Re: Social media and real life

[Jim McAtee]

Old IT guys ... they don't burn out, they just fade away.


> So…guys on the local radio station are talking about the Olympics and

that “it’s nearly impossible to watch the delayed coverage of the
Olympics without knowing the results first, thanks to Twitter and other
social media..”. Hmm..not for me.

I follow exactly nobody on Twitter, and am on Facebook not even every
day and don’t even have a smartphone ($30/mo addtl’ for the data plan).
Does this put me behind the curve these days? I’m guessing the
smartphone is where I am behind the curve the most?

Damn, I didn’t want to turn into one of those old, out of touch guys…


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Using an SSD with Win2k3 Server

[Jim McAtee]

I have a file and application server in my home running Win2k3 Server SP2. 
One of the main applications, a media server, relies heavily on MySQL 
databases. I was thinking of increasing performance of this app, as well 
as increasing boot speed, by installing an SSD for the OS, applications 
and data.


My understanding is that Win2k3 doesn't support TRIM for SSD maintenance. 
Is there a workaround, or should SSDs not be used with this OS? 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Gadgets

[Jim McAtee]

Squeezebox. Greatest thing I have ever added to my stereo system(s). I 
have six or seven of them around the house (I've lost count). They can 
also be synced together if you like for whole-house audio. The greatest 
thing about the implementation is that it's very much client/server. You 
run a central server, with just one centralized copy of your music 
library, and all of the players are streamed to from that one server.


If a new Squeezebox Touch is too pricey, look around for either a used one 
or a used Squeezebox 2 or Squeezebox 3 (aka Squeezeobx Classic). There's 
also the Squeezebox Radio that can operate on either mains power or 
battery. It's a portable that doesn't require the addition of an amp and 
speakers.



- Original Message - 
From: "James Rankin" 

To: "NT System Admin Issues" 
Sent: Tuesday, November 15, 2011 5:51 AM
Subject: OT: Gadgets



Just moved to a much bigger house and I am trying to revamp all my
electronic kit. I have a lot of gym equipment in my garage, but I was
fancying putting some sort of music-playing device into the garage that
could connect up to my TeraStation and play a selection of music 
directly
from there. Buying a stereo and burning a load of mp3s onto a CD/DVD 
seems

s dated now...can anyone recommend any devices that might be able to
achieve this for me?

I've already got a streaming box linked to the TV that fires
movies/music/pictures onto the TV which works great, but I doubt I could
run a cable all the way from the streaming box to the garage (it is a 
much
bigger house). Would I need a device to output the music in the garage 
as

well as another streaming device? I've been Googling about (probably not
very cleverly) and I've found plenty stuff that can stream music across 
to
a stereo, but a) I don't have a stereo - I used to play all music 
through
my TV, and b) kit like SqueezeBox seems fairly expensive. I'm not 
wanting

to spend a great deal of money here, quality isn't that important, just
need some music in the background while I pound the punchbags!



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Cell Phone Policies

[Jim McAtee]

- Original Message - 
From: Steven Peck

To: "NT System Admin Issues" 
Sent: Saturday, November 12, 2011 9:00 PM
Subject: Re: Cell Phone Policies

It is a requirement from our corporate security and legal to show that 
we
are fulfilling our regulatory obligations regarding data.  You and I 
know
that someone can do any number of deliberate things.  A lawyer in a 
court

room can point to any number of other things.


So you're saying that it's a security requirement even though the company 
realizes that it actually provides verly little security? Or in other 
words, it's pretty much just for show.



If we can remote wipe a phone as part of our account termination process
with corporate phones and we control the phone, why wouldn't we wipe an 
end

users personal phone upon empolyee termination (voluntary or otherwise)?


Because

a) it's a *personal* phone?

and

b) Everybody, including your employees, realize that this draconian policy 
accomplishes absolutely nothing.


You're going to recall a corporate phone in any case. Why wouldn't you 
wipe it clean? That's no different than reimaging the hard drive of a 
corporate PC before giving it to another employee or cleaing out the 
drawers of a desk.


This ensures the employee doesn't accidently retain things they 
shouldn't.


What was the answer to the first question? Do you permit employees to 
download and reply to email on their home computers? If so, what is the 
company policy to the messages/data that end up on those computers? How do 
you "ensure" that employees don't accidentally retain the data? 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Cell Phone Policies

[Jim McAtee]

So...

How do you keep someone from copying all data from the phone before you 
wipe it?


Do you also prevent users from downloading and replying to email on their 
home PCs?


Do you prevent them from forwarding email from their work PCs?

Do you not allow anyone in the company to take physical documents home?




- Original Message - 
From: "John Cook" 

To: "NT System Admin Issues" 
Sent: Saturday, November 12, 2011 5:05 PM
Subject: Re: Cell Phone Policies


The data (email) is corporate property.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Cell Phone Policies

[Jim McAtee]

- Original Message - 
From: Chris Blair

Sent: Friday, November 11, 2011 2:36 PM
Subject: Cell Phone Policies



We are instituting a corporate cell phone plan. While most people will
be moved over to the corp plan, there will always be others, with smart
phones that want access to email. These users will need to agree that if
they leave, their phones can be wiped.



What's the logic behind that? 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: How much processing power do you need? (WAS: So, my Mac Mini server arrived today...)

[Jim McAtee]

I've run Win2k3 Server on a dual-core Atom. Mostly just file serving. Runs 
fine. SuperMicro makes some server class Atom systems, so it's not a crazy 
idea. Just depends on what you need to do, how much you want to spend, and 
how much headroom you want for future needs.


There are limitations, though. First, you're sacrificing a lot in clock 
speed over most desktop or server class processorts. You're limited to 4GB 
of RAM, with no support for ECC. Unless it's a purpose-build server 
motherboard, you're limited to two SATA devices. Virtually all 
motherboards, including those from SuperMicro, are mini-ITX form factor, 
so you generally have just one PCI-E slot.


Small size and low power usage are usually the biggest reasons to use an 
Atom (or AMD Fusion) solution as a server. Makes a nice little application 
server (such as a music server) for the home that can be tucked away 
almost anywhere.




- Original Message - 
From: "Matthew W. Ross" 

To: "NT System Admin Issues" 
Sent: Thursday, November 03, 2011 12:46 PM
Subject: How much processing power do you need? (WAS: So, my Mac Mini 
server arrived today...)



So, since this has come up, I'm curious on how much processing power is 
actually needed for most services?


I have some Quad-Core Xeons which are absolutely underutilized. They are 
doing their jobs (usually serving user home folders and standard Active 
Directory duties) with plenty of horsepower to spare. So it makes me 
wonder: Has anybody tried Windows Server on an Atom?


Take all the other bottlenecks out of the equation: Plenty of RAM, fast HD 
or SSD... does the 1.8 dual core Atom (or the Socket 1155 Celeron) handle 
most tasks just as well as a Dual 6Core Xeon? Aka, could I be getting away 
with less expensive hardware to do the same duties?


I realize if I'm encoding or rendering, the hefty Xeon is a much better 
bet. Or if I'm trying to run VMs, the Atom's not even an option.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: [OT] Rugged USB cable?

[Jim McAtee]

Techflex may be the sheathing you're looking for. They even offer 
different grades for heavy duty use. You'll just need to make sure the 
size chosen can expand sufficiently to go over the connectors at either 
end. To secure and finish the ends, use heatshrink tubing.


http://www.techflex.com/land_hvyduty.asp



- Original Message - 
From: "Ben Scott" 

To: "NT System Admin Issues" 
Sent: Tuesday, November 01, 2011 7:16 PM
Subject: [OT] Rugged USB cable?



 Anyone here come across anything like a rugged USB cable?

 Scenario: Measure equipment cabled to a laptop via USB.  Laptop goes
on a table.  Measure equipment is moved around a piece of work being
measured.  Cable is dragged across floors, stepped on, yanked,
abraded, pinched, kinked, etc.  User education is being pursued, but
it still seems like a tougher cable would be appropriate for the
environment.  Some kind of extra-thick sheath, or even flexible
segmented metal (like the kind used on payphone handsets). 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Barebones Server based on Sandy Bridge (LGA 1155)

[Jim McAtee]

A barebones system consists of nothing more than a motherboard, chassis 
and power supply. That's some kind of lazy if you;'re unwilling to mount a 
motherboard in a chassis.


Anyway, I count eight such LGA 1155 tower systems at Newegg. Navigate:

Computer Hardware > Servers > Server Barebone > LGA 1155 > More Options > 
Form Factor > Pedestal




- Original Message - 
From: "Andrew S. Baker" 

To: "NT System Admin Issues" 
Sent: Sunday, August 07, 2011 3:59 PM
Subject: Re: Barebones Server based on Sandy Bridge (LGA 1155)


I did spec one out, but I'm really not interested in building it out.  As 
it
is, I've just ordered a few motherboards to replace some motherboard 
issues
in other systems, so I'll have quite enough system building to go around. 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Control individual drive spindown in Win2k3?

[Jim McAtee]

I have a Windows 2003 Server file server on my home network, with six JBOD 
drives for storage of media files and pc and laptop backups. To save some 
on power used I have the power options set to turn off after 15 minutes. I 
assume this means all disks in the server, except perhaps for the system 
disk.


The trouble with this setup is that I have one 5400 RPM drive that I use 
quite a bit throughout the day for music storage and waiting for it to 
spin up is inconvenient. Can power options for _individual_ drives be set 
in Win2k3, or is there 3rd party software that can do the same?




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Windows Update list

[Jim McAtee]

Is there a comprehensive list anywhere of Windows Updates (specificlly, 
looking for Windows 7) with the dates that they come out? I'm trying to 
troubleshoot an application that has suddenly stopped working on Windows 7 
systems. It appears to be a Windows firewall issue, and I'm wondering if 
users with automatic updtes enabled may be affected, and exactly why. 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: OT New home PC

[Jim McAtee]

I agree with the others. Build it. Do some (or a lot of) research on 
components, buy them from Newegg or Amazon (Amazon's return policies can't 
be beat), and assemble it. I also agree with the SSD recommendation for 
the OS and applications. You don't need anything very large - 80 or 120 GB 
will be more than enough.


Is this system also going to be used as an HTPC? If you just want to watch 
movies and TV in your office then noise may not be a huge factor, but if 
it's going to be in your living room then I'd spend a lot of effort making 
the system as quiet as possible. Large diameter, low RPM fans, aftermarket 
CPU heatsink, passive cooling wherever possible, maybe reconsider the 7200 
RPM drive for a cooler, quieter 5400 RPM drive.



- Original Message - 
From: Stefan Jafs

To: NT System Admin Issues
Sent: Thursday, March 10, 2011 2:31 PM
Subject: OT New home PC


Ok, it’s finally time to upgrade my aging home PC. I figured I could just 
go

to Tigerdirect or BestBuy and pick up a good performing system but it does
not seem like the case, if I want low to medium performance no problem but 
I

want:

Intel I7, 8Gb RAM DDR3, HD 1 – 2Tb 7,200 rpm, AMD HD 5670 or better, 
BlueRay
player, TV Tuner in a PCI x16 slot. Windows 7 64 bit Home. Is that too 
much

to ask for? I did not think so but does now one else purchase high
performance PCs? 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Morale killer...

[Jim McAtee]

Venting publicly on an email list that is archived on the web and indexed 
by search engines, while using your real name and even your company's name 
in your sig, could be a very unwise move. Just saying.


http://www.mail-archive.com/ntsysadmin@lyris.sunbelt-software.com/


- Original Message - 
From: David Lum

To: NT System Admin Issues
Sent: Friday, March 04, 2011 11:51 AM
Subject: Morale killer...


vent mode:on
I asked for a promotion to Sr. Systems Engineer but I have been denied. 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: IE9 RC released

[Jim McAtee]

It took me a while to get used to the minimalist look and feel of Chrome. 
It was genuinely foreign at first.  But the incredible speed was appealing 
from day one and now I can't stand to use anything else.


Every once in a while I fire up Firefox if a site or web app can't be run 
in Chrome, but it's annoying how long it takes just to launch FF, even 
without all add-ons uninstalled.


I haven't used IE in years, although when a new version comes out I 
install it.  It just seems to get clunkier with each new version.  If 
someone were designing a browser for three year olds, IE would be it.



- Original Message - 
From: "Rod Trent" 

To: "NT System Admin Issues" 
Sent: Friday, February 18, 2011 11:25 AM
Subject: RE: IE9 RC released



Interested in why folks don't like Chrome...maybe I'm missing something
other than the obvious "It's Google - they want to own you" debate.

-Original Message-
From: Angus Scott-Fleming [mailto:angu...@geoapps.com]
Sent: Friday, February 18, 2011 1:00 PM
To: NT System Admin Issues
Subject: Re: IE9 RC released

On 11 Feb 2011 at 9:43, Steven Peck  wrote:


Much dislike for chrome. I use it for now as firefox is not viable
anymore but anticipate moving to ie9 if the performance stuff holds 
out.


Try FF4, b11 is quite stable for me.  I don't like Chrome (or its 
variants

ChromePlus, Iron) either.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Today is the end of the line for me,

[Jim McAtee]

A "security engineer" who doesn't even know how to start a new discussion 
on an email list?  Sure.



- Original Message - 
From: "Ziots, Edward" 

To: "NT System Admin Issues" 
Sent: Thursday, February 17, 2011 6:17 PM
Subject: Today is the end of the line for me,


I think after this day I have come to the conclusion is time to move on,
if there is companies in the RI/MASS/CT area looking for a security
engineer, please contact me at the email below. If the distance is under
1.5 hrs I am game.

Z

Edward E. Ziots
CISSP, Network +, Security +
Network Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505

-Original Message-
From: David Lum [mailto:david@nwea.org]
Sent: Thursday, February 17, 2011 5:50 PM
To: NT System Admin Issues
Subject: RE: Thoughts on this pitch from Trend

Every SBS site I manage has two servers just to offload some of that


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: HDD Dock (USB or eSATA)

[Jim McAtee]

I've never used one.  I either buy external disks already in enclosures or 
buy enclosures for bare drives.  USB, since it's more universal.



- Original Message - 
From: "Jonathan Link" 

To: "NT System Admin Issues" 
Sent: Tuesday, January 11, 2011 10:20 AM
Subject: HDD Dock (USB or eSATA)



Looking at getting one of these.  I've actually thought about one for a
while, but I'm kinda in analysis paralysis and can't decide on what to 
get.
I can spend a  on a sander and a dust extractor, but a small 
purchase
like this ties me up in knots.  What's the community using? 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Patch Cable for patch panels

[Jim McAtee]

Non-snagless.  Much easier to work with.  I cut the tab covering off with 
a utility knife if I can't find non-snagless.


And definitely manufactured rather than self-made.  Most of the molded 
plugs are a combination of stress-relief, which is fine, and the snagless 
covering.  I haven't seen too many non-snagless patch cords with molded 
ends.



- Original Message - 
From: "Sam Cayze" 

To: "NT System Admin Issues" 
Sent: Wednesday, January 05, 2011 3:49 PM
Subject: Patch Cable for patch panels



What's your preference?



Snagless?

Molded or assembled? (Crimped) 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: wiping drives in a RAID

[Jim McAtee]

Have you done this yet?  May not be related, but...

http://www.dban.org/node/36


- Original Message - 
From: "Joseph Heaton" 

To: "NT System Admin Issues" 
Sent: Monday, January 03, 2011 4:38 PM
Subject: wiping drives in a RAID


We have DBAN, but we're getting hardware errors when we try to start it. 
I don't know if DBAN would see the drives anyway, as I don't think it 
would talk to the RAID controller, to be able to see the drives. 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Home RAID enclosure recommendations?

[Jim McAtee]

- Original Message - 
From: "Andrew S. Baker" 

To: "NT System Admin Issues" 
Sent: Wednesday, December 22, 2010 4:01 PM
Subject: Re: Home RAID enclosure recommendations?


*>> Few people have a need for RAID in a home file storage solution 
unless

it's to construct a very large volume that can't easily (or safely) be
achieved with individual disks.  *


I would think that in large part, this list would contain most of the 
"few

people" who are great candidates for RAID1, 5 or even 10.


What's so special about the home server needs of the folks on this list?


Disks are cheap enough that it is silly to avoid RAID, when you can 
easily

have BOTH RAID and backups.


But RAID solutions - reliable ones, anyway - are not cheap.  Even ones 
targeted for home users.  And the unreliabe one are much worse than using 
no RAID at all.




My home network can ill afford to be down for days.


Like you say, disk drives are cheap.  Cheap enough to keep spares on hand. 
A failed disk should take no more than a few hours to restore from backup. 
For some odd reason having your home movies from the trip do Disneyland 
offline for a couple of hours doesn't strike me as a critical need.


How long do you figure the data of the typical home user of a RAID box is 
offline when the _box_ fails?




Just yesterday, I had
my switch die on me at home, and it totally disrupted a number of fairly
critical activities -- like online home school.  So that got remediated 
last

night.


You keep spare routers and switches on hand at home?  Very forwward 
thinking if you really can't afford the down time.  Or did you run out to 
Best Buy?



People are enamored with technology.  What's funny is that the most 
clueless home users have the same outlook on using RAID technology as a 
backup solution.  I wouldn't think that I'd see the same mistaken 
assumptions made by people responsible for managing business networks in 
their day jobs. 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Home RAID enclosure recommendations?

[Jim McAtee]

Make sure you're not using RAID in lieu of backups.  Few people have a 
need for RAID in a home file storage solution unless it's to construct a 
very large volume that can't easily (or safely) be achieved with 
individual disks.  You use RAID to assure continuous uptime, as in your 
Exchange server or SQL server in the office, where a business can't afford 
downtime.  I'd venture that your home file server can afford to be down 
for a few hours or days while you replace a drive and restore from 
backups.




- Original Message - 
From: "Jim Slattery" 

To: "NT System Admin Issues" 
Sent: Wednesday, December 22, 2010 6:56 AM
Subject: OT: Home RAID enclosure recommendations?



I recently started taking a lot of photos and videos, and I'm realizing 
that my current storage solution at home isn't going to cut it very soon.


Does anyone have a recommendation for a good price/performance RAID 
enclosure (or populated solution) for home use? I'd like to have 3-4TB 
available if possible.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Remote access - Allow employees work from home

[Jim McAtee]

How many of these suggestions are being given in the context of a software 
development environment?  What do the remote developers actually need 
access to?  In many cases it's only to code repositories.  Do they need 
RDP access to their desktops?  What about build systems?  Can Citrix be 
used effectively in either case without introducing a billion other 
headaches?



- Original Message - 
From: "Fergal O'Connell" 

To: "NT System Admin Issues" 
Sent: Wednesday, December 08, 2010 10:51 AM
Subject: RE: Remote access - Allow employees work from home


That's the plan -
However I just wanted to bounce this off to see what other folks are 
doing -


I might go with the Citrix solution but I will need to get pricing to see 
what the overall costs are. 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Blogging software

[Jim McAtee]

WordPress.  Should run fine under IIS. Google "wordpress iis" and you'll 
find plenty of installation help.  Installing and running both php and 
MySQL are pretty simple.  Get a good MySQL client utility for 
administering the database server.  I use SQLyog.



- Original Message - 
From: "MarvinC" 

To: "NT System Admin Issues" 
Sent: Wednesday, December 01, 2010 6:59 AM
Subject: Re: Blogging software


You may wanna start with WSS 3.0 and from there check into dotnetnuke. 
I'm a
big fan of Wordpress but you'd need to get MySQL, php, and probably 
apache
installed in addition to a few smaller apps. You can use IIS but I 
haven't

configured it to run on IIS 5. Upgrade that server to W2K3 and you save
yourself a lot of headaches.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Which router do you like best for this?

[Jim McAtee]

Two feeds from the same cable company?  If so, the only way one is going 
down while the other stays up is if there's a physical break in one of the 
lines between the curb and the building, which I would think should be 
very rare.  I don't think I'd bother setting up such a scheme if failover 
is the goal.  And few ten person offices need a 50 Mbps internet 
connection, so load balancing two of them accomplishes very little. 
Better would be to set up the cable connection to be used all the time, 
and fail over to a slower DSL link.



- Original Message - 
From: "Stu Sjouwerman" 

To: "NT System Admin Issues" 
Sent: Friday, November 19, 2010 12:27 PM
Subject: Which router do you like best for this?


I'm creating an office for 10 people to start with, and want a router that 
can

take two different (50/5) cable feeds and load balance them. When one feed
gets cut, the other feed takes over and at least we'll have access. What 
router
do you like best for this type of use? 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Multiple monitor control

[Jim McAtee]

(I'd normally post this to the XP list, but it's pretty dead...)

I'm running XP Pro and have two native 1280x1024 monitors, and an NVIDIA 
GeForce 6600 GT video card.  When I enable two monitors the NVIDIA driver 
stretches the desktop across both monitors, which means that the taskbar 
stretches from one end to the other and the system tray ends up at the far 
right of the right-hand monitor.


What I'd prefer is to have the left/primary monitor behave as it always 
has:


- the taskbar should only appear on the left-hand monitor, with the system 
tray at the right hand side of this monitor


- anything that appears in the -center- of the screen, such as dialogue 
boxes, should appear in the center of the left-hand monitor


- the right-hand monitor should only be used for windows dragged into this 
space


- and (would be nice) if a window is maximized, it maximizes on the 
monitor in which it resides, not across the entire desktop


Does anyone know how I can accomplish this?  I have a feeling that the 
NVIDIA driver may be purposely trying to do things that I don't want, but 
isn't as configurable as I'd like.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: shipping laptops

[Jim McAtee]

Why wouldn't you just send the laptops to the conference with the users 
that you're sending to the conference?



- Original Message - 
From: "Jimmy Tran" 

To: "NT System Admin Issues" 
Sent: Wednesday, November 03, 2010 11:45 AM
Subject: RE: shipping laptops


The reason I'm leaning towards a single larger case is because the users
at this conference will not package the laptops correct let alone
package them up one at a time.  I'm trying to make it fool proof.  We
would have a pallet there for them to put it on and get shipped back to
us.



Jimmy



From: Erik Goldoff [mailto:egold...@gmail.com]
Sent: Wednesday, November 03, 2010 9:39 AM
To: NT System Admin Issues
Subject: RE: shipping laptops



Not to be a smart a$$, but check with your shipper ( UPS ? ) and see
what they recommend.



Me, I'd use individual boxes per laptop and then pack those securely in
a single larger case if possible, to avoid the shipment getting split
up.



Erik Goldoff

IT  Consultant

Systems, Networks, & Security

'  Security is an ongoing process, not a one time event ! '

From: Jimmy Tran [mailto:jt...@teachtci.com]
Sent: Wednesday, November 03, 2010 12:10 PM
To: NT System Admin Issues
Subject: shipping laptops



Hi All,


What method do you recommend as the proper way to pack 10 laptops for
shipment?  I can package each individually in laptop packages from UPS
but is there a better method?  Perhaps something like a Pelican case?
Any ideas or suggestions?


Thanks,

Jimmy



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/

or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: DNS providers

[Jim McAtee]

No, I would completely eliminate the local ISP as a DNS provider in any 
public records for your domain(s).  Otherwise you'll still have a 
significan portion of those DNS queries being blocked.  They also don't 
sound too bright, so I'd get things out of their hands as quickly as 
possible.



- Original Message - 
From: "John Aldrich" 

To: "NT System Admin Issues" 
Sent: Tuesday, October 26, 2010 2:13 PM
Subject: RE: DNS providers


Thanks, guys. I set up an account with ZoneEdit and slaved the account 
with

our ISP's DNS servers, so that should fix things. If it doesn't, I can
always give EasyDNS a try. 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Cheap/Free POP3/SMTP Server?

[Jim McAtee]

whereas most people could probably fumble their way around 
hmail/mailenable once

logged into the server it's running on


Are you talking about just adding mailboxes, setting passwords, things 
like that, or are you talking about server management and troubleshooting? 
If they can't figure out how to managae a Linux/Postfix box, then are they 
really going to be much help in troubleshooting real problems in some new 
WinGUI application that you throw at them?  On the other hand, if you're 
only talking about managing mailboxes, this is easily done by anyone in 
one of the many web-based management frontends that you can install on a 
Linux server.



- Original Message - 
From: "Paul Hutchings" 

To: "NT System Admin Issues" 
Sent: Monday, September 20, 2010 10:13 AM
Subject: RE: Cheap/Free POP3/SMTP Server?


Thanks Ben and sorry, I should have been more detailed in my post -
right now we manage these on a CentOS/Postfix box, which works great but
we have little to no combination of linux/postfix/general smtp/pop3
knowledge in our company beyond me, so if I'm not about, whilst it
shouldn't need any messing with, we're kind of stuck if it does whereas
most people could probably fumble their way around hmail/mailenable once
logged into the server it's running on.

Paul

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: 20 September 2010 16:08
To: NT System Admin Issues
Subject: Re: Cheap/Free POP3/SMTP Server?

On Mon, Sep 20, 2010 at 11:03 AM, Paul Hutchings
 wrote:

Any suggestions on anything else that is cheap/free and easy to

configure?

 Linux?  :)

-- Ben 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Anonymous Share Access

[Jim McAtee]

- Original Message - 
From: "Erik Goldoff" 

To: "NT System Admin Issues" 
Sent: Monday, September 13, 2010 4:25 AM
Subject: RE: Anonymous Share Access



Remember that a workgroup does NOT have a central user database like a
domain does.  So unless you create a local login on the server with the 
same
name and password as each user has on their own workstation, when it 
hits
the server it fails, as the account does not exist on the server with 
the

requested resource.  The GUEST account serves as a default generic
'anonymous' credential


Right.  That makes sense, but I thought ANONYMOUS LOGON had its own SID. 
If an anonymous user becomes GUEST then why wouldn't you just set share 
and file permissions for the GUEST account and be done with it? 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Anonymous Share Access

[Jim McAtee]

I'll be damned.  That did it.

What exactly does that do?  Do anonymous logins assume the Guest account?


- Original Message - 
From: "mck1012" 

To: "NT System Admin Issues" 
Sent: Sunday, September 12, 2010 6:02 PM
Subject: Re: Anonymous Share Access



Try enabling the guest account




On 9/12/10, Jim McAtee  wrote:

I have a Windows Server 2003 file server set up at home in a workgroup.
I'd like to have one or two shares that are completey open to anyone on
the LAN without requiring or prompting for a login.

So far I've had no luck in implementing this.  I've:

- Given Everyone Full Control permission on the share.
- Given ANONYMOUS LOGON Full Control permission on the share.
- Given Everyone Modify permission to the shared folder.
- Given ANONYMOUS LOGON Modify permission to the shared folder.
- Added the share to Local Security Settings/Local Policies/Security
  Options/Network access: Shares that can be accessed anomymously.

From an XP Pro client on the network I can browse the workgroup and see
the server, but on clicking on the server I'm prompted for a login.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



--
Sent from my mobile device

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/

or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Anonymous Share Access

[Jim McAtee]

I have a Windows Server 2003 file server set up at home in a workgroup. 
I'd like to have one or two shares that are completey open to anyone on 
the LAN without requiring or prompting for a login.


So far I've had no luck in implementing this.  I've:

- Given Everyone Full Control permission on the share.
- Given ANONYMOUS LOGON Full Control permission on the share.
- Given Everyone Modify permission to the shared folder.
- Given ANONYMOUS LOGON Modify permission to the shared folder.
- Added the share to Local Security Settings/Local Policies/Security
 Options/Network access: Shares that can be accessed anomymously.

From an XP Pro client on the network I can browse the workgroup and see 
the server, but on clicking on the server I'm prompted for a login. 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: UPS recommendations

[Jim McAtee]

IMO, with this approach you may just be creating more opportunities for 
the whole system to fail rather than providing redundancy, as your recent 
experience might prove.


The redundant power supplies in enterprise servers are there first a 
foremost to protect against power supply failures.  After hard drives, and 
perhaps cooling fans, these have been the most common component failures 
that we've experienced.  Note that many manufacturers, such as Dell, 
provide a choice of Y power cable for redundant PSUs.  These are meant to 
reduce cable clutter when you have a single power feed, but still provide 
PSU redundancy.


If you were in a first-class colocation facility, where you were receiving 
two hightly reliable power feeds, I could see running each supply off of a 
separate feed.


But in your installation it means spec'ing each UPS to be able to operate 
every server attached to it simultaneously for the desired run time.  So 
you purchase two of the same UPS, maintain them as best you can, then the 
day comes when you lose power and _one_ of them fails, what are the 
chances that the other will hold up all of your servers?  This is exactly 
what you just went through.  Battery failures are the most common problem. 
If the batteries in the first UPS are borderline, and unable to run 1/2 of 
your equipment, those servers will then load the second UPS, which is 
likely to be in a similar state of health and even more likely to fail 
under the increased load.




- Original Message - 
From: "Ben Scott" 

To: "NT System Admin Issues" 
Sent: Monday, February 09, 2009 9:57 PM
Subject: UPS recommendations



Hi all,

 We had a power outage today.  I looked over at the server rack just
in time to see one of the UPSes light up like a Christmas tree, shriek
like an injured parakeet, and then kill itself.  (Admitted it was old,
but a graceful failure this was not.)  The servers with redundant
supplies failed over to the other UPS, which promptly went into
over-current alarm and dropped the load.  Either said UPS's management
software has been grossly misreporting its load, or two UPSes at 40%
load doesn't include enough margin during transfer.  Any which way you
slice it, it's time to buy some new UPSes.  I'm going to ask for two
entirely new 1400 or 2200 VA units (existing were 1000 VA), although
budget may be an issue.

 What do people like for UPSes, *and why*?  I don't see much
variation across manufactures in a given price band.  At a given
dollar amount, it seems I get roughly the same capacity, features,
etc.  I'm thinking differences in management software and quality of
support don't show up in a spec sheet.  Comments on that front are
especially welcomed.

 In particular, I'm interested in how to manage a multiple-server,
multiple-UPS scenario.  Our two biggest servers have redundant
supplies.  I'd like to plug each supply into a different UPS.  So each
UPS will be powering multiple servers, and each server will be drawing
power from multiple UPSes.  I imagine that makes the management
software configuration a bit trickier, specially since a lot of
management packages used to assume one-UPS-per-server.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~ 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Anyone heard of Prevx?

[Jim McAtee]

Prevx?  Sounds like one of them pills what's supposed to make your jones 
bigger or keep it pointing at the ceiling for 36 hours.



- Original Message - 
From: "Neil Standley" <[EMAIL PROTECTED]>

To: "NT System Admin Issues" 
Sent: Thursday, November 13, 2008 12:30 AM
Subject: Anyone heard of Prevx? 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: New Feature for Gmail Users

[Jim McAtee]

Lighten up, Francis.


- Original Message - 
From: "Rod Trent" <[EMAIL PROTECTED]>

To: "NT System Admin Issues" 
Sent: Tuesday, October 07, 2008 1:34 PM
Subject: RE: New Feature for Gmail Users



If you need an app like this, you might consider there may be other
problems.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Switched web hosting companies - what to do with DNS?

[Jim McAtee]

- Original Message - 
From: "David Mazzaccaro" <[EMAIL PROTECTED]>

To: "NT System Admin Issues" 
Sent: Monday, October 06, 2008 8:21 AM
Subject: RE: Switched web hosting companies - what to do with DNS?



Ah, right ...sorry, obviously it would not be an "A"ddress... but rather
a CNAME.
Thanks
However - if I want a SSL (for an online store for example) - I
will need a static IP?


Yes.  If this is a shared hosting account, don't be surprised if you're 
expected to pay a monthly fee for a dedicated IP address.


I'd ignore the advice and just use an A record.  If they're moving IP 
addresses so often that you need to use a CNAME, find another host.  One 
thing you can't do, if you want the "non-www" name to work for the web 
site, is use a CNAME:


This is _not_ allowed:

mydomain.com  IN CNAME xyz.someothername.com
www.mydomain.com  IN CNAME xyz.someothername.com

But this is:

mydomain.com  IN A 111.222.333.444
www.mydomain.com  IN CNAME xyz.someothername.com

There's not much reason to do this.  It doesn't make maintenance any 
easier. 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Actionpack Licensing question

[Jim McAtee]

You could easily read that to mean that you can legally install instances 
of the software on multiple systems.  Would anyone in their right minds 
use an internal business server for doing demos or customer training?  You 
couldn't possibly accomplish all that the Action Pack is intended for with 
just a single system.




- Original Message - 
From: "Martin Blackstone" <[EMAIL PROTECTED]>

To: "NT System Admin Issues" 
Sent: Tuesday, September 30, 2008 8:18 PM
Subject: RE: Actionpack Licensing question


The license says:

"The Microsoft Action Pack Subscription License Agreement gives you the 
right to use the Action Pack software to run your own business as well as 
for evaluation, demonstration, testing, training, and education. For 
example, you can use Action Pack software to host your company's intranet.


Action Pack software is not provided for personal use, for hosting 
customer applications, or for installation at a customer site. It cannot 
be used, for example, to host a commercial website; this is considered a 
production environment outside the scope of the software's intended 
purpose."



https://partner.microsoft.com/US/program/managemembership/actionpack/mapslicensing



-Original Message-
From: Webster [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 30, 2008 7:04 PM
To: NT System Admin Issues
Subject: RE: Actionpack Licensing question




-Original Message-



From: Neil Standley [mailto:[EMAIL PROTECTED]



Subject: RE: Actionpack Licensing question







I would but I've already used the license and we're trying to avoid



spending another $600.  My main issue is that we are about to purchase



a new server to replace our aging Win2K running BUE 10d.



Trying to keep costs down we are going to continue to run BUE 10d but



wanted to "upgrade" to Server 2003, problem there is BUE 10d doesn't



support Windows x64.




Are you saying you are using your Action Pack media and keys for 
production systems? 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: What no chrome?

[Jim McAtee]

Except that it's about 20x as fast and uses less than 1/2 the memory.  Did 
anyone notice the "Task Manager" in Chrome?  That's what I call going for 
the jugular.


The more Microsoft tries to prove that they "get it" the further they fall 
behind.  Wasn't IE7 just released?  Was that just a gigantic "Oops" or 
another MS fart into the wind?



- Original Message - 
From: "Tim Vander Kooi" <[EMAIL PROTECTED]>

To: "NT System Admin Issues" 
Sent: Thursday, September 04, 2008 10:23 AM
Subject: RE: What no chrome?



Not to mention that every one of the "hot new features" that they
trumpet already exist in SP2 of IE8. At least I haven't found
anything that it does that IE8 doesn't. 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Looking for simple gigabit switch

[Jim McAtee]

I'm looking for a simple, reliable, fairly inexpensive gigabit ethernet 
switch.  Rack mountable, with 24 ports.  The only feature I need is to be 
able to monitor traffic through each port. 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: After-hours work

[Jim McAtee]

More:

http://www.workforce.com/section/03/feature/24/50/34/index.html


- Original Message - 
From: "Jim McAtee" <[EMAIL PROTECTED]>

To: "NT System Admin Issues" 
Sent: Monday, August 18, 2008 11:50 AM
Subject: Re: After-hours work



This is totally up to my management.


Legally, it's not.  Keep very detailed records.  You may have a very 
nice lawsuit to file.


An exempt employee is not paid an hourly wage.  If you're punching a 
clock and being docked on an hourly basis for time away from the job, 
then by all practical (and I'd bet, legal, purposes) you're being paid 
an hourly wage.  That would make you non-exempt.


I'd speek to a good labor attorney.  You may be able to cash in on these 
jackasses.  You might even get that boss fired if it ends up costing the 
company tens of thousands for yourself and everyone else in the 
department.



- Original Message - 
From: "Nikki Peterson - OETX" <[EMAIL PROTECTED]>

To: "NT System Admin Issues" 
Sent: Monday, August 18, 2008 8:41 AM
Subject: RE: After-hours work


Currently I am classified as “Exempt”. Description of “Exempt” as 
understood by my manager is as follows:

- Pay based on 2 weeks
- 1 week every month I am on-call 24/7
- 2nd Saturday after Patch Tuesday, I am here to patch our servers and 
any extra maint for 8 hours

- On average, I work at least a 1 over every day.
- If I have a Dr. appointment or need to leave a bit early, I am forced 
to use my PTO (vacation)
- FMLA (sick time) only if I am sick for 3+ days, and I need a Dr. 
note.


Example of my time card:
- 89 hours worked during the regular days
- 5 hours worked for Patching/Maint Saturday
- 2 hours PTO charged against me (had to leave early for family 
emergency)

- On call
o My paycheck shows:
 78 hours Regular Pay
 16 hours No-Pay (these are the extra stuff)
 2 hours deducted for PTO
 No mention of on call

This is totally up to my management. Some of the guys in Telecom have a 
great boss, he lets them leave early if an emergency happens and he 
will not reflect it on their time cards. He knows they work hard and 
long and the County gets much more than they pay for.


We are 4 positions down and unable to fill them at the price we offer. 
I have been doing 2 desks now for the last year and a half.


Instead of receiving praise for keeping up and hanging in there. I have 
a boss that comes in from a meeting, announcing to everyone that “No 
one leaves until the whatever he just promised in his last meeting is 
done. My boss is a self-serving  jerk. He takes time with the blessing 
of his boss, but then insists that he must follow the rules for us to 
be fair. The biggest problem is that he will give a break to the one 
fellow he drinks with.


I think it is time for IT based Unions...

This used to be fun but now it sucks.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~ 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: After-hours work

[Jim McAtee]

This is totally up to my management.


Legally, it's not.  Keep very detailed records.  You may have a very nice 
lawsuit to file.


An exempt employee is not paid an hourly wage.  If you're punching a clock 
and being docked on an hourly basis for time away from the job, then by 
all practical (and I'd bet, legal, purposes) you're being paid an hourly 
wage.  That would make you non-exempt.


I'd speek to a good labor attorney.  You may be able to cash in on these 
jackasses.  You might even get that boss fired if it ends up costing the 
company tens of thousands for yourself and everyone else in the 
department.



- Original Message - 
From: "Nikki Peterson - OETX" <[EMAIL PROTECTED]>

To: "NT System Admin Issues" 
Sent: Monday, August 18, 2008 8:41 AM
Subject: RE: After-hours work


Currently I am classified as “Exempt”. Description of “Exempt” as 
understood by my manager is as follows:

- Pay based on 2 weeks
- 1 week every month I am on-call 24/7
- 2nd Saturday after Patch Tuesday, I am here to patch our servers and 
any extra maint for 8 hours

- On average, I work at least a 1 over every day.
- If I have a Dr. appointment or need to leave a bit early, I am forced 
to use my PTO (vacation)

- FMLA (sick time) only if I am sick for 3+ days, and I need a Dr. note.

Example of my time card:
- 89 hours worked during the regular days
- 5 hours worked for Patching/Maint Saturday
- 2 hours PTO charged against me (had to leave early for family 
emergency)

- On call
o My paycheck shows:
 78 hours Regular Pay
 16 hours No-Pay (these are the extra stuff)
 2 hours deducted for PTO
 No mention of on call

This is totally up to my management. Some of the guys in Telecom have a 
great boss, he lets them leave early if an emergency happens and he will 
not reflect it on their time cards. He knows they work hard and long and 
the County gets much more than they pay for.


We are 4 positions down and unable to fill them at the price we offer. I 
have been doing 2 desks now for the last year and a half.


Instead of receiving praise for keeping up and hanging in there. I have 
a boss that comes in from a meeting, announcing to everyone that “No one 
leaves until the whatever he just promised in his last meeting is done. 
My boss is a self-serving  jerk. He takes time with the blessing of his 
boss, but then insists that he must follow the rules for us to be fair. 
The biggest problem is that he will give a break to the one fellow he 
drinks with.


I think it is time for IT based Unions...

This used to be fun but now it sucks. 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Looking for a very good Email provider

[Jim McAtee]

That's almost exactly what I'm moving away from.  I have a website hosted 
for about $5/month with "unlimited" mailboxes.  It's a typical 
mega-cheap-hosting arrangement - they all sell exactly the same thing - a 
domain on a shared server with exactly the same software, all services 
running on the same machine.  They resell the offerings of someone else 
and provide "support" in name only.  For instance, if there's a problem 
with email they say "we'll look into it" and forward a ticket to the 
wholesale provider.  About the 1/2 the time you get no real resolution. 
Spam prevention is marginal, speed is poor, and glitches frequent.  I'm 
fed up.



- Original Message - 
From: "Rod Trent" <[EMAIL PROTECTED]>

To: "NT System Admin Issues" 
Sent: Thursday, August 14, 2008 12:26 PM
Subject: RE: Looking for a very good Email provider


You can get a website hosted with 50 free email addys for around $9.99 
per

month in some places.

-Original Message-
From: Jim McAtee [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 14, 2008 2:22 PM
To: NT System Admin Issues
Subject: Looking for a very good Email provider

This is for a personal domain with a handful of mailboxes.  I need
something reasonably priced, say $60 a year or less for up to 5 
mailboxes.

I just tried Google Apps for domains, but there were some really bizarre
proprietary implementations of things like POP3(!) that didn't sit well
with me.

What I really need is good spam prevention, with detected spam left on 
the

server for N days and reviewable (and retrievable) through a web client
interface.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~ 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Looking for a very good Email provider

[Jim McAtee]

This is for a personal domain with a handful of mailboxes.  I need 
something reasonably priced, say $60 a year or less for up to 5 mailboxes. 
I just tried Google Apps for domains, but there were some really bizarre 
proprietary implementations of things like POP3(!) that didn't sit well 
with me.


What I really need is good spam prevention, with detected spam left on the 
server for N days and reviewable (and retrievable) through a web client 
interface. 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: DNS flaw plugged by vendors

[Jim McAtee]

Out-of-band?  He he.

We've updated BIND.  Of course, we don't use any Microsoft DNS servers for 
public facing DNS.



- Original Message - 
From: "James Rankin" <[EMAIL PROTECTED]>

To: "NT System Admin Issues" 
Sent: Wednesday, July 09, 2008 1:30 AM
Subject: DNS flaw plugged by vendors



http://securosis.com/2008/07/08/dan-kaminsky-discovers-fundamental-issue-in-dns-massive-multivendor-patch-released/

Is anyone taking any remedial action about this out-of-band? It seems to 
be

presented as quite threatening...
 ~ 



~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

June 18 is the last day to buy Genuine Windows XP from Dell

[Jim McAtee]

Anyone else see this notice when ordering from the Dell web site?

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: 10 most annoying programs on the Internet

[Jim McAtee]

Tim Vander Kooi wrote:


Apparently we should all be glad that Andy Smith does not configure or
support our Exchange environments. ;-)



What Exchange environment?

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: 10 most annoying programs on the Internet

[Jim McAtee]

Roger Wright wrote:


I'm sure there are many more that could make the list:

http://preview.tinyurl.com/64ynuo




I'd certainly add tinyurl to the list. ;-)

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: Reverse DNS Advice for outbound email

[Jim McAtee]

Google "classless reverse dns delegation" and check out RFC 2317.  The use 
of CNAMEs is how this is accomplished when you only have a small block of 
IP addresses.  This is how any ISP we've ever dealt with has allowed us to 
set PTR records.  Many ISPs just don't want to deal with the hassles of 
setting up and maintaining PTR records for all of their customers.  The 
thing to do is to get them hand off the resolution of those PTRs to your 
own DNS server/provider.  If they refuse (or can't figure out how) to do 
that then I'd seriously consider finding another ISP.



- Original Message - 
From: "N Parr" <[EMAIL PROTECTED]>

To: "NT System Admin Issues" 
Sent: Wednesday, May 28, 2008 11:53 AM
Subject: RE: Reverse DNS Advice for outbound email


That's exactly my concern and why I thought of it because I have my
filter set up the same way.  Problem is I'm limited on my provider
choices.  A CNAME record wouldn't work for this would it?  From what
I've read it's a bad thing to mix MX with cnames.

-Original Message-
From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 28, 2008 12:46 PM
To: NT System Admin Issues
Subject: Re: Reverse DNS Advice for outbound email

I would change providers.  There are words in our PTR that can trigger
spam filters.  Words like, "pool", etc...  At least its not based on an
IP or MAC address, but its still a risk.


On Wed, May 28, 2008 at 1:38 PM, N Parr <[EMAIL PROTECTED]>
wrote:

We host our own email and we are changing our primary ISP.  Per their
policy they will not change the Reverse DNS of our static IP to be
anything other than mortonrb-pool5-static-4.ispxxx.com.  I have
control of my DNS records and can set that as an MX but I'm kind of
worried about some spam filters having issues with such a long DNS
name with the word "pool" in it when trying to send mail.  Using their



mail server as a smart host is out of the question because if they go
down our ASA box will automatically fail over to our secondary ISP and



be unable to connect to their down mail server.  Do you think using
this long DNS name will cause issues trying to send outbound email.
BTW my DNS is hosted with network solutions and they don't support TXT



records so I can't create an SPF.
Thanks
Niles

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~





--
ME2

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~ 



~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: Client licenses for web apps (was: AD in the DMZ)

[Jim McAtee]

They've liberalized the licensing somewhat for "Windows Web Server 2008", 
so it may not be an issue.


http://blogs.computerworld.com/windows_server_2008_license_eased_for_web


- Original Message - 
From: "Andy Ognenoff" <[EMAIL PROTECTED]>

To: "NT System Admin Issues" 
Sent: Friday, May 16, 2008 8:19 AM
Subject: RE: Client licenses for web apps (was: AD in the DMZ)



Can anyone confirm this?  If that's how the license was intended I would
think that would kill Windows as a hosting platform for the majority 
people.


- Andy O.


-Original Message-
From: Ben Scott [mailto:[EMAIL PROTECTED]
Sent: Friday, May 16, 2008 9:09 AM
To: NT System Admin Issues
Subject: Client licenses for web apps (was: AD in the DMZ)

On Thu, May 15, 2008 at 11:32 AM, Michael B. Smith
<[EMAIL PROTECTED]> wrote:

Obviously, you haven't yet thought about licensing.
Why not use application authentication instead of a/d authentication?


 The way I read the Microsoft licensing documentation, it doesn't
matter how you authenticate the user.  You need a client license (CAL
or ECL) any time you individually identified a person.  So even if
you're running Apache and phpBB, you need a client license for every
phpBB user account.  The exception being if you're using Web Server
Edition.

 Reference:

"[You need a client license unless] access to the instances of server
software is only through the Internet without being authenticated or
otherwise individually identified by the server software or **through
any other means**."   (Emphasis mine.)

http://www.microsoft.com/windowsserver2008/en/us/client-licensing.aspx

-- Ben



~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~ 



~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: Huge spike in spam

[Jim McAtee]

In the last 24 hours I've received a massive number of delivery failure 
notices.  Don't know if that's true for anyone else or just some spammer 
decided to send out a mailing to 50,000,000 addresses using my email in 
the return path.



- Original Message - 
From: "Louis, Joe" <[EMAIL PROTECTED]>

To: "NT System Admin Issues" 
Sent: Monday, April 07, 2008 4:38 PM
Subject: Huge spike in spam



Anyone see this in the last hour? My hourly count has gone up 6 times
what is normally is for this time and the hour is only 36 minutes in.



~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: Http to https redirect for WSS3

[Jim McAtee]

I believe that's a yes - the http version of the site requires a Windows 
login.  With the redirect I think I would expect two logins - one for the 
http site, then one for the https, since the browser will see it as a new 
site requiring different credentials.


This is the behavior I see with our Intranet site using domain logins. 
Most of the site is plain http, but for a few areas (a credit card 
processing page, for instance), the site links from 
http://intranet.mydomain.com to https://intranet.mydomain.com.  Users are 
prompted for new credentials when moving to the https site unless the 
browser already has them cached.



- Original Message - 
From: "Graeme Carstairs" <[EMAIL PROTECTED]>

To: "NT System Admin Issues" 
Sent: Saturday, April 05, 2008 2:35 PM
Subject: Re: Http to https redirect for WSS3


If I goto http://portal.domain.com with the require SSL turned on, I get 
an
error page saying that the user is required to logon, but no login 
prompt.
If i goto http://portal.domain.com with the require ssl turned off I get 
the

usual login options for the web site from outside, and from inside I get
straight to the wss page as I am using NT Login.

Graeme


On Sat, Apr 5, 2008 at 9:24 PM, Jim McAtee <[EMAIL PROTECTED]> 
wrote:


If I force SSL on the website, then I get an error that the ASP page 
needs

> you to login.
>

Do you mean the user is prompted to login when they're redirected to 
the
https (port 443) URL or do you mean that the ASP page is never 
executed?


Does http://portal.domain.com prompt for a login?



- Original Message - From: "Graeme Carstairs" <
[EMAIL PROTECTED]>
To: "NT System Admin Issues" 
Sent: Saturday, April 05, 2008 6:26 AM
Subject: Http to https redirect for WSS3


 I have recently started to look at a site who have what was meant to 
be a

> trial but has grown into a business critical application, WSS3 site.
>
> The site is setup in IIS in its own website called "portal".
>
> Internally and Externally it is accessed by HTTP://portal.domain.com
>
> The alternate access mapping is set to this.
>
> I have been insisting since day one that the go HTTPS.
>
> They have just agreed, and I have purchased an SSL cert, applied to 
> IIS,

> and
> configured WSS alternate access mapping to point to
> https://portal.domain.com, opened port 443 on firewall,
>
> Now if you enter https://portal.domain.com it all works fine, and WSS
> generates all inks etc.
>
> The problem though is that they have numerous people accessing 
> shortcuts
> etc, pointing to http, and I would like to set an automatic change 
> for

> http
> requests to https.
>
> I have created the asp page and set everything up as recommended by 
> MS

> (i
> used the asp page they give or owa, for a custom 403 error, just 
> missed

> out
> the appending of /exchange to the url.)
>
> If I force SSL on the website, then I get an error that the ASP page
> needs
> you to login.
>
> I have disabled SSL required, on the virtual dir the asp is in, and 
> this

> still happens
>
> I though it was because the redirect virtual dir is under the wss
> extended
> site of Portal, and so moved it into a new site, and pointed port 80 
> to

> it,
> but it then just redirects to the site its on and displays under
> construction.
>
> Any one know how I can do this?
>
> Any http request portal.domain.com gets conve3rted to https without 
> user

> intervention.
>
> i.e. http://portal.domain.com/ops/it/asset.aspx becomes
> https://portal.domain.com/ops/it/asset.aspx
>
>
> Thanks in advance
>
> Graeme
>
>
>
>
> --
> Carbon credits are a bit like beating someone up on this side of the
> world
> and sponsoring one of those poor starving kids on the other side of 
> the

> world to make up for the fact that you're a complete shit at home.
>
> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~
>


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~





--
Carbon credits are a bit like beating someone up on this side of the 
world

and sponsoring one of those poor starving kids on the other side of the
world to make up for the fact that you're a complete shit at home.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~ 



~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

Re: Http to https redirect for WSS3

[Jim McAtee]

If I force SSL on the website, then I get an error that the ASP page 
needs

you to login.


Do you mean the user is prompted to login when they're redirected to the 
https (port 443) URL or do you mean that the ASP page is never executed?


Does http://portal.domain.com prompt for a login?



- Original Message - 
From: "Graeme Carstairs" <[EMAIL PROTECTED]>

To: "NT System Admin Issues" 
Sent: Saturday, April 05, 2008 6:26 AM
Subject: Http to https redirect for WSS3



I have recently started to look at a site who have what was meant to be a
trial but has grown into a business critical application, WSS3 site.

The site is setup in IIS in its own website called "portal".

Internally and Externally it is accessed by HTTP://portal.domain.com

The alternate access mapping is set to this.

I have been insisting since day one that the go HTTPS.

They have just agreed, and I have purchased an SSL cert, applied to IIS, 
and

configured WSS alternate access mapping to point to
https://portal.domain.com, opened port 443 on firewall,

Now if you enter https://portal.domain.com it all works fine, and WSS
generates all inks etc.

The problem though is that they have numerous people accessing shortcuts
etc, pointing to http, and I would like to set an automatic change for 
http

requests to https.

I have created the asp page and set everything up as recommended by MS 
(i
used the asp page they give or owa, for a custom 403 error, just missed 
out

the appending of /exchange to the url.)

If I force SSL on the website, then I get an error that the ASP page 
needs

you to login.

I have disabled SSL required, on the virtual dir the asp is in, and this
still happens

I though it was because the redirect virtual dir is under the wss 
extended
site of Portal, and so moved it into a new site, and pointed port 80 to 
it,

but it then just redirects to the site its on and displays under
construction.

Any one know how I can do this?

Any http request portal.domain.com gets conve3rted to https without user
intervention.

i.e. http://portal.domain.com/ops/it/asset.aspx becomes
https://portal.domain.com/ops/it/asset.aspx


Thanks in advance

Graeme




--
Carbon credits are a bit like beating someone up on this side of the 
world

and sponsoring one of those poor starving kids on the other side of the
world to make up for the fact that you're a complete shit at home.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~ 



~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: DB server RAID

[Jim McAtee]

_That's_ a very good question.  Although I have no idea what the employee 
count has to do with anything.  It's obviously the nature of the business 
rather than the number of people in accounting and HR that dictates their 
storage needs.  Maybe GIS related or something similar.



- Original Message - 
From: "Michael Brummet" <[EMAIL PROTECTED]>

To: "NT System Admin Issues" 
Sent: Wednesday, April 02, 2008 5:27 PM
Subject: RE: DB server RAID


I'd be curious to know, a company with only 80 employees and over a PB 
of

storage - what are they using for backup?

Michael




-Original Message-
From: "Michael B. Smith" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" 
Date: Wed, 2 Apr 2008 19:01:06 -0400
Subject: RE: DB server RAID


I have a client company with only 80 employees that has over a PB of
storage. And growing by leaps and bounds.

Regards,

Michael B. Smith
MCSE/Exchange MVP
http://TheEssentialExchange.com

From: Ken Schaefer [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 02, 2008 6:42 PM
To: NT System Admin Issues
Subject: RE: DB server RAID

I don’t think 1 PB is really all that much storage for companies that 
have

hundreds of thousands of employees...

Cheers
Ken


From: Joe Heaton [mailto:[EMAIL PROTECTED]
Sent: Wednesday, 2 April 2008 3:09 PM
To: NT System Admin Issues
Subject: RE: DB server RAID

PB??  Holy cow, what in the world could need that much storage?

Joe Heaton





From: Ken Schaefer [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 02, 2008 2:08 PM
To: NT System Admin Issues
Subject: RE: DB server RAID
I’m visiting our Seattle office at the moment. There are two Netapp 
arrays
here (3000 and 2000 series), for a total of 87 TB of space(320 
spindles). I

talked to one of the guys looking after it and he said that the perf was
just as good as the equivalent EMC Clarions, and the management was 
light

years ahead.

The Netapp stuff must be decent. Of the major oil companies is doing the
largest MOSS implementation in the world at the moment backed by Netapp
storage (around 1PB of storage apparently).

Cheers
Ken




From: Ziots, Edward [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 02, 2008 10:49 AM
To: NT System Admin Issues
Subject: RE: DB server RAID
Basically I am doing a SQL 2005 Cluster Environment right now with DL
580G5’s and SAN attached storage to fit about 50-100 databases 
concurrent.



4 Quad-Core processors, 16GB of RAM, EMC SAN ( DMX 1000), 2 4GB Qlogic
HBA’s. Which is my top tier.

Basically after this well be doing a stand-alone middle tier SQL server
which is a Dual Quad-Core with 8GB of RAM, and SAN disk partitioned out
accordingly. ( RAID 1+0, RAID 1, separate LUN’s etc etc)

Then Low End Testing is DL 380G5 Dual Quad-Core Processor 4GB of RAM, 
local
SAS 146.8GB 10K, in a RAID 1+0 configuration with different partitions 
for

each of the functions. ( This is staging)

Once I can get funding for alternative site, it will be duplicated and 
using

mirroring, or stretch clustering to make site-to-site fault tolerance.

Also: If anyone is using NETAPP storage out there I’d love to hear your
thoughts and experiences on there product line, we are looking for
alternatives to our EMC SAN right now, and there offerings and 
management

looks awfully attractive.

Thanks
Z

Edward E. Ziots
Network Engineer
Lifespan Organization
MCSE,MCSA,MCP,Security+,Network+,CCA
Phone: 401-639-3505
-Original Message-
From: Joe Heaton [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 02, 2008 1:37 PM
To: NT System Admin Issues
Subject: RE: DB server RAID

Wow EZ, that's a lot of hardware.  Unfortunately, I'm not going to be 
able

to match what they are suggesting, and to be honest, I don't think our
databases need that much horsepower.  So, being stuck with what I have, 
6

SAS disks, on a single PERC5i controller, I'm looking at my options.

Joe Heaton












~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~ 



~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: Alternative to Network Solutions?

[Jim McAtee]

Either eNom or Tucows (OpenSRS), either one of them through one of their 
resellers.  Tucows is probably the best for protecting their customers' 
rights, while GoDaddy is the worst in that regard.


http://www.p2pnet.net/story/11147

http://www.threadwatch.org/node/12636

If you're registering a lot of domains for clients then it may be 
worthwhile to become a reseller yourself.




- Original Message - 
From: "Ajay Kulsh" <[EMAIL PROTECTED]>

To: "NT System Admin Issues" 
Sent: Tuesday, April 01, 2008 8:19 PM
Subject: Alternative to Network Solutions?



Hi folks,

At this time, most of our clients have their domain registered and DNS 
servers kept at Network Solutions. However, we are finding their charges 
high and services minimal. For example, they do not support creation of 
SPF records -- and tech-support refuses to send us an email stating so.


Is GoDaddy a good choice? Any other companies with which you have had 
good experience? Thanks.


Jay Kulsh
So. Pasadena, CA



~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: RAID failure monitoring

[Jim McAtee]

The DRACs that I've worked with offer very little in the way of RAID 
failure notification.  Using OpenManage Server Administrator, just to 
manage RAID alerts is, IMO, like using Oracle to manage your household 
recipes.



- Original Message - 
From: "Sam Cayze" <[EMAIL PROTECTED]>

To: "NT System Admin Issues" 
Sent: Tuesday, March 25, 2008 2:43 PM
Subject: RE: RAID failure monitoring


Configure the server's onboard alerting feature.



Dell = DRAC and/or OpenManage Server Administrator.

Get alerts for CPU, like 6 temperature sensors, Fan, power supplies,
hung system, etc.



Without proper alert management in place = naked and unprotected system
that should not be in production, imo.



If it's you mail system, configure the alerts to trip a script that will
send a message to a SMS gateway so you get a page on your cell phone.
Useful when the mail server is down or the queues are clogged.

What nice about that, is that the alert will tell you why your system is
down, either hard disk, backplane, raid card, power supply... etc.   On
the drive to the data center, you can call your Support rep and get the
part ordered before you are at the system



-Sam



From: David Lum [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 25, 2008 3:34 PM
To: NT System Admin Issues
Subject: RAID failure monitoring



What tool do you guys use to get notified of RAID drive failures? Not
SAN, just good ol' drives in an onboard array. I have several remote
systems and the "hey what's that blinking light" method isn't exactly
optimal

Servers in question are IBM xSeries and Dell PowerEdge systems.

Dave Lum  - Systems Engineer
[EMAIL PROTECTED] - (971)-222-1025
"When you step on the brakes your life is in your foot's hands"





~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~ 



~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: http://downforeveryoneorjustme.com/

[Jim McAtee]

Are you kidding? Those threads are the highlight of this list.  "Hey 
everyone, I can't get to Google. Does it work for you?"  Followed by at 
least 50 responses over a period of 8 hours. (I always have to wonder what 
the last 40 or so are thinking when they respond.)  Ask an AD question and 
see if you get three replies.



- Original Message - 
From: "Osama Salah" <[EMAIL PROTECTED]>

To: "NT System Admin Issues" 
Sent: Saturday, March 15, 2008 9:22 PM
Subject: http://downforeveryoneorjustme.com/


http://downforeveryoneorjustme.com/
just came across this, might be useful since many people on the list ask
others to check if a site is up or not. 



~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: DNS Hosting

[Jim McAtee]

eNom and several other registrars also include DNS with their domain 
registrations.



- Original Message - 
From: "MarvinC" <[EMAIL PROTECTED]>

To: "NT System Admin Issues" 
Sent: Friday, March 07, 2008 7:50 PM
Subject: Re: DNS Hosting



How about this tid bit:
The client registers their website domains with godaddy. After speakign 
with
them, godaddy, I learned that this feature is included when you register 
a
domain at no extra charge. 



~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: Best practices in setting up a web site with IIS

[Jim McAtee]

From: "Reimer, Mark"



Question in setting up a website. We will be using IIS (this has
been decided by others, and I can't change it).

Should subsites be:

www.subsite.ourdomain.com

or

www.ourdomain.com/subsite

Which is better practice? We will be spreading across multiple
servers, with each server hosting one or two subsites.

If the latter, what the preferred way of setting things up so
the subsite gets pointed to the right server?


The first approach is done in DNS, which is pretty straightforward. (BTW, 
I'm not sure about best practices, but I've never liked using 
'www.subdomain.domain.com' host names.  There's no reason to prepend the 
www. except where it's expected at the topmost level.  People seldom type 
in these sub-host names manually, so are unlikely to add a www.)


Can the second approach be used to actually offload application server 
load to another server?   Wouldn't it be done up by creating a virtual 
directory in IIS and pointing it at a share on another server?  This would 
only retrieve files from the second server, meaning any applications would 
still run on the main server.  Or maybe there's another way to set it up, 
such as through a redirect.


I've only ever used the first approach, never the latter.  I'm not sure 
where the second would be desirable (or necessary), unless there are 
search engine optimization reasons.



~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: Robocopy Switches

[Jim McAtee]

Yes.  But take the five minutes that it takes to test and verify it for 
yourself.  And, of course, never test something like that on live data.



- Original Message - 
From: "Joseph L. Casale" <[EMAIL PROTECTED]>

To: "NT System Admin Issues" 
Sent: Monday, February 25, 2008 3:24 PM
Subject: Robocopy Switches



Just for confirmation, does the /Mirr and /Purge *only*
delete data on the destination? I am needing to replicate
data to disc before being backed up.
Just want to be safe :)



~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: Broadcom NIC problems?

[Jim McAtee]

Wow!

I just had a chance to reboot the server after making these changes (I 
found that all three were enabled in the registry - I'm not sure why I 
thought TOE was disabled) and it's a night and day difference.  Immensely 
faster.


Thank you!!


- Original Message - 
From: "Miller Bonnie L." <[EMAIL PROTECTED]>

To: "NT System Admin Issues" 
Sent: Monday, January 28, 2008 1:21 PM
Subject: RE: Broadcom NIC problems?


This sounds a LOT like the strange issue we had with our 2950 running E2k7 
(can't just wipe and install x32) where Outlook would "hiccup" and lose 
connections to the server.  Server appeared hung, but once logged on, was 
fine and users could reconnect.  Updated firmware, drivers, Windows, 
Exchange patches, etc, and could not find a source.  On the verge of 
calling PSS, but tried the chimney stuff first, and voila, haven't seen 
the problem since.  We've turned it off for now on all of our 2900s and 
2950s, and have seen great improvements in several servers where we 
probably didn't realize there were issues.


On ours, I'm importing a reg file with the following
-
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"EnableTCPA"=dword:
"EnableRSS"=dword:
"EnableTCPChimney"=dword:
-

And, I'm also setting RSS to disabled in the advanced properties of the 
Broadcom NIC (in device manager).  A reboot after that and it's all off. 
Will probably try turning things back on one at a time when this issue 
seems to settle down more, but at this point, it still appears to be a 
problem for us on the latest drivers, etc.


BTW--we have one 2900 server that was so bad we had to stuff an Intel NIC 
in the box after it continued to BSOD on Broadcom drivers and Dell had 
replaced all the hardware (we changed cables, ports, etc first).  Has 
worked flawlessly since--hoping to try removing that NIC with the chimney 
off soon, but need to wait until mid-winter break when the kids are gone 
in case it doesn't work.  Point being, it seems to rear its ugly head for 
us with the Broadcom NICs.  YMMV


-Bonnie

-Original Message-
From: Jim McAtee [mailto:[EMAIL PROTECTED]
Sent: Monday, January 28, 2008 11:03 AM
To: NT System Admin Issues
Subject: Broadcom NIC problems?

In the IP Chimney thread there was a link to an article that alluded to
more general issues with Broadcom drivers in Win2k3.

I'm seeing some issues with a Dell PE2950 that we recently put into
service as a web server.  I first set the sysetem up using Windows Server
2003 x64 and had serious network throughput problems.  Even on the local
network (100 Mbps switch) I was seeing no better than about 130 kbps
throughput.  This was (and still is) without the TOE enabled.  I farked
around with it, trying different drivers until I finally gave up and
installed Win2k3 32-bit.  Much better network speeds.

But what I'm seeing is now is an occasional hiccup where a web page
appears to take several seconds to load.  This is actually a little
reminiscent of the original problem, as it would appear that the network
would experience varying speeds, with short periods of a couple seconds
that were extremely slow.

Looking at the page generation speeds, it's not the web or application
server, as the pages take just a fraction of a second to generate.
Everything points to continued networking problems.  Web sites from other
servers in the same web farm don't display this behavior, so it would seem
to be something with the PE2950 and not the network itself.  Anyone else
seeing something similar?  Suggestions for either a fix, or where to begin
troubleshooting would be appreciated.


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~ 



~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

Re: IUSR_SERVER

[Jim McAtee]

- Original Message - 
From: "Ken Schaefer"

Subject: RE: IUSR_SERVER


b) You can manually create this account if you want, but you need to 
manually > assign the correct permissions, groups etc.


Why not simply rename the account and maintain the permissions? 



~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Broadcom NIC problems?

[Jim McAtee]

In the IP Chimney thread there was a link to an article that alluded to 
more general issues with Broadcom drivers in Win2k3.


I'm seeing some issues with a Dell PE2950 that we recently put into 
service as a web server.  I first set the sysetem up using Windows Server 
2003 x64 and had serious network throughput problems.  Even on the local 
network (100 Mbps switch) I was seeing no better than about 130 kbps 
throughput.  This was (and still is) without the TOE enabled.  I farked 
around with it, trying different drivers until I finally gave up and 
installed Win2k3 32-bit.  Much better network speeds.


But what I'm seeing is now is an occasional hiccup where a web page 
appears to take several seconds to load.  This is actually a little 
reminiscent of the original problem, as it would appear that the network 
would experience varying speeds, with short periods of a couple seconds 
that were extremely slow.


Looking at the page generation speeds, it's not the web or application 
server, as the pages take just a fraction of a second to generate. 
Everything points to continued networking problems.  Web sites from other 
servers in the same web farm don't display this behavior, so it would seem 
to be something with the PE2950 and not the network itself.  Anyone else 
seeing something similar?  Suggestions for either a fix, or where to begin 
troubleshooting would be appreciated.



~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: SSL certificates

[Jim McAtee]

We used to use Thawte until Verisign bought them and raised the prices. 
Then Comodo/InstantSSL.  I recently went to renew a couple of Comodo 
certificates and was floored by all the different certificate offerings. 
And after much reading, couldn't tell the difference between most of them. 
I remember maybe two products just a couple of years ago.  The cheapest 
available this time was about $80 per year.  It was issued by using an 
email address associated with WHOIS information on the domain to confirm 
and approve the issuance of the certificate.


Then I found an online reseller of GeoTrust and RapidSSL.  RapidSSL is a 
division of GeoTrust, which is a division of Verisign.  Bought a RapidSSL 
cert for under $13 per year for our Intranet site.  Then, for our public 
web site that handles online payments, I bought an OpenSSL cert for about 
$47 per year, thinking that there just may be some justification for the 
higher cost.  After they were issued, I examined them and found that they 
were _identical_ except for the domain names and GeoTrust brand on the 
OpenSSL certificate.


When Verisign buys these companies, they just keep the company name and 
attempt to target a different price strata.  It's ludicrous, because 
they're all selling the same product for anywhere from $15 to $300 or more 
per year.  If you think thank even one person in 1000 who visits a secure 
web site examines the certificate and notes the issuer, or the name of 
subject, you're kidding yourself.  And if you're buying a certificate for 
internal use, you'd be insane to pay more than $15 a year.




- Original Message - 
From: "Joe Heaton"

To: "NT System Admin Issues" 
Sent: Friday, January 18, 2008 8:53 AM
Subject: SSL certificates


Someone recently mentioned an SSL issuing authority that they were using
outside of Verisign.  We have a certificate that is coming up for
renewal, and I want to look around at other options, but don't want to
get sucked into a bad issuing authority.


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: Looking for a DNS provider

[Jim McAtee]

Good point.  Splitting DNS service and registrar services offers limited 
protection from bastard domain registrars.  Because the registrar controls 
the records that point to the DNS servers themselves.  If you run into a 
dispute with your registrar (like GoDaddy shutting down sites whenever 
anyone asks) then they just point the nameservers at different DNS 
servers.  If they also control the DNS itself, they can do this 
immediately vs. the 48 hour propogation time it may take to change NS 
records at the registry.  Small comfort.


More important is to stay away from unscrupulous domain registrars. 
Tucows is one of the best, but try wrestling a domain away from GoDaddy. 
I've dealt with the situation several times and it can be a nightmare.



- Original Message - 
From: "Mike Gill" <[EMAIL PROTECTED]>

To: "NT System Admin Issues" 
Sent: Friday, December 28, 2007 5:49 PM
Subject: RE: Looking for a DNS provider


Why do you want talk about registrars like that? I mean, the way it comes
across in your message, you do this often? I would think you would want a
registrar that holds a higher level of confidence in such statements.

Anyway, the point is if you register all your domains at the same 
registrar,
then you gain ease and convenience in those areas for managing DNS.  I 
don't

use a tier 1 registrar, but the sub of TUCOWS that I use have not given me
one reason to change in over 4 years of use.  I'm all for splitting up
services but those two go so nicely together I'm wondering why you want to
do what you're doing.

--
Mike Gill


-Original Message-
From: David Mazzaccaro [mailto:[EMAIL PROTECTED]
Sent: Friday, December 28, 2007 10:50 AM
To: NT System Admin Issues
Subject: RE: Looking for a DNS provider

AH HAH!
Bingo.
I am willing to bet that is why we are using a different provider for
DNS than our registrar.  So that we can switch registrars with no
problems.
Thanks!!!


-Original Message-
From: Andy Ognenoff [mailto:[EMAIL PROTECTED]
Sent: Friday, December 28, 2007 1:42 PM
To: NT System Admin Issues
Subject: RE: Looking for a DNS provider

Oh...and I was going to mention that I like using a dedicated provider
for
DNS since it makes changing any other part of your hosting environment
easier - switching registrar, web host, etc. Not having to re-setup DNS
when
those changes are made is nice.

- Andy O.

From: Mike Gill [mailto:[EMAIL PROTECTED]
Sent: Friday, December 28, 2007 12:11 PM
To: NT System Admin Issues
Subject: RE: Looking for a DNS provider


I was going to mention using the registrar, as I do myself. The ones
that I
have used all have this. It's just not enabled by default.



~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~