning, the machines are no longer getting authentication information from the domain controllers. (This could have occurred last week too, I suppose). A user changed their password, and no cannot log onto the web server. I understand the web server broadcasts for a domain controller to pick it up, but I also realize that they know the IP addresses (somewhere) of the other domain controllers. I know this because of the firewalling logging when it was closed off. The machine attempted connections to every one of my domain controllers. So, it doesn't seem to be authenticating to the domain anymore... I entered an entry in the lmhosts file pointing out the domain and PDC, but alas, no go. Anything that can be offered, I'd appreciate. One other small tidbit. The web servers are 2000 systems, everything else is NT4. Thanks, Jason http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Authenticating from a subnet without a BDC.
Theoretically. I only allow echo-replies. But the PDC can ping the web servers. -Original Message- From: Correa, Andre [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 10:51 AM To: NT System Admin Issues Subject: RE: Authenticating from a subnet without a BDC. Can you ping the domain controllers from the web server subnet? -Original Message- From: Jason Gauthier [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 10:42 AM To: NT System Admin Issues Subject: Authenticating from a subnet without a BDC. A recent change in my network has caused some interesting issues, and I wanted to get some advice. We've recently added a 3rd interface to our PIX 520 firewall. We stuck our web servers on it. (We only have one domain, and kept these part of it) I've allowed traffic from the web servers to the domain controllers for authentication purposes. (There is no BDC on the subnet with the web servers. The other subnets do have BDC's) Last week things appeared to be working correctly. I could log into the servers (not using a cached profile) and from my inside subnet I could browse the machines. (The PIX does some funky things with IP address aliasing on a DMZ like this.) Now, I come in monday morning, the machines are no longer getting authentication information from the domain controllers. (This could have occurred last week too, I suppose). A user changed their password, and no cannot log onto the web server. I understand the web server broadcasts for a domain controller to pick it up, but I also realize that they know the IP addresses (somewhere) of the other domain controllers. I know this because of the firewalling logging when it was closed off. The machine attempted connections to every one of my domain controllers. So, it doesn't seem to be authenticating to the domain anymore... I entered an entry in the lmhosts file pointing out the domain and PDC, but alas, no go. Anything that can be offered, I'd appreciate. One other small tidbit. The web servers are 2000 systems, everything else is NT4. Thanks, Jason http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Authenticating from a subnet without a BDC.
I've not changed anything in my PIX configuration. I have been watching the logs while attempted logins have been made. I've not gotten a single denial logged yet. (I have fairly verbose logging) I downloaded WS_Ping ProPack, and it can gather limited information, but since it's on a DMZ, most ports are blocked. The methodology involved is that all can get to the DMZ, and only initiated connections can be used, unless I've created a conduit through the PIX. Which I've done for my PDC, TCP/UDP on ports 137-139. I *thought* this was all that was needed. Thanks for the advice, I'll continue plugging away. -Original Message- From: Seth M. Kusiak [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 10:52 AM To: NT System Admin Issues Subject: Re: Authenticating from a subnet without a BDC. I've allowed traffic from the web servers to the domain controllers for authentication purposes. VERY dangerous. I suggest that you move authentication to a database if possible. If you can't, then you may want to add a new domain in the DMZ that will not have a trust to the domain in the inside network. If you can't get hardare for a new domain, then I suggest that you look at your PIX config. Make sure your conduits are setup correctly. Get a copy of WS_Ping ProPack from www.ipswitch.com (or a similer tool) to see if your webservers can connect to the ports on the DC's. See if you can even ping the DC's. hth, ~Seth Jason Gauthier writes: A recent change in my network has caused some interesting issues, and I wanted to get some advice. We've recently added a 3rd interface to our PIX 520 firewall. We stuck our web servers on it. (We only have one domain, and kept these part of it) I've allowed traffic from the web servers to the domain controllers for authentication purposes. (There is no BDC on the subnet with the web servers. The other subnets do have BDC's) Last week things appeared to be working correctly. I could log into the servers (not using a cached profile) and from my inside subnet I could browse the machines. (The PIX does some funky things with IP address aliasing on a DMZ like this.) Now, I come in monday morning, the machines are no longer getting authentication information from the domain controllers. (This could have occurred last week too, I suppose). A user changed their password, and no cannot log onto the web server. I understand the web server broadcasts for a domain controller to pick it up, but I also realize that they know the IP addresses (somewhere) of the other domain controllers. I know this because of the firewalling logging when it was closed off. The machine attempted connections to every one of my domain controllers. So, it doesn't seem to be authenticating to the domain anymore... I entered an entry in the lmhosts file pointing out the domain and PDC, but alas, no go. Anything that can be offered, I'd appreciate. One other small tidbit. The web servers are 2000 systems, everything else is NT4. Thanks, Jason http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm