RE: Simple File Permissions Question
Thanks to Damien and Ben for the tips. Ben, you are correct, it's a startup scrip. Curt -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, March 27, 2012 11:57 AM To: NT System Admin Issues Subject: Re: Simple File Permissions Question On Tue, Mar 27, 2012 at 2:10 PM, Jim Dandy jda...@asmail.ucdavis.edu wrote: I have a logon script that creates a file in a shared folder. The owner of that file is the computer that made it. That's odd. Are you sure it's not a computer startup script? Logon scripts should run in the context of the user being logged on. The way it's set up now, if another computer tries to overwrite that file, it can't. ... What permissions should I give the folder so that other computers can overwrite files created in that directory? IIRC, a subject (security principal) needs Change (Modify) permission to truncate or write within a file. To delete a file, one needs Delete on the file, or delete children (not actually called that) on the containing folder. There is the Users group. Is there a similar group that defines just computers? Yes. Domain Computers. Does the Users group include computers? No. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Group Policy problem
Thanks all for your suggestions. I tried the always wait for network at computer startup but that didn't seem to solve the problem. Eventually though, it started working. I'm not sure what fixed it but thanks for all your suggestions. Curt From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Wednesday, February 15, 2012 1:37 PM To: NT System Admin Issues Subject: RE: Group Policy problem I might also mention that the computer is on a very slow link. However, I don't think that's the issue because this computer has been able to install software from GPs in the past. Curt From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Wednesday, February 15, 2012 1:28 PM To: NT System Admin Issues Subject: Group Policy problem I'm trying to install software via group policy. If I do resultant set of policy, it shows the group policies but there is a yellow triangle with an exclamation point on all of the policies assigning the software packages. In RSoP, if I look at the Error Information tab on the Properties for the group policy, it only shows the date and time. There are no errors in the system event log indicating the software failed to install - it just doesn't install when the system is booted. The issue only occurs on this one (Vista) computer. The GPs are working perfectly on other computers in the OU. How can I track down the problem? Thanks for your help. Curt Finley ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Group Policy problem
I might also mention that the computer is on a very slow link. However, I don't think that's the issue because this computer has been able to install software from GPs in the past. Curt From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Wednesday, February 15, 2012 1:28 PM To: NT System Admin Issues Subject: Group Policy problem I'm trying to install software via group policy. If I do resultant set of policy, it shows the group policies but there is a yellow triangle with an exclamation point on all of the policies assigning the software packages. In RSoP, if I look at the Error Information tab on the Properties for the group policy, it only shows the date and time. There are no errors in the system event log indicating the software failed to install - it just doesn't install when the system is booted. The issue only occurs on this one (Vista) computer. The GPs are working perfectly on other computers in the OU. How can I track down the problem? Thanks for your help. Curt Finley ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Group Policy problem
No, It's 32-bit. I wouldn't think it could be a problem with the share since other computers are able to apply the policy. Am I wrong? Curt From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, February 15, 2012 1:37 PM To: NT System Admin Issues Subject: Re: Group Policy problem It's not an x64 system is it? Also where are the installation files stored? I had a lot of problems when someone stored the install files in the netlogon share, moving them out sorted things. On 15 February 2012 21:28, Jim Dandy jda...@asmail.ucdavis.edu wrote: I'm trying to install software via group policy. If I do resultant set of policy, it shows the group policies but there is a yellow triangle with an exclamation point on all of the policies assigning the software packages. In RSoP, if I look at the Error Information tab on the Properties for the group policy, it only shows the date and time. There are no errors in the system event log indicating the software failed to install - it just doesn't install when the system is booted. The issue only occurs on this one (Vista) computer. The GPs are working perfectly on other computers in the OU. How can I track down the problem? Thanks for your help. Curt Finley ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. * IMPORTANT INFORMATION/DISCLAIMER * This document should be read only by those persons to whom it is addressed. If you have received this message it was obviously addressed to you and therefore you can read it, even it we didn't mean to send it to you. However, if the contents of this email make no sense whatsoever then you probably were not the intended recipient, or, alternatively, you are a mindless cretin; either way, you should immediately kill yourself and destroy your computer (not necessarily in that order). Once you have taken this action, please contact us.. no, sorry, you can't use your computer, because you just destroyed it, and possibly also committed suicide afterwards, but I am starting to digress.. The originator of this email is not liable for the transmission of the information contained in this communication. Or are they? Either way it's a pretty dull legal query and frankly one I'm not going to dwell on. But should you have nothing better to do, please feel free to ruminate on it, and please pass on any concrete conclusions should you find them. However, if you pass them on via email, be sure to include a disclaimer regarding liability for transmission. In the event that the originator did not send this email to you, then please return it to us and attach a scanned-in picture of your mother's brother's wife wearing nothing but a kangaroo suit, and we will immediately refund you exactly half of what you paid for the can of Whiskas you bought when you went to Pets At Home yesterday. We take no responsibility for non-receipt of this email because we are running Exchange 5.5 and everyone knows how glitchy that can be. In the event that you do get this message then please note that we take no responsibility for that either. Nor will we accept any liability, tacit or implied, for any damage you may or may not incur as a result of receiving, or not, as the case may be, from time to time, notwithstanding all liabilities implied or otherwise, ummm, hell, where was I...umm, no matter what happens, it is NOT, and NEVER WILL BE, OUR FAULT! The comments and opinions expressed herein are my own and NOT those of my employer, who, if he knew I was sending emails and surfing the seamier side of the Internet, would cut off my manhood and feed it to me for afternoon tea. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Admin install for Adobe Reader
That did the trick. Thanks. I just noticed that the patch pattern for Acrobat is different than it is for Reader. * Acrobat (Formula = Base release + latest quarterly + latest out of cycle patch) * Reader (Formula = last MSI + latest quarterly + latest out of cycle patch) I guess consistency would be considered a hindrance to creativity. In my opinion Adobe makes this way more difficult than it needs to be. Some things they could do to help are 1) Reduce the number of versions of the installers. Between the mui, the various languages and the tiers, there are a lot of options. 2) Publish an MSI and an MSP for all versions (including out of cycle patches). That way people can quickly get what they need without having to know all the patch pattern details. 3) Use the same patch patterns for all products! 4) Finding MSIs and MSPs can be challenging. Downloads for various incantations of 10.1.2 can be found at ftp://ftp.adobe.com/pub/adobe/reader/win/10.x/10.1.2/misc/, ftp://ftp.adobe.com/pub/adobe/reader/win/10.x/10.1.2/en_US/, and http://www.adobe.com/support/downloads/product.jsp?platform=windowsprod uct=10. One well publicized place where ALL versions could be found would be beneficial. It would be nice if, on the front page of www.adobe.com where it says Download - you could actually download the product. What those links do is install the product without a download capability. 5) Put a pointer to http://myitforum.com/myitforumwp/wp-content/uploads/group-documents/14 /1317760928-Acrobat_Enterprise_Administration.pdf in all the places where you can download the files - or, just store the document alongside the MSIs and MSPs. End of rant. Curt From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Thursday, January 12, 2012 6:04 PM To: NT System Admin Issues Subject: RE: Admin install for Adobe Reader Having said that, I just tried it, and the 1012.msp won't update an AIP that's been previously updated with 1011.msp. Seems to me this is Adobe's screw-up that they likely won't fix. So make a new 1010.msi AIP and apply the 1012.msp to it. Carl From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Thursday, January 12, 2012 7:37 PM To: NT System Admin Issues Subject: RE: Admin install for Adobe Reader You need to create a new admin install point with the 1010 msi and then update it using 1011 and 1012 msp's. Carl From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] mailto:[mailto:jda...@asmail.ucdavis.edu] Sent: Thursday, January 12, 2012 7:16 PM To: NT System Admin Issues Subject: RE: Admin install for Adobe Reader Rod, I thought you saved me. I was trying to apply 10.1.2 to 10.1.0 which according to the doc is illegal. So, I downloaded AdbeRdr1000_en_us.msi from ftp://ftp.adobe.com/pub/adobe/reader/win/10.x/10.0.0/en_US/ and AdbeRdrUpd1012.msp from ftp://ftp.adobe.com/pub/adobe/reader/win/10.x/10.1.2/misc/. I then executed the following command from a command prompt in the c:\somefolder directory msiexec /a c:\somefolder\AdbeRdr1000_en_us.msi /p AdbeRdrUpd1012.msp I got The upgrade patch cannot be installed by the Windows Installer service because the program to be upgraded may be missing, or the upgrade patch may update a different version of the program. Verify that the program to be upgraded exists on your computer and that you have the correct upgrade patch. It seems like that should have worked ... What am I missing? Curt From: Rod Trent [mailto:rodtr...@myitforum.com] mailto:[mailto:rodtr...@myitforum.com] Sent: Thursday, January 12, 2012 2:17 PM To: NT System Admin Issues Subject: RE: Admin install for Adobe Reader Enterprise Admin guide has most of that... http://myitforum.com/myitforumwp/wp-content/uploads/group-documents/14/1 317760928-Acrobat_Enterprise_Administration.pdf From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] mailto:[mailto:jda...@asmail.ucdavis.edu] Sent: Thursday, January 12, 2012 4:56 PM To: NT System Admin Issues Subject: Admin install for Adobe Reader I'm trying to create an administrative install for Adobe Reader 10.1.2. I've tried (seriously) about 10 different ways of doing it from various different downloads and orders of applying .msp files but none have resulted in a functional install point. I've done it many times in the past so I know this isn't all that difficult. Can someone tell me which files to download from where and how to set up the admin install. I've basically been trying msiexec /a c:\somefolder\Acroread.msi /p AdbeRdrUpd1012.msp with various msi's and msps (downloaded from different adobe sites or extracted from .exe files which were downloaded from adobe). Either the msiexec fails with an error or it generates a package that won't install. It would be really handy if I could download a v 10.1.2 msi but I haven't found that yet. Then I'd just do msiexec /a acroread.msi Thanks
RE: Admin install for Adobe Reader
Rod, I thought you saved me. I was trying to apply 10.1.2 to 10.1.0 which according to the doc is illegal. So, I downloaded AdbeRdr1000_en_us.msi from ftp://ftp.adobe.com/pub/adobe/reader/win/10.x/10.0.0/en_US/ and AdbeRdrUpd1012.msp from ftp://ftp.adobe.com/pub/adobe/reader/win/10.x/10.1.2/misc/. I then executed the following command from a command prompt in the c:\somefolder directory msiexec /a c:\somefolder\AdbeRdr1000_en_us.msi /p AdbeRdrUpd1012.msp I got The upgrade patch cannot be installed by the Windows Installer service because the program to be upgraded may be missing, or the upgrade patch may update a different version of the program. Verify that the program to be upgraded exists on your computer and that you have the correct upgrade patch. It seems like that should have worked ... What am I missing? Curt From: Rod Trent [mailto:rodtr...@myitforum.com] Sent: Thursday, January 12, 2012 2:17 PM To: NT System Admin Issues Subject: RE: Admin install for Adobe Reader Enterprise Admin guide has most of that... http://myitforum.com/myitforumwp/wp-content/uploads/group-documents/14/1 317760928-Acrobat_Enterprise_Administration.pdf From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Thursday, January 12, 2012 4:56 PM To: NT System Admin Issues Subject: Admin install for Adobe Reader I'm trying to create an administrative install for Adobe Reader 10.1.2. I've tried (seriously) about 10 different ways of doing it from various different downloads and orders of applying .msp files but none have resulted in a functional install point. I've done it many times in the past so I know this isn't all that difficult. Can someone tell me which files to download from where and how to set up the admin install. I've basically been trying msiexec /a c:\somefolder\Acroread.msi /p AdbeRdrUpd1012.msp with various msi's and msps (downloaded from different adobe sites or extracted from .exe files which were downloaded from adobe). Either the msiexec fails with an error or it generates a package that won't install. It would be really handy if I could download a v 10.1.2 msi but I haven't found that yet. Then I'd just do msiexec /a acroread.msi Thanks for your help. Curt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Adobe Reader 10.1.1
Thanks. Getting the .msp makes it easier. Curt From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Tuesday, September 13, 2011 5:56 PM To: NT System Admin Issues Subject: RE: Adobe Reader 10.1.1 This is the target of my download shortcut for Reader: http://www.adobe.com/support/downloads/product.jsp?platform=windowsprod uct=10 Carl From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Tuesday, September 13, 2011 6:47 PM To: NT System Admin Issues Subject: Adobe Reader 10.1.1 It looks like Adobe Reader 10.1.1 is out. I usually download either the .msi or .msp from ftp://ftp.adobe.com/pub/adobe/ and install from that. There is only an .exe on that site. Does anyone know where the .msi or .msp can be found or how it can be created from the .exe? Thanks for your help. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: non-local admin revisited
My users aren't smart enough to use UAC properly. They'll click on anything if they think that is what they need to do to get to whatever they want to do. No matter how much you warn them, a dimmed UAC screen isn't going to inhibit their impulses. -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Tuesday, July 19, 2011 6:37 PM To: NT System Admin Issues Subject: RE: non-local admin revisited Hmmm, I like this. With UAC on there is validity to running as an admin all the time, IF you only have admin on your own machine. Less hassle for them with minimal risk. Very cool twist Andrew. From: Andrew S. Baker [asbz...@gmail.com] Sent: Tuesday, July 19, 2011 8:11 PM To: NT System Admin Issues Subject: Re: non-local admin revisited IT members have Win7 and have local admin access of their own machines, but with UAC enabled at the default level. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt- software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Windows 7 Imaging
You said below to not install WAIK 3.0 if I am using MDT. What about installing the WAIK supplement for Windows 7 SP1? It seems at the very least I should extract Win PE 3.1 from it for compatibility with Advanced Format (4K) Drives (or patch PE 3.0 with 982018)? Thanks for your help. Curt From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Friday, April 01, 2011 2:19 PM To: NT System Admin Issues Subject: RE: Windows 7 Imaging If you are using any higher-level of the stack (MDT or SCCM) do NOT install WAIK 3.0 (that's why I didn't mention it). It has breaking changes. As for your other questions: yes, you can simply install the newer versions. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Friday, April 01, 2011 5:16 PM To: NT System Admin Issues Subject: RE: Windows 7 Imaging From what I can tell based on dates (installed 11/3/09), I don't have update 1 of MDT although I can't find the version number anywhere. According to add/remove programs it is version 5.0.1641.0. How can I tell what version I have? If I have just 2010 (no update) how do I go about updating it? Can I just download and install MDT 2010 Update 1 over the top of my present installation? Similarly, I can't find a version number for my WAIK (Installed 11/3/09). My Windows System Image Manager says version 6.1.7600.16385. How can I tell what version I have and can I just update by installing over the top? It looks like there is a WAIK 3.0 now http://www.microsoft.com/downloads/en/details.aspx?FamilyID=696dd665-9f7 6-4177-a811-39c26d3b3b34displaylang=en Thanks for your help. Curt Finley From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Friday, April 01, 2011 1:37 PM To: NT System Admin Issues Subject: RE: Windows 7 Imaging So, Microsoft doesn't just have a Windows Deployment Services Server, they have an entire deployment stack. From the most basic elements, to the most complex, it goes like this (along with current versions): Windows Pre-Execution Environment (WinPE) 3.0 Windows Automated Installation Kit (WAIK) 2.0 Windows Deployment Services Server (WDS) 2008 R2 Microsoft Deployment Toolkit (MDT) 2010 Update 1 (optional) System Center Configuration Manager (SCCM) 2007 R3 MDT can interface with SCCM (it simplifies some basic deployment steps), but SCCM is not required for MDT to be installed standalone. Nothing that MDT or that WDS or that WAIK does is magic. All of it can be duplicated by scripting or by using third-party tools. They are there to make life easier. WinPE has some magic in it, though. J WinPE plus WAIK are the minimum of what you need to do deployment work (with a reasonable amount of effort as opposed to LOTS of effort). They include WinPE boot images, the ImageX and DISM tools, CD/DVD burning utilities, driver libraries, etc. etc. When you install the WDS server role, and WAIK is not installed on your server, a mini-version of WinPE+WAIK is installed as part of the role (basically, x86 and x64 boot images plus sysprep support). All that just to say, and to be clear: if you have WinPE plus WAIK, you can do anything you want to do to an image. Inject, delete, create, modify, whole disk, single partition, multiple partition, GPT, Fat32/NTFS/utility, etc. etc. etc. You can certainly do what you want. You just have to learn the tools. They are VERY different from those that came before. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Jonathan [mailto:ncm...@gmail.com] Sent: Friday, April 01, 2011 3:43 PM To: NT System Admin Issues Subject: Re: Windows 7 Imaging This is pertinent to a conversation I just had with my counterpart @ work on the west coast. They have to image 5,500 machines for a client and he mentioned that WDS would only image at the partition level. They are looking for whole disk imaging. Will WDS do that or should he be looking at something else? Thanks, Jonathan On Thu, Mar 31, 2011 at 8:50 AM, Tom Miller tmil...@hnncsb.org wrote: Folks, We are working towards deploying Windows 7 (along with Office 2010) on current and future shipments of new laptops/PCs. We use syprep and Ghost for our XP image, and it works well. I'm looking for your suggestions/warnings/gotchas as to imaging for Windows 7. Favorite imaging tools, methods, etc? I don't do the imaging here, but my PC guy who does the images seems to be having a bit of a struggle with it compared to XP images, so I thought I'd as you experts. We already have a Dell Kace system management system here, and I'll be viewing a demo today for the imaging component (additional purchase). I'm open to anything that makes the process as painless as possible. If it matters we use
RE: Windows 7 Imaging
Thanks for the super-fast response! From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, May 11, 2011 3:29 PM To: NT System Admin Issues Subject: RE: Windows 7 Imaging If you have a newer level of WAIK (which the WAIK supplement is) that's fine. Originally, we just had WINPE 3.1 without anything else. However - that still isn't safe to use with SCCM 2007 R3. But with MDT, I understand it's OK (I haven't tested it personally). Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Wednesday, May 11, 2011 6:27 PM To: NT System Admin Issues Subject: RE: Windows 7 Imaging You said below to not install WAIK 3.0 if I am using MDT. What about installing the WAIK supplement for Windows 7 SP1? It seems at the very least I should extract Win PE 3.1 from it for compatibility with Advanced Format (4K) Drives (or patch PE 3.0 with 982018)? Thanks for your help. Curt From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Friday, April 01, 2011 2:19 PM To: NT System Admin Issues Subject: RE: Windows 7 Imaging If you are using any higher-level of the stack (MDT or SCCM) do NOT install WAIK 3.0 (that's why I didn't mention it). It has breaking changes. As for your other questions: yes, you can simply install the newer versions. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Friday, April 01, 2011 5:16 PM To: NT System Admin Issues Subject: RE: Windows 7 Imaging From what I can tell based on dates (installed 11/3/09), I don't have update 1 of MDT although I can't find the version number anywhere. According to add/remove programs it is version 5.0.1641.0. How can I tell what version I have? If I have just 2010 (no update) how do I go about updating it? Can I just download and install MDT 2010 Update 1 over the top of my present installation? Similarly, I can't find a version number for my WAIK (Installed 11/3/09). My Windows System Image Manager says version 6.1.7600.16385. How can I tell what version I have and can I just update by installing over the top? It looks like there is a WAIK 3.0 now http://www.microsoft.com/downloads/en/details.aspx?FamilyID=696dd665-9f7 6-4177-a811-39c26d3b3b34displaylang=en Thanks for your help. Curt Finley From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Friday, April 01, 2011 1:37 PM To: NT System Admin Issues Subject: RE: Windows 7 Imaging So, Microsoft doesn't just have a Windows Deployment Services Server, they have an entire deployment stack. From the most basic elements, to the most complex, it goes like this (along with current versions): Windows Pre-Execution Environment (WinPE) 3.0 Windows Automated Installation Kit (WAIK) 2.0 Windows Deployment Services Server (WDS) 2008 R2 Microsoft Deployment Toolkit (MDT) 2010 Update 1 (optional) System Center Configuration Manager (SCCM) 2007 R3 MDT can interface with SCCM (it simplifies some basic deployment steps), but SCCM is not required for MDT to be installed standalone. Nothing that MDT or that WDS or that WAIK does is magic. All of it can be duplicated by scripting or by using third-party tools. They are there to make life easier. WinPE has some magic in it, though. J WinPE plus WAIK are the minimum of what you need to do deployment work (with a reasonable amount of effort as opposed to LOTS of effort). They include WinPE boot images, the ImageX and DISM tools, CD/DVD burning utilities, driver libraries, etc. etc. When you install the WDS server role, and WAIK is not installed on your server, a mini-version of WinPE+WAIK is installed as part of the role (basically, x86 and x64 boot images plus sysprep support). All that just to say, and to be clear: if you have WinPE plus WAIK, you can do anything you want to do to an image. Inject, delete, create, modify, whole disk, single partition, multiple partition, GPT, Fat32/NTFS/utility, etc. etc. etc. You can certainly do what you want. You just have to learn the tools. They are VERY different from those that came before. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Jonathan [mailto:ncm...@gmail.com] Sent: Friday, April 01, 2011 3:43 PM To: NT System Admin Issues Subject: Re: Windows 7 Imaging This is pertinent to a conversation I just had with my counterpart @ work on the west coast. They have to image 5,500 machines for a client and he mentioned that WDS would only image at the partition level. They are looking for whole disk imaging. Will WDS do that or should he be looking at something else? Thanks, Jonathan On Thu, Mar 31, 2011 at 8:50 AM, Tom Miller tmil...@hnncsb.org wrote
RE: Windows 7 Imaging
From what I can tell based on dates (installed 11/3/09), I don't have update 1 of MDT although I can't find the version number anywhere. According to add/remove programs it is version 5.0.1641.0. How can I tell what version I have? If I have just 2010 (no update) how do I go about updating it? Can I just download and install MDT 2010 Update 1 over the top of my present installation? Similarly, I can't find a version number for my WAIK (Installed 11/3/09). My Windows System Image Manager says version 6.1.7600.16385. How can I tell what version I have and can I just update by installing over the top? It looks like there is a WAIK 3.0 now http://www.microsoft.com/downloads/en/details.aspx?FamilyID=696dd665-9f7 6-4177-a811-39c26d3b3b34displaylang=en Thanks for your help. Curt Finley From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Friday, April 01, 2011 1:37 PM To: NT System Admin Issues Subject: RE: Windows 7 Imaging So, Microsoft doesn't just have a Windows Deployment Services Server, they have an entire deployment stack. From the most basic elements, to the most complex, it goes like this (along with current versions): Windows Pre-Execution Environment (WinPE) 3.0 Windows Automated Installation Kit (WAIK) 2.0 Windows Deployment Services Server (WDS) 2008 R2 Microsoft Deployment Toolkit (MDT) 2010 Update 1 (optional) System Center Configuration Manager (SCCM) 2007 R3 MDT can interface with SCCM (it simplifies some basic deployment steps), but SCCM is not required for MDT to be installed standalone. Nothing that MDT or that WDS or that WAIK does is magic. All of it can be duplicated by scripting or by using third-party tools. They are there to make life easier. WinPE has some magic in it, though. J WinPE plus WAIK are the minimum of what you need to do deployment work (with a reasonable amount of effort as opposed to LOTS of effort). They include WinPE boot images, the ImageX and DISM tools, CD/DVD burning utilities, driver libraries, etc. etc. When you install the WDS server role, and WAIK is not installed on your server, a mini-version of WinPE+WAIK is installed as part of the role (basically, x86 and x64 boot images plus sysprep support). All that just to say, and to be clear: if you have WinPE plus WAIK, you can do anything you want to do to an image. Inject, delete, create, modify, whole disk, single partition, multiple partition, GPT, Fat32/NTFS/utility, etc. etc. etc. You can certainly do what you want. You just have to learn the tools. They are VERY different from those that came before. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Jonathan [mailto:ncm...@gmail.com] Sent: Friday, April 01, 2011 3:43 PM To: NT System Admin Issues Subject: Re: Windows 7 Imaging This is pertinent to a conversation I just had with my counterpart @ work on the west coast. They have to image 5,500 machines for a client and he mentioned that WDS would only image at the partition level. They are looking for whole disk imaging. Will WDS do that or should he be looking at something else? Thanks, Jonathan On Thu, Mar 31, 2011 at 8:50 AM, Tom Miller tmil...@hnncsb.org wrote: Folks, We are working towards deploying Windows 7 (along with Office 2010) on current and future shipments of new laptops/PCs. We use syprep and Ghost for our XP image, and it works well. I'm looking for your suggestions/warnings/gotchas as to imaging for Windows 7. Favorite imaging tools, methods, etc? I don't do the imaging here, but my PC guy who does the images seems to be having a bit of a struggle with it compared to XP images, so I thought I'd as you experts. We already have a Dell Kace system management system here, and I'll be viewing a demo today for the imaging component (additional purchase). I'm open to anything that makes the process as painless as possible. If it matters we use Lenovo ThinkPads for our laptops and Dell Optiplex business PCs. Your comments are appreciated. Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- Jonathan, A+, MCSA, MCSE ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
RE: Windows 7 Imaging
Thanks for the super-fast response! From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Friday, April 01, 2011 2:19 PM To: NT System Admin Issues Subject: RE: Windows 7 Imaging If you are using any higher-level of the stack (MDT or SCCM) do NOT install WAIK 3.0 (that's why I didn't mention it). It has breaking changes. As for your other questions: yes, you can simply install the newer versions. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Friday, April 01, 2011 5:16 PM To: NT System Admin Issues Subject: RE: Windows 7 Imaging From what I can tell based on dates (installed 11/3/09), I don't have update 1 of MDT although I can't find the version number anywhere. According to add/remove programs it is version 5.0.1641.0. How can I tell what version I have? If I have just 2010 (no update) how do I go about updating it? Can I just download and install MDT 2010 Update 1 over the top of my present installation? Similarly, I can't find a version number for my WAIK (Installed 11/3/09). My Windows System Image Manager says version 6.1.7600.16385. How can I tell what version I have and can I just update by installing over the top? It looks like there is a WAIK 3.0 now http://www.microsoft.com/downloads/en/details.aspx?FamilyID=696dd665-9f7 6-4177-a811-39c26d3b3b34displaylang=en Thanks for your help. Curt Finley From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Friday, April 01, 2011 1:37 PM To: NT System Admin Issues Subject: RE: Windows 7 Imaging So, Microsoft doesn't just have a Windows Deployment Services Server, they have an entire deployment stack. From the most basic elements, to the most complex, it goes like this (along with current versions): Windows Pre-Execution Environment (WinPE) 3.0 Windows Automated Installation Kit (WAIK) 2.0 Windows Deployment Services Server (WDS) 2008 R2 Microsoft Deployment Toolkit (MDT) 2010 Update 1 (optional) System Center Configuration Manager (SCCM) 2007 R3 MDT can interface with SCCM (it simplifies some basic deployment steps), but SCCM is not required for MDT to be installed standalone. Nothing that MDT or that WDS or that WAIK does is magic. All of it can be duplicated by scripting or by using third-party tools. They are there to make life easier. WinPE has some magic in it, though. J WinPE plus WAIK are the minimum of what you need to do deployment work (with a reasonable amount of effort as opposed to LOTS of effort). They include WinPE boot images, the ImageX and DISM tools, CD/DVD burning utilities, driver libraries, etc. etc. When you install the WDS server role, and WAIK is not installed on your server, a mini-version of WinPE+WAIK is installed as part of the role (basically, x86 and x64 boot images plus sysprep support). All that just to say, and to be clear: if you have WinPE plus WAIK, you can do anything you want to do to an image. Inject, delete, create, modify, whole disk, single partition, multiple partition, GPT, Fat32/NTFS/utility, etc. etc. etc. You can certainly do what you want. You just have to learn the tools. They are VERY different from those that came before. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Jonathan [mailto:ncm...@gmail.com] Sent: Friday, April 01, 2011 3:43 PM To: NT System Admin Issues Subject: Re: Windows 7 Imaging This is pertinent to a conversation I just had with my counterpart @ work on the west coast. They have to image 5,500 machines for a client and he mentioned that WDS would only image at the partition level. They are looking for whole disk imaging. Will WDS do that or should he be looking at something else? Thanks, Jonathan On Thu, Mar 31, 2011 at 8:50 AM, Tom Miller tmil...@hnncsb.org wrote: Folks, We are working towards deploying Windows 7 (along with Office 2010) on current and future shipments of new laptops/PCs. We use syprep and Ghost for our XP image, and it works well. I'm looking for your suggestions/warnings/gotchas as to imaging for Windows 7. Favorite imaging tools, methods, etc? I don't do the imaging here, but my PC guy who does the images seems to be having a bit of a struggle with it compared to XP images, so I thought I'd as you experts. We already have a Dell Kace system management system here, and I'll be viewing a demo today for the imaging component (additional purchase). I'm open to anything that makes the process as painless as possible. If it matters we use Lenovo ThinkPads for our laptops and Dell Optiplex business PCs. Your comments are appreciated. Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential
RE: Windows 7 Imaging
For anyone interested - if you install MDT 2010 Update 1, in add/remove programs it shows up as Microsoft Deployment Toolkit 2010 Update 1 (5.1.1642.01). From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Friday, April 01, 2011 2:16 PM To: NT System Admin Issues Subject: RE: Windows 7 Imaging From what I can tell based on dates (installed 11/3/09), I don't have update 1 of MDT although I can't find the version number anywhere. According to add/remove programs it is version 5.0.1641.0. How can I tell what version I have? If I have just 2010 (no update) how do I go about updating it? Can I just download and install MDT 2010 Update 1 over the top of my present installation? Similarly, I can't find a version number for my WAIK (Installed 11/3/09). My Windows System Image Manager says version 6.1.7600.16385. How can I tell what version I have and can I just update by installing over the top? It looks like there is a WAIK 3.0 now http://www.microsoft.com/downloads/en/details.aspx?FamilyID=696dd665-9f7 6-4177-a811-39c26d3b3b34displaylang=en Thanks for your help. Curt Finley From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Friday, April 01, 2011 1:37 PM To: NT System Admin Issues Subject: RE: Windows 7 Imaging So, Microsoft doesn't just have a Windows Deployment Services Server, they have an entire deployment stack. From the most basic elements, to the most complex, it goes like this (along with current versions): Windows Pre-Execution Environment (WinPE) 3.0 Windows Automated Installation Kit (WAIK) 2.0 Windows Deployment Services Server (WDS) 2008 R2 Microsoft Deployment Toolkit (MDT) 2010 Update 1 (optional) System Center Configuration Manager (SCCM) 2007 R3 MDT can interface with SCCM (it simplifies some basic deployment steps), but SCCM is not required for MDT to be installed standalone. Nothing that MDT or that WDS or that WAIK does is magic. All of it can be duplicated by scripting or by using third-party tools. They are there to make life easier. WinPE has some magic in it, though. J WinPE plus WAIK are the minimum of what you need to do deployment work (with a reasonable amount of effort as opposed to LOTS of effort). They include WinPE boot images, the ImageX and DISM tools, CD/DVD burning utilities, driver libraries, etc. etc. When you install the WDS server role, and WAIK is not installed on your server, a mini-version of WinPE+WAIK is installed as part of the role (basically, x86 and x64 boot images plus sysprep support). All that just to say, and to be clear: if you have WinPE plus WAIK, you can do anything you want to do to an image. Inject, delete, create, modify, whole disk, single partition, multiple partition, GPT, Fat32/NTFS/utility, etc. etc. etc. You can certainly do what you want. You just have to learn the tools. They are VERY different from those that came before. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Jonathan [mailto:ncm...@gmail.com] Sent: Friday, April 01, 2011 3:43 PM To: NT System Admin Issues Subject: Re: Windows 7 Imaging This is pertinent to a conversation I just had with my counterpart @ work on the west coast. They have to image 5,500 machines for a client and he mentioned that WDS would only image at the partition level. They are looking for whole disk imaging. Will WDS do that or should he be looking at something else? Thanks, Jonathan On Thu, Mar 31, 2011 at 8:50 AM, Tom Miller tmil...@hnncsb.org wrote: Folks, We are working towards deploying Windows 7 (along with Office 2010) on current and future shipments of new laptops/PCs. We use syprep and Ghost for our XP image, and it works well. I'm looking for your suggestions/warnings/gotchas as to imaging for Windows 7. Favorite imaging tools, methods, etc? I don't do the imaging here, but my PC guy who does the images seems to be having a bit of a struggle with it compared to XP images, so I thought I'd as you experts. We already have a Dell Kace system management system here, and I'll be viewing a demo today for the imaging component (additional purchase). I'm open to anything that makes the process as painless as possible. If it matters we use Lenovo ThinkPads for our laptops and Dell Optiplex business PCs. Your comments are appreciated. Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise
RE: Forcing Adobe Reader and Java updates
Someone posted this a while back. Sorry, I don't know who it was so I can't give appropriate credit. It will uninstall all versions of Java that a new Java won't uninstall. In my experience it works quite well. @echo off echo Attempting to Uninstall Sun JRE 1.4.2... MsiExec.exe /x{7148F0A8-6813-11D6-A77B-00B0D0142000} /qn echo Attempting to Uninstall Sun JRE 1.4.2_01... MsiExec.exe /x{7148F0A8-6813-11D6-A77B-00B0D0142010} /qn echo Attempting to Uninstall Sun JRE 1.4.2_02... MsiExec.exe /x{7148F0A8-6813-11D6-A77B-00B0D0142020} /qn echo Attempting to Uninstall Sun JRE 1.4.2_03... MsiExec.exe /x{7148F0A8-6813-11D6-A77B-00B0D0142030} /qn echo Attempting to Uninstall Sun JRE 1.4.2_04... MsiExec.exe /x{7148F0A8-6813-11D6-A77B-00B0D0142040} /qn echo Attempting to Uninstall Sun JRE 1.4.2_05... MsiExec.exe /x{7148F0A8-6813-11D6-A77B-00B0D0142050} /qn echo Attempting to Uninstall Sun JRE 1.4.2_06... MsiExec.exe /x{7148F0A8-6813-11D6-A77B-00B0D0142060} /qn echo Attempting to Uninstall Sun JRE 1.4.2_07... MsiExec.exe /x{7148F0A8-6813-11D6-A77B-00B0D0142070} /qn echo Attempting to Uninstall Sun JRE 1.4.2_08... MsiExec.exe /x{7148F0A8-6813-11D6-A77B-00B0D0142080} /qn echo Attempting to Uninstall Sun JRE 1.4.2_09... MsiExec.exe /x{7148F0A8-6813-11D6-A77B-00B0D0142090} /qn echo Attempting to Uninstall Sun JRE 1.4.2_10... MsiExec.exe /x{7148F0A8-6813-11D6-A77B-00B0D0142100} /qn echo Attempting to Uninstall Sun JRE 1.4.2_11... MsiExec.exe /x{7148F0A8-6813-11D6-A77B-00B0D0142110} /qn echo Attempting to Uninstall Sun JRE 1.4.2_12... MsiExec.exe /x{7148F0A8-6813-11D6-A77B-00B0D0142120} /qn echo Attempting to Uninstall Sun JRE 1.4.2_13... MsiExec.exe /x{35A3A4F4-B792-11D6-A78A-00B0D0142130} /qn echo Attempting to Uninstall Sun JRE 1.4.2_14... MsiExec.exe /x{7148F0A8-6813-11D6-A77B-00B0D0142140} /qn echo Attempting to Uninstall Sun JRE 1.4.2_15... MsiExec.exe /x{7148F0A8-6813-11D6-A77B-00B0D0142150} /qn echo Attempting to Uninstall Sun JRE 1.4.2_16... MsiExec.exe /x{7148F0A8-6813-11D6-A77B-00B0D0142160} /qn echo Attempting to Uninstall Sun JRE 1.4.2_17... MsiExec.exe /x{7148F0A8-6813-11D6-A77B-00B0D0142170} /qn echo Attempting to Uninstall Sun JRE 1.4.2_18... MsiExec.exe /x{7148F0A8-6813-11D6-A77B-00B0D0142180} /qn echo Attempting to Uninstall Sun JRE 1.5.0... MsiExec.exe /x{3248F0A8-6813-11D6-A77B-00B0D015} /qn echo Attempting to Uninstall Sun JRE 1.5.0_01... MsiExec.exe /x{3248F0A8-6813-11D6-A77B-00B0D0150010} /qn echo Attempting to Uninstall Sun JRE 1.5.0_02... MsiExec.exe /x{3248F0A8-6813-11D6-A77B-00B0D0150020} /qn echo Attempting to Uninstall Sun JRE 1.5.0_03... MsiExec.exe /x{3248F0A8-6813-11D6-A77B-00B0D0150030} /qn echo Attempting to Uninstall Sun JRE 1.5.0_04... MsiExec.exe /x{3248F0A8-6813-11D6-A77B-00B0D0150040} /qn echo Attempting to Uninstall Sun JRE 1.5.0_05... MsiExec.exe /x{3248F0A8-6813-11D6-A77B-00B0D0150050} /qn echo Attempting to Uninstall Sun JRE 1.5.0_06... MsiExec.exe /x{3248F0A8-6813-11D6-A77B-00B0D0150060} /qn echo Attempting to Uninstall Sun JRE 1.5.0_07... MsiExec.exe /x{3248F0A8-6813-11D6-A77B-00B0D0150070} /qn echo Attempting to Uninstall Sun JRE 1.5.0_08... MsiExec.exe /x{3248F0A8-6813-11D6-A77B-00B0D0150080} /qn echo Attempting to Uninstall Sun JRE 1.5.0_09... MsiExec.exe /x{3248F0A8-6813-11D6-A77B-00B0D0150090} /qn echo Attempting to Uninstall Sun JRE 1.5.0_10... MsiExec.exe /x{3248F0A8-6813-11D6-A77B-00B0D0150100} /qn echo Attempting to Uninstall Sun JRE 1.5.0_11... MsiExec.exe /x{3248F0A8-6813-11D6-A77B-00B0D0150110} /qn echo Attempting to Uninstall Sun JRE 1.5.0_12... MsiExec.exe /x{3248F0A8-6813-11D6-A77B-00B0D0150120} /qn echo Attempting to Uninstall Sun JRE 1.5.0_13... MsiExec.exe /x{3248F0A8-6813-11D6-A77B-00B0D0150130} /qn echo Attempting to Uninstall Sun JRE 1.5.0_14... MsiExec.exe /x{3248F0A8-6813-11D6-A77B-00B0D0150140} /qn echo Attempting to Uninstall Sun JRE 1.5.0_15... MsiExec.exe /x{3248F0A8-6813-11D6-A77B-00B0D0150150} /qn echo Attempting to Uninstall Sun JRE 1.5.0_16... MsiExec.exe /x{3248F0A8-6813-11D6-A77B-00B0D0150160} /qn echo Attempting to Uninstall Sun JRE 1.5.0_17... MsiExec.exe /x{3248F0A8-6813-11D6-A77B-00B0D0150170} /qn echo Attempting to Uninstall Sun JRE 1.5.0_18... MsiExec.exe /x{3248F0A8-6813-11D6-A77B-00B0D0150180} /qn echo Attempting to Uninstall Sun JRE 1.6.0... MsiExec.exe /x{3248F0A8-6813-11D6-A77B-00B0D016} /qn echo Attempting to Uninstall Sun JRE 1.6.0_01... MsiExec.exe /x{3248F0A8-6813-11D6-A77B-00B0D0160010} /qn echo Attempting to Uninstall Sun JRE 1.6.0_02... MsiExec.exe /x{3248F0A8-6813-11D6-A77B-00B0D0160020} /qn echo Attempting to Uninstall Sun JRE 1.6.0_03... MsiExec.exe /x{3248F0A8-6813-11D6-A77B-00B0D0160030} /qn echo Attempting to Uninstall Sun JRE 1.6.0_04... MsiExec.exe /x{3248F0A8-6813-11D6-A77B-00B0D0160040} /qn
RE: SLOOOW System
Thanks to Carl, Ben and Jonathan. It seems that it was splunk. I uninstalled it and haven't had trouble since. I had installed that so long ago that I'd forgotten what it was. I was thinking it was some sort of system process or malware. I'm not sure why it started being a problem all of a sudden. Curt From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Thursday, November 18, 2010 4:33 PM To: NT System Admin Issues Subject: SLOOOW System My Windows 7 laptop has suddenly gotten into a funk where it pegs at 100% CPU utilization. For the last 3 days at about 12:30 it all of a sudden gets really slow. Reboot the system and it's still slow. Today it got past the 12:30 death zone and made it all the way until 4:00. The slowness spans reboots and it seems to take a couple of hours for it to recover. If you look at the processes running in task manager there doesn't seem to be a common process that is chewing up CPU time but tasks that shouldn't take all that much cpu time can be shown to use a lot. For example, task manager can use 50% of the CPU. One thing that I've noticed is, when the system is slow, there have always been a bunch of splunk processes running (splunkd.exe, splunk-regmon.exe, splunk-wmi.exe, splunk-optimize.exe, splunk-admon.exe). Splunkd can be using anywhere from 0 to 50% of the CPU. The other splunks mostly 0%. There are also a bunch of svchost .exe processes running. I'm running Windows 7 64-bit. Closing applications doesn't reduce the CPU utilization. Does anyone know what might be causing this? Thanks for your help. Curt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
SLOOOW System
My Windows 7 laptop has suddenly gotten into a funk where it pegs at 100% CPU utilization. For the last 3 days at about 12:30 it all of a sudden gets really slow. Reboot the system and it's still slow. Today it got past the 12:30 death zone and made it all the way until 4:00. The slowness spans reboots and it seems to take a couple of hours for it to recover. If you look at the processes running in task manager there doesn't seem to be a common process that is chewing up CPU time but tasks that shouldn't take all that much cpu time can be shown to use a lot. For example, task manager can use 50% of the CPU. One thing that I've noticed is, when the system is slow, there have always been a bunch of splunk processes running (splunkd.exe, splunk-regmon.exe, splunk-wmi.exe, splunk-optimize.exe, splunk-admon.exe). Splunkd can be using anywhere from 0 to 50% of the CPU. The other splunks mostly 0%. There are also a bunch of svchost .exe processes running. I'm running Windows 7 64-bit. Closing applications doesn't reduce the CPU utilization. Does anyone know what might be causing this? Thanks for your help. Curt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Authentication
Apparently the accounts were created with a different name and then renamed so the names matched. Renaming it back and then creating an account with the right name in the first place solved the problem. Thanks for all your suggestions. Curt From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Monday, November 01, 2010 1:48 PM To: NT System Admin Issues Subject: Authentication I just created an AD 2008 forest for my church. Most of the computers there are XP Home edition. I have created domain accounts in the AD forest with the same user name and password as they have on their XP Home system. Most of them can use domain resources without any authentication to the server. They just log on to their computer and it works. There are two computers where this is not the case. After logging on to XP, if they click Start | Run and type in \\server file:///\\server it prompts for a username and password. You can type in the same username and password that you used to log on to the computer and you can then use resources on the server. Can anyone suggest why the same username password works on some computers but not others? Thanks for your help. Curt Finley ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Authentication
I just created an AD 2008 forest for my church. Most of the computers there are XP Home edition. I have created domain accounts in the AD forest with the same user name and password as they have on their XP Home system. Most of them can use domain resources without any authentication to the server. They just log on to their computer and it works. There are two computers where this is not the case. After logging on to XP, if they click Start | Run and type in \\server file:///\\server it prompts for a username and password. You can type in the same username and password that you used to log on to the computer and you can then use resources on the server. Can anyone suggest why the same username password works on some computers but not others? Thanks for your help. Curt Finley ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Authentication
I have no idea what the difference is. That's why I'm asking the question. Perhaps there is some registry (or other type) setting that I'm unaware of that could be affecting this? I'm not sure what your second question it. The usernames and passwords are the same on both the domain and the local machine. I'm using the AD integrated DNS. Curt From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Monday, November 01, 2010 1:56 PM To: NT System Admin Issues Subject: Re: Authentication What's different about the machines where this isn't working? Is the case of those passwords identical to what you think it should be? What are they using for DNS? ASB (My XeeSM Profile) http://XeeSM.com/AndrewBaker Exploiting Technology for Business Advantage... On Mon, Nov 1, 2010 at 4:47 PM, Jim Dandy jda...@asmail.ucdavis.edu wrote: I just created an AD 2008 forest for my church. Most of the computers there are XP Home edition. I have created domain accounts in the AD forest with the same user name and password as they have on their XP Home system. Most of them can use domain resources without any authentication to the server. They just log on to their computer and it works. There are two computers where this is not the case. After logging on to XP, if they click Start | Run and type in \\server file:///\\server it prompts for a username and password. You can type in the same username and password that you used to log on to the computer and you can then use resources on the server. Can anyone suggest why the same username password works on some computers but not others? Thanks for your help. Curt Finley ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Accessing DFS Share between forests in 2-way trust
I'm having trouble setting up a DFS share that can be accessed from another forest. I've been able to set up a regular share and access it but the DFS isn't working. Here is the situation DFS share in forest A Two way trust between forest A and B Only one domain in each forest Firewalls have been configured to allow all traffic between A B Log on to any machine in either forest with an account from either forest and can access non-DFS shares in either forest Log on to a machine in forest A with an account from forest A and can access the DFS share with no problem Log on to a machine in forest A with an account from forest B and can access the DFS share with no problem Log on to a machine in forest B with an account from either forest A or B and can't access the DFS The error I get is The mapped network drive could not be created because the following error has occurred: Configuration information could not be read from the domain controller, either because the machine is unavailable or access has been denied. I'd appreciate it if someone can suggest what I'm doing wrong (or things I should try). Curt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Security of Trust Communications
I'm going to create a two-way trust between two forests mainly for the purpose of file sharing. Should I be concerned about the security of communications between the two forests? Are passwords encrypted in communications between the forests? Thanks for your assistance. Curt Finley ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Security of Trust Communications
Thanks From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Thursday, September 23, 2010 2:56 PM To: NT System Admin Issues Subject: RE: Security of Trust Communications Yes it's all protected by NTLM and/or Kerb - same as communications inside your domain. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Thursday, September 23, 2010 4:54 PM To: NT System Admin Issues Subject: Security of Trust Communications I'm going to create a two-way trust between two forests mainly for the purpose of file sharing. Should I be concerned about the security of communications between the two forests? Are passwords encrypted in communications between the forests? Thanks for your assistance. Curt Finley ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Merging Departments
I'm pretty sure we have what you refer to as split DNS. We have AD Integrated DNS but it isn't accessible outside the subnet/firewall. A few hosts are registered with the campus DNS and are discoverable by the outside world but the rest are not. Could I manually add a DNS entry that points to the DNS of the other department? Let's say my domain is A and the other department's domain is B. Could I add b.ucdavis.edu with an IP address of their domain controller to my DNS and a.ucdavis.edu to their DNS? Perhaps another approach would be to include the DNS server of the other department's DNS as a secondary DNS server? It seems like that might be kind of slow waiting for failover to occur? Yes, there is a router between the two subnets. I threw in that detail thinking that browsing across subnets might be more complicated. Curt -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Thursday, August 19, 2010 12:59 PM To: NT System Admin Issues Subject: Re: Merging Departments On Thu, Aug 19, 2010 at 3:32 PM, Jim Dandy jda...@asmail.ucdavis.edu wrote: Is there an inter-forest trust that could be set up? Yup. Should be pretty straight-forward. The trickiest part is likely to be DNS. If your AD domain name is not part of the public DNS namespace, you're going to have to find some way to get the two different networks seeing each other's domains. This can be especially messy if you've got a split DNS setup. But if the networks are fairly cohesive, you can prolly just use selective DNS forwarding in the Windows DNS management GUI. Keeping in mind that both domains are on separate subnets, how would I go about setting us such a trust? Is there network connectivity between the two subnets (i.e., routers)? If so, subnets shouldn't matter. If the two subnets can't talk at all, how were you planning on sharing files? :) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Merging Departments
After some googling, it appears that subzones won't work for me since both A and B are directly under .ucdavis.edu. Correct? Wouldn't subzones require that A was under B or B under A?I'm thinking that conditional forwarders are the way to go. Curt -Original Message- From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Friday, August 20, 2010 9:55 AM To: NT System Admin Issues Subject: RE: Merging Departments I'd use either stub zones or conditional forwarders to link the internal DNS environments together. You are correct in that you have split brain DNS. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 -Original Message- From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Friday, August 20, 2010 11:53 AM To: NT System Admin Issues Subject: RE: Merging Departments I'm pretty sure we have what you refer to as split DNS. We have AD Integrated DNS but it isn't accessible outside the subnet/firewall. A few hosts are registered with the campus DNS and are discoverable by the outside world but the rest are not. Could I manually add a DNS entry that points to the DNS of the other department? Let's say my domain is A and the other department's domain is B. Could I add b.ucdavis.edu with an IP address of their domain controller to my DNS and a.ucdavis.edu to their DNS? Perhaps another approach would be to include the DNS server of the other department's DNS as a secondary DNS server? It seems like that might be kind of slow waiting for failover to occur? Yes, there is a router between the two subnets. I threw in that detail thinking that browsing across subnets might be more complicated. Curt -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Thursday, August 19, 2010 12:59 PM To: NT System Admin Issues Subject: Re: Merging Departments On Thu, Aug 19, 2010 at 3:32 PM, Jim Dandy jda...@asmail.ucdavis.edu wrote: Is there an inter-forest trust that could be set up? Yup. Should be pretty straight-forward. The trickiest part is likely to be DNS. If your AD domain name is not part of the public DNS namespace, you're going to have to find some way to get the two different networks seeing each other's domains. This can be especially messy if you've got a split DNS setup. But if the networks are fairly cohesive, you can prolly just use selective DNS forwarding in the Windows DNS management GUI. Keeping in mind that both domains are on separate subnets, how would I go about setting us such a trust? Is there network connectivity between the two subnets (i.e., routers)? If so, subnets shouldn't matter. If the two subnets can't talk at all, how were you planning on sharing files? :) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Merging Departments
The administrative unit of my department is being merged with another. What that means is, the IT, purchasing and secretarial staff are all going to be under the same management and will need to be able to share files.The rest of the departments (faculty and research staff) remain distinct. The two departments are on separate subnets and have their own single domain 2003 AD forests. The faculty and their staff have little need to communicate with people in the other department although they may have some need to share with the single administrative unit that services both departments. So, the main goal is to get the administrative people in a position where it is easy for them to share documents back and forth. Of secondary importance is for people in the two departments to share with the single administrative unit. What options do I have to do this? One option would be to move all the administrative people to the same domain. That's fairly simple and accomplishes the first goal enabling sharing between administrative people. It does not accomplish the secondary goal of making it possible for people in both departments to share with the admin unit. Is there an inter-forest trust that could be set up? Keeping in mind that both domains are on separate subnets, how would I go about setting us such a trust? What about merging the domains? That seems like it would be a huge job. Are there other approaches? Note: Each domain has about 300 computers in it (600 total). Each administrative unit has about 10 computers/users (20 total). Thanks for your suggestions. Curt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: SCCM 2007 books
I purchased Mastering System Center Configuration Manager 2007 R2 and had some trouble with it. It left out critical steps that made it difficult for me to get things working. I have since purchased System Center Configuration Manager 2007 Unleashed. I haven't had much time with that one but it seems more detailed. In both cases they give way more information than you need in some areas. Curt -Original Message- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: Tuesday, August 17, 2010 11:38 AM To: NT System Admin Issues Subject: SCCM 2007 books Was wondering if anyone had good references for a good, get-your-feet-wet type of book for SCCM 2007. I have access to a couple online, but would like other opinions as well. What I have access to: System Center Configuration Manager 2007 Unleashed - Kerrie Meyler; Byrono Holt; Greg Ramsey Mastering System Center Configuration Manager 2007 R2 - Chris Mosby; Ron D. Crumbaker; Christopher W. Urban Microsoft System Center Configuration Manager 2007 Administrator's Companion - Steven D. Kaczmarek; Microsoft System Center Team Anyone deal with any of these? Any other suggestions? Thanks, Joe Heaton Department of Fish Game ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
NOD32 Antivirus
I'm interested in hearing feedback on NOD32 antivirus. How is it in terms of accuracy of identifying and protecting computers from viruses and other sorts of malware? How is it in terms of the load it puts on workstations? I've got a bunch of old XP systems with 512 MB ram and they seem to get bogged down by other antivirus software (VIPRE and Sophos). Initial tests indicate that NOD might be better. What is your experience? Have you used ESET NOD32? How is it as a central management point for antivirus on the workstations? Thanks for any help you can provide. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Learning System Center Configuration Manager
Do any of you have suggestions about books or on-line documentation that would be helpful getting started with System Center Configuration Manager? Thanks for your help. Curt Finley ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Reader, Acrobat, and Flash security updates
On Win XP when an msi is being pushed via GP, a window pops up and says managed software is being installed. On Vista and 7, the Window doesn't appear. Is there a way to get the notification on Vista and 7? I think it's helpful for users to be reminded why it's taking so long for their system to boot. Curt -Original Message- From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: Friday, February 19, 2010 2:48 PM To: NT System Admin Issues Subject: RE: Reader, Acrobat, and Flash security updates I recommend assigning, especially for apps that most people will use...like adobe reader/flash. When it's assigned, it will get installed on startup and no worries. This can slow boot times when there's a new app to install, but that's a fairly small price to pay for consistency, imo. It depends on the app, but I'd recommend assigning to the computer. Some exceptions might be the admin tools or apps with limited licenses, but in general, I prefer other methods of limiting access to apps. It's only deployed once. One thing I do is to check the box to uninstall the app when it falls out of the scope of management. Now when there's a new version of flash, I just remove the old .msi, add the new one and on next boot, the old gets uninstalled, and the new gets reinstalled. It may be a fine line, but it feels more like a fresh install to me with the added plus that if I ever change my mind about having Flash installed campus-wide, I can just remove the GP, and it will uninstall automatically. To me, that's worth the extra time to un/re-install my apps. -Original Message- From: System Manager [mailto:mgr...@whitman.edu] Sent: Friday, February 19, 2010 4:25 PM To: NT System Admin Issues Subject: Re: Reader, Acrobat, and Flash security updates I am new to deploying applications via group policy. I assume the application should be assigned and not published? Should the application be deployed to the user or to the computer? Is the application only deployed once or will it be deployed each time the user logs in and the group policy is applied? Is there any way to track when the application is deployed. -- Kevin Kelly Director, Network Technology Whitman College On 2/12/2010 12:09 PM, Crawford, Scott wrote: To further expand, I'm quite impressed with Adobe's willingness to work within an MSI/Group Policy framework. I find it VERY refreshing to be able to download a working MSI that I can just slap into GP and deploy site-wide. Additionally, their customization wizard for Acrobat reader is excellent for making MSTs. While I'm less than enthused about their endless barrage of patches and security bugs, I'm very thankful that they've made the installation process so painless. Contrast this with QuickTime - blech. In light of that, if filling out their license form is helpful to them, I'm more than happy to oblige. -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Friday, February 12, 2010 12:54 PM To: NT System Admin Issues Subject: RE: Reader, Acrobat, and Flash security updates Just to expand, that process is painless. Fill out the form and in a few minutes you get the authorizaion via email. -Original Message- From: Phil Brutsche [mailto:p...@optimumdata.com] Sent: Friday, February 12, 2010 1:47 PM To: NT System Admin Issues Subject: Re: Reader, Acrobat, and Flash security updates For Flash you need to register to get a redistribution license. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Printing preferences
I have a Windows Server 2008 print server. When you install one of the printers on a workstation, it sets the default Printing Preferences paper type to Prepunched. I'd like to set it to Plain. (It's an HP printer.) Is there a way to set up the print server so, when a printer is installed from it, the default paper type is Plain? Is there a way to write a vbs (or other type) script to change the paper type? Thanks for your help. Curt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Active Directory U C on Win 7
Is there a way of running Active Directory Users and Computers on Windows 7? Thanks for your help. Curt Finley ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Dell E-port question
I've got one with two external displays. As others have reported if you use two external displays the laptop display doesn't work. I used to have lots of trouble with the setup. Every time my computer went to sleep, it would forget which monitor was my primary and I'd have to reconfigure. I finally gave up on sleep mode and turned it off. Curt Finley From: Richard Stovall [mailto:richard.stov...@researchdata.com] Sent: Wednesday, October 21, 2009 10:33 AM To: NT System Admin Issues Subject: Dell E-port question Does anyone know offhand if you can use the VGA and DVI ports simultaneously on the regular Dell E-port docking station (not the E-port plus)? If it matters, the laptop I'm looking at is a Latitude E5400 with built-in graphics. Thanks, RS ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Windows Deployment Servies, WAIK, and DISM
By New version of WAIK, I assume you mean the Microsoft Deployment Toolkit 2010. There is a document called Quick Start Guide for Lite Touch Installation. That document describes how to add drivers. The document can be downloaded from http://www.microsoft.com/downloads/details.aspx?FamilyID=3bd8561f-77ac-4 400-a0c1-fe871c461a89displayLang=en It's included in Optional - MDT 2010 Print-Ready Documentaiotn.zip. Curt Finley -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Wednesday, October 14, 2009 9:22 AM To: NT System Admin Issues Subject: Windows Deployment Servies, WAIK, and DISM Hey All, We're using Windows Deployment Services from Windows Server 2008 (Not R2). It's been very good for out imaging of labs and laptops for over a year now. We are now beginnnig to acquire computers that cannot use the default boot image which is included with Windows Vista. Of most importance, we are either missing network or storage controller drivers. If either of these are missing from the boot image, using Windows Deployment is impossible. So, I want to update the boot image with the needed drivers. But a new version of Windows Automated Installation Kit (WAIK) has been released for Windows 7. It includes a utility called DISM which makes the updating of drivers much easier . Question 1: Can I use the new DISM to modify Vista images? I don't see where it says I can or can't. Question 2: Will updating my WAIK to the new Windows 7 version be compatible with the Windows Deployment Servicess I have with Windows Server 2008? Question 3: Are there other methods/programs I should be looking at for imaging/updating Windows Vista Deployments? Thanks for any input. --Matt Ross Ephrata School District ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Mini Notebooks
I have a user with one of these Verison-HPs. The keyboard is reasonable and performance is OK for Office 2007. In the days of people using two monitors with their desktop, the biggest drawback is the micro-screen. You can feel really constrained for screen space so, it usage is limited to travel. I suppose you could plug in an external monitor. If I remember right the monitor port is non-standard so you have to buy a dongle if you want to use an external monitor. Curt From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Friday, August 14, 2009 8:32 AM To: NT System Admin Issues Subject: RE: Mini Notebooks I got curious and went next door to the Verizon shop... 1. It is definitely an HP - they make no effort to cover the logo. 2. It has WiFi and G3, but it has no RJ-45 jack. (There is probably a USB RJ-45 ethernet adaptor out there some place.) 3. Standard is 1 Gb RAM, 80 Gb hard drive, and a flavor of XP. 4. The keyboard is full-size. 5. No optical drive, but it does have an SD card slot. -- Richard D. McClary Systems Administrator, Information Technology Group ASPCA(r) 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 richardmccl...@aspca.org P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 www.aspca.org http://www.aspca.org/ The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. Tom Miller tmil...@hnncsb.org wrote on 08/14/2009 10:19:32 AM: I bought one for a friend at Best Buy for about $350. But the Verizon units are about $250+ and we like that they ship with air cards, which we already extensively use for our roaming staff. I don't know if that's a promotion or regular pricing but that's cheap. Steven M. Caesare scaes...@caesare.com 8/14/2009 11:04 AM The HP's are almost $500 aren't they? -sc From: Tom Miller [mailto:tmil...@hnncsb.org] Sent: Friday, August 14, 2009 10:15 AM To: NT System Admin Issues Subject: RE: Mini Notebooks We are testing the Verizon unit with built in air card. I think its a branded HP. Looks nice but still testing. Steven M. Caesare scaes...@caesare.com 8/14/2009 10:11 AM My wife has an Asus EEE PC netbook for personal use. Loves it for light duty surfing/email/media. Shoves it in her purse for a trip. -sc From: Carol Fee [mailto:c...@massbar.org] Sent: Friday, August 14, 2009 10:09 AM To: NT System Admin Issues Subject: Mini Notebooks Very general question - anyone have any experience with any of these either for personal or business ( limited functionality required ) use ? TIA Carol Fee Network Administrator 617-338-0623 c...@massbar.org Massachusetts Bar Association 20 West Street Boston, MA 02111-1204 (617) 338-0500 Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
The network path not found
I've got a Server 2003 domain. One Vista computer on that domain doesn't show up in Network Neighborhood. From an XP machine if you do start run \\computername\sharename I get \\computername\sharename The network path not found I've also tried \\FQDN\sharename and \\ipaddress\sharename and get the same results. If you try to access the Vista machine from another Vista machine it fails with the error Windows cannot access \\comptuername\Sharename Check the spelling of the name. Otherwise there might be a problem with your network. To try to identify and resolve the network problems, click Diagnose. I get the same error if trying to access with either FQDN or ipaddress. If you click on diagnose it says the most likely problem is that port 445 is closed. Here is some additional info 1) I can ping the computer using either it's NetBIOS name, FQDN or IP address 2) File and printer sharing is enabled 3) For testing purposes, the firewall is disabled on the Vista box. 4) If I bring up Network Neighborhood on the Vista computer it can see itself but other computers can't see it 5) I tried removing the Vista computer from the domain and adding it back Any other suggestions on what I might do to get this working? Perhaps there is some service that is not running that should be running? It used to work on this computer. I'm not sure why it stopped. Thanks for your help. Curt Finley ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: IE8
We had a problem. We tracked it down to Sophos Antivirus. Sophos just recently came out with a fix that resolved the issue. Curt -Original Message- From: David L Herrick [mailto:davidherr...@nincal.com] Sent: Tuesday, August 04, 2009 10:18 AM To: NT System Admin Issues Subject: IE8 Anyone else having issues after upgrading? Have some users that IE never seems to come up after the upgrade it is running in processes but nothing the user can see or use? Sigh latest one is the CEO of course oddly it was fine yesterday Thanks David This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the Names in the News company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: IE8
I meant to say We had _that_ problem - the problem where IE8 would hang and never come up. Sophos antivirus related and Sophos just recently came out with a fix for it. -Original Message- From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Monday, August 10, 2009 8:03 PM To: NT System Admin Issues Subject: RE: IE8 We had a problem. We tracked it down to Sophos Antivirus. Sophos just recently came out with a fix that resolved the issue. Curt -Original Message- From: David L Herrick [mailto:davidherr...@nincal.com] Sent: Tuesday, August 04, 2009 10:18 AM To: NT System Admin Issues Subject: IE8 Anyone else having issues after upgrading? Have some users that IE never seems to come up after the upgrade it is running in processes but nothing the user can see or use? Sigh latest one is the CEO of course oddly it was fine yesterday Thanks David This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the Names in the News company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
What is a Dynamic Installer
In WSUS some of the products you can update are Windows Vista Dynamic Installer, Windows Media Dynamic Installer, IE Dynamic Installer, What is a dynamic installer and how do you get a product that needs a updates for a dynamic installer? I've got those products checked but I've never had a computer that needed updates for them. Thanks for your help. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Server 2008 and Windows Updates
Call Microsoft at 866-727-2338 (866 PC-SAFETY) for assistance with installing updates. -Original Message- From: Jon D [mailto:rekcahp...@gmail.com] Sent: Friday, July 17, 2009 7:21 AM To: NT System Admin Issues Subject: Server 2008 and Windows Updates Has anyone had issues with Windows 2008 Server giving error when you try to manually check for windows updates? I have a fresh install, and it's doing it. After spending a day messing with it, I rebuilt it and same thing. Fresh install, nothing custom. The error code is 80072EE2. I've google it for several hours, and none of the suggestions I've found work. Weird thing is it will randomly work, but not consistantly. This is running inside a VMWare ESX box. That shouldn't matter I don't think. It's not part of the domain yet, so no GPOs are applied. Any ideas? Anyone seen this before? Things I've tried: - Rebuild - Add 8530 to windows firewall - Turn off windows firewall - Restart windows update service - Install Server 2008 SP2 - Delete the windows update temp directory - Turn off all the IE security settings that I could find Thanks in advance, Jon ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: OT: Netbooks
The keyboard was pretty decent on the HP I saw. From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Wednesday, July 01, 2009 2:56 PM To: NT System Admin Issues Subject: RE: OT: Netbooks I have bought two Netbooks -- a Dell Mini and a Lenovo. As you probably know, Vista is so slow as to be unusable on a Netbook, and you can't get XP Pro on one. You'll need to wait for the Windows 7, or buy HP, which does have Vista pre-installed on their netbooks. It's worth noting that AFAIK the HP Netbook requires a dongle to connect to a monitor, which was a deal-killer for me, but may not matter for you. Whatever you decide, really take a look at the keyboards. The Dell Mini is completely unusable IMHO. The Lenovo is better, but still challenging. For students with tiny fingers, it may work. But in the case of the Dell, they made the keyboard truly unusuable, as the apostrophe/quote key is located in the weirdest place. Alex From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Wednesday, July 01, 2009 10:37 AM To: NT System Admin Issues Subject: Re: OT: Netbooks I was looking at the Atom's from Dell when we began the process of replacing desktops. I liked what I saw and the price was very good but I could not get one in my hands to try out. I am waiting until I see some of these new types of machines before ordering any. Like your budget mine is super tight at the moment. Jon On Wed, Jul 1, 2009 at 10:25 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: Anyone have any experiences on netbooks in the enterprise? We're a school district, and are just now looking at them. But the ones I'm seeing all come with Windows XP Home Edition, which presents manageability problems for us. Are we better off just waiting for Windows 7? My understanding is that all flavors of it will run on netbooks. John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us http://www.taylor.k12.fl.us/ NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Can't update Acrobat administrative install to 9.1.2
It looks like the solution to my problem was to install the 9.1.0 update, skip the 9.1.1 update and install the 9.1.2 update. -Original Message- From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Monday, June 22, 2009 8:42 AM To: NT System Admin Issues Subject: Can't update Acrobat administrative install to 9.1.2 I'm trying to add an update to my administrative install for Acrobat Pro. I first made an administrative install for Acrobat Pro 9.0. I then added the update AcroProStd910_T1T2_incr.msp to it with a command of the form msiexec /a \\server\share\acropro.mis /p c:\AcroProStd910_T1T2_incr.msp I then applied AcrobatUpd911_all_incr.msp in the same way. After that I tried to add AcrobatUpd912_all_incr.msp in the same way. It appears to start the update and then gives the following error: Error 2602. The File table entry 'Annots.api_911' has no associated entry in the media table. I could install Acro Pro from the msi that was updated with AcrobatUpd911_all_incr.msp (prior to applying AcrobatUpd912_all_incr.msp) and it installs. I can then do an Adobe update and update it to 9.1.2. So, I assume my admin install with 9.1.1 is OK. I just don't seem to be able to update my admin install to 9.1.2. Any help you can provide would be appreciated. Thanks. Curt Finley ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Can't update Acrobat administrative install to 9.1.2
I'm trying to add an update to my administrative install for Acrobat Pro. I first made an administrative install for Acrobat Pro 9.0. I then added the update AcroProStd910_T1T2_incr.msp to it with a command of the form msiexec /a \\server\share\acropro.mis /p c:\AcroProStd910_T1T2_incr.msp I then applied AcrobatUpd911_all_incr.msp in the same way. After that I tried to add AcrobatUpd912_all_incr.msp in the same way. It appears to start the update and then gives the following error: Error 2602. The File table entry 'Annots.api_911' has no associated entry in the media table. I could install Acro Pro from the msi that was updated with AcrobatUpd911_all_incr.msp (prior to applying AcrobatUpd912_all_incr.msp) and it installs. I can then do an Adobe update and update it to 9.1.2. So, I assume my admin install with 9.1.1 is OK. I just don't seem to be able to update my admin install to 9.1.2. Any help you can provide would be appreciated. Thanks. Curt Finley ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
OT: VMware questions
I downloaded and installed what I thought was the free version of VMware's virtualization software. When I load up the Infrastructure Client it says VMWare ESX Server 3i, 3.5.0, 153875 | evaluation (59 day(s) remaining). Did I download the wrong thing? Will the evaluation period run out and then continue to work? Is there a VMware list where I can ask newbie VMware questions? Thanks for your help. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Turning off IPv6 with GP
Is there a way of turning off IPv6 with Group Policy? Thanks for your help. Curt Finley ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
iSCSI target on Server 2008
Is there a free or inexpensive way of putting an iSCSI target on a Server 2008 box? Thanks for your help. Curt Finley ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
WSUS issue
I've got something strange happening with my computer (Vista). On my WSUS server I approved updates that came out today. My computer found a couple of the approved updates and installed them. I then told it to Check online for updates from Microsoft Update and it found two updates that hadn't been installed Update for Windows Mail Junk e-mail Filter [May 2009] (KB905866) Windows Malicious Software Removal Tool - May 2009 (KB890830) Those updates are approved on my WSUS server yet my computer doesn't think it needs them when checking from my WSUS server - only when checking from Microsoft. According to the reports generated on my WSUS server, other computers are showing up as needing the updates - just not my computer. What's up with that and how can it be rectified? Thanks for your help. Curt Finley ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: WSUS issue
WSUS is set to download only when updates are approved. I just approved them so I'm not sure if they've made it to my server yet or not. Curt -Original Message- From: Richard Stovall [mailto:richard.stov...@researchdata.com] Sent: Tuesday, May 12, 2009 11:43 AM To: NT System Admin Issues Subject: RE: WSUS issue Have they actually downloaded to your WSUS server yet? -Original Message- From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Tuesday, May 12, 2009 2:41 PM To: NT System Admin Issues Subject: WSUS issue I've got something strange happening with my computer (Vista). On my WSUS server I approved updates that came out today. My computer found a couple of the approved updates and installed them. I then told it to Check online for updates from Microsoft Update and it found two updates that hadn't been installed Update for Windows Mail Junk e-mail Filter [May 2009] (KB905866) Windows Malicious Software Removal Tool - May 2009 (KB890830) Those updates are approved on my WSUS server yet my computer doesn't think it needs them when checking from my WSUS server - only when checking from Microsoft. According to the reports generated on my WSUS server, other computers are showing up as needing the updates - just not my computer. What's up with that and how can it be rectified? Thanks for your help. Curt Finley ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: WSUS issue
That must have been it. They are now being detected as being needed from my WSUS server. Thanks. Curt -Original Message- From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Tuesday, May 12, 2009 11:53 AM To: NT System Admin Issues Subject: RE: WSUS issue WSUS is set to download only when updates are approved. I just approved them so I'm not sure if they've made it to my server yet or not. Curt -Original Message- From: Richard Stovall [mailto:richard.stov...@researchdata.com] Sent: Tuesday, May 12, 2009 11:43 AM To: NT System Admin Issues Subject: RE: WSUS issue Have they actually downloaded to your WSUS server yet? -Original Message- From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Tuesday, May 12, 2009 2:41 PM To: NT System Admin Issues Subject: WSUS issue I've got something strange happening with my computer (Vista). On my WSUS server I approved updates that came out today. My computer found a couple of the approved updates and installed them. I then told it to Check online for updates from Microsoft Update and it found two updates that hadn't been installed Update for Windows Mail Junk e-mail Filter [May 2009] (KB905866) Windows Malicious Software Removal Tool - May 2009 (KB890830) Those updates are approved on my WSUS server yet my computer doesn't think it needs them when checking from my WSUS server - only when checking from Microsoft. According to the reports generated on my WSUS server, other computers are showing up as needing the updates - just not my computer. What's up with that and how can it be rectified? Thanks for your help. Curt Finley ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Remote access options
I thought I remembered something like a CAL usage get�stuc in the server. After 30 days of non-use it can be reused. Is that right or is that with older versions of TS. �ll be using Server 2008. Curt From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Monday, May 04, 2009 10:32 AM To: NT System Admin Issues Subject: RE: Remote access options TS licenses are concurrent connection licenses, right? So when one connection drops, another can happen? Joe Heaton Employment Training Panel From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Monday, May 04, 2009 9:28 AM To: NT System Admin Issues Subject: RE: Remote access options Bummer From: Richard Stovall [mailto:richard.stov...@researchdata.com] Sent: Friday, May 01, 2009 11:53 AM To: NT System Admin Issues Subject: RE: Remote access options Yeah, I was kinda bummed when I dug into it and found out. At least TS CALs aret too expensiv You dont need a TS CAL to remote directly into a workstation, but you do if you go through a TS Gateway. From Licensing Windows Server 2008 Terminal Services.do @ http://download.microsoft.com/download/6/9/5/695ba00d-c790-4c90-813a-f10539d97991/Licensing%20Windows%20Server%202008%20Terminal%20Services.doc (http://tinyurl.com/64ykh7) Do I need a TS CAL if I am not running a multiuser environment but use functionality in Terminal Servicfor example, Terminal Services Gateway? Yes. A TS CAL is required for the use of any functionality included in the Terminal Services role in Windows Server. For example, if you are using TS Gateway and/or TS Web Access to provide access to a Windows Client operating system on an individual PC, both a TS CAL and Windows Server CAL are required. RS From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Friday, May 01, 2009 2:25 PM To: NT System Admin Issues Subject: RE: Remote access options Are you sure each TS Gateway user or device requires a TS CA I thought you only needed a CAL if you were going into a TS and that remote desktop connections to desktop computers were free. Curt From: Richard Stovall [mailto:richard.stov...@researchdata.com] Sent: Thursday, April 30, 2009 12:51 PM To: NT System Admin Issues Subject: RE: Remote access options Its really easy to set up and works quite well in my experience. There are only a couple of potential gotchas that I found. 1) Each TS Gateway user or device requires a TS CAL. 2) Wildcard certs work fine, but you need to have XP SPs RDP client on XP, or Service Pack 1 on Vista I dont think you can download the Vista SP1 RDP client by itself. From: Tom Miller [mailto:tmil...@hnncsb.org] Sent: Thursday, April 30, 2009 3:39 PM To: NT System Admin Issues Subject: Re: Remote access options TS 2008, Gateway Role, is over SSL only. I set up a nat on my firewall and https only to the gateway server and that's all you need to do (other than configuring the Gateway role, getting a certificate for the farm, blah blah blah.) Jeff Brown 2jbr...@gmail.com 4/30/2009 1:29 PM Our firewall allows for a relatively simple ssl connection, which then grants access to a TS server. Very simple to deploy and use, and (I think) more secure than a hole straight through to a TS server on network or DMZ. On Thu, Apr 30, 2009 at 11:37 AM, Tom Miller tmil...@hnncsb.org wrote: Terminal Server 2008 has the Gateway role for external users. Still clunky compared to Citrix, but much less costly. I have a Citrix farm for external users, and starting to use Terminal Server for internal users. I'd go 100% Citrix if it were not so ridiculously expensive. Tom Miller Engineer, Information Technology Hampton-Newport News Community Services Board 757-788-0528 Erik Goldoff egold...@gmail.com 4/30/2009 12:23 PM You *could* try a quick rollout of Terminal Server, temporary licenses are good for 90 days ( still true I think ) Erik Goldoff IT Consultant Systems, Networks, Security From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Thursday, April 30, 2009 12:17 PM To: NT System Admin Issues Subject: RE: Remote access options Thats more the waym leaning as well, dont want to put more processing load than necessary on the firewall. But, push come to shove, if they demand something within a day or two, VPN would have to be used, as I dot have the web stuff for Citrix, or an Access Gateway setup. Joe Heaton Employment Training Panel From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Thursday, April 30, 2009 8:46 AM To: NT System Admin Issues Subject: RE: Remote access options my choice to connect a disparate collection of nonstandard home users from their own equipment would be Terminal Server / Citrix , *should* keep your interior network more secure than a VPN tunnel. And not being familiar with your firewall or quantities of tunnels needed, performance may be an issue. If you have large numbers of 3DES
RE: Remote access options
Bummer From: Richard Stovall [mailto:richard.stov...@researchdata.com] Sent: Friday, May 01, 2009 11:53 AM To: NT System Admin Issues Subject: RE: Remote access options Yeah, I was kinda bummed when I dug into it and found out. At least TS CALs aret too expensiv You dont need a TS CAL to remote directly into a workstation, but you do if you go through a TS Gateway. From Licensing Windows Server 2008 Terminal Services.do @ http://download.microsoft.com/download/6/9/5/695ba00d-c790-4c90-813a-f10539d97991/Licensing%20Windows%20Server%202008%20Terminal%20Services.doc (http://tinyurl.com/64ykh7) Do I need a TS CAL if I am not running a multiuser environment but use functionality in Terminal Servicfor example, Terminal Services Gateway? Yes. A TS CAL is required for the use of any functionality included in the Terminal Services role in Windows Server. For example, if you are using TS Gateway and/or TS Web Access to provide access to a Windows Client operating system on an individual PC, both a TS CAL and Windows Server CAL are required. RS From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Friday, May 01, 2009 2:25 PM To: NT System Admin Issues Subject: RE: Remote access options Are you sure each TS Gateway user or device requires a TS CA I thought you only needed a CAL if you were going into a TS and that remote desktop connections to desktop computers were free. Curt From: Richard Stovall [mailto:richard.stov...@researchdata.com] Sent: Thursday, April 30, 2009 12:51 PM To: NT System Admin Issues Subject: RE: Remote access options Its really easy to set up and works quite well in my experience. There are only a couple of potential gotchas that I found. 1) Each TS Gateway user or device requires a TS CAL. 2) Wildcard certs work fine, but you need to have XP SPs RDP client on XP, or Service Pack 1 on Vista I dont think you can download the Vista SP1 RDP client by itself. From: Tom Miller [mailto:tmil...@hnncsb.org] Sent: Thursday, April 30, 2009 3:39 PM To: NT System Admin Issues Subject: Re: Remote access options TS 2008, Gateway Role, is over SSL only. I set up a nat on my firewall and https only to the gateway server and that's all you need to do (other than configuring the Gateway role, getting a certificate for the farm, blah blah blah.) Jeff Brown 2jbr...@gmail.com 4/30/2009 1:29 PM Our firewall allows for a relatively simple ssl connection, which then grants access to a TS server. Very simple to deploy and use, and (I think) more secure than a hole straight through to a TS server on network or DMZ. On Thu, Apr 30, 2009 at 11:37 AM, Tom Miller tmil...@hnncsb.org wrote: Terminal Server 2008 has the Gateway role for external users. Still clunky compared to Citrix, but much less costly. I have a Citrix farm for external users, and starting to use Terminal Server for internal users. I'd go 100% Citrix if it were not so ridiculously expensive. Tom Miller Engineer, Information Technology Hampton-Newport News Community Services Board 757-788-0528 Erik Goldoff egold...@gmail.com 4/30/2009 12:23 PM You *could* try a quick rollout of Terminal Server, temporary licenses are good for 90 days ( still true I think ) Erik Goldoff IT Consultant Systems, Networks, Security From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Thursday, April 30, 2009 12:17 PM To: NT System Admin Issues Subject: RE: Remote access options Thats more the waym leaning as well, dont want to put more processing load than necessary on the firewall. But, push come to shove, if they demand something within a day or two, VPN would have to be used, as I dot have the web stuff for Citrix, or an Access Gateway setup. Joe Heaton Employment Training Panel From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Thursday, April 30, 2009 8:46 AM To: NT System Admin Issues Subject: RE: Remote access options my choice to connect a disparate collection of nonstandard home users from their own equipment would be Terminal Server / Citrix , *should* keep your interior network more secure than a VPN tunnel. And not being familiar with your firewall or quantities of tunnels needed, performance may be an issue. If you have large numbers of 3DES or better encrypted tunnels ( large relating to the capabilities of your firewall ) then you could overwhelm the firewall processor and buffers, impacting overall performance and reliability of network connections. RDP/ICA is simply traffic the firewall will process, and not spend time encrypting/decrypting with whatever VPN encryption engine it has Erik Goldoff IT Consultant Systems, Networks, Security From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Thursday, April 30, 2009 11:40 AM To: NT System Admin Issues Subject: Remote access options With thepandemi, ve been tasked with coming up with a plan for remote access
DHCP 80-20 rule
I've read some about the DHCP 80-20 rule but I'm not sure I really understand it. Here are two questions. 1) Why 80-20? Why not 50-50? If one server fails, wouldn't it be better for the other server to have a larger range from which to distribute addresses? 2) Let's say everything is working perfectly and both DHCP servers are up. Client1 requests an address and receives address 192.168.0.1 from DHCPServer1. Time passes until half of the lease time has expired so Client1 requests an address. This time DHCPServer2 is a little faster and provides address 192.168.0.129. DHCPserver1 doesn't know that a different address has been assigned to Client1 so Client1 has an active lease on both DHCP servers although only one of the addresses is functional. (Perhaps that's not what would happen?) What happens to DNS? Are there now two entries in DNS (192.168.0.1 and 192.168.0.129) for Client1? For the purpose of answering this question, please assume that I have Active Directory Integrated DNS on Server 2003 and DHCP on Windows Server 2008. Thanks for your help. Curt Finley ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Remote access options
Are you sure each TS Gateway user or device requires a TS CAL? I thought you only needed a CAL if you were going into a TS and that remote desktop connections to desktop computers were free. Curt From: Richard Stovall [mailto:richard.stov...@researchdata.com] Sent: Thursday, April 30, 2009 12:51 PM To: NT System Admin Issues Subject: RE: Remote access options Its really easy to set up and works quite well in my experience. There are only a couple of potential gotchas that I found. 1) Each TS Gateway user or device requires a TS CAL. 2) Wildcard certs work fine, but you need to have XP SPs RDP client on XP, or Service Pack 1 on Vista I dont think you can download the Vista SP1 RDP client by itself. From: Tom Miller [mailto:tmil...@hnncsb.org] Sent: Thursday, April 30, 2009 3:39 PM To: NT System Admin Issues Subject: Re: Remote access options TS 2008, Gateway Role, is over SSL only. I set up a nat on my firewall and https only to the gateway server and that's all you need to do (other than configuring the Gateway role, getting a certificate for the farm, blah blah blah.) Jeff Brown 2jbr...@gmail.com 4/30/2009 1:29 PM Our firewall allows for a relatively simple ssl connection, which then grants access to a TS server. Very simple to deploy and use, and (I think) more secure than a hole straight through to a TS server on network or DMZ. On Thu, Apr 30, 2009 at 11:37 AM, Tom Miller tmil...@hnncsb.org wrote: Terminal Server 2008 has the Gateway role for external users. Still clunky compared to Citrix, but much less costly. I have a Citrix farm for external users, and starting to use Terminal Server for internal users. I'd go 100% Citrix if it were not so ridiculously expensive. Tom Miller Engineer, Information Technology Hampton-Newport News Community Services Board 757-788-0528 Erik Goldoff egold...@gmail.com 4/30/2009 12:23 PM You *could* try a quick rollout of Terminal Server, temporary licenses are good for 90 days ( still true I think ) Erik Goldoff IT Consultant Systems, Networks, Security From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Thursday, April 30, 2009 12:17 PM To: NT System Admin Issues Subject: RE: Remote access options Thats more the waym leaning as well, dont want to put more processing load than necessary on the firewall. But, push come to shove, if they demand something within a day or two, VPN would have to be used, as I dot have the web stuff for Citrix, or an Access Gateway setup. Joe Heaton Employment Training Panel From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Thursday, April 30, 2009 8:46 AM To: NT System Admin Issues Subject: RE: Remote access options my choice to connect a disparate collection of nonstandard home users from their own equipment would be Terminal Server / Citrix , *should* keep your interior network more secure than a VPN tunnel. And not being familiar with your firewall or quantities of tunnels needed, performance may be an issue. If you have large numbers of 3DES or better encrypted tunnels ( large relating to the capabilities of your firewall ) then you could overwhelm the firewall processor and buffers, impacting overall performance and reliability of network connections. RDP/ICA is simply traffic the firewall will process, and not spend time encrypting/decrypting with whatever VPN encryption engine it has Erik Goldoff IT Consultant Systems, Networks, Security From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Thursday, April 30, 2009 11:40 AM To: NT System Admin Issues Subject: Remote access options With thepandemi, ve been tasked with coming up with a plan for remote access, in order to keep the business running, in case of having to have people stay home. So, with that, ve decided to ask you guys what youre using/doing, for teleworking. A couple of options I thought of off the top of my head: 1) VPN simple, gives the user a good desktop experience. Slow, at least slower than working from your desk. 2) Citrix same as above, can publish specific apps, or entire desktop if needed. Low bandwidth requirements. I listed those two, as our firewall has built-in VPN capabilities, which we are currently using, and therefore would be the quickest option to implement. We also have Citrix already, although only a single server, running PS 4.0. I know Id want to implement an Access Gateway, etc with the Citrix option. Thanks, Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov pr pr pr pr Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the
RE: DHCP 80-20 rule
I still don't get the 80-20 thing. 50-50 would distribute the load better and would potentially give you more leases if one fails. Perhaps the hope is that the one that fails is the one with 20% and that 80% would give you adequate addresses to be fully functional while you fix the 20. Thanks for the info on the no-broadcast for renewals. Here is another question ... 3) Let's say you reboot your client before the lease expires. On reboot does it do a broadcast to get a new address or does it just try to renew from the DHCP server from which it got its original lease? Curt -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Friday, May 01, 2009 11:17 AM To: NT System Admin Issues Subject: RE: DHCP 80-20 rule -Original Message- From: Jim Dandy 1) Why 80-20? Why not 50-50? If one server fails, wouldn't it be better for the other server to have a larger range from which to distribute addresses? The 20 is designed to keep you alive and running while you fix the 80 server. Certainly a full range on both servers to serve all your clients would be great, if your subnetting and available addresses allow it. 2) Let's say everything is working perfectly and both DHCP servers are up. Client1 requests an address and receives address 192.168.0.1 from DHCPServer1. Time passes until half of the lease time has expired so Client1 requests an address. This time DHCPServer2 is a little faster and provides address 192.168.0.129. At 50 percent the client contacts the original leasing server directly to renew that lease. It does not do a brand new lease broadcast. It will continue to ask directly until it gets an answer. If it can't it will then broadcast for a brand new lease. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: DHCP 80-20 rule
Thanks to all for your knowledgable and fast responses. Curt -Original Message- From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Friday, May 01, 2009 11:41 AM To: NT System Admin Issues Subject: RE: DHCP 80-20 rule I still don't get the 80-20 thing. 50-50 would distribute the load better and would potentially give you more leases if one fails. Perhaps the hope is that the one that fails is the one with 20% and that 80% would give you adequate addresses to be fully functional while you fix the 20. Thanks for the info on the no-broadcast for renewals. Here is another question ... 3) Let's say you reboot your client before the lease expires. On reboot does it do a broadcast to get a new address or does it just try to renew from the DHCP server from which it got its original lease? Curt -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Friday, May 01, 2009 11:17 AM To: NT System Admin Issues Subject: RE: DHCP 80-20 rule -Original Message- From: Jim Dandy 1) Why 80-20? Why not 50-50? If one server fails, wouldn't it be better for the other server to have a larger range from which to distribute addresses? The 20 is designed to keep you alive and running while you fix the 80 server. Certainly a full range on both servers to serve all your clients would be great, if your subnetting and available addresses allow it. 2) Let's say everything is working perfectly and both DHCP servers are up. Client1 requests an address and receives address 192.168.0.1 from DHCPServer1. Time passes until half of the lease time has expired so Client1 requests an address. This time DHCPServer2 is a little faster and provides address 192.168.0.129. At 50 percent the client contacts the original leasing server directly to renew that lease. It does not do a brand new lease broadcast. It will continue to ask directly until it gets an answer. If it can't it will then broadcast for a brand new lease. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Installing Acrobat with GP
I wrote an article on generating the customized MSI you need to push out Acrobat Reader 9 and another for 9.1. The same process works for all versions of Acrobat. I tested with both Acrobat Reader and Pro. http://www.dabcc.com/article.aspx?id=10082 Did you know that you are required to sign up for the Adobe Distribution License if you are going to push out any Adobe product on your network? I have a distribution license for Adobe Reader. Do I have to sign up for another one for Adobe Pro? Webster ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: NAC - Network Access Control
