RE: Can you do this with .CMD?

[Ken Cornetet]

No efforts aimed at putting the right characters into the file are going to 
work. The program reading the password is NOT reading STDIN. It is either doing 
BIOS calls (which I assume are emulated in windows), or it is reading from the 
CON: device.

From: Don Kuhlman [mailto:drkuhl...@yahoo.com]
Sent: Friday, April 19, 2013 2:29 PM
To: NT System Admin Issues
Subject: Re: Can you do this with .CMD?

Will something like a hex editor (ultraedit or something similar) that will let 
you embed the ASCII codes - 013 and 010 CF + LF into the text file work?

We used to use keyfake too long ago.

Also used to be able to type the "ALT" nnn combo to insert those characters 
into files, but I don't know if that will work right.

Don K


From: Ben Scott mailto:mailvor...@gmail.com>>
To: NT System Admin Issues 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Sent: Wednesday, April 17, 2013 4:29 PM
Subject: Re: Can you do this with .CMD?

On Wed, Apr 17, 2013 at 5:16 PM, Daniel Rodriguez 
mailto:drod...@gmail.com>> wrote:
> Instead of doing a carriage return put a ^M at the end of your batch file.

  ^M is just a human-readable representation a carriage return, used
by some software to display something that's normally not printable.

  Typing the actual characters (caret, letter M) don't do anything
special in batch files.  Or in most other places.

--- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Can you do this with .CMD?

[Ken Cornetet]

I'm going to guess that the application is reading the password from the 
console device instead of STDIN. I don't think there is an easy way around that 
from a batch file. There may be some third-party utilities that can stuff 
keystrokes into the console buffer.

I'd have a look at AutoIt.

From: kz2...@googlemail.com [mailto:kz2...@googlemail.com]
Sent: Wednesday, April 17, 2013 4:29 PM
To: NT System Admin Issues
Subject: Re: Can you do this with .CMD?

You could certainly do it in VBScript, I reckon, which XP should deal with.
Sent from my Blackberry, which may be an antique but delivers email RELIABLY

From: David Lum mailto:david@nwea.org>>
Date: Wed, 17 Apr 2013 20:23:23 +
To: NT System Admin 
Issuesmailto:ntsysadmin@lyris.sunbelt-software.com>>
ReplyTo: "NT System Admin Issues" 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Subject: Can you do this with .CMD?

Use a batch file to launch an application and then send two carriage returns to 
this app? I can do one, but not two. Running the program is asks for username 
(hitting ENTER it uses a default, which is desired), then when you hit  it 
asks for a password.

My batch file looks like this:
programtorun < c:\windows\temp\answerfile.txt

Answerfile.txt contains

Password 

The app runs but sits and waits for the password, so it's only processesing the 
first . Surely this is a simple one? Some pipe command? Maybe I should get 
out my old DOS 5.0 book...

Please, no PoSh because I have tons of XP machines that need to run this...
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: RSA SecurID Token Renewal

[Ken Cornetet]

Have a look at PhoneFactor, which is now owned by Microsoft. We dumped SecurID 
a couple of years ago, and haven't looked back.

From: Robert Jackson [mailto:r...@walkermartyn.co.uk]
Sent: Monday, April 15, 2013 6:10 AM
To: NT System Admin Issues
Subject: RSA SecurID Token Renewal
Importance: High

I'm looking for some information please.

We are coming to the end of our token activation (expiry date on back of token 
is almost here!). As we originally took them out over a 3 year period, this 
will be the first time we have had to go through a token renewal process. 
However we are being told by our supplier we must purchase another block of 
tokens (in our case 25). I don't think this is right considering we are paying 
a yearly maintenance cost for support. I would have thought that once our 
initial tokens have expired, we could return them and be presented with a new 
set (FOC).

Am I being totally unrealistic in what I'm thinking or do you think the 
supplier is trying to screw us over?




The information in this internet E-mail is confidential and is intended solely 
for the addressee. Access, copying or re-use of information in it by anyone 
else is unauthorised. Any views or opinions presented are solely those of the 
author and do not necessarily represent those of Walker Martyn Ltd or any of 
its affiliates. If you are not the intended recipient please contact 
administra...@walkermartyn.co.uk.

Walker Martyn Ltd, company number SC197533. Company is registered in Scotland 
and has its registered office at 1 Park Circus Place, Glasgow G3 6AH, UK.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Multithreaded tarbal or tar app for windows

[Ken Cornetet]

Multithreaded isn't going to help. Think about what is going on during an 
archive and compress verses an archive only operation.

When you are compressing and archiving, the file data is read in a single 
thread (very low CPU needed), then divided up into chunks. These chunks can 
then be dispatched to multiple threads for compression, then another thread can 
collect the compressed chunks and write then in the correct order to the 
output. Since compression requires lots of CPU, multiple threads can give you 
big gains. Plus, your reader  and writer threads can overlap operation with the 
compression threads effectively eliminating IO time from the equation.

With archiving only, there isn't any work to divvy up for multiple threads to 
operate on. You have to read data, and write it in order. The limit is going to 
be how fast your IO subsystem can read data and write it back out.

From: justino garcia [mailto:jgarciaitl...@gmail.com]
Sent: Tuesday, March 26, 2013 4:27 PM
To: NT System Admin Issues
Subject: Re: Multithreaded tarbal or tar app for windows

Yes faster operations. Trying to tar a 600 gig of data for legal...
On Tue, Mar 26, 2013 at 4:15 PM, Ken Cornetet 
mailto:ken.corne...@kimball.com>> wrote:
What are you trying to accomplish? Faster operation? Tar is going to be limited 
by how fast you can get data in and out. The cpu needed for a straight tar 
operation is miniscule.

From: justino garcia 
[mailto:jgarciaitl...@gmail.com<mailto:jgarciaitl...@gmail.com>]
Sent: Tuesday, March 26, 2013 4:08 PM
To: NT System Admin Issues
Subject: Multithreaded tarbal or tar app for windows

Hi,
I am trying to tar (archive) a lot of files Long list.
I tried 7-zip but it won't do multi threading for tar only bzip and .7zip.

Anyone have a good suggestion?

Regards,

Justino Garcia

--
Justin
IT-TECH

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin



--
Justin
IT-TECH

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: How easy is it to crack passwords?

[Ken Cornetet]

Speaking of which, is there any way to remove lanman hashes from user objects 
without changing the password? I think I know the answer, but I hope I'm 
wrong...

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Monday, March 25, 2013 9:57 AM
To: NT System Admin Issues
Subject: How easy is it to crack passwords?

Ridiculously easy, unless the password is quite long...

http://arstechnica.com/security/2013/03/how-i-became-a-password-cracker/

By Nate Anderson
Ars Technica
Mar 24 2013

At the beginning of a sunny Monday morning earlier this month, I had never 
cracked a password. By the end of the day, I had cracked 8,000.
Even though I knew password cracking was easy, I didn't know it was 
ridiculously easy—well, ridiculously easy once I overcame the urge to bash my 
laptop with a sledgehammer and finally figured out what I was doing.

My journey into the Dark-ish Side began during a chat with our security editor, 
Dan Goodin, who remarked in an offhand fashion that cracking passwords was 
approaching entry-level "script kiddie stuff."
This got me thinking, because—though I understand password cracking 
conceptually—I can't hack my way out of the proverbial paper bag. I'm the very 
definition of a "script kiddie," someone who needs the simplified and automated 
tools created by others to mount attacks that he couldn't manage if left to his 
own devices. Sure, in a moment of poor decision-making in college, I once 
logged into port 25 of our school's unguarded e-mail server and faked a prank 
message to another student—but that was the extent of my black hat activities. 
If cracking passwords were truly a script kiddie activity, I was perfectly 
placed to test that assertion.

It sounded like an interesting challenge. Could I, using only free tools and 
the resources of the Internet, successfully:

Find a set of passwords to crack
Find a password cracker
Find a set of high-quality wordlists and Get them all running on commodity 
laptop hardware in order to Successfully crack at least one password In less 
than a day of work?

[...]

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Advice on setting up a Win2012 RDS environment - Progress!

[Ken Cornetet]

We used to have that sort of mentality, but I've found over the years that, in 
general, HA options tend to create more down time than they are designed to 
eliminate. Personally, I'd recommend just doing an occasional clone of your web 
server and broker (they don't have any critical volatile information), which 
you probably want to do anyway for DR purposes. 

-Original Message-
From: Michael Leone [mailto:oozerd...@gmail.com] 
Sent: Friday, March 22, 2013 10:17 AM
To: NT System Admin Issues
Subject: Re: Advice on setting up a Win2012 RDS environment - Progress!

On Thu, Mar 21, 2013 at 4:42 PM, Ken Cornetet  wrote:
> With VMWare HA, your web server and broker will only be down for a minute or 
> two - even if one physical host crashes.

You are correct about the physical host. But I am speaking of the guest. I am 
trying to avoid the possibility of the web server going down, and staying down, 
due to some Windows-related problem, or a service not coming up properly. 
Things like that happen, you know. :-) And if that happens, I have no HA, and 
we're down (well, no new connections can be made).

With a second web server in a load balanced configuration, that possibility 
goes away.

>
> -Original Message-
> From: Michael Leone [mailto:oozerd...@gmail.com]
> Sent: Thursday, March 21, 2013 4:18 PM
> To: NT System Admin Issues
> Subject: Re: Advice on setting up a Win2012 RDS environment - Progress!
>
> On Thu, Mar 21, 2013 at 3:59 PM, Ken Cornetet  
> wrote:
>> The web server and broker are out of the picture after the RDP client 
>> session is established with the session host.
>>
>> If something goes wrong with a session host, the users have lost their 
>> sessions anyway - no way to prevent that.
>
> Right. Another reason why we will have 3-4 session hosts (also the vendor 
> recommends approx 35 sessions per host, of their published app, and I will 
> have somewhere around 100 users total possible users, altho probably not that 
> many concurrently).
>
> But if the session hosts stay up and available, without the connection broker 
> and web server, no one who doesn't already have an active connected session 
> can connect. That would be the reason for multiple brokers/web servers.
> (because even if we push an RDP to the client desktops, it points to a 
> connection broker, right, which then re-directs to a session host, as 
> you pointed out? So even clicking on the RDP link would fail, if the 
> connect broker wasn't there)
>
>>
>> -Original Message-
>> From: Michael Leone [mailto:oozerd...@gmail.com]
>> Sent: Thursday, March 21, 2013 3:19 PM
>> To: NT System Admin Issues
>> Subject: Re: Advice on setting up a Win2012 RDS environment - Progress!
>>
>> On Thu, Mar 21, 2013 at 2:26 PM, Ken Cornetet  
>> wrote:
>>> I don't think you can have two connection brokers without complicating 
>>> things (clustering and SQL server involved).
>>>
>>> If you have ESX clustering, you have your redundancy covered. No need for 
>>> two web servers (or two brokers). ESX does HA with fewer headaches than any 
>>> other way - use it.
>>
>> Yes, ESXi provides for HA, but with only 1 web server (or connection 
>> broker), what happens if something goes wrong with that machine? If I have 
>> to restart it for whatever reason (say it locks up, errors out, whatever), 
>> all users get kicked off the published app, don't they?.
>> That's what I am trying to avoid. Would that not be best practice?
>> Avoid a single point of failure at the various points - broker, web server, 
>> session host?
>>
>>> Here's the general traffic flow (I think...):
>>>
>>> 1. Client hits web server.
>>> 2. Web server shows available apps
>>> 3. User clicks on app
>>> 4. Web server downloads .RDP file for app. The .RDP file points to the 
>>> broker as the server address.
>>> 5. User's RDP app attempts to launch app from broker.
>>> 6. The broker sends the client a RDP "redirect" to the appropriate session 
>>> host.
>>> 7. The user's RDP then opens a connection to the session host and launches 
>>> the app.
>>>
>>> It has been a while, but I think this is how it worked in 2008 R2 and RDP 
>>> versions up through 7. I've just started looking at 2012. I think RDP 
>>> version 8 changes this up a bit.
>>
>> Thanks
>>
>> So the web server only really is a hand off to connection broker. Once the 
>> client gets and opens the RDP file, the web server becomes unimportant to 
>> the situation. So I guess having mul

RE: Advice on setting up a Win2012 RDS environment - Progress!

[Ken Cornetet]

Or, as one of my old engineering professors like to remind us, the motto at the 
old Western Electric (the folks that used to make phones) was "A part that 
isn't there is 100% reliable."

Western Electric mandated a 60 *year* MTBF for their phone equipment designs.


From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Thursday, March 21, 2013 6:33 PM
To: NT System Admin Issues
Subject: Re: Advice on setting up a Win2012 RDS environment - Progress!

It is possible to overdo HA to the point of introducing fragility to a system.

Too many moving pieces for not enough benefit.






ASB
http://XeeMe.com/AndrewBaker<http://xeeme.com/AndrewBaker>
Providing Virtual CIO Services (IT Operations & Information Security) for the 
SMB market...




On Thu, Mar 21, 2013 at 4:42 PM, Ken Cornetet 
mailto:ken.corne...@kimball.com>> wrote:
With VMWare HA, your web server and broker will only be down for a minute or 
two - even if one physical host crashes.

-Original Message-
From: Michael Leone [mailto:oozerd...@gmail.com<mailto:oozerd...@gmail.com>]
Sent: Thursday, March 21, 2013 4:18 PM
To: NT System Admin Issues
Subject: Re: Advice on setting up a Win2012 RDS environment - Progress!

On Thu, Mar 21, 2013 at 3:59 PM, Ken Cornetet 
mailto:ken.corne...@kimball.com>> wrote:
> The web server and broker are out of the picture after the RDP client session 
> is established with the session host.
>
> If something goes wrong with a session host, the users have lost their 
> sessions anyway - no way to prevent that.

Right. Another reason why we will have 3-4 session hosts (also the vendor 
recommends approx 35 sessions per host, of their published app, and I will have 
somewhere around 100 users total possible users, altho probably not that many 
concurrently).

But if the session hosts stay up and available, without the connection broker 
and web server, no one who doesn't already have an active connected session can 
connect. That would be the reason for multiple brokers/web servers.
(because even if we push an RDP to the client desktops, it points to a 
connection broker, right, which then re-directs to a session host, as you 
pointed out? So even clicking on the RDP link would fail, if the connect broker 
wasn't there)

>
> -Original Message-
> From: Michael Leone [mailto:oozerd...@gmail.com<mailto:oozerd...@gmail.com>]
> Sent: Thursday, March 21, 2013 3:19 PM
> To: NT System Admin Issues
> Subject: Re: Advice on setting up a Win2012 RDS environment - Progress!
>
> On Thu, Mar 21, 2013 at 2:26 PM, Ken Cornetet 
> mailto:ken.corne...@kimball.com>> wrote:
>> I don't think you can have two connection brokers without complicating 
>> things (clustering and SQL server involved).
>>
>> If you have ESX clustering, you have your redundancy covered. No need for 
>> two web servers (or two brokers). ESX does HA with fewer headaches than any 
>> other way - use it.
>
> Yes, ESXi provides for HA, but with only 1 web server (or connection broker), 
> what happens if something goes wrong with that machine? If I have to restart 
> it for whatever reason (say it locks up, errors out, whatever), all users get 
> kicked off the published app, don't they?.
> That's what I am trying to avoid. Would that not be best practice?
> Avoid a single point of failure at the various points - broker, web server, 
> session host?
>
>> Here's the general traffic flow (I think...):
>>
>> 1. Client hits web server.
>> 2. Web server shows available apps
>> 3. User clicks on app
>> 4. Web server downloads .RDP file for app. The .RDP file points to the 
>> broker as the server address.
>> 5. User's RDP app attempts to launch app from broker.
>> 6. The broker sends the client a RDP "redirect" to the appropriate session 
>> host.
>> 7. The user's RDP then opens a connection to the session host and launches 
>> the app.
>>
>> It has been a while, but I think this is how it worked in 2008 R2 and RDP 
>> versions up through 7. I've just started looking at 2012. I think RDP 
>> version 8 changes this up a bit.
>
> Thanks
>
> So the web server only really is a hand off to connection broker. Once the 
> client gets and opens the RDP file, the web server becomes unimportant to the 
> situation. So I guess having multiple web servers would be just for 
> redundancy - if the web server goes down, currently connected users shouldn't 
> even notice anything. But it means new users wouldn't be able to connect, 
> until the web server becomes available again.
>
> Similarly for connection brokers, if I understand correctly. I'm not sure how 
> multiple connection brokers would coordinate between themse

RE: Advice on setting up a Win2012 RDS environment - Progress!

[Ken Cornetet]

With VMWare HA, your web server and broker will only be down for a minute or 
two - even if one physical host crashes.

-Original Message-
From: Michael Leone [mailto:oozerd...@gmail.com] 
Sent: Thursday, March 21, 2013 4:18 PM
To: NT System Admin Issues
Subject: Re: Advice on setting up a Win2012 RDS environment - Progress!

On Thu, Mar 21, 2013 at 3:59 PM, Ken Cornetet  wrote:
> The web server and broker are out of the picture after the RDP client session 
> is established with the session host.
>
> If something goes wrong with a session host, the users have lost their 
> sessions anyway - no way to prevent that.

Right. Another reason why we will have 3-4 session hosts (also the vendor 
recommends approx 35 sessions per host, of their published app, and I will have 
somewhere around 100 users total possible users, altho probably not that many 
concurrently).

But if the session hosts stay up and available, without the connection broker 
and web server, no one who doesn't already have an active connected session can 
connect. That would be the reason for multiple brokers/web servers.
(because even if we push an RDP to the client desktops, it points to a 
connection broker, right, which then re-directs to a session host, as you 
pointed out? So even clicking on the RDP link would fail, if the connect broker 
wasn't there)

>
> -Original Message-
> From: Michael Leone [mailto:oozerd...@gmail.com]
> Sent: Thursday, March 21, 2013 3:19 PM
> To: NT System Admin Issues
> Subject: Re: Advice on setting up a Win2012 RDS environment - Progress!
>
> On Thu, Mar 21, 2013 at 2:26 PM, Ken Cornetet  
> wrote:
>> I don't think you can have two connection brokers without complicating 
>> things (clustering and SQL server involved).
>>
>> If you have ESX clustering, you have your redundancy covered. No need for 
>> two web servers (or two brokers). ESX does HA with fewer headaches than any 
>> other way - use it.
>
> Yes, ESXi provides for HA, but with only 1 web server (or connection broker), 
> what happens if something goes wrong with that machine? If I have to restart 
> it for whatever reason (say it locks up, errors out, whatever), all users get 
> kicked off the published app, don't they?.
> That's what I am trying to avoid. Would that not be best practice?
> Avoid a single point of failure at the various points - broker, web server, 
> session host?
>
>> Here's the general traffic flow (I think...):
>>
>> 1. Client hits web server.
>> 2. Web server shows available apps
>> 3. User clicks on app
>> 4. Web server downloads .RDP file for app. The .RDP file points to the 
>> broker as the server address.
>> 5. User's RDP app attempts to launch app from broker.
>> 6. The broker sends the client a RDP "redirect" to the appropriate session 
>> host.
>> 7. The user's RDP then opens a connection to the session host and launches 
>> the app.
>>
>> It has been a while, but I think this is how it worked in 2008 R2 and RDP 
>> versions up through 7. I've just started looking at 2012. I think RDP 
>> version 8 changes this up a bit.
>
> Thanks
>
> So the web server only really is a hand off to connection broker. Once the 
> client gets and opens the RDP file, the web server becomes unimportant to the 
> situation. So I guess having multiple web servers would be just for 
> redundancy - if the web server goes down, currently connected users shouldn't 
> even notice anything. But it means new users wouldn't be able to connect, 
> until the web server becomes available again.
>
> Similarly for connection brokers, if I understand correctly. I'm not sure how 
> multiple connection brokers would coordinate between themselves, or load 
> balance.
>
>
>>
>> -Original Message-
>> From: Michael Leone [mailto:oozerd...@gmail.com]
>> Sent: Thursday, March 21, 2013 2:04 PM
>> To: NT System Admin Issues
>> Subject: Re: Advice on setting up a Win2012 RDS environment - Progress!
>>
>> On Thu, Mar 21, 2013 at 1:24 PM, Ken Cornetet  
>> wrote:
>>> For traffic handling, you don't need two web servers for 4 session hosts. 
>>> You don't need 2 web servers for 40 session hosts.
>>
>> Well, it's more for redundancy, than actual traffic balancing.
>> Speaking of which ... does that mean for my situation I would want 2 
>> connection brokers, rather than 2 web servers?
>>
>> Am I correct in assuming that the user actually hits the connection broker, 
>> which then passes to the web server (since we would want our users to be 
>> able to access via web browser), which then communicate

RE: Advice on setting up a Win2012 RDS environment - Progress!

[Ken Cornetet]

The web server and broker are out of the picture after the RDP client session 
is established with the session host.

If something goes wrong with a session host, the users have lost their sessions 
anyway - no way to prevent that.

-Original Message-
From: Michael Leone [mailto:oozerd...@gmail.com] 
Sent: Thursday, March 21, 2013 3:19 PM
To: NT System Admin Issues
Subject: Re: Advice on setting up a Win2012 RDS environment - Progress!

On Thu, Mar 21, 2013 at 2:26 PM, Ken Cornetet  wrote:
> I don't think you can have two connection brokers without complicating things 
> (clustering and SQL server involved).
>
> If you have ESX clustering, you have your redundancy covered. No need for two 
> web servers (or two brokers). ESX does HA with fewer headaches than any other 
> way - use it.

Yes, ESXi provides for HA, but with only 1 web server (or connection broker), 
what happens if something goes wrong with that machine? If I have to restart it 
for whatever reason (say it locks up, errors out, whatever), all users get 
kicked off the published app, don't they?.
That's what I am trying to avoid. Would that not be best practice?
Avoid a single point of failure at the various points - broker, web server, 
session host?

> Here's the general traffic flow (I think...):
>
> 1. Client hits web server.
> 2. Web server shows available apps
> 3. User clicks on app
> 4. Web server downloads .RDP file for app. The .RDP file points to the broker 
> as the server address.
> 5. User's RDP app attempts to launch app from broker.
> 6. The broker sends the client a RDP "redirect" to the appropriate session 
> host.
> 7. The user's RDP then opens a connection to the session host and launches 
> the app.
>
> It has been a while, but I think this is how it worked in 2008 R2 and RDP 
> versions up through 7. I've just started looking at 2012. I think RDP version 
> 8 changes this up a bit.

Thanks

So the web server only really is a hand off to connection broker. Once the 
client gets and opens the RDP file, the web server becomes unimportant to the 
situation. So I guess having multiple web servers would be just for redundancy 
- if the web server goes down, currently connected users shouldn't even notice 
anything. But it means new users wouldn't be able to connect, until the web 
server becomes available again.

Similarly for connection brokers, if I understand correctly. I'm not sure how 
multiple connection brokers would coordinate between themselves, or load 
balance.


>
> -Original Message-
> From: Michael Leone [mailto:oozerd...@gmail.com]
> Sent: Thursday, March 21, 2013 2:04 PM
> To: NT System Admin Issues
> Subject: Re: Advice on setting up a Win2012 RDS environment - Progress!
>
> On Thu, Mar 21, 2013 at 1:24 PM, Ken Cornetet  
> wrote:
>> For traffic handling, you don't need two web servers for 4 session hosts. 
>> You don't need 2 web servers for 40 session hosts.
>
> Well, it's more for redundancy, than actual traffic balancing.
> Speaking of which ... does that mean for my situation I would want 2 
> connection brokers, rather than 2 web servers?
>
> Am I correct in assuming that the user actually hits the connection broker, 
> which then passes to the web server (since we would want our users to be able 
> to access via web browser), which then communicates back and forth with the 
> session host? So I would want 2 connection brokers (which would be tied to my 
> Cisco ACE appliance), so that if one goes down, complete access to the 
> application itself does not.
> Similarly, I would want 2 web servers, and then the 3-4 session hosts 
> (altho only the connection brokers would be connected to the ACE
> appliance)
>
> (also: in my case, the application being published is really just a front end 
> itself; it communicates with SQL servers for it's data.
> There is no data in the application itself)
>
>> For HA, I presume you are using an ESX cluster.
>
> Yep. ESXi 5.0 Update 2 cluster (hopefully soon be 5.1).
>
>>
>>
>> -Original Message-
>> From: Michael Leone [mailto:oozerd...@gmail.com]
>> Sent: Thursday, March 21, 2013 1:07 PM
>> To: NT System Admin Issues
>> Subject: Re: Advice on setting up a Win2012 RDS environment - Progress!
>>
>> On Wed, Mar 20, 2013 at 7:53 PM, James Hill  wrote:
>>> Get a cert from a public CA.  Far less hassle and they are very inexpensive.
>>
>> These are internals apps, so they won't be accessed by the public, or over a 
>> public Internet (well, perhaps over VPN). And being a government agency, we 
>> can get certs for free from another agency.
>>
>>> Why do you want to separate the web front end?

RE: Advice on setting up a Win2012 RDS environment - Progress!

[Ken Cornetet]

I don't think you can have two connection brokers without complicating things 
(clustering and SQL server involved).

If you have ESX clustering, you have your redundancy covered. No need for two 
web servers (or two brokers). ESX does HA with fewer headaches than any other 
way - use it.

Here's the general traffic flow (I think...):

1. Client hits web server.
2. Web server shows available apps
3. User clicks on app
4. Web server downloads .RDP file for app. The .RDP file points to the broker 
as the server address.
5. User's RDP app attempts to launch app from broker.
6. The broker sends the client a RDP "redirect" to the appropriate session host.
7. The user's RDP then opens a connection to the session host and launches the 
app.

It has been a while, but I think this is how it worked in 2008 R2 and RDP 
versions up through 7. I've just started looking at 2012. I think RDP version 8 
changes this up a bit. 

-Original Message-
From: Michael Leone [mailto:oozerd...@gmail.com] 
Sent: Thursday, March 21, 2013 2:04 PM
To: NT System Admin Issues
Subject: Re: Advice on setting up a Win2012 RDS environment - Progress!

On Thu, Mar 21, 2013 at 1:24 PM, Ken Cornetet  wrote:
> For traffic handling, you don't need two web servers for 4 session hosts. You 
> don't need 2 web servers for 40 session hosts.

Well, it's more for redundancy, than actual traffic balancing.
Speaking of which ... does that mean for my situation I would want 2 connection 
brokers, rather than 2 web servers?

Am I correct in assuming that the user actually hits the connection broker, 
which then passes to the web server (since we would want our users to be able 
to access via web browser), which then communicates back and forth with the 
session host? So I would want 2 connection brokers (which would be tied to my 
Cisco ACE appliance), so that if one goes down, complete access to the 
application itself does not.
Similarly, I would want 2 web servers, and then the 3-4 session hosts (altho 
only the connection brokers would be connected to the ACE
appliance)

(also: in my case, the application being published is really just a front end 
itself; it communicates with SQL servers for it's data.
There is no data in the application itself)

> For HA, I presume you are using an ESX cluster.

Yep. ESXi 5.0 Update 2 cluster (hopefully soon be 5.1).

>
>
> -Original Message-
> From: Michael Leone [mailto:oozerd...@gmail.com]
> Sent: Thursday, March 21, 2013 1:07 PM
> To: NT System Admin Issues
> Subject: Re: Advice on setting up a Win2012 RDS environment - Progress!
>
> On Wed, Mar 20, 2013 at 7:53 PM, James Hill  wrote:
>> Get a cert from a public CA.  Far less hassle and they are very inexpensive.
>
> These are internals apps, so they won't be accessed by the public, or over a 
> public Internet (well, perhaps over VPN). And being a government agency, we 
> can get certs for free from another agency.
>
>> Why do you want to separate the web front end?
>
> Load balancing by our hardware Cisco ACE appliance. Also it then enables use 
> to send the session to any available session host.
> Separating out the web front end from the back end RDSH servers (aka the 
> server farm) is also the current configuration we have with our Citrix 
> environment, and is I believe the recommended design for something like this. 
> (I am told).
>
> What we want, or will have, is 2 web front ends and 3-4 back end session 
> hosts.
>
>>
>> James.
>>
>> -Original Message-
>> From: Michael Leone [mailto:oozerd...@gmail.com]
>> Sent: Thursday, 21 March 2013 4:40 AM
>> To: NT System Admin Issues
>> Subject: Re: Advice on setting up a Win2012 RDS environment - Progress!
>>
>> SO I am making progress! I had already installed the RDS as a role, 
>> but that didn't configure the deployment. So I went to Server 
>> Manager, clicked on RDS, and clicked on Deploy. It then went into 
>> what seemed like an install of RDS as a service (which had failed 
>> before). This time, however, the deploy step went through without 
>> error. I rebooted at the end, and after I logged back in, I was able 
>> to install an app (Notepad++), and then I was able to add it to a 
>> Quick Session Collection, publish it as a RemoteApp, and I was able to 
>> access it remotely.
>>
>> w00t!
>>
>> Definite progress. So now I need to make my own collection, add an 
>> app to it. Then investigate how to use a separate web server front 
>> end for it (to separate the RDS hosts from the web access).
>>
>> And probably give it our self-signed internal certificate, to stop it 
>> complaining about untrusted publishers of the app.
>>
>> So I am defini

RE: Advice on setting up a Win2012 RDS environment - Progress!

[Ken Cornetet]

For traffic handling, you don't need two web servers for 4 session hosts. You 
don't need 2 web servers for 40 session hosts. 

For HA, I presume you are using an ESX cluster.


-Original Message-
From: Michael Leone [mailto:oozerd...@gmail.com] 
Sent: Thursday, March 21, 2013 1:07 PM
To: NT System Admin Issues
Subject: Re: Advice on setting up a Win2012 RDS environment - Progress!

On Wed, Mar 20, 2013 at 7:53 PM, James Hill  wrote:
> Get a cert from a public CA.  Far less hassle and they are very inexpensive.

These are internals apps, so they won't be accessed by the public, or over a 
public Internet (well, perhaps over VPN). And being a government agency, we can 
get certs for free from another agency.

> Why do you want to separate the web front end?

Load balancing by our hardware Cisco ACE appliance. Also it then enables use to 
send the session to any available session host.
Separating out the web front end from the back end RDSH servers (aka the server 
farm) is also the current configuration we have with our Citrix environment, 
and is I believe the recommended design for something like this. (I am told).

What we want, or will have, is 2 web front ends and 3-4 back end session hosts.

>
> James.
>
> -Original Message-
> From: Michael Leone [mailto:oozerd...@gmail.com]
> Sent: Thursday, 21 March 2013 4:40 AM
> To: NT System Admin Issues
> Subject: Re: Advice on setting up a Win2012 RDS environment - Progress!
>
> SO I am making progress! I had already installed the RDS as a role, 
> but that didn't configure the deployment. So I went to Server Manager, 
> clicked on RDS, and clicked on Deploy. It then went into what seemed 
> like an install of RDS as a service (which had failed before). This 
> time, however, the deploy step went through without error. I rebooted 
> at the end, and after I logged back in, I was able to install an app 
> (Notepad++), and then I was able to add it to a Quick Session 
> Collection, publish it as a RemoteApp, and I was able to access it remotely.
>
> w00t!
>
> Definite progress. So now I need to make my own collection, add an app 
> to it. Then investigate how to use a separate web server front end for 
> it (to separate the RDS hosts from the web access).
>
> And probably give it our self-signed internal certificate, to stop it 
> complaining about untrusted publishers of the app.
>
> So I am definitely further along than I was.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: CSG 3.2 and Presenatation 4.5

[Ken Cornetet]

Why would you run CSG internally?

I run a Xenapp 5 farm with just a web interface for internal users. External 
users come through a different CSG/WI box in the DMZ.

From: Greg Sweers [mailto:gswe...@acts360.com]
Sent: Monday, March 04, 2013 2:41 PM
To: NT System Admin Issues
Subject: CSG 3.2 and Presenatation 4.5

We have a client who their internal guy just left and he basically maintained a 
Citrix Farm on Xenapp 4.5 with CSG 3.2

They have asked us to take a look and fix a few things.  I renewed their SSL 
cert which is running under their own PKI infrastructure, but the CSG service 
is disabled and the whole things is running through IIS.  They can login and 
everything works, but I have never seen that configuration before.

Usually the SSL on IIS is running 444 and the CSG runs 443.

Greg Sweers
CEO
ACTS360.com
P.O. Box 1193
Brandon, FL  33509
813-657-0849 Office
813-644-3479 Cell
813-644-3476 Fax


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Remote Desktop Server (Formerly known as Terminal Server)

[Ken Cornetet]

Hardly. We have a large mixture of users and applications running a mix of full 
desktops and published apps.

I've got SAPGui, Office 2010, Office 2007, Minitab, Teamcenter, and a score of 
other apps.

As long as your App servers are on the same LAN as your file server hosting 
profiles, and you are using folder redirection, roaming profiles just work. No 
bloat, no fuss, no muss.


From: kz2...@googlemail.com [mailto:kz2...@googlemail.com]
Sent: Friday, February 22, 2013 10:18 AM
To: NT System Admin Issues
Subject: Re: Remote Desktop Server (Formerly known as Terminal Server)

Your apps must be simple and easy. I can assure you from personal experience on 
many different sites and systems that roaming profile issues are absolutely not 
FUD.
Sent from my Blackberry, which may be an antique but delivers email RELIABLY

From: Ken Cornetet mailto:ken.corne...@kimball.com>>
Date: Fri, 22 Feb 2013 10:02:49 -0500
To: NT System Admin 
Issuesmailto:ntsysadmin@lyris.sunbelt-software.com>>
ReplyTo: "NT System Admin Issues" 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Subject: RE: Remote Desktop Server (Formerly known as Terminal Server)

I'm using roaming profiles in a XenApp 5 system with around 1000 users. No 
problems whatsoever.  I think a lot of the common "wisdom" about not using 
roaming profiles is a combination of bad history and FUD spread by vendors of 
profile management software.

Not using roaming profiles sounds good in theory, but may be problematic in 
practice. If you have a user base with very simple requirements, a mandatory 
profile can work well - you only need to back up and restore a few settings 
from the registry (Outlook profiles, default printer, etc). Otherwise, roaming 
profiles make life much easier.

I'll try to highlight the group policy I have in place:

User lockdown - implemented via loopback - Set security to deny apply of this 
GP for admin users.
Turns off most of the things in control panel
Hide  Desktop "network locations"
Hide network connection settings
Disable offline files
Disable connection wizard
Remove shutdown, sleep, and hibernate from start button.
Turn off "Getting Started".
Hide A,B,C, and D drives in "My Computer".
Hide the C drive in file dialog boxes  (This can cause error messages in Office 
apps).
Hide Windows update.

System policies
Turn off Customer Experience Improvement Program and error reporting.
Add "Administrators" security to roaming profiles.
Delete cached profiles.
Do not check for ownership of roaming profiles.
Turn on timezone redirection.
Set the roaming profile path.
Turn off Windows Defender.

Registry settings policy
Create HKLM\CurrentControlSet\Control\Print\DisableWERLogging DWORD 1 (if you 
don't do this, the print spooler will occasionally fill your C: disk up with 
error logs).
Create HKLM\CurrentControlSet\Control\FileSystem\NtfsDisableLastAccessUpdate 
DWORD 1 - NOTE! You may not want to do this - research before implementing.
DELETE this key HKEY_USERS\.DEFAULT\Software\Hewlett-Packard - 
Do this if you use HP printers.  Trust me.
DELETE this key HKCU\Software\Hewlett-Packard - Ditto

User settings - implemented via loopback
Set folder redirection
Create 
HKCU\Softare\Policies\Microsoft\Office\12.0\Common\Toolbars\QuickAccessToolbarRoaming
 DWORD 1  See http://support.microsoft.com/kb/958062 for details.
Create 
HKCU\Softare\Policies\Microsoft\Office\14.0\Common\Toolbars\CustomUIRoaming 
DWORD 1  See http://support.microsoft.com/kb/958062 for details.
Create HKCU\ Software\Microsoft\Windows\CurrentVersion\Internet 
Settings\Zones\3\1A10 DWORD 1 - This sets IE privacy to default

Application blacklist
Blacklist all of the common updaters (Java, Adobe, etc)
Blacklist VMWare tools (if you are running under VMWare)
Blacklist your Antivirus user interface agent (you don't want 
users kicking off scans of your C: drive)
Blacklist c:\windows\syswow64\IME\IMEJP10\IMJPDSVR.EXE - It 
eats CPU.

I'd be happy to export my policies and email them to you, if you like.

From: kz2...@googlemail.com<mailto:kz2...@googlemail.com> 
[mailto:kz2...@googlemail.com]
Sent: Thursday, February 21, 2013 2:45 PM
To: NT System Admin Issues
Subject: Re: Remote Desktop Server (Formerly known as Terminal Server)

Roaming profiles are terribly problematic in any modern environment in my 
experience. Profile bloat, profile corruption, load failures - these issues 
plague any SBC solution where they are implemented.

As mentioned there are a nation of profile management tools that can address 
these issues. Citrix UPM provides a simple lightweight solution but if you're 
not using Citrix it's not really viable. There are many others but what you 
n

RE: Remote Desktop Server (Formerly known as Terminal Server)

[Ken Cornetet]

I'm using roaming profiles in a XenApp 5 system with around 1000 users. No 
problems whatsoever.  I think a lot of the common "wisdom" about not using 
roaming profiles is a combination of bad history and FUD spread by vendors of 
profile management software.

Not using roaming profiles sounds good in theory, but may be problematic in 
practice. If you have a user base with very simple requirements, a mandatory 
profile can work well - you only need to back up and restore a few settings 
from the registry (Outlook profiles, default printer, etc). Otherwise, roaming 
profiles make life much easier.

I'll try to highlight the group policy I have in place:

User lockdown - implemented via loopback - Set security to deny apply of this 
GP for admin users.
Turns off most of the things in control panel
Hide  Desktop "network locations"
Hide network connection settings
Disable offline files
Disable connection wizard
Remove shutdown, sleep, and hibernate from start button.
Turn off "Getting Started".
Hide A,B,C, and D drives in "My Computer".
Hide the C drive in file dialog boxes  (This can cause error messages in Office 
apps).
Hide Windows update.
System policies
Turn off Customer Experience Improvement Program and error reporting.
Add "Administrators" security to roaming profiles.
Delete cached profiles.
Do not check for ownership of roaming profiles.
Turn on timezone redirection.
Set the roaming profile path.
Turn off Windows Defender.