I've implemented Microsoft's Network Access Protection with VPN and Terminal Server Gateway. I don't have much experience with it at this point but it seems to work well. I'm considering also using it on my LAN. You can use DHCP, IPSec or 802.1x enforcement. See http://blogs.technet.com/nap/archive/2007/04/26/updated-nap-step-by-step -guides-for-longhorn-beta-3.aspx for links to the step-by-step guides. Curt Finley From: Burgess, Jeffrey [mailto:jburg...@liberty-bank.com] Sent: Tuesday, April 28, 2009 8:13 AM To: NT System Admin Issues Subject: NAC - Network Access Control Anyone here using a NAC solution? What are you using and how do you like it? I'm looking at a few but would like to see what others are using and how they like it. Specifically in how useful it is for out of band devices (Devices not owned by your company, I.E. Vendor laptops etc...) I like ForeScout so far and I'm also looking at Cisco and Symantec. What do you have? Jeffrey T. Burgess Sr. Systems Engineer Liberty Bank 315 Main St. Middletown CT, 06457 (860) 704-2196 jburg...@liberty-bank.com Ambition is the last refuge of failure. - Oscar Wilde ** Unless you have received this email through the Liberty Bank secure email system, before you respond, please consider that any unencrypted e-mail that is sent to us is not secure. If you send regular e-mail to Liberty Bank, please do not include any private or confidential information such as social security numbers, unlisted telephone numbers, bank account numbers, personal income information, user names, passwords, etc. If you need to provide us with such information, please telephone us at (888)570-0773 during business hours or write to us at 315 Main St. Middletown, CT 06457. The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient of this message you are hereby notified that any use, review, retransmission, dissemination, distribution, reproduction or any action taken in reliance upon this message is prohibited and may be unlawful. If you received this in error, please contact the sender and delete the material from any computer without disclosing it. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of the Bank. Thank you. ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Installing Acrobat with GP
Is anyone pushing Acrobat with Group Policy? If so, does it work well? Thanks for your comments. Curt Finley ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Adobe Flash Player - Redistributable
You could install it and then go to adobe.com. Right-click on the graphic that spans the top of the web page and select about Adobe Flash Player 10 It will tell you what version is installed. Curt From: Mike Gill [mailto:lis...@canbyfoursquare.com] Sent: Thursday, April 02, 2009 4:30 PM To: NT System Admin Issues Subject: Adobe Flash Player - Redistributable Sorry if I am just missing this, but when adobe puts out an updated version of Flash, the website for the redistributable download gives no versioning information. For example, if there was an update from v10.0 to v10.0.1, how would you know you're getting an up to date version, or where to get the updated version? -- Mike Gill ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
64-bit drivers for Color LaserJet on Server 2008
I'm trying to add the 64-bit drivers for an HP Color LaserJet 4650 to a print queue on Server 2008. The 32-bit drivers (downloaded from HP 12/5/2008) are already installed. I go to the properties for the queue. On the sharing tab I click on Additional Drivers I select x64 and click on OK. I then browse to the location where my printer drivers have been extracted, click on Open (it wants to open hpc4650u.inf) and then click on OK. Then a window comes up that says Install Components From Windows media Please provide path to Windows media (x64 processor). Type the path where the file is located, and then click OK. Copy files from: D:\amd64 There is no \amd64 directory on my Server 2008 (32-bit) or Vista-64 media. I click on browse and it appears that the file it wants to open is called ntprint.inf. I don't seem to be able to find this file on either of my DVDs. The file I downloaded from HP and am trying to install is called clj4650pcl6winvistaxp2003-64.exe. The description of the file I downloaded is HP Color LaserJet 4650 PCL6 64-bit Driver (use with AMD Athlon 64, AMD Opteron, Intel Xeon and Pentium 4 with EMT64)HP Color LaserJet 4650 PCL6 64-bit Driver (use with AMD Athlon 64, AMD Opteron, Intel Xeon and Pentium 4 with EMT64). Perhaps that driver won't do what I want it to do? What I'm trying to do is load the printer drivers so 64-bit Vista core 2 duo systems can print through my print server. What do I need to do to get this to work? Any suggestions are appreciated. Curt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: 64-bit drivers for Color LaserJet on Server 2008
Your right. 2K3-64bit does have a \AMD directory. So what happens if I let it grab files from 2K3 and install them on a 2K8 Box. Is that going to cause problems? Curt -Original Message- From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Wednesday, April 01, 2009 11:56 AM To: NT System Admin Issues Subject: RE: 64-bit drivers for Color LaserJet on Server 2008 Try pointing it at a 2003 x64 CD. That sounds like what it's looking for - odd. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 Active Directory, 4th Ed - http://www.briandesmond.com/ad4/ Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian -Original Message- From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Wednesday, April 01, 2009 1:48 PM To: NT System Admin Issues Subject: 64-bit drivers for Color LaserJet on Server 2008 I'm trying to add the 64-bit drivers for an HP Color LaserJet 4650 to a print queue on Server 2008. The 32-bit drivers (downloaded from HP 12/5/2008) are already installed. I go to the properties for the queue. On the sharing tab I click on Additional Drivers I select x64 and click on OK. I then browse to the location where my printer drivers have been extracted, click on Open (it wants to open hpc4650u.inf) and then click on OK. Then a window comes up that says Install Components From Windows media Please provide path to Windows media (x64 processor). Type the path where the file is located, and then click OK. Copy files from: D:\amd64 There is no \amd64 directory on my Server 2008 (32-bit) or Vista-64 media. I click on browse and it appears that the file it wants to open is called ntprint.inf. I don't seem to be able to find this file on either of my DVDs. The file I downloaded from HP and am trying to install is called clj4650pcl6winvistaxp2003-64.exe. The description of the file I downloaded is HP Color LaserJet 4650 PCL6 64-bit Driver (use with AMD Athlon 64, AMD Opteron, Intel Xeon and Pentium 4 with EMT64)HP Color LaserJet 4650 PCL6 64-bit Driver (use with AMD Athlon 64, AMD Opteron, Intel Xeon and Pentium 4 with EMT64). Perhaps that driver won't do what I want it to do? What I'm trying to do is load the printer drivers so 64-bit Vista core 2 duo systems can print through my print server. What do I need to do to get this to work? Any suggestions are appreciated. Curt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: 64-bit drivers for Color LaserJet on Server 2008
I just noticed that the drivers listed for Vista-64 and 2008-64 are different. 2008 only lists universal drivers. Vista lists both universal and regular drivers. I would have thought they would be the same. The driver I was trying to install was the regular Vista-64 driver. Perhaps that's my problem? Curt -Original Message- From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Wednesday, April 01, 2009 12:30 PM To: NT System Admin Issues Subject: RE: 64-bit drivers for Color LaserJet on Server 2008 Your right. 2K3-64bit does have a \AMD directory. So what happens if I let it grab files from 2K3 and install them on a 2K8 Box. Is that going to cause problems? Curt -Original Message- From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Wednesday, April 01, 2009 11:56 AM To: NT System Admin Issues Subject: RE: 64-bit drivers for Color LaserJet on Server 2008 Try pointing it at a 2003 x64 CD. That sounds like what it's looking for - odd. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 Active Directory, 4th Ed - http://www.briandesmond.com/ad4/ Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian -Original Message- From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Wednesday, April 01, 2009 1:48 PM To: NT System Admin Issues Subject: 64-bit drivers for Color LaserJet on Server 2008 I'm trying to add the 64-bit drivers for an HP Color LaserJet 4650 to a print queue on Server 2008. The 32-bit drivers (downloaded from HP 12/5/2008) are already installed. I go to the properties for the queue. On the sharing tab I click on Additional Drivers I select x64 and click on OK. I then browse to the location where my printer drivers have been extracted, click on Open (it wants to open hpc4650u.inf) and then click on OK. Then a window comes up that says Install Components From Windows media Please provide path to Windows media (x64 processor). Type the path where the file is located, and then click OK. Copy files from: D:\amd64 There is no \amd64 directory on my Server 2008 (32-bit) or Vista-64 media. I click on browse and it appears that the file it wants to open is called ntprint.inf. I don't seem to be able to find this file on either of my DVDs. The file I downloaded from HP and am trying to install is called clj4650pcl6winvistaxp2003-64.exe. The description of the file I downloaded is HP Color LaserJet 4650 PCL6 64-bit Driver (use with AMD Athlon 64, AMD Opteron, Intel Xeon and Pentium 4 with EMT64)HP Color LaserJet 4650 PCL6 64-bit Driver (use with AMD Athlon 64, AMD Opteron, Intel Xeon and Pentium 4 with EMT64). Perhaps that driver won't do what I want it to do? What I'm trying to do is load the printer drivers so 64-bit Vista core 2 duo systems can print through my print server. What do I need to do to get this to work? Any suggestions are appreciated. Curt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: 64-bit drivers for Color LaserJet on Server 2008
I had heard in the past that HPs universal drivers weren't too good. Would others agree that I should try to stay away from them? Curt -Original Message- From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Wednesday, April 01, 2009 1:04 PM To: NT System Admin Issues Subject: RE: 64-bit drivers for Color LaserJet on Server 2008 Probably will be fine. Might want to look at the HP Universal driver? Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 -Original Message- From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Wednesday, April 01, 2009 2:30 PM To: NT System Admin Issues Subject: RE: 64-bit drivers for Color LaserJet on Server 2008 Your right. 2K3-64bit does have a \AMD directory. So what happens if I let it grab files from 2K3 and install them on a 2K8 Box. Is that going to cause problems? Curt -Original Message- From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Wednesday, April 01, 2009 11:56 AM To: NT System Admin Issues Subject: RE: 64-bit drivers for Color LaserJet on Server 2008 Try pointing it at a 2003 x64 CD. That sounds like what it's looking for - odd. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 Active Directory, 4th Ed - http://www.briandesmond.com/ad4/ Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian -Original Message- From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Wednesday, April 01, 2009 1:48 PM To: NT System Admin Issues Subject: 64-bit drivers for Color LaserJet on Server 2008 I'm trying to add the 64-bit drivers for an HP Color LaserJet 4650 to a print queue on Server 2008. The 32-bit drivers (downloaded from HP 12/5/2008) are already installed. I go to the properties for the queue. On the sharing tab I click on Additional Drivers I select x64 and click on OK. I then browse to the location where my printer drivers have been extracted, click on Open (it wants to open hpc4650u.inf) and then click on OK. Then a window comes up that says Install Components From Windows media Please provide path to Windows media (x64 processor). Type the path where the file is located, and then click OK. Copy files from: D:\amd64 There is no \amd64 directory on my Server 2008 (32-bit) or Vista-64 media. I click on browse and it appears that the file it wants to open is called ntprint.inf. I don't seem to be able to find this file on either of my DVDs. The file I downloaded from HP and am trying to install is called clj4650pcl6winvistaxp2003-64.exe. The description of the file I downloaded is HP Color LaserJet 4650 PCL6 64-bit Driver (use with AMD Athlon 64, AMD Opteron, Intel Xeon and Pentium 4 with EMT64)HP Color LaserJet 4650 PCL6 64-bit Driver (use with AMD Athlon 64, AMD Opteron, Intel Xeon and Pentium 4 with EMT64). Perhaps that driver won't do what I want it to do? What I'm trying to do is load the printer drivers so 64-bit Vista core 2 duo systems can print through my print server. What do I need to do to get this to work? Any suggestions are appreciated. Curt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Pushing an .msp with Group policy
The update of Adobe Reader 8.1.3 to 8.1.4 is an msp - not an msi. I'd like to push it with group policy. Is there a way to do that? Do I have to somehow convert it to an msi? Thanks for your help. Curt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Pushing an .msp with Group policy
OK, I was able to apply the patch to my previous admin install. However, the new 8.1.4 won't install until the old version (8.1.3) is uninstalled. According to an adobe document on installing Adobe Reader with GPO, you can uninstall software previously installed via GPO by unlinking the GPO from the OU. I've removed the link but the software does not get uninstalled. What's the trick to get the old stuff uninstalled so I can install the new stuff? This would be a whole lot simpler if Adobe would just uninstall their old junk when you install the new junk! Thanks for your help. Curt -Original Message- From: Phil Brutsche [mailto:p...@optimumdata.com] Sent: Tuesday, March 31, 2009 12:11 PM To: NT System Admin Issues Subject: Re: Pushing an .msp with Group policy What I did was to perform and administrative install of 8.1.3 then apply the 8.1.4 patch to that. Then you just put the 8.1.4 admin install point in the appropriate GPO. Jim Dandy wrote: The update of Adobe Reader 8.1.3 to 8.1.4 is an msp - not an msi. I'd like to push it with group policy. Is there a way to do that? Do I have to somehow convert it to an msi? Thanks for your help. -- Phil Brutsche p...@optimumdata.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Java issues
My understanding is that you can write a java app and tell it to use version 1.4. If that's true, unless you uninstall the old version, it doesn't really help to install the newer version. Versions since about 6.12 will be automatically uninstalled when you install a newer version but you still need to get rid of the older stuff. Is there an automated way of getting rid of the old stuff or does it have to be done manually? I've been doing it manually. Curt -Original Message- From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Friday, March 27, 2009 8:10 AM To: NT System Admin Issues Subject: RE: Java issues Anyone have a favorite MSI packager? Preferably trial version with no limitations or a free product, so I can get this Java update pushed out to my users. Joe Heaton Employment Training Panel -Original Message- From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Thursday, March 26, 2009 3:27 PM To: NT System Admin Issues Subject: RE: Java issues That's what I figured. Now I just have to figure out how to push this out to all my users. Joe Heaton Employment Training Panel -Original Message- From: Phil Brutsche [mailto:p...@optimumdata.com] Sent: Thursday, March 26, 2009 1:56 PM To: NT System Admin Issues Subject: Re: Java issues Yes to both. Java 6 Update 12 = Java 1.6.12 = 6.12 Joe Heaton wrote: So, when I look at my Add/Remove Programs, I see listed Java (tm) 6 Update 12. Does this mean I'm running version 1.6.12, or version 6.12? -- Phil Brutsche p...@optimumdata.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: UPS recommendations
I have an APC Symmetra. Most of its parts are redundant so, if something goes down, you should have time to replace it before the unit goes completely out. Nothing has failed so I haven't had to rely on the redundancy. The main drawback is they are EXPENSIVE. Curt -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Monday, February 09, 2009 8:57 PM To: NT System Admin Issues Subject: UPS recommendations Hi all, We had a power outage today. I looked over at the server rack just in time to see one of the UPSes light up like a Christmas tree, shriek like an injured parakeet, and then kill itself. (Admitted it was old, but a graceful failure this was not.) The servers with redundant supplies failed over to the other UPS, which promptly went into over-current alarm and dropped the load. Either said UPS's management software has been grossly misreporting its load, or two UPSes at 40% load doesn't include enough margin during transfer. Any which way you slice it, it's time to buy some new UPSes. I'm going to ask for two entirely new 1400 or 2200 VA units (existing were 1000 VA), although budget may be an issue. What do people like for UPSes, *and why*? I don't see much variation across manufactures in a given price band. At a given dollar amount, it seems I get roughly the same capacity, features, etc. I'm thinking differences in management software and quality of support don't show up in a spec sheet. Comments on that front are especially welcomed. In particular, I'm interested in how to manage a multiple-server, multiple-UPS scenario. Our two biggest servers have redundant supplies. I'd like to plug each supply into a different UPS. So each UPS will be powering multiple servers, and each server will be drawing power from multiple UPSes. I imagine that makes the management software configuration a bit trickier, specially since a lot of management packages used to assume one-UPS-per-server. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Strange Seperator Page Issue
There's a hotfix for this issue. http://support.microsoft.com/kb/958741 -Original Message- From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Wednesday, January 21, 2009 4:51 PM To: NT System Admin Issues Subject: Strange Seperator Page Issue I'm running Vista Ultimate SP1 and printing through a Server 2008 print server. If you boot the computer, log on as domain\User1 the separator page says User1 on it. If User1 logs off and domain\User2 logs on and prints something, the separator page still says User1 on it. It continues to say User1 until the computer is rebooted. Once it is rebooted, it prints the separator page for the first person who logs on after the reboot and continues to do so until it is rebooted again. One exception is, if domain\Administrator logs on the separator page will change to Administrator and stay as Administrator until either a different administrator logs on or until the system is rebooted. If you watch the print queue while printing something, it first shows up in the queue as being printed by User2, it will then quickly change to the username of the person who logged on first (or was the last administrator to log on). This is repeatable across more than one Vista client. How can I get the separator pages to display the name of the person who actually printed the job? Thanks for any help you can provide. Curt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Strange Seperator Page Issue
I'm running Vista Ultimate SP1 and printing through a Server 2008 print server. If you boot the computer, log on as domain\User1 the separator page says User1 on it. If User1 logs off and domain\User2 logs on and prints something, the separator page still says User1 on it. It continues to say User1 until the computer is rebooted. Once it is rebooted, it prints the separator page for the first person who logs on after the reboot and continues to do so until it is rebooted again. One exception is, if domain\Administrator logs on the separator page will change to Administrator and stay as Administrator until either a different administrator logs on or until the system is rebooted. If you watch the print queue while printing something, it first shows up in the queue as being printed by User2, it will then quickly change to the username of the person who logged on first (or was the last administrator to log on). This is repeatable across more than one Vista client. How can I get the separator pages to display the name of the person who actually printed the job? Thanks for any help you can provide. Curt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Can't access through TS Gateway