Registry settings policy
Create HKLM\CurrentControlSet\Control\Print\DisableWERLogging DWORD 1 (if you 
don't do this, the print spooler will occasionally fill your C: disk up with 
error logs).
Create HKLM\CurrentControlSet\Control\FileSystem\NtfsDisableLastAccessUpdate 
DWORD 1 - NOTE! You may not want to do this - research before implementing.
DELETE this key HKEY_USERS\.DEFAULT\Software\Hewlett-Packard - 
Do this if you use HP printers.  Trust me.
DELETE this key HKCU\Software\Hewlett-Packard - Ditto

User settings - implemented via loopback
Set folder redirection
Create 
HKCU\Softare\Policies\Microsoft\Office\12.0\Common\Toolbars\QuickAccessToolbarRoaming
 DWORD 1  See http://support.microsoft.com/kb/958062 for details.
Create 
HKCU\Softare\Policies\Microsoft\Office\14.0\Common\Toolbars\CustomUIRoaming 
DWORD 1  See http://support.microsoft.com/kb/958062 for details.
Create HKCU\ Software\Microsoft\Windows\CurrentVersion\Internet 
Settings\Zones\3\1A10 DWORD 1 - This sets IE privacy to default

Application blacklist
Blacklist all of the common updaters (Java, Adobe, etc)
Blacklist VMWare tools (if you are running under VMWare)
Blacklist your Antivirus user interface agent (you don't want 
users kicking off scans of your C: drive)
Blacklist c:\windows\syswow64\IME\IMEJP10\IMJPDSVR.EXE - It 
eats CPU.

I'd be happy to export my policies and email them to you, if you like.

From: kz2...@googlemail.com [mailto:kz2...@googlemail.com]
Sent: Thursday, February 21, 2013 2:45 PM
To: NT System Admin Issues
Subject: Re: Remote Desktop Server (Formerly known as Terminal Server)

Roaming profiles are terribly problematic in any modern environment in my 
experience. Profile bloat, profile corruption, load failures - these issues 
plague any SBC solution where they are implemented.

As mentioned there are a nation of profile management tools that can address 
these issues. Citrix UPM provides a simple lightweight solution but if you're 
not using Citrix it's not really viable. There are many others but what you 
need to identify is how much time you are spending addressing profile issues 
based against the extra cost of a real solution.

At the end of the day its all about how your apps perform and what settings 
need to roam. Without knowing much about your environment I can pretty much say 
the only GPO I'm sure you will need to configure is the Loopback Policy 
Processing.

Are you publishing desktops, applications, or a combination of both?
Sent from my Blackberry, which may be an antique but delivers email RELIABLY

From: Kelli Sterley 
mailto:kjsterley.li...@gmail.com>>
Date: Thu, 21 Feb 2013 12:32:14 -0500
To: NT System Admin 
Issuesmailto:ntsysadmin@lyris.sunbelt-software.com>>
ReplyTo: "NT System Admin Issues" 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Subject: Remote Desktop Server (Formerly known as Terminal Server)

I currently have a 2003 Terminal Server which is getting ready to be replaced 
with the 2008 R2 Remote Desktop Server.

Currently we are using roaming profiles and redirecting some user folders.  
Does anyone use roaming profiles anymore?  Why or why not?

I am also in the process of editing a group policy for both the server and 
users.  Are there any policies I should add for sure .. Anyone willing to share 
their GP's with me?


Also, I have been searching the interne

RE: Time sync

[Ken Cornetet]

We use SCOM to monitor everything, and we have some homegrown stuff on top of 
that. So, we do monitor.

However, what we saw in the early days of virtualization was that dynamic disks 
could cause things to go south *very* quickly. I personally would not be 
comfortable in a situation where we've over-allocated disk without having a 
fairly large free host disk space buffer. I know at least one of the other 
admins here feels the same way.

As far as I'm concerned, I will not implement thin disks UNLESS I can add up 
all of the file system sizes and verify  the host store has enough capacity to 
handle them fully grown. To do otherwise just seems like an invitation for 
problems.

If I can't add up all the filesystem sizes, we'll either use thick disks and 
overestimate the sizes, or we'll use thin disks and just insure that we keep 
100's of gigs of free space on each host store. Management can worry about the 
explosion of disk costs.

From: Ken Schaefer [mailto:k...@adopenstatic.com]
Sent: Monday, January 07, 2013 11:21 PM
To: NT System Admin Issues
Subject: RE: Time sync

Seriously?

Are you an ITIL shop? Do you not have capacity management plans and 
systems/tools in place? Or do you just fly by the seat of your pants? 
Everything should be monitored, and you're getting nice trending graphs. Sure, 
sometimes things go unexpectedly wrong - but that can happen for all sorts of 
reasons and is a fact of IT - you need a proper incident system and recovery to 
handle it. This whole cloud thing you hear about is making sure you have 
resilient services

Cheers
Ken

From: Ken Cornetet [mailto:ken.corne...@kimball.com]
Sent: Tuesday, 8 January 2013 7:33 AM
To: NT System Admin Issues
Subject: RE: Time sync

How do you "manage your capacity properly"? I'm not being facetious - I really 
want to know since it looks like we are switching to HyperV.

Microsoft's recommendation is to create thin disks for more than you ever think 
you need. Then, when creating the OS, use disk manager to create the file 
system with the minimum you can get by with. This allows the VHD file to only 
grow up to the size of the file system it contains.

Then, if a virtual's file system runs out of space, you can use storage 
management to extend the disk into some the free space you allocated in the VHD 
file.  This allows you to have room for expansion, but keeps any one virtual 
from exhausting free physical disk.

For example: Let's say we need a SQL server. We think we can get by with the 
following disks:
C: - 40GB (os)
D: - 30GB (logs)
E: - 100GB (data)

Microsoft is telling us to create thin disks of, say,  1TB each. However, when 
we install the OS, we create NTFS file systems on each disk with the desired 
sizes of 40GB, 30GB, and 100GB. We now know that in the current state, this 
virtual can only grow its thin disks to a total of 170GB.  If the E:  runs out 
of space, we can use disk manager to extend the NTFS file system, which will 
grow the thin disk up to the new NTFS file system size. This gives you the 
ability to easily grow disks at will, but prevents any one virtual from hogging 
all the free host disk.

This sort of seems reasonable, but it complicates disk management immensely. 
Now, in order to know the max my virtuals might take, I have to look at each 
host store, find all of the virtual machines with VHD files on that store, then 
figure out each virtual's drive letter for that VHD (is that even possible?), 
then add up all the file system sizes. Seems like a lot of work, even if you 
script it up.


From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Monday, January 07, 2013 12:08 PM
To: NT System Admin Issues
Subject: Re: Time sync

Yes, over subscribing can be an issue if you don't manage your capacity 
properly.

It hasn't proved to be an issue in any of the environments where I have been.





ASB
http://XeeMe.com/AndrewBaker<http://xeeme.com/AndrewBaker>
Providing Virtual CIO Services (IT Operations & Information Security) for the 
SMB market...




On Mon, Jan 7, 2013 at 11:35 AM, Ken Cornetet 
mailto:ken.corne...@kimball.com>> wrote:
Thin provisioning seems risky to me. Seems like you are always in danger of 
non-critical virtuals deciding to use more disk space thus exhausting  physical 
space which would cause critical VMs to pause if they happen to need more space.

We tried thin provisioning  back in the old VirtualServer days, and I ran into 
this problem a few times.

-Original Message-
From: Michael B. Smith 
[mailto:mich...@smithcons.com<mailto:mich...@smithcons.com>]
Sent: Monday, January 07, 2013 10:28 AM
To: NT System Admin Issues
Subject: RE: Time sync

Because the overhead associated with dynamic disks in Hyper-V v3 is in the very 
low single digits. We don't spend any time on this process, thin provisioning 
still works seamlessly, and we get on with our l

RE: Time sync

[Ken Cornetet]

How do you "manage your capacity properly"? I'm not being facetious - I really 
want to know since it looks like we are switching to HyperV.

Microsoft's recommendation is to create thin disks for more than you ever think 
you need. Then, when creating the OS, use disk manager to create the file 
system with the minimum you can get by with. This allows the VHD file to only 
grow up to the size of the file system it contains.

Then, if a virtual's file system runs out of space, you can use storage 
management to extend the disk into some the free space you allocated in the VHD 
file.  This allows you to have room for expansion, but keeps any one virtual 
from exhausting free physical disk.

For example: Let's say we need a SQL server. We think we can get by with the 
following disks:
C: - 40GB (os)
D: - 30GB (logs)
E: - 100GB (data)

Microsoft is telling us to create thin disks of, say,  1TB each. However, when 
we install the OS, we create NTFS file systems on each disk with the desired 
sizes of 40GB, 30GB, and 100GB. We now know that in the current state, this 
virtual can only grow its thin disks to a total of 170GB.  If the E:  runs out 
of space, we can use disk manager to extend the NTFS file system, which will 
grow the thin disk up to the new NTFS file system size. This gives you the 
ability to easily grow disks at will, but prevents any one virtual from hogging 
all the free host disk.

This sort of seems reasonable, but it complicates disk management immensely. 
Now, in order to know the max my virtuals might take, I have to look at each 
host store, find all of the virtual machines with VHD files on that store, then 
figure out each virtual's drive letter for that VHD (is that even possible?), 
then add up all the file system sizes. Seems like a lot of work, even if you 
script it up.

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Monday, January 07, 2013 12:08 PM
To: NT System Admin Issues
Subject: Re: Time sync

Yes, over subscribing can be an issue if you don't manage your capacity 
properly.

It hasn't proved to be an issue in any of the environments where I have been.





ASB
http://XeeMe.com/AndrewBaker<http://xeeme.com/AndrewBaker>
Providing Virtual CIO Services (IT Operations & Information Security) for the 
SMB market...




On Mon, Jan 7, 2013 at 11:35 AM, Ken Cornetet 
mailto:ken.corne...@kimball.com>> wrote:
Thin provisioning seems risky to me. Seems like you are always in danger of 
non-critical virtuals deciding to use more disk space thus exhausting  physical 
space which would cause critical VMs to pause if they happen to need more space.

We tried thin provisioning  back in the old VirtualServer days, and I ran into 
this problem a few times.

-Original Message-
From: Michael B. Smith 
[mailto:mich...@smithcons.com<mailto:mich...@smithcons.com>]
Sent: Monday, January 07, 2013 10:28 AM
To: NT System Admin Issues
Subject: RE: Time sync

Because the overhead associated with dynamic disks in Hyper-V v3 is in the very 
low single digits. We don't spend any time on this process, thin provisioning 
still works seamlessly, and we get on with our lives.

:)

-Original Message-
From: Ken Cornetet 
[mailto:ken.corne...@kimball.com<mailto:ken.corne...@kimball.com>]
Sent: Monday, January 7, 2013 10:06 AM
To: NT System Admin Issues
Subject: RE: Time sync

We are running ESX 5. To conserve SAN storage, we provision virtuals with the 
bare minimum needed disk space because it is so easy to extend disks later 
(extend the VMDK in VMWare, extend in Windows, done). No down time, and no 
wasted disk. We don't have to spend a lot of time trying to anticipate how big 
the disks will get and wasting disk if we guess too high.

In HyperV, you can't extend disks without shutting down the virtual - seriously.

I can't for the life of me figure out why MS isn't fixing this instead of 
adding silly features like 4TB of guest RAM. And, I also wonder why HyperV 
users aren't howling about this.

-Original Message-
From: Michael Leone [mailto:oozerd...@gmail.com<mailto:oozerd...@gmail.com>]
Sent: Monday, January 07, 2013 9:43 AM
To: NT System Admin Issues
Subject: Re: Time sync

On Mon, Jan 7, 2013 at 8:31 AM, Ken Cornetet 
mailto:ken.corne...@kimball.com>> wrote:
> Lol, how many times do you need 64 vCPUs or 4TB of guest Ram versus
> needing to extend a disk?

I run VMware ESXi 5.0, and I know I have had to extend a disk any number of 
times. And Win2008 makes extending the boot disk so much easier, too.

My largest VM has 16G of RAM, and I was even leery of that. And I have
6 hosts with 512G RAM each ...


ASB

http://XeeMe.com/AndrewBaker<http://xeeme.com/AndrewBaker>

Providing Expert Technology Consulting Services for the SMB market...



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.co

RE: Time sync

[Ken Cornetet]

Thin provisioning seems risky to me. Seems like you are always in danger of 
non-critical virtuals deciding to use more disk space thus exhausting  physical 
space which would cause critical VMs to pause if they happen to need more space.

We tried thin provisioning  back in the old VirtualServer days, and I ran into 
this problem a few times.

-Original Message-
From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Monday, January 07, 2013 10:28 AM
To: NT System Admin Issues
Subject: RE: Time sync

Because the overhead associated with dynamic disks in Hyper-V v3 is in the very 
low single digits. We don't spend any time on this process, thin provisioning 
still works seamlessly, and we get on with our lives. 

:)

-Original Message-
From: Ken Cornetet [mailto:ken.corne...@kimball.com]
Sent: Monday, January 7, 2013 10:06 AM
To: NT System Admin Issues
Subject: RE: Time sync

We are running ESX 5. To conserve SAN storage, we provision virtuals with the 
bare minimum needed disk space because it is so easy to extend disks later 
(extend the VMDK in VMWare, extend in Windows, done). No down time, and no 
wasted disk. We don't have to spend a lot of time trying to anticipate how big 
the disks will get and wasting disk if we guess too high.

In HyperV, you can't extend disks without shutting down the virtual - 
seriously. 

I can't for the life of me figure out why MS isn't fixing this instead of 
adding silly features like 4TB of guest RAM. And, I also wonder why HyperV 
users aren't howling about this.

-Original Message-
From: Michael Leone [mailto:oozerd...@gmail.com]
Sent: Monday, January 07, 2013 9:43 AM
To: NT System Admin Issues
Subject: Re: Time sync

On Mon, Jan 7, 2013 at 8:31 AM, Ken Cornetet  wrote:
> Lol, how many times do you need 64 vCPUs or 4TB of guest Ram versus 
> needing to extend a disk?

I run VMware ESXi 5.0, and I know I have had to extend a disk any number of 
times. And Win2008 makes extending the boot disk so much easier, too.

My largest VM has 16G of RAM, and I was even leery of that. And I have
6 hosts with 512G RAM each ...

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Time sync

[Ken Cornetet]

We are running ESX 5. To conserve SAN storage, we provision virtuals with the 
bare minimum needed disk space because it is so easy to extend disks later 
(extend the VMDK in VMWare, extend in Windows, done). No down time, and no 
wasted disk. We don't have to spend a lot of time trying to anticipate how big 
the disks will get and wasting disk if we guess too high.

In HyperV, you can't extend disks without shutting down the virtual - 
seriously. 

I can't for the life of me figure out why MS isn't fixing this instead of 
adding silly features like 4TB of guest RAM. And, I also wonder why HyperV 
users aren't howling about this.

-Original Message-
From: Michael Leone [mailto:oozerd...@gmail.com] 
Sent: Monday, January 07, 2013 9:43 AM
To: NT System Admin Issues
Subject: Re: Time sync

On Mon, Jan 7, 2013 at 8:31 AM, Ken Cornetet  wrote:
> Lol, how many times do you need 64 vCPUs or 4TB of guest Ram versus 
> needing to extend a disk?

I run VMware ESXi 5.0, and I know I have had to extend a disk any number of 
times. And Win2008 makes extending the boot disk so much easier, too.

My largest VM has 16G of RAM, and I was even leery of that. And I have
6 hosts with 512G RAM each ...

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Time sync

[Ken Cornetet]

Lol, how many times do you need 64 vCPUs or 4TB of guest Ram versus needing to 
extend a disk?

From: Ken Schaefer [mailto:k...@adopenstatic.com]
Sent: Friday, January 04, 2013 8:50 PM
To: NT System Admin Issues
Subject: RE: Time sync

Can ESX support 64  vCPUs or 4TB RAM per guest yet? Or 64 hosts per cluster? 
Seems like there are all sorts of corner cases where one product has 
functionality the other doesn't yet. For 99% of things they are feature 
compatible. It's all about the management and operations tools now. Hypervisors 
are almost commoditised, and will be within the next version or two.

Cheers
Ken

From: Ken Cornetet [mailto:ken.corne...@kimball.com]
Sent: Saturday, 5 January 2013 6:26 AM
To: NT System Admin Issues
Subject: RE: Time sync

Cost.

HyperV give something that VMWare doesn't? I laughed so hard I think I peed 
myself a little...  Sheesh, you can't even extend disks on a running virtual 
under HyperV.

From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Friday, January 04, 2013 11:43 AM
To: NT System Admin Issues
Subject: RE: Time sync

I was thinking the same thing. Actually IMHO VM still does more than Hyper-V 
does...

Z

Edward E. Ziots, CISSP, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org<mailto:ezi...@lifespan.org>



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Time sync

[Ken Cornetet]

Cost.

HyperV give something that VMWare doesn't? I laughed so hard I think I peed 
myself a little...  Sheesh, you can't even extend disks on a running virtual 
under HyperV.

From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Friday, January 04, 2013 11:43 AM
To: NT System Admin Issues
Subject: RE: Time sync

I was thinking the same thing. Actually IMHO VM still does more than Hyper-V 
does...

Z

Edward E. Ziots, CISSP, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org<mailto:ezi...@lifespan.org>

From: Chinnery, Paul [mailto:pa...@mmcwm.com]
Sent: Friday, January 04, 2013 11:23 AM
To: NT System Admin Issues
Subject: RE: Time sync

Slightly OT, Ken, but why are you moving away from VM?  Cost or something else 
that HyperV gives you that VM doesn't?


Paul Chinnery
Network Admin
Memorial Medical Center
231.845.2319



From: Ken Cornetet [mailto:ken.corne...@kimball.com]
Sent: Friday, January 04, 2013 10:30 AM
To: NT System Admin Issues
Subject: RE: Time sync

We run the Meinberg NTP port as well. We will soon start migrating from VMWare 
(where the Meinberg NTP port works great) to HyperV. Care to elaborate on what 
you mean by "except on HV guests"?

From: Eric Wittersheim [mailto:eric.wittersh...@gmail.com]
Sent: Friday, January 04, 2013 9:24 AM
To: NT System Admin Issues
Subject: Re: Time sync

We run the product from Meinberg.  It works very well except on HV guests.
On Fri, Jan 4, 2013 at 8:10 AM, Richard McClary 
mailto:richard.mccl...@aspca.org>> wrote:
Greetings!

I'm sure I and many others have asked this (but are still stumped).  Ken S's 
reply yesterday pointing to ultimately a chain of TechNet articles has shed 
some light and will start us digging.

Microsoft admits W32Time is sloppy (http://support.microsoft.com/kb/939322) - 
mainly meant to make Kerberos v5 work.

Our issue is, W32Time lets things drift enough for weird things to occur in our 
medical records.

We have a veterinary toxicology consulting hotline.  Because things get out of 
sync a bit, we frequently have medical records opening before a client's 
telephone call is received.

The article referenced above essentially says to go find an alternative to 
W32Time.  NIST has gathered a list of time sync software.  QUESTION:  has 
anyone on the list used (and would recommend) anything on that list to fix the 
"record created prior to the call" situation?  
(http://www.nist.gov/pml/div688/grp40/softwarelist.cfm)

Thank you...
--
richard



The information contained in this e-mail, and any attachments hereto, is from 
The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and 
is intended only for use by the addressee(s) named herein and may contain 
legally privileged and/or confidential information. If you are not the intended 
recipient of this e-mail, you are hereby notified that any dissemination, 
distribution, copying or use of the contents of this e-mail, and any 
attachments hereto, is strictly prohibited. If you have received this e-mail in 
error, please immediately notify me by reply email and permanently delete the 
original and any copy of this e-mail and any printout thereof.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-softwa

RE: Time sync

[Ken Cornetet]

We run the Meinberg NTP port as well. We will soon start migrating from VMWare 
(where the Meinberg NTP port works great) to HyperV. Care to elaborate on what 
you mean by "except on HV guests"?

From: Eric Wittersheim [mailto:eric.wittersh...@gmail.com]
Sent: Friday, January 04, 2013 9:24 AM
To: NT System Admin Issues
Subject: Re: Time sync

We run the product from Meinberg.  It works very well except on HV guests.
On Fri, Jan 4, 2013 at 8:10 AM, Richard McClary 
mailto:richard.mccl...@aspca.org>> wrote:
Greetings!

I'm sure I and many others have asked this (but are still stumped).  Ken S's 
reply yesterday pointing to ultimately a chain of TechNet articles has shed 
some light and will start us digging.

Microsoft admits W32Time is sloppy (http://support.microsoft.com/kb/939322) - 
mainly meant to make Kerberos v5 work.

Our issue is, W32Time lets things drift enough for weird things to occur in our 
medical records.

We have a veterinary toxicology consulting hotline.  Because things get out of 
sync a bit, we frequently have medical records opening before a client's 
telephone call is received.

The article referenced above essentially says to go find an alternative to 
W32Time.  NIST has gathered a list of time sync software.  QUESTION:  has 
anyone on the list used (and would recommend) anything on that list to fix the 
"record created prior to the call" situation?  
(http://www.nist.gov/pml/div688/grp40/softwarelist.cfm)

Thank you...
--
richard



The information contained in this e-mail, and any attachments hereto, is from 
The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and 
is intended only for use by the addressee(s) named herein and may contain 
legally privileged and/or confidential information. If you are not the intended 
recipient of this e-mail, you are hereby notified that any dissemination, 
distribution, copying or use of the contents of this e-mail, and any 
attachments hereto, is strictly prohibited. If you have received this e-mail in 
error, please immediately notify me by reply email and permanently delete the 
original and any copy of this e-mail and any printout thereof.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Noob networking Q

[Ken Cornetet]

Don't forget to uncheck the "register in DNS" checkbox for the private NICs

From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
Sent: Friday, December 14, 2012 10:54 AM
To: NT System Admin Issues
Subject: RE: Noob networking Q

Dang kids, always trying to reinvent the wheel.

From: David Lum [mailto:david@nwea.org]
Sent: Friday, December 14, 2012 10:31 AM
To: NT System Admin Issues
Subject: RE: Noob networking Q

I had thought of that, but using HOSTS seemed too old school!

From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
Sent: Friday, December 14, 2012 7:16 AM
To: NT System Admin Issues
Subject: RE: Noob networking Q

Set the second nics on their own subnet. Add the ip's and names to hosts and 
lmhosts.

That is how I do it physically with my DFS boxes. It will work virtually too.

From: David Lum [mailto:david@nwea.org]
Sent: Friday, December 14, 2012 10:10 AM
To: NT System Admin Issues
Subject: Noob networking Q

Scenario: Two VM's on a  2008R2 Hyper-V host. Host has 3 NIC ports. How can I 
configure the 2 VM's to talk to each other via the virtual switch and not send 
traffic over the physical wire unless it's to client PC's? Two virtual NIC's 
each VM is the easy part, but how do I tell them to dedicate a NIC to each 
other?
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: File Services Clustering in Server 2012

[Ken Cornetet]

If the service doesn't start on one server, what makes you think it would start 
on the other server?

If the service wouldn't start on the original server, it is probably because 
either the data is whacked, or there is some external resource that isn't 
available (user ID locked, database server not available, etc).  When the 
service tries to start on the failover node, it is going to see the same 
problems.

-Original Message-
From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] 
Sent: Thursday, December 06, 2012 10:29 AM
To: NT System Admin Issues
Subject: RE: File Services Clustering in Server 2012

> Yep setting up a cluster just to protect against a service dying is overkill.

I think that statement might be a bit to general. What if that service doesn't 
simply "restart" and 2500 people have their work impacted for 4 hours while its 
resolved? 2500*$30*4=$300,000.00 as an example...

Does that "application" cluster investment still sound unrealistic?
~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: File Services Clustering in Server 2012

[Ken Cornetet]

Patrick, I am sorry if I came across as attacking your choices. My intention 
was to steer you toward  a path that will lead to a happier future for you.

The purpose of clustering is to protect against downtime in case something 
fails, or is intentionally taken down for preventative maintenance.

So here are some "somethings" that might happen:

1. Hardware failure. Both MS and VMWare clustering will protect against this.

2.  OS failure - the OS bluescreens. Both MS and VMWare protect against this. 
VMWare detects missing vmware tools heartbeats and migrates the server.

3. The application service crashes (stops). You don't need clustering to 
protect against this, you set the service to auto-restart.

4. The application service gets lost in space and stops working (but is still 
running). Neither MS or VMWare can protect against this without you hitching on 
some sort of monitoring system.

5. Patching or other PM. This is where MS clustering can *theoretically* reduce 
(not eliminate) downtime  if you have an active/passive cluster. In an 
active/passive cluster, you patch the passive system, reboot, fail over to it, 
then patch and reboot the original active server. However, there is still down 
time as the service is stopped on one node and restarted on the other. The only 
thing that MS clustering eliminates is the time of the server reboot. In 
VMWare, virtuals boot so fast that this only saves you less than a minute.

MS clusters have some disadvantages:

1. Most every service that you run clustered has limitations and caveats when 
running clustered.
2. Backing up the data requires a cluster aware backup agent.
3. You application settings have to be replicated between nodes - usually 
manually. This can lead to problems when they aren't in sync.
4. MS clusters are "fragile". In the old days (windows 2000) clusters would go 
toes up for little or no reason and you'd have to spend hours tweaking registry 
settings and disk signatures to get it back up. This improved vastly with 
Server 2003  - clusters stop failing for no reason, but even at Server 2008 R2, 
clusters are a pain to do disaster recovery with.

In contrast, VMWare clusters just work, and work seamlessly. You don't need to 
take anything special into account on your protected virtuals. Normal 
application settings, normal backups, etc. There is no extra complexity to 
manage.

Admittedly, I've not looked at Server 2012's clustering because we've been 
migrating away from MS clusters.

-Original Message-
From: Patrick Hasenjager [mailto:phasenja...@kcumb.edu] 
Sent: Thursday, December 06, 2012 9:16 AM
To: NT System Admin Issues
Subject: RE: File Services Clustering in Server 2012

If that is not the purpose of failover clustering, what would your definition 
be?  Maybe I need to go another route to resolve this, as it seems that all 
people want to do is attack the choices we have made for our institution.

>>> Ken Cornetet  12/6/2012 7:46 AM >>>
Maybe I'm missing something. What it is you hope to protect against? I not sure 
what you mean by "services" clustering. Are you thinking that if somehow the 
server service gets hosed on one node of the cluster that MS clustering will 
switch over to the other node?

-Original Message-
From: Patrick Hasenjager [mailto:phasenja...@kcumb.edu]
Sent: Wednesday, December 05, 2012 5:17 PM
To: NT System Admin Issues
Subject: RE: File Services Clustering in Server 2012

We want "services" clustering in addition to the hardware clustering already in 
our ESXi environment.

>>> Ken Cornetet  12/5/2012 4:03 PM >>>
Why in the world would you use a Microsoft cluster when you have the vastly 
superior and easier ESX clustering to provide failover?

-Original Message-
From: Patrick Hasenjager [mailto:phasenja...@kcumb.edu]
Sent: Wednesday, December 05, 2012 4:33 PM
To: NT System Admin Issues
Subject: File Services Clustering in Server 2012

We are just getting into clustering services, now that we have been allowed to 
purchase a SAN (we have only been asking for more years than I can count!).  I 
created a failover cluster in Server 2012 Standard and attached 4 nodes to it 
(all virtuals with VMware ESXi 5.1 - the same problem exists whether 1 node is 
connected or up to all 4).  They are connected to common LUNs on a NetApp 
appliance.
 
Yesterday, everything went to hell.  It started off that I could not access one 
of the file shares and then two... then all 4 that we had configured.  Because 
this system was not yet being utilized for anyone other than myself, I decided 
to just recreate it.  Now that I have done that, I cannot configure any file 
shares.
 
When I click the "Add File Share" to the cluster role (File Server), the 
"volumes" is blank and I cannot use the browse button.  I can type a path, but 
it states that it is not valid for 

RE: File Services Clustering in Server 2012

[Ken Cornetet]

If you want to protect against a service dying, just set the service to auto 
restart.

If you think that MS clustering will protect you against a service going out to 
lunch (running, but otherwise not working), I believe you will be disappointed.

Admittedly, I've not looked at the improvements of MS clustering in Server 
2012, but we've done a fair amount of MS clusters from Windows 2000 up to 
Server 2008 R2, and I'm not a big fan of it. Yes, when it works - it works 
well. However, when it doesn't, you are in for a LOT of hair pulling. Try 
recovering a cluster from system state backups sometime. 

In contrast, ESX clusters just work. They work seamlessly and transparently.  
It does not complicate disaster recovery.

-Original Message-
From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Wednesday, December 05, 2012 10:27 PM
To: NT System Admin Issues
Subject: RE: File Services Clustering in Server 2012

If the service (e.g. SQL Server or the File Service) fails then VMWare has 
limited options for detected and failing that service over to another node. 
Likewise if a part of the operating system stops responding/working.

What VMWare does provide well is the ability to cater for faults at the 
hardware level. Stuff like vMotion and storage motion you can, give or take a 
few features, get with Hyper-V v3

Cheers
Ken

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Thursday, 6 December 2012 11:03 AM
To: NT System Admin Issues
Subject: Re: File Services Clustering in Server 2012

erm...

I'm not sure what you mean by OS failover vs. hardware failover.

VMware, depending on the version you've purchased, will indeed provide what I 
would think of as OS failover, in one of two ways, depending on how much money 
you've spent - perhaps you can enlighten me on that point.

With Essentials Plus, if your physical host blows up/melts down,the VMs on that 
node appears on another node of your cluster as if they've been rebooted. You 
can also seamlessly migrate a running VM from one host to another via vMotion, 
if both are in working order.

With more expensive versions of VMware, if the physical host faults, the VMs on 
that node will seamlessly migrate to one of your other nodes - no down time at 
all. Also with the more expensive versions of VMware, you get Storage vMotion, 
which allows you to move a VM, while it's running, from one SAN LUN to another, 
along with regular vMotion.

Depending on version purchased, VMware nodes can also monitor VMs and if one 
fails or stops responding they can restart the VM.

Granted, this isn't the same kind of functionality a (for instance) SQL cluster 
provides, but it's pretty dang cool, IMHO.

Whether you should do an MS cluster on top of your VMware cluster is something 
I don't have experience with, however, so can't speak to it.

I also do not as yet have any experience with HyperV, so can't compare it 
meaningfully to VMware products.

Kurt

On Wed, Dec 5, 2012 at 2:23 PM, Jim Holmgren  wrote:
> That's a pretty bold statement.   ESX clustering does not provide application 
> or OS failover - only hardware failover.
>
> I would not call ESX clustering "vastly superior" to Microsoft clustering.  
> They provide different functionality.
>
> Jim
>
> Jim Holmgren
> Director of Technology Infrastructure
> XLHealth Corporation
> The Warehouse at Camden Yards
> 351 West Camden Street, Suite 100
> Baltimore, MD 21201
> 410.625.2200 (main)
> 443.524.8573 (direct)
> 443-506.2400 (cell)
> www.xlhealth.com
>
>
>
>
>
> -Original Message-
> From: Ken Cornetet [mailto:ken.corne...@kimball.com]
> Sent: Wednesday, December 05, 2012 5:04 PM
> To: NT System Admin Issues
> Subject: RE: File Services Clustering in Server 2012
>
> Why in the world would you use a Microsoft cluster when you have the vastly 
> superior and easier ESX clustering to provide failover?
>
> -Original Message-
> From: Patrick Hasenjager [mailto:phasenja...@kcumb.edu]
> Sent: Wednesday, December 05, 2012 4:33 PM
> To: NT System Admin Issues
> Subject: File Services Clustering in Server 2012
>
> We are just getting into clustering services, now that we have been allowed 
> to purchase a SAN (we have only been asking for more years than I can 
> count!).  I created a failover cluster in Server 2012 Standard and attached 4 
> nodes to it (all virtuals with VMware ESXi 5.1 - the same problem exists 
> whether 1 node is connected or up to all 4).  They are connected to common 
> LUNs on a NetApp appliance.
>
> Yesterday, everything went to hell.  It started off that I could not access 
> one of the file shares and then two... then all 4 that we had configured.  
> Because this system was not yet being utilized for anyone other than

RE: File Services Clustering in Server 2012

[Ken Cornetet]

Maybe I'm missing something. What it is you hope to protect against? I not sure 
what you mean by "services" clustering. Are you thinking that if somehow the 
server service gets hosed on one node of the cluster that MS clustering will 
switch over to the other node?

-Original Message-
From: Patrick Hasenjager [mailto:phasenja...@kcumb.edu] 
Sent: Wednesday, December 05, 2012 5:17 PM
To: NT System Admin Issues
Subject: RE: File Services Clustering in Server 2012

We want "services" clustering in addition to the hardware clustering already in 
our ESXi environment.

>>> Ken Cornetet  12/5/2012 4:03 PM >>>
Why in the world would you use a Microsoft cluster when you have the vastly 
superior and easier ESX clustering to provide failover?

-Original Message-
From: Patrick Hasenjager [mailto:phasenja...@kcumb.edu]
Sent: Wednesday, December 05, 2012 4:33 PM
To: NT System Admin Issues
Subject: File Services Clustering in Server 2012

We are just getting into clustering services, now that we have been allowed to 
purchase a SAN (we have only been asking for more years than I can count!).  I 
created a failover cluster in Server 2012 Standard and attached 4 nodes to it 
(all virtuals with VMware ESXi 5.1 - the same problem exists whether 1 node is 
connected or up to all 4).  They are connected to common LUNs on a NetApp 
appliance.
 
Yesterday, everything went to hell.  It started off that I could not access one 
of the file shares and then two... then all 4 that we had configured.  Because 
this system was not yet being utilized for anyone other than myself, I decided 
to just recreate it.  Now that I have done that, I cannot configure any file 
shares.
 
When I click the "Add File Share" to the cluster role (File Server), the 
"volumes" is blank and I cannot use the browse button.  I can type a path, but 
it states that it is not valid for the particular server.  According to the 
console, everything is "Running" and "Online."  I also cannot access the 
administrative share for the drive which is attached to the role.
 
I am at a complete loss for ideas and Internet searches have turned up 
absolutely nothing regarding the problem I am having.  I'm sure I am missing 
something simple, but cannot come up with what that is.  Can anyone assist me?  
Feel free to contact me off-list if it is more convenient.
 
 

PATRICK HASENJAGER | Network Administrator Kansas City University of Medicine 
and Biosciences | Information Technology phone 816.654.7712 | fax 816.654.7701 
email phasenja...@kcumb.edu |  www.kcumb.edu 
 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: File Services Clustering in Server 2012

[Ken Cornetet]

Why in the world would you use a Microsoft cluster when you have the vastly 
superior and easier ESX clustering to provide failover?

-Original Message-
From: Patrick Hasenjager [mailto:phasenja...@kcumb.edu] 
Sent: Wednesday, December 05, 2012 4:33 PM
To: NT System Admin Issues
Subject: File Services Clustering in Server 2012

We are just getting into clustering services, now that we have been allowed to 
purchase a SAN (we have only been asking for more years than I can count!).  I 
created a failover cluster in Server 2012 Standard and attached 4 nodes to it 
(all virtuals with VMware ESXi 5.1 - the same problem exists whether 1 node is 
connected or up to all 4).  They are connected to common LUNs on a NetApp 
appliance.
 
Yesterday, everything went to hell.  It started off that I could not access one 
of the file shares and then two... then all 4 that we had configured.  Because 
this system was not yet being utilized for anyone other than myself, I decided 
to just recreate it.  Now that I have done that, I cannot configure any file 
shares.
 
When I click the "Add File Share" to the cluster role (File Server), the 
"volumes" is blank and I cannot use the browse button.  I can type a path, but 
it states that it is not valid for the particular server.  According to the 
console, everything is "Running" and "Online."  I also cannot access the 
administrative share for the drive which is attached to the role.
 
I am at a complete loss for ideas and Internet searches have turned up 
absolutely nothing regarding the problem I am having.  I'm sure I am missing 
something simple, but cannot come up with what that is.  Can anyone assist me?  
Feel free to contact me off-list if it is more convenient.
 
 

PATRICK HASENJAGER | Network Administrator Kansas City University of Medicine 
and Biosciences | Information Technology phone 816.654.7712 | fax 816.654.7701 
email phasenja...@kcumb.edu |  www.kcumb.edu 
 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: AppData - to redirect or not to redirect?

[Ken Cornetet]

I'm dubious that appdata redirection causes performance problems in the real 
world. If your file servers have 100mb Ethernet and two spindles of local disk, 
ok, maybe you'll see problems.

If your file servers have gig Ethernet and backed by a SAN with dozens or 
hundreds of spindles, I'm going to venture that the hit from appdata is fairly 
trivial.

Until I see real numbers from real systems were this is causing performance 
problems, I'll call this FUD on the part of profile management solution vendors.

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Tuesday, November 13, 2012 7:19 AM
To: NT System Admin Issues
Subject: AppData - to redirect or not to redirect?

Speaking mainly about RDS/XenApp/SBC platforms, I'm wondering what the list's 
general opinion is on using Folder Redirection for AppData? The general feeling 
(from my point of view, anyway) seems to be that it improves logon time, but 
creates a real problem with performance. I was wondering what everyone else's 
opinion is on it? I generally try to use a third-party solution that avoids 
having to make this choice, but I have a couple of clients where I appear to be 
at loggerheads with what other consultants are telling them. All comments would 
be welcome.

Helge Klein did a decent write-up about it here 
http://www.sepago.de/e/helge/2010/05/31/should-appdata-be-redirected-or-left-in-the-user-profile
 which seems to bear out a bit of what I was thinking.

Thanks,



--
James Rankin
Technical Consultant (ACA, CCA, MCTS)
http://appsensebigot.blogspot.co.uk

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Straight Talk mobile service

[Ken Cornetet]

My family has two StraightTalk phones. We love them!