I've created a small group of machines on a virtual server to experiment with TS Gateway. When I attempt to make a connection to termserver.bogus.net I get This computer can't connect to the remote computer because the Terminal Services Gateway server address is unreachable or incorrect. Type a valid server address. I've turned off the firewalls on gateway.bogus.net and termserver.bogus.net and the client can ping both gateway.bogus.net and termserver.bogus.net. I'm using Remote Desktop version 6.0.6001.18000 on the client. On the Remote Desktop Connection General tab I have Computer: termserver.bogus.net Username: bogus\CMFinley On the Remote Desktop Connection advanced tab under settings I have Connection settings Use these TS Gateway server settings: gateway.bogus.net Bypass TS Gateway server for local addresses is NOT selected Logon settings Use my TS Gateway credentials for remote computer IS selected I'm able to make a Remote Desktop Connection if I select Bypass TS Gateway server for local addresses (but of course I'm not using the gateway if I do that). I'm using a self-signed cert on the TS Gateway. This cert was created with the wizard when I added the TS Gateway role. I exported the public key of that cert and imported it on the client into Certificates(Local Computer)\Trusted Root Certification Authorities gateway.bogus.net and termserver.bogus.net are both domain members but the client is not. I'm using the virtual server internal network and the IP addresses are all in the 192.168.0.* range. The client and termsterver are running XP SP3, the domain controller is running Server 2003 Standard and gateway is running Server 2008 Standard. What do I need to do to get this working? Your help with this is greatly appreciated. Thanks. Curt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Browsing DFS space
This technique works well with XP and Office 2003. It makes a shortcut in my network places. In Office if you do a file | open you can navigate to my network places and get to the share. With Vista and Office 2007 it makes a shortcut in Computer. However, in Office 2007, if you open Computer it doesn't show the shortcut. I'm not sure if it is Vista or Office 2007 that is the problem. Is there something that can be done to make this shortcut visible in Office applications? Thanks for your help. Curt -Original Message- From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Friday, June 06, 2008 9:16 AM To: NT System Admin Issues Subject: RE: Browsing DFS space Teach users to look in My Network Places. Then create one for as they login with a .vbs script: Const NETHOOD = H13 Set objWSHShell = CreateObject(Wscript.Shell) Set objShell = CreateObject(Shell.Application) Set objFolder = objShell.Namespace(NETHOOD) Set objFolderItem = objFolder.Self strNetHood = objFolderItem.Path strShortcutName = ANSCI strShortcutPath = \\domainname\ANSCIShare Set objShortcut = objWSHShell.CreateShortcut _ (strNetHood \ strShortcutName .lnk) objShortcut.TargetPath = strShortcutPath objShortcut.Save Carl -Original Message- From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Friday, June 06, 2008 11:39 AM To: NT System Admin Issues Subject: Browsing DFS space I'm wondering if there is an easy way for users to browse DFS space. I created a DFS share called ANSCIShare. The only way I've found of getting to it is to click Start | Run and type //domainname/ANSCIShare. It doesn't show up in Network Neighborhood with the list of all the computers. If I do Start | Run and type //domainname all I see is NETLOGON and SYSVOL. Perhaps I haven't got it set up properly? Perhaps there is some other way that is easier for end users to get to go it than the Start | Run technique? Thanks for your help. Curt ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Browsing DFS space
That does help some although training people to do that might be a bit difficult. I may just put a shortcut in their documents. That will at least eliminate the All files step. Thanks for your help. Curt -Original Message- From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Monday, December 22, 2008 12:48 PM To: NT System Admin Issues Subject: RE: Browsing DFS space Office appears to be confused as to what these shortcuts are. You can see the shortcut under Computer if you change the file type filter to All Files (*.*) But then if you double-click the shortcut it doesn't open the folder, because the default action is Select instead of Open. Instead you must right-click the shortcut and choose Open. Carl -Original Message- From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Monday, December 22, 2008 12:50 PM To: NT System Admin Issues Subject: RE: Browsing DFS space This technique works well with XP and Office 2003. It makes a shortcut in my network places. In Office if you do a file | open you can navigate to my network places and get to the share. With Vista and Office 2007 it makes a shortcut in Computer. However, in Office 2007, if you open Computer it doesn't show the shortcut. I'm not sure if it is Vista or Office 2007 that is the problem. Is there something that can be done to make this shortcut visible in Office applications? Thanks for your help. Curt -Original Message- From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Friday, June 06, 2008 9:16 AM To: NT System Admin Issues Subject: RE: Browsing DFS space Teach users to look in My Network Places. Then create one for as they login with a .vbs script: Const NETHOOD = H13 Set objWSHShell = CreateObject(Wscript.Shell) Set objShell = CreateObject(Shell.Application) Set objFolder = objShell.Namespace(NETHOOD) Set objFolderItem = objFolder.Self strNetHood = objFolderItem.Path strShortcutName = ANSCI strShortcutPath = \\domainname\ANSCIShare Set objShortcut = objWSHShell.CreateShortcut _ (strNetHood \ strShortcutName .lnk) objShortcut.TargetPath = strShortcutPath objShortcut.Save Carl -Original Message- From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Friday, June 06, 2008 11:39 AM To: NT System Admin Issues Subject: Browsing DFS space I'm wondering if there is an easy way for users to browse DFS space. I created a DFS share called ANSCIShare. The only way I've found of getting to it is to click Start | Run and type //domainname/ANSCIShare. It doesn't show up in Network Neighborhood with the list of all the computers. If I do Start | Run and type //domainname all I see is NETLOGON and SYSVOL. Perhaps I haven't got it set up properly? Perhaps there is some other way that is easier for end users to get to go it than the Start | Run technique? Thanks for your help. Curt ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: OT - Anyone VM a Mac Leopard OS on a PC?
There are hacks to OSX that allow you to run it on a PC - not exactly legal. For a start you can look at http://wiki.osx86project.org/wiki/index.php/Main_Page From what I've heard, it's something you can fool around with but, even aside from it being pirated, not something you can use. From: Eric Wittersheim [mailto:eric.wittersh...@gmail.com] Sent: Tuesday, December 16, 2008 11:55 AM To: NT System Admin Issues Subject: OT - Anyone VM a Mac Leopard OS on a PC? I have been doing some searching and it seems that Leopard is not really in the cards yet. If anyone has a link on how to set something like this up I would really appreciate it. TIA, Eric ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
DHCP blocking MAC address
I'd like to block the use of some machines by dealing out bogus IP address and router info. I realize this isn't a fool-proof block but it will block those who don't have the know-how to get around it. I'm having some difficulty with the implementation. Here's what I did. I have a Server 2003 box doing DHCP for my LAN. It has one scope that hands out addresses from the appropriate range to computers that ask for an address. I created a second scope with a range of 10.10.28.1-10.10.28.250 with a router of 10.10.28.254 (no such router exists). I then created a reservation in this scope for my laptop. I release my IP address and then renew it. The problem is, it renews it's address from the good scope rather than the second scope with the bogus ip range and router. Am I going about this right? Is there some way to do this so it blocks computers with a reservation in the bogus range? Thanks for your help. Curt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: DHCP blocking MAC address
Wow, isn't there an easier way? I have to assign a class to all 400 of my machines just so I can keep one bad guy out? -Original Message- From: Stephan Barr [mailto:stephan.b...@bdtechnology.org] On Behalf Of lists Sent: Thursday, December 11, 2008 4:00 PM To: NT System Admin Issues Subject: RE: DHCP blocking MAC address I like this method... http://articles.techrepublic.com.com/5100-10878_11-5498436.html -Original Message- From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Thursday, December 11, 2008 5:52 PM To: NT System Admin Issues Subject: DHCP blocking MAC address I'd like to block the use of some machines by dealing out bogus IP address and router info. I realize this isn't a fool-proof block but it will block those who don't have the know-how to get around it. I'm having some difficulty with the implementation. Here's what I did. I have a Server 2003 box doing DHCP for my LAN. It has one scope that hands out addresses from the appropriate range to computers that ask for an address. I created a second scope with a range of 10.10.28.1-10.10.28.250 with a router of 10.10.28.254 (no such router exists). I then created a reservation in this scope for my laptop. I release my IP address and then renew it. The problem is, it renews it's address from the good scope rather than the second scope with the bogus ip range and router. Am I going about this right? Is there some way to do this so it blocks computers with a reservation in the bogus range? Thanks for your help. Curt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: DHCP blocking MAC address
I'm not sure I follow what you are saying. It sounds like you are suggesting basically that I make reservations for the bad clients in the same scope as the good clients? If that is the case, how do I assign a different gateway to those clients? Curt -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Thursday, December 11, 2008 4:35 PM To: NT System Admin Issues Subject: Re: DHCP blocking MAC address On Thu, Dec 11, 2008 at 7:14 PM, Jim Dandy jda...@asmail.ucdavis.edu wrote: Wow, isn't there an easier way? I have to assign a class to all 400 of my machines just so I can keep one bad guy out? I *think* you can do it by creating an exclusion for the bad clients range, and then creating the reservation for each bad client. IIRC, reservations override exclusions. I know ISC DHCP works that way, more-or-less (terminology's different, but concept works). If not, dial your scope down in size so that the top end has just enough headroom for your bad clients. Create the reservations there, and there won't be any room left for the dynamic pool to grab addresses above that point. This would mean you'd have to adjust your scope size every time you increase/decrease the number of bad clients, but dem's the breaks. You could create reservations for bogus MAC addresses to help alleviate that. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Java Update 11
Update 10 is not supposed to uninstall prior versions. Verison 10 is the first version that is supposed to be uninstalled by future versions (like 11). In my case, 11 did uninstall 10. Curt -Original Message- From: Mark Boersma [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2008 11:16 AM To: NT System Admin Issues Subject: RE: Java Update 11 Interesting. I believe that it was update 10 that was supposed to uninstall the prior versions but it didn't. If I manually uninstall 10 and then try the GP deploy it works just fine. h Mark - Two rules to success in life: 1. Never tell people everything you know. -Original Message- From: Andy Ognenoff [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2008 2:03 PM To: NT System Admin Issues Subject: RE: Java Update 11 I don't deploy via MSI or GP but I can verify that Update 11 did remove Update 10 for a manual install. - Andy O. From: Hart, Robert [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2008 12:48 PM To: NT System Admin Issues Subject: RE: Java Update 11 I could be wrong but I believe this is the first release that should be uninstalling previous versions, starting with update 10. Maybe it is hanging on trying to uninstall update 10. That assumes update 10 was even installed. You could try removing update 10 then running your GP to see if it hangs or not. I personally have not tried applying that update yet. Bob From: Mark Boersma [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2008 1:14 PM To: NT System Admin Issues Subject: Java Update 11 I always extract the msi from the offline java installers and distribute it via GP. I'm testing Update 11 and it hangs the machine and never gets past the install. Nothing is showing in the event log on the machine. Is anyone else installing Java this way and running into this? I've never had a problem updating Java this way before. Mark - Two rules to success in life: 1. Never tell people everything you know. Mark Boersma IT Manager Triangle Associates, Inc. [EMAIL PROTECTED] Please consider the environment before printing this email. CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ Please consider the environment before printing this email. CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Looking for light laptop
I have a Dell E4300 and like it. My preference would have been for a little lighter system but this one does the job. It's a little over 3 lbs. Curt From: Jon Harris [mailto:[EMAIL PROTECTED] Sent: Monday, December 01, 2008 2:21 PM To: NT System Admin Issues Subject: Re: Looking for light laptop The E series is nice I just got my boss one and he likes it. Lighter than his D820 but that is not saying much it is a desktop replacement. Jon On Mon, Dec 1, 2008 at 10:40 AM, Ben Scott [EMAIL PROTECTED] wrote: On Mon, Dec 1, 2008 at 10:12 AM, Tom Miller [EMAIL PROTECTED] wrote: I'm looking for a light laptop for home/work use. Suggestions appreciated. I'm most used to Dell, HP, and IBM/Lenovo. When it comes to the small-and-light category, it's largely a matter of which sacrifices you want to make. Which do you want more: An optical drive, VGA out, DVI out, built-in screen size, etc. Are you willing to sacrifice more to get smaller-and-lighter? For example, the Apple Air laptop is extremely thin, but has practically no I/O beyond USB and Ethernet. The Asus Eee is not quite as thin and light, but is much cheaper than an Air. From what I've seen, IBM and Dell's offerings are bit thicker/heavier, but have more features. ObAnecdote: We mostly buy Dell here. The Latitude D410/D420/D430 series is light but capable. We've got six in service. I've seen a slightly higher than typical fault incidence than other models, but for our case they may also be getting (ab)used more, so that may just be sample bias. I wouldn't buy *any* laptop without a service contract. On the downside, they're phasing it out, and I haven't touched the new E series yet. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Good text editor
UltraEdit? -Original Message- From: IS Technical [mailto:[EMAIL PROTECTED] Sent: Monday, October 06, 2008 10:26 AM To: NT System Admin Issues Subject: Re: Good text editor #What's the best text editor out there for writing code and scripts and such? I'd like to find #one that does line numbering obviously, and does some formatting to keep things neat. #Like color coding expressions, functions, etc. I'm trying to learn JavaScript, and using #Notepad and Dreamweaver are proving difficult. JEdit. Regards, Charles --- Charles Figueiredo PhD Integrated Solutions - Enhancing Small Business Systems --- ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Print server upgrade to 2008
I'm surprised I haven't gotten an answer to this? Does nobody know the answer? Is this just a really stupid idea? -Original Message- From: Jim Dandy [mailto:[EMAIL PROTECTED] Sent: Friday, September 26, 2008 9:22 AM To: NT System Admin Issues Subject: Print server upgrade to 2008 I'd like to upgrade my print server from 2003 to 2008 so I can load 64-bit drivers. Will the following procedure cause any problems? 1) Build a 2008 server and recreate all the print queues on my present print server including using the same queue and share names. 2) Take the old print server down and rename the 2008 print server to have the same name as the old print server. It's my understanding that, if the drivers aren't the exact same version on the clients as are on the print server they will be updated to the same drivers as on the server. Is that true? My users would not be logging on with Admin privileges. Thanks for your help. Curt Finley ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Print server upgrade to 2008
Thanks. I guess I should have checked into 64 bit drivers a bit more before making big plans for upgrades. I thought I had heard that 2003 couldn't handle 64-bit Vista drivers. I hadn't bother to try adding one. Curt -Original Message- From: Troy Meyer [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 30, 2008 10:00 AM To: NT System Admin Issues Subject: RE: Print server upgrade to 2008 That should work, and your clients should update the driver as long as the names are exact. But if that is the only reason to upgrade, you can load 64bit drivers on a 32bit 2K3 server. Right-click printer - sharing tab - additional drivers. Select x64 and it should prompt for location. -Troy -Original Message- From: Jim Dandy [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 30, 2008 9:50 AM To: NT System Admin Issues Subject: RE: Print server upgrade to 2008 I'm surprised I haven't gotten an answer to this? Does nobody know the answer? Is this just a really stupid idea? -Original Message- From: Jim Dandy [mailto:[EMAIL PROTECTED] Sent: Friday, September 26, 2008 9:22 AM To: NT System Admin Issues Subject: Print server upgrade to 2008 I'd like to upgrade my print server from 2003 to 2008 so I can load 64-bit drivers. Will the following procedure cause any problems? 1) Build a 2008 server and recreate all the print queues on my present print server including using the same queue and share names. 2) Take the old print server down and rename the 2008 print server to have the same name as the old print server. It's my understanding that, if the drivers aren't the exact same version on the clients as are on the print server they will be updated to the same drivers as on the server. Is that true? My users would not be logging on with Admin privileges. Thanks for your help. Curt Finley ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Hard Drives for Dell Servers
I know someone who has ordered non-Dell drives and they have gotten corrupted - not immediately but after a period of time. Dell told him you have to use Dell drives. Dell used to sell the sled separately from the drive but apparently you have to buy them together now because of this problem. I can't say this is absolutely true but he believes it is. Curt Finley From: Joe Fox [mailto:[EMAIL PROTECTED] Sent: Thursday, September 25, 2008 1:09 PM To: NT System Admin Issues Subject: Hard Drives for Dell Servers I have been tasked with finding the maximum capacity of drives that we can put in some PowerEdge 6800's that we are going to be re-using. Right now I have 146GB U320 drives in them. I'm imagining that I should be able to get 300GB U320's from Dell, but I'm looking to be able to save some money on this. Since the carrier for the Dell drives is really just a bezel as the drives have an 80 pin SCA connection, should I be able to get away with using any 80 pin SCA U320 drive? Or is their some proprietary firmware in the Dell drives that would prevent me from doing that? Thanks in advance! Joe Fox Systems/Network Administrator Mobile# (716) 846-9308 http://www.linkedin.com/in/josephfoxjr ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
WAIK and Unattended gadget setup
I'd like to create a Vista unattended answer file to install the weather gadget. I'm using WAIK and it has options to install gadgets but I don't see any way of putting in the region that you want the weather forecast for. Is there a way of doing that? Where is this info stored? Is there some way of copying a file to get it? Thanks for your help. Curt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: WAIK and Unattended gadget setup
It appears that there are options to install gadgets in WAIK (at least for amd64 and wow64). I haven't tried them yet. It seems strange - the options don't seem to be there for x86. Curt -Original Message- From: Joseph L. Casale [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2008 3:19 PM To: NT System Admin Issues Subject: RE: WAIK and Unattended gadget setup Funny, I thought of that too, but I assumed some post install vb with config would be needed but then its user specific so I simply gave up :) jlc -Original Message- From: Jim Dandy [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2008 4:09 PM To: NT System Admin Issues Subject: WAIK and Unattended gadget setup I'd like to create a Vista unattended answer file to install the weather gadget. I'm using WAIK and it has options to install gadgets but I don't see any way of putting in the region that you want the weather forecast for. Is there a way of doing that? Where is this info stored? Is there some way of copying a file to get it? Thanks for your help. Curt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Windows Login delay when wireless card is enabled