StraightTalk uses AT&T, Verizon and Sprint networks. Phones with model numbers 
that end in "C" are Verizon phones. Model numbers that end in "G" are AT&T 
phones. Their Android phones are Sprint.

They are now selling SIM cards so you can bring your own GSM phone. For some 
reason, they do not allow Blackberries.

If you want a Verizon phone, enter a zip code for a city that doesn't have good 
AT&T coverage when you are on the StraightTalk web site (Fargo, ND is good). It 
will warn you that your usage area is different than your shipping zip, but it 
will still work.

The only thing I've found negative is that my AT&T microcell won't let my 
daughter's ST GSM phone connect, even though it is a 3G model. I've seen lots 
of reports on the Internet where people have gotten 3G ST phones to connect, 
but no joy in my case.



From: Richard McClary [mailto:richard.mccl...@aspca.org]
Sent: Monday, July 09, 2012 3:23 PM
To: NT System Admin Issues
Subject: RE: Straight Talk mobile service

So, according to the first paragraph below, you already have 3 phones on 
StraightTalk ("...on the plan.")?

For how long?  How is it performing?

From: Christopher Bodnar 
[mailto:christopher_bod...@glic.com]
Sent: Monday, July 09, 2012 2:00 PM
To: NT System Admin Issues
Subject: RE: Straight Talk mobile service

Actually I'm split in regards to that as well. I've got 3 phones on the plan. 
Me and my wife both have iPhones and my daughter just has a regular phone (no 
data plan), but wants an iPhone. My wife's contract has another 11 months to 
go, but me and my daughter are past the 2 year mark on our contract. Here are 
my initial calculations.

Staying on the current plan with AT&T:
Total cost over the next 2 years:
$4488

Switching over to Straight talk:
Total cost over the next 2 years (based on pre-paying yearly for each plan):
$3768

This includes the cost of early termination fee, new SIM cards, and the cost of 
purchasing a refurbished iPhone for ~$350. Also gives my daughter a data plan.

Kills me that I'm paying this much for phone service. Very eye opening. One 
thing that would also cut into the cost savings is if I want to get a new 
iPhone when the 5 eventually comes out ( this fall? ). Still looks like I'll 
save on the straight talk plan no matter what.

YMMV
Christopher Bodnar
Enterprise Achitect I, Corporate Office of Technology:Enterprise Architecture 
and Engineering Services

Tel 610-807-6459
3900 Burgess Place, Bethlehem, PA 18017
christopher_bod...@glic.com

[cid:image001.jpg@01CD5DE9.871EACB0]

The Guardian Life Insurance Company of America

www.guardianlife.com







From:Richard McClary 
mailto:richard.mccl...@aspca.org>>
To:"NT System Admin Issues" 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Date:07/09/2012 02:26 PM
Subject:RE: Straight Talk mobile service




No (locked into Sprint for most of the next 2 years), but I think my daughter 
may be very interested.  Thanks for the link!
--
richard

From: Christopher Bodnar [mailto:christopher_bod...@glic.com]
Sent: Monday, July 09, 2012 1:07 PM
To: NT System Admin Issues
Subject: OT: Straight Talk mobile service

Anyone switch over from AT&T to this?

http://www.straighttalk.com/ServicePlans

Looks pretty interesting if you can deal with the limitations (cap at 2G for 
data, no visual voice mail), and for me they would be negligible.

Thanks
Christopher Bodnar
Enterprise Achitect I, Corporate Office of Technology:Enterprise Architecture 
and Engineering Services

Tel 610-807-6459
3900 Burgess Place, Bethlehem, PA 18017
christopher_bod...@glic.com

[cid:image001.jpg@01CD5DE9.871EACB0]

The Guardian Life Insurance Company of America

www.guardianlife.com




- This message, and any attachments to 
it, may contain information that is privileged, confidential, and exempt from 
disclosure under applicable law. If the reader of this message is not the 
intended recipient, you are notified that any use, dissemination, distribution, 
copying, or communication of this message is strictly prohibited. If you have 
received this message in error, please notify the sender immediately by return 
e-mail and delete the message and any attachments. Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


The information contained in this e-mail, and any attachments hereto, is from 
The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and 
is intended only for use by 

RE: Is there a way...

[Ken Cornetet]

What about
for /f "tokens=1-5 " %%d in ('%LOGONSERVER%\NETLOGON\FILEVER 
"%SystemRoot%\system32\Macromed\Flash\Flash*.ocx" /A /D') do set FLASHVER=%%g



From: David Lum [mailto:david@nwea.org]
Sent: Thursday, June 07, 2012 12:22 PM
To: NT System Admin Issues
Subject: RE: Is there a way...

I need to figure out a way to make this work?

FILEVER.EXE is in \NETLOGON.   If I map a drive it works (B: = 
\\DC\netlogon)

for /f "tokens=1-5 " %%d in ('B:\FILEVER 
"%SystemRoot%\system32\Macromed\Flash\Flash*.ocx" /A /D') do set FLASHVER=%%g

If I try and use the %0\..\ trick it does not
for /f "tokens=1-5 " %%d in ('%0\..\FILEVER 
"%SystemRoot%\system32\Macromed\Flash\Flash*.ocx" /A /D') do set FLASHVER=%%g

David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Looking for an odd item

[Ken Cornetet]

Is the 98 box on the network? If not, can it be? Then you can just do network 
printing.

Ken Cornetet 812.482.8499
To err is human - to moo, bovine.

From: Daniel Rodriguez [mailto:drod...@gmail.com]
Sent: Tuesday, April 17, 2012 11:29 AM
To: NT System Admin Issues
Subject: RE: Looking for an odd item


Printer is already conncted to the network, so cross-over is scratched out.

I am leaning to install a USB adapter that supports USB 2.0, but am concerned 
about tbe other devices connected to the box, already. Don't mind taking the 
cover off to perform some minor sugery. Just don't want to lombotomize the 
patient in the process.

Daniel
On Apr 17, 2012 11:20 AM, "Ken Cornetet" 
mailto:ken.corne...@kimball.com>> wrote:
I don’t think such a thing exists, although I could be wrong.

I think your best bet (provided this is a desktop machine) is to find a USB 
card that has Windows 98 drivers.

Next best bet would be to install a second NIC and use a crossover cable to 
connect to the printer (set it up for a private IP space).

Ken Cornetet 812.482.8499
To err is human - to moo, bovine.

From: Daniel Rodriguez [mailto:drod...@gmail.com<mailto:drod...@gmail.com>]
Sent: Tuesday, April 17, 2012 10:28 AM
To: NT System Admin Issues
Subject: Looking for an odd item


To all,

I know that there is a USB to Parallel Centronics Interface Cable.

But, is there a 25 pin Parallel to USB Interface Cable?

I have an old PC that is running Windows 98 SE, and I need to replace the 
printer. It's not on the network, else I could print to the new printer via IP. 
Plus, management doesn't want it on the network.

Anyone seen an animal like this? And if so, who carries it?

TIA

Daniel

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Looking for an odd item

[Ken Cornetet]

I don’t think such a thing exists, although I could be wrong.

I think your best bet (provided this is a desktop machine) is to find a USB 
card that has Windows 98 drivers.

Next best bet would be to install a second NIC and use a crossover cable to 
connect to the printer (set it up for a private IP space).

Ken Cornetet 812.482.8499
To err is human - to moo, bovine.

From: Daniel Rodriguez [mailto:drod...@gmail.com]
Sent: Tuesday, April 17, 2012 10:28 AM
To: NT System Admin Issues
Subject: Looking for an odd item


To all,

I know that there is a USB to Parallel Centronics Interface Cable.

But, is there a 25 pin Parallel to USB Interface Cable?

I have an old PC that is running Windows 98 SE, and I need to replace the 
printer. It's not on the network, else I could print to the new printer via IP. 
Plus, management doesn't want it on the network.

Anyone seen an animal like this? And if so, who carries it?

TIA

Daniel

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Outlook 2010 and Citrix Presentation Server 4

[Ken Cornetet]

This is a shot in the dark, but try disabling all the non-Microsoft Outlook 
add-ins and see if the problem goes away. I had a very stubborn Outlook hang 
issue that turned out to be the SAP calendar add-in.

Ken Cornetet 812.482.8499
To err is human - to moo, bovine.

From: Mark Robinson [mailto:mark.robin...@cips.org]
Sent: Friday, March 30, 2012 6:56 AM
To: NT System Admin Issues
Subject: Outlook 2010 and Citrix Presentation Server 4

Hi all,

I wonder if someone can help please. We upgraded our Citrix servers to Outlook 
2010 a few months ago without issue.  However lately we have been experiencing 
hanging and latency with Outlook and Outlook only - all of the other office 
apps and other apps work fine.

The servers are a decent spec and under-utilised, and we only have around 20 
users maximum logged on to Citrix at any one time, and Outlook via RDP works 
fine.  I created a test farm and have been increasing the number of users I 
invite to test and we are again experiencing latency once again - new server, 
new farm but still PS4 and Outlook 2010.

I have trawled the forums for advice and although there is talk of an issue 
with Outlook 2010 and Xenapp and a hotfix for Outlook 2007, there does not 
appear to be anything concerning PS4.

Upgrading to XenApp would be my next step but budget for this year will not 
allow it.  Has anyone come across and resolved this issue before?

Many thanks,
Mark


Mark Robinson
ICT Manager
T +44 (0)1780 761526  * W www.cips.org<http://www.cips.org/>
CIPS, Easton House, Easton on the Hill, Stamford, Lincolnshire, PE9 3NZ, United 
Kingdom

[cid:image001.jpg@01CD0E58.6E7B55E0]



--
Scanned by iCritical.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: GPO puzzle solved, but why.

[Ken Cornetet]

My experience is that IE maintenance policy is severely broken and does not 
follow normal policy rules. It tends to do whatever it wants, and seldom what 
you intend.

IE maintenance policy is not implemented via the normal group policy 
mechanisms. It is essentially the old IE administrator kit mechanism rolled 
into a GP wrapper. I really, REALLY wish Microsoft would eliminate this and 
move the settings into the "other" IE group policy.

Ken Cornetet 812.482.8499
To err is human - to moo, bovine.

From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
Sent: Friday, March 23, 2012 2:53 PM
To: NT System Admin Issues
Subject: GPO puzzle solved, but why.


I have had a bit of a puzzle today, I have it solved but I don't know why it 
was behaving this way.

IE Maintenance policy set at the domain level. Not the default domain policy, a 
created policy.  It had some popup settings that I needed to change. But prior 
to changing them I wanted to test them on a group of users. So I put a new IE 
Maintenance policy on a child OU that had the correct settings. There is no 
enforcement on either policy, there is no loopback on either policy and there 
is no inheritance blocking in the path. And there is no WMI or Security 
settings on either policy.

The settings did not apply.  GPOResult shows both being applied but the Domain 
policy as the winner. Which as I understand precedence is not correct. The OU 
should have applied last and over wrote it.  As soon as I remove the domain 
level policy from the domain level and put it on an OU and then move my new 
policy to a child they apply as I expect.

Now, at the domain level it would be applying to my machines, but as I said 
there is no loopback on it. But the behavior is just like loopback was enabled.

With the way our OU's are set up it can stay where it is at, I don't need 
anything really at the Domain level, but I am curious why I am seeing this.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Terminal Server HA Configuration

[Ken Cornetet]

If you have a SAN available, run VMWare ESX on your servers. You'll have to pay 
a bit extra for automatic failover. Or, you can use the free version and 
manually switch your virtuals over in case of failure.

Ken Cornetet 812.482.8499
To err is human - to moo, bovine.

From: Robert Jackson [mailto:r...@walkermartyn.co.uk]
Sent: Monday, February 13, 2012 12:25 PM
To: NT System Admin Issues
Subject: Terminal Server HA Configuration

We are about to get 2 brand new servers to be used as Terminal Servers running 
Windows 2008 Server R2 Enterprise Edition. I'm looking for the best way to have 
them configured for resilience and high availability. I don't know if we should 
just have them as 2 separate servers (one being an Acronis clone of the other) 
or whether some form of clustering/load balancing would be best?


Regards,
Rab.
=
Robert Jackson  Phone: +44 (0) 141 332 7999
IT Manager   Fax: +44 (0) 141 331 2820
Walker Martyn Ltd
1 Park Circus PlaceEmail: 
r...@walkermartyn.co.uk<mailto:r...@walkermartyn.co.uk>
Glasgow G3 6AH, Scotland   Web: 
http://www.walkermartyn.co.uk<http://www.walkermartyn.co.uk/>
=




The information in this internet E-mail is confidential and is intended solely 
for the addressee. Access, copying or re-use of information in it by anyone 
else is unauthorised. Any views or opinions presented are solely those of the 
author and do not necessarily represent those of Walker Martyn Ltd or any of 
its affiliates. If you are not the intended recipient please contact 
administra...@walkermartyn.co.uk<mailto:administra...@walkermartyn.co.uk>.