I've had situations where people save their wireless configuration at every airport and hotel they visit. On bootup the PC tries to activate all those connections. If you just delete the ones they aren't using, it boots a lot faster. I'm not sure if that's your problem but it helped one laptop we had here. Curt From: Mike Gill [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 06, 2008 2:08 PM To: NT System Admin Issues Subject: Windows Login delay when wireless card is enabled I have a Dell Latitude D520 with WinXP Pro that has the Dell 1490 Dual Band wireless card in it. This user docks the laptop while here which has a wired connection. After entering the username and password (Win2K3 domain), the machine takes consistently just over two minutes to get to a useable desktop. All that is visible is the mouse cursor. The wireless connection is set to manual for what we have here and is not connected while docked. If I use the keyboard to turn off the wireless radio then reboot, nothing changes. If I disable the wireless card in the BIOS, or remove it all together, then the login is immediate and as expected. The laptop has the current system BIOS and drivers installed for the WiFi card. I haven't tried swapping cards yet as I don't have one readily available. Googling gets me too many unrelated problems. Any tips? -- Mike Gill ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
Modify ISO
I'd like to add some files to a WinPE .iso. I thought an easy way to do that might be to mount the .iso as a drive and copy files to it. Can .isos be mounted in write mode? If so, what software can I use for this? Is there some other approach that will work? Thanks for your help. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: Modify ISO
I won't be deploying anything. I just want to create a bootable CD with my command line antivirus scanning tool on it. Do I still need to use WDS? -Original Message- From: Joseph L. Casale [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2008 4:31 PM To: NT System Admin Issues Subject: RE: Modify ISO Yea, you can edit the iso (ISOEdit, WinISO for example), but that won't get you anywhere w/ Pe 2.0 :) You don't see the part of the ISO you will be editing once booted. Read the Vista WDS Deployment Guide, if you cant find what you need ping back and tomorrow when I am at the dungeon I will find what you need. jlc -Original Message- From: Jim Dandy [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2008 5:22 PM To: NT System Admin Issues Subject: Modify ISO I'd like to add some files to a WinPE .iso. I thought an easy way to do that might be to mount the .iso as a drive and copy files to it. Can .isos be mounted in write mode? If so, what software can I use for this? Is there some other approach that will work? Thanks for your help. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: WSUS Slowness
If you were using WSUS 2 before, I've found that 3 is slower. On Thu, Jul 17, 2008 at 7:50 AM, James Kerr [EMAIL PROTECTED] wrote: I have a new install of WSUS on the server that had it before. I wiped the drive and reinstalled everything. This time round I am finding that WSUS is running very slow listing and approving updates and just very slow in general. The only difference is that now the machine is a DC. I saw some info about running a SQL script that is supposed to speed it up but its very dated. Anyone else have this problem before? Full disclosure: This server is old. P3 1.4GHz w/ 768MB but it didnt run this slow before. Maybe its the added overhead of having AD now? James ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
Virtual Server 2005 R2 DHCP
I'm trying to set up a test environment in Virtual Server 2005 R2. One of the VMs I've got set up is a DHCP server that is supposed to be serving out addresses in the 192.168.0.0/24 range. However, when my virtual client starts up it doesn't get an address from my virtual DHCP server. Ipconfig reveals the client's address is 10.237.0.17 (Preferred) and that it is getting that address from a DHCP server with IP address 10.237.0.1. That's not the IP of my DHCP server. All virtual machines are configured with their virtual network adapter set to Internal Network. Does Virtual Server provide a DHCP server on this Internal Network? If so, is there a way to turn the DHCP server off on the Internal Network? Any other ideas where 10.237.0.1 is if it's not in virtual server? Thanks for whatever help you can provide. Curt ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: Executing programs from a login script
Is that the best place to put logon scripts? I was just getting ready to set one up and I was thinking of putting it on a DFS share. -Original Message- From: Free, Bob [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 10, 2008 1:22 PM To: NT System Admin Issues Subject: RE: Executing programs from a login script The default location of NETLOGON should be something like \SYSVOL\sysvol\example.com\SCRIPTS unless you changed it when you ran dcpromo From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 10, 2008 11:48 AM To: NT System Admin Issues Subject: RE: Executing programs from a login script Miller Bonnie L. [EMAIL PROTECTED] wrote on 06/10/2008 02:41:00 PM: I think you're thinking of the one where you copy it to the netlogon share. Then, you can access it using syntax like: %0\..\ifmember.exe dostuff The NETLOGON share! That was what I was trying to think of I've only tried this in the old-style logon scripts (assigned on the user accounts). I think the %0\..\ means look in the current path, But what would the current path be? The current path of the workstation executing the login script? so maybe with a newer-style script you just put it in the same location as the .bat/.cmd/.vbs file that runs it? I think the share name would be \\DC-Name\SYSVOL\DOMAIN-NAME\ Thanks for the reminder ... I'll poke at it a bit ... -Bonnie From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 10, 2008 10:51 AM To: NT System Admin Issues Subject: Executing programs from a login script I know I should know the answer to this, but I'm old, and it's too hot (it's 100F here in Philadelphia at the moment). Anyway, in my Win2000 AD, I want to execute a login script for a particular OU. And in this login script, I want to check group memberships and map drive letters accordingly. Not being all that confident in VBscript, I was going to use the IfMember utility from the Resource Kit. What I'm drawing a blank on is where to copy the utility so that it is accessible at login time. I want to call it from the SYSVOL share, don't I? Where would I copy the EXE to, what path, so that I can execute it from the login script? Thanks -- Michael Leone Network Administrator, ISM Philadelphia Housing Authority 2500 Jackson St Philadelphia, PA 19145 Tel: 215-684-4180 Cell: 215-252-0143 mailto:[EMAIL PROTECTED] ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: Executing programs from a login script
Thanks. What about managed software that AD pushes out when a system boots up? Where's the best place to put that? I've been putting it in a DFS share. Curt -Original Message- From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 11, 2008 9:50 AM To: NT System Admin Issues Subject: RE: Executing programs from a login script In most cases, where there's no good reason to do otherwise, use the default locations as your standard. When another admin has to follow-up on your work, they won't have to learn the things you needlessly customized. So yes, it's the best place. And it's replicated. -Original Message- From: Jim Dandy [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 11, 2008 12:45 PM To: NT System Admin Issues Subject: RE: Executing programs from a login script Is that the best place to put logon scripts? I was just getting ready to set one up and I was thinking of putting it on a DFS share. -Original Message- From: Free, Bob [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 10, 2008 1:22 PM To: NT System Admin Issues Subject: RE: Executing programs from a login script The default location of NETLOGON should be something like \SYSVOL\sysvol\example.com\SCRIPTS unless you changed it when you ran dcpromo From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 10, 2008 11:48 AM To: NT System Admin Issues Subject: RE: Executing programs from a login script Miller Bonnie L. [EMAIL PROTECTED] wrote on 06/10/2008 02:41:00 PM: I think you're thinking of the one where you copy it to the netlogon share. Then, you can access it using syntax like: %0\..\ifmember.exe dostuff The NETLOGON share! That was what I was trying to think of I've only tried this in the old-style logon scripts (assigned on the user accounts). I think the %0\..\ means look in the current path, But what would the current path be? The current path of the workstation executing the login script? so maybe with a newer-style script you just put it in the same location as the .bat/.cmd/.vbs file that runs it? I think the share name would be \\DC-Name\SYSVOL\DOMAIN-NAME\ Thanks for the reminder ... I'll poke at it a bit ... -Bonnie From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 10, 2008 10:51 AM To: NT System Admin Issues Subject: Executing programs from a login script I know I should know the answer to this, but I'm old, and it's too hot (it's 100F here in Philadelphia at the moment). Anyway, in my Win2000 AD, I want to execute a login script for a particular OU. And in this login script, I want to check group memberships and map drive letters accordingly. Not being all that confident in VBscript, I was going to use the IfMember utility from the Resource Kit. What I'm drawing a blank on is where to copy the utility so that it is accessible at login time. I want to call it from the SYSVOL share, don't I? Where would I copy the EXE to, what path, so that I can execute it from the login script? Thanks -- Michael Leone Network Administrator, ISM Philadelphia Housing Authority 2500 Jackson St Philadelphia, PA 19145 Tel: 215-684-4180 Cell: 215-252-0143 mailto:[EMAIL PROTECTED] ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: Browsing DFS space
Sorry, I'm new to this. Could you explain how? Thanks for your help. Curt -Original Message- From: Miller Bonnie L. [mailto:[EMAIL PROTECTED] Sent: Monday, June 09, 2008 6:24 AM To: NT System Admin Issues Subject: RE: Browsing DFS space You can also publish a shared folder link in your AD. -Bonnie -Original Message- From: Jim Dandy [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 8:39 AM To: NT System Admin Issues Subject: Browsing DFS space I'm wondering if there is an easy way for users to browse DFS space. I created a DFS share called ANSCIShare. The only way I've found of getting to it is to click Start | Run and type //domainname/ANSCIShare. It doesn't show up in Network Neighborhood with the list of all the computers. If I do Start | Run and type //domainname all I see is NETLOGON and SYSVOL. Perhaps I haven't got it set up properly? Perhaps there is some other way that is easier for end users to get to go it than the Start | Run technique? Thanks for your help. Curt ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: Browsing DFS space
Thanks. All works as you described. I'm using Vista and Office 2007. Is there a way to do a Save As in Word and save to an AD published share? I could just type in the path but I'm looking for something easier for end users. The method Carl described works well but one would think these AD published shares would be easily accessible too. Curt -Original Message- From: Miller Bonnie L. [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 10, 2008 8:38 AM To: NT System Admin Issues Subject: RE: Browsing DFS space In ADUC, right click the ou you want it in, pick new, shared folder. Type the network path for your DFS path and give it a name. You can also add search values if you go back to edit. Users open Network or My network places, Search AD. Change the find drop-down to shared folders and search. Double-click to open or right- click and map network drive. -Bonnie -Original Message- From: Jim Dandy [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 10, 2008 8:17 AM To: NT System Admin Issues Subject: RE: Browsing DFS space Sorry, I'm new to this. Could you explain how? Thanks for your help. Curt -Original Message- From: Miller Bonnie L. [mailto:[EMAIL PROTECTED] Sent: Monday, June 09, 2008 6:24 AM To: NT System Admin Issues Subject: RE: Browsing DFS space You can also publish a shared folder link in your AD. -Bonnie -Original Message- From: Jim Dandy [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 8:39 AM To: NT System Admin Issues Subject: Browsing DFS space I'm wondering if there is an easy way for users to browse DFS space. I created a DFS share called ANSCIShare. The only way I've found of getting to it is to click Start | Run and type //domainname/ANSCIShare. It doesn't show up in Network Neighborhood with the list of all the computers. If I do Start | Run and type //domainname all I see is NETLOGON and SYSVOL. Perhaps I haven't got it set up properly? Perhaps there is some other way that is easier for end users to get to go it than the Start | Run technique? Thanks for your help. Curt ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
Browsing DFS space
I'm wondering if there is an easy way for users to browse DFS space. I created a DFS share called ANSCIShare. The only way I've found of getting to it is to click Start | Run and type //domainname/ANSCIShare. It doesn't show up in Network Neighborhood with the list of all the computers. If I do Start | Run and type //domainname all I see is NETLOGON and SYSVOL. Perhaps I haven't got it set up properly? Perhaps there is some other way that is easier for end users to get to go it than the Start | Run technique? Thanks for your help. Curt ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: Browsing DFS space
That looks like a good solution. I know where My Network Places is in XP but where is it in Vista? Curt -Original Message- From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 9:16 AM To: NT System Admin Issues Subject: RE: Browsing DFS space Teach users to look in My Network Places. Then create one for as they login with a .vbs script: Const NETHOOD = H13 Set objWSHShell = CreateObject(Wscript.Shell) Set objShell = CreateObject(Shell.Application) Set objFolder = objShell.Namespace(NETHOOD) Set objFolderItem = objFolder.Self strNetHood = objFolderItem.Path strShortcutName = ANSCI strShortcutPath = \\domainname\ANSCIShare Set objShortcut = objWSHShell.CreateShortcut _ (strNetHood \ strShortcutName .lnk) objShortcut.TargetPath = strShortcutPath objShortcut.Save Carl -Original Message- From: Jim Dandy [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 11:39 AM To: NT System Admin Issues Subject: Browsing DFS space I'm wondering if there is an easy way for users to browse DFS space. I created a DFS share called ANSCIShare. The only way I've found of getting to it is to click Start | Run and type //domainname/ANSCIShare. It doesn't show up in Network Neighborhood with the list of all the computers. If I do Start | Run and type //domainname all I see is NETLOGON and SYSVOL. Perhaps I haven't got it set up properly? Perhaps there is some other way that is easier for end users to get to go it than the Start | Run technique? Thanks for your help. Curt ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
Group Policy to disable IP v6?
I've had trouble with computers that are joined to my domain and have IP v6 installed if they are running Vista SP1 or Server 2008. The problem goes away if you disable IP v6. Is there a group policy to disable IP v6? Curt ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: Group Policy to disable IP v6?
Thanks. I was kind of hoping for a regular policy rather than a reg hack but this may have to do. Curt -Original Message- From: Webster [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 20, 2008 12:00 PM To: NT System Admin Issues Subject: RE: Group Policy to disable IP v6? -Original Message- From: Jim Dandy [mailto:[EMAIL PROTECTED] Subject: Group Policy to disable IP v6? I've had trouble with computers that are joined to my domain and have IP v6 installed if they are running Vista SP1 or Server 2008. The problem goes away if you disable IP v6. Is there a group policy to disable IP v6? First hit on the Google: http://support.microsoft.com/kb/929852 Webster ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: Group Policy to disable IP v6?
Thanks -Original Message- From: Webster [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 20, 2008 1:56 PM To: NT System Admin Issues Subject: RE: Group Policy to disable IP v6? Since you have Vista and Server 2008, I just know you are using a Vista mgmt station to handle all your GPO work. Use the Group Policy Preferences, that makes it easier to push out registry stuff. Webster -Original Message- From: Jim Dandy [mailto:[EMAIL PROTECTED] Subject: RE: Group Policy to disable IP v6? Thanks. I was kind of hoping for a regular policy rather than a reg hack but this may have to do. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
Folder redirection confusion
I'm experimenting with folder redirection for the first time and some things are going on that I don't understand. I'd appreciate it if you let me know if what I'm experiencing is normal or explain what I might be doing wrong. I created a policy to redirect the desktop to a DFS share. I linked that policy to an OU and put a test user Fred into that OU. The exact policy that was modified was User Configuration\Windows Settings\Folder Redirection\Desktop. The policy was created from a Vista machine and my AD is Server 2003 native mode. Fred logs on to either a Vista machine or an XP machine and the desktop is redirected as expected. Now, here's the part I don't understand. On a Windows XP machine that Fred has logged on to ... When any user (Joe, for example) logs on off the XP machine it says it's synchronizing folders. Why does it say it's synchronizing when Joe's files shouldn't be synchronized? I checked with resultant set of policy for Joe and Joe's isn't getting the policy for redirection. Furthermore, Joe doesn't get his desktop redirected to the DFS Share. When Joe logs off, does it synchronize Fred's files even though Fred wasn't logged on? It's a User Configuration policy. My expectation is that it would only synchronize when Fred logs off. Is that not the way it works? On a Windows Vista machine that Fred has logged on to ... (This may be a different issue unrelated to the folder redirection GPO.) When Fred or Joe log onto a Vista machine, the Synchronization Center icon appears in the system tray. If anyone else logs on, the Sync Center doesn't show up in the system tray. This seems even more odd than the way it works with XP - at least there it was consistent and showed synchronization symptoms for everyone. It would make more sense if the Sync Center just showed up for Fred or if it showed up for everyone. For Fred and Joe the Sync Center lists the offline folder as share(\\aec.ucdavis.edu). The actual place where user desktops are being redirected to is \\aec.ucdavis.edu\share\userfolders. So, why does userfolders not show up as part of the path that Sync Center is synchronizing? Is that normal? Should the Sync Center icon be showing up for everyone or just for Fred or not at all? Thanks for any help you can provide. Curt Finley ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: Fav free FTP client?
You can use Internet Explorer with ftp instead of http in the URL. Not the best but it's free on Windows boxes. -Original Message- From: James Kerr [mailto:[EMAIL PROTECTED] Sent: Thursday, May 08, 2008 8:30 AM To: NT System Admin Issues Subject: Fav free FTP client? Been using ws-ftp but looking for a change. Any recomondations? James ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
Backup Exec 12
I'm considering upgrading from Backup Exec 10d to version 12. I would be backing up Exchange 2003, Server 2003 and Server 2008. Have any of you tried V12 and has it worked OK for you? Are there known issues? Thanks for your comments. Curt ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~