Walker Martyn Ltd, company number SC197533. Company is registered in Scotland 
and has its registered office at 1 Park Circus Place, Glasgow G3 6AH, UK.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: DPM 2010 question: How to get rid of client computer.

[Ken Cornetet]

Sounds promising, but all I get is inscrutable powershell errors.

C:\Program Files\Microsoft DPM\DPM\bin>powershell remove-productionserver.ps1 
-DPMServername nts27.kii.kimball.com -PSName nts322.adstest.kimball.com
There is failure while removing production server
C:\Program Files\Microsoft DPM\DPM\bin\Remove-ProductionServer.ps1 : Exception
of type 'Microsoft.PowerShell.Commands.WriteErrorException' was thrown.
At line:1 char:28
+ remove-productionserver.ps1 <<<<  -DPMServername nts27.kii.kimball.com -PSNam
e nts322.adstest.kimball.com
+ CategoryInfo  : NotSpecified: (:) [Write-Error], WriteErrorExcep
   tion
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorExceptio
   n,Remove-ProductionServer.ps1

Ken Cornetet 812.482.8499
To err is human - to moo, bovine.

From: Tobie Fysh [mailto:tobie.f...@freebridge.org.uk]
Sent: Monday, January 16, 2012 4:50 PM
To: NT System Admin Issues
Subject: RE: DPM 2010 question: How to get rid of client computer.

You'll need PowerShell :)

remove-productionserver.ps1 script

Tobie

From: Ken Cornetet 
[mailto:ken.corne...@kimball.com]<mailto:[mailto:ken.corne...@kimball.com]>
Sent: 16 January 2012 21:18
To: NT System Admin Issues
Subject: DPM 2010 question: How to get rid of client computer.

I have a DPM 2010 server where a client computer was retired before being 
removed from DPM. The server name was reused. DPM still shows the server as 
having the client, but not protected.

How can I convince DPM to forget about that server? The only two things I can 
find under the context menus are "disable protection" and "remove client". The 
latter sounds promising, but when I try it, it wants to uninstall the client 
agent from the client computer, and it fails because the agent is not installed 
on the computer.

Is it just me, or does DPM seem to go out of its way to make things difficult?

Ken Cornetet 812.482.8499
To err is human - to moo, bovine.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


This message has been scanned by MimeCast on behalf of Freebridge Community 
Housing and found to be free of viruses and not SPAM. If you have any concerns 
about the message contents please contact the ICT ServiceDesk.

[cid:image001.gif@01CCD477.AA198E20]<http://www.freebridge.org.uk>


[cid:image002.gif@01CCD477.AA198E20]<http://twitter.com/Freebridge>


[cid:image003.gif@01CCD477.AA198E20]<http://www.facebook.com/pages/Kings-Lynn-United-Kingdom/Freebridge-Community-Housing/192690183387?v=box_3>



This e-mail (including any attachments), is confidential and intended only for 
the use of the addressee(s). It may contain information covered by legal, 
professional or other privilege. If you are not an addressee, please inform the 
sender immediately and destroy this e-mail. Do not copy, use or disclose this 
e-mail.

E-mail transmission cannot be guaranteed to be secure or error free. The sender 
does not accept liability for any errors or omissions in the contents of this 
message which arise as a result of e-mail transmission. If verification is 
required please request a hard copy version.

Freebridge Community Housing Ltd is a Charitable Industrial and Provident 
Society - Reg No IP29744R Registered with the Housing Corporation - No L4463. 
VAT Registration Number 860762121

Freebridge Community Housing, Juniper House, Austin Street, Kings Lynn, Norfolk 
PE30 1DZ


This email message has been scanned for viruses by Mimecast.
Mimecast delivers a complete managed email solution from a single web based 
platform.
For more information please visit http://www.mimecast.com


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<><><>

RE: UNC to DNS alias..

[Ken Cornetet]

DisableStrictNameChecking and either of these:


1.   Create CNAME in DNS (and optionally, WINS entry) for the new name. 
Does not work on domain controllers (at least it didn't as of server 2003)

2.   Create NETBIOS alias (no longer supported) 
HKLM\System\CurrentControlSet\Services\LanManServer\Parameters 
REG_Multi_String=OptionalNames

Ken Cornetet 812.482.8499
To err is human - to moo, bovine.

From: David Lum [mailto:david@nwea.org]
Sent: Monday, December 12, 2011 10:39 AM
To: NT System Admin Issues
Subject: UNC to DNS alias..

I have a server that I want to be able to have users UNC to it under a name 
other than the host name. We discussed this previously but I don't have that 
thread anymore. I thought it was disable distinct name checking but Google-Fu 
isn't helping me.

Server name: ServerJoeBob
UNC I want XP and Win7 users to use: Archives

Win7 plays nice, XP complains of a duplicate name on the network.
David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Home Throughput Issue

[Ken Cornetet]

Is the laptop connecting at 100Mb? Could it be a duplex issue?

Ken Cornetet 812.482.8499
To err is human - to moo, bovine.

From: Roger Wright [mailto:rhw...@gmail.com]
Sent: Monday, December 05, 2011 11:45 AM
To: NT System Admin Issues
Subject: Re: Home Throughput Issue

He has swapped cable with another machine that didn't exhibit the problem - 
same result.

Different ports on the router - same result.

So it appears to be an issue with the laptop's Ethernet port.  It just seems 
weird that it would have lower throughput than the 802.11g wireless connection.



Roger Wright
___
I just had my vision checked. My hindsight was 20/20. My foresight is legally 
blind.




On Mon, Dec 5, 2011 at 11:10 AM, Miguel Gonzalez 
mailto:miguel_3_gonza...@yahoo.es>> wrote:
Or maybe the ethernet ports in the router are no good.

You have to check several things:

- The NIC in the laptop/workstation.

- The ethernet ports in the router. You can check itusing a hub/switch.

- Maybe your cables are wrong. Sometimes it happens the wiring of your ethernet 
cables is not right. I've seen cables that were crimped manually with the wrong 
settings and that slowed down the network throughput.

Miguel


De: "Ziots, Edward" mailto:ezi...@lifespan.org>>
Para: NT System Admin Issues 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Enviado: lunes 5 de diciembre de 2011 16:53
Asunto: RE: Home Throughput Issue
I would also take a look at the packets when he is connected wirelessly, and 
wired, and see if you see a higher level of duplicate acks, or fast 
transmissions, which might spell issues with the physical media ( NIC, Cable, 
Port on the Wireless router, etc etc)

Sincerely,
EZ

Edward E. Ziots, CISSP, Security +, Network +
Security Engineer
Lifespan Organization
email:ezi...@lifespan.org<mailto:email%3aezi...@lifespan.org>
phone:401-639-3505
[cid:image001.jpg@01CCB36B.2E265B40]

From: Glen Johnson [mailto:gjohn...@vhcc.edu<mailto:gjohn...@vhcc.edu>]
Sent: Monday, December 05, 2011 10:42 AM

To: NT System Admin Issues
Subject: RE: Home Throughput Issue

Sounds like you've eliminated most everything except the network interface in 
this one machine.
Can you add/replace the network card?  You didn't say if it is a desktop or 
laptop?
If it is a laptop, I'd test at a different location.  Friend, co-worker or some 
other place.
If a desktop, slap a cheap nic in and see what happens.

From: Roger Wright [mailto:rhw...@gmail.com]
Sent: Monday, December 05, 2011 10:15 AM

To: NT System Admin Issues
Subject: Home Throughput Issue

A colleague has a problem that is stumping us:

He has broadband at home and when connecting wirelessly to his router his 
throughput is significantly slower than when using the Ethernet connection.  
Speedtest.net says he's getting in excess of 20Mbps down and 5Mbps up via a 
wireless connection, but with a wired connection to the router his reported 
speed drops to 5 down/1 up, and the difference is readily apparent when 
browsing.

Connecting with a wired connection from another machine, however, doesn't not 
report a slower speed and closely matches the wireless speed.

He's updated the drivers for the NIC, adjusted the speed and duplex settings, 
disabled the software firewall, tried other ports on the router, swapped 
cables, but cannot improved his throughput when using an Ethernet connection 
from this machine.  It seems odd that his wireless connection would be 
noticeably faster than his Eethernet connection.

Anything else he can check?


Roger Wright
___
I just had my vision checked. My hindsight was 20/20. My foresight is legally 
blind.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.co

RE: ( OT ) Convert mA to Watts

[Ken Cornetet]

Or the official boy scout version: "better be right or your great big vision 
goes west"

Ken Cornetet 812.482.8499
To err is human - to moo, bovine.

From: Maglinger, Paul [mailto:pmaglin...@scvl.com]
Sent: Friday, November 04, 2011 8:14 AM
To: NT System Admin Issues
Subject: RE: ( OT ) Convert mA to Watts

Nope, I also remember BBROYGBVGW.

Bad Boys Ravish Our Young Girls But Violet Gives Willingly (or for the old 
timers, Behind Victory Garden Walls).

-Paul

From: Hilderbrand, Doug 
[mailto:doug.hilderbr...@craneaerospace.com]<mailto:[mailto:doug.hilderbr...@craneaerospace.com]>
Sent: Thursday, November 03, 2011 8:04 PM
To: NT System Admin Issues
Subject: RE: ( OT ) Convert mA to Watts

Am I the only one who remembers ELI the ICE man? Voltage (e) leads current (i) 
in an inductor (L) and current (i) leads voltage (e) in a capacitor (C). Must 
have been the old Navy guy teaching electronics in high school.

http://www.electronicstheory.com/html/e101-31.htm


Doug Hilderbrand | Systems Analyst, Information Technology | Crane Aerospace & 
Electronics
From: Ken Cornetet 
[mailto:ken.corne...@kimball.com]<mailto:[mailto:ken.corne...@kimball.com]>
Sent: Thursday, October 20, 2011 1:09 PM
To: NT System Admin Issues
Subject: RE: ( OT ) Convert mA to Watts

Power factor is a bit difficult to explain, but here goes:

Ohm's law: Volts = Amps * resistance
Watts = Volts * Amps or substituting, Watts = Volts squared / resistance.


Power factor is the ratio of "real" power divided by the apparent power. Under 
what circumstances do real and apparent power differ from each other? There are 
two reasons for this:


1.   A nonlinear load (like something with rectifiers) will present a 
resistance that appears to vary with the instantaneous voltage. For a 
sinusoidal alternating voltage, this leads to a non-sinusoidal current, which 
creates a non-sinusoidal power. This non sinusoidal power will deliver less 
average power than the equivalent sinusoidal power.

2.   A reactive load (capacitive and inductive) will have a sinusoidal 
current, but it will lead or lag the voltage. This means that any instantaneous 
power (voltage * current) will be less than the average voltage times the 
average current.

This means that with a power factor, you get less "work" (power) for a given 
voltage and current. In other words, a load with a power factor less than 1 
requires more "push" (current) to get the same amount of work done as a load 
with a power factor of one.

A real world example:

Let's say you have a UPS running on batteries that produces 120V AC. This feeds 
a reactive load that draws 60 Watts at a power factor of .5. This means that 
your battery is supply 60 Watts of power (assuming 100% UPS efficiency), BUT 
your UPS is delivering a current of 1 Amp (not 60/120 or .5 Amps) because of 
the power factor. This is why UPS are rated in VA instead of Watts.

Ken Cornetet 812.482.8499
To err is human - to moo, bovine.

From: James Kerr 
[mailto:cluster...@gmail.com]<mailto:[mailto:cluster...@gmail.com]>
Sent: Thursday, October 20, 2011 12:58 PM
To: NT System Admin Issues
Subject: Re: ( OT ) Convert mA to Watts

You lost me at "factor".
On Tue, Oct 18, 2011 at 12:37 PM, Ben Scott 
mailto:mailvor...@gmail.com>> wrote:
On Tue, Oct 18, 2011 at 12:15 PM, Stefan Jafs 
mailto:stefan.j...@gmail.com>> wrote:
> I guess the big unknown is the PF, I assumed 60% (based on Googeling), the
> is a power supply, would it not be higher for a transformer load?
 To continue the water analogy, power factor is like a big reserve
tank right before the water tap.  It can cause your water demand to be
out-of-sync with the apparent water usage (coming out of the tap).
You run the faucet for a bit, and the tank starts to drain, but the
supply pipe isn't touched.  Then the tank starts to fill, pulling from
the supply pipe.  Then you shut the faucet off, but the tank keeps
filling.

 Or so I'm given to understand; the actual mechanism behind power
factor is magic to me.  I know a purely resistive load -- like a space
heater -- has a power factor of 1.0.  "Inductive loads" are
"reactive", whatever that means.  :)  Apparently AC motors are
"inductive".  Rectifiers -- like in an AC->DC power supply, such as in
a PC -- are also apparently "reactive".  "Power factor correction"
helps turn equipment with a lower power factor into something with a
higher power factor.

 The numbers I usually see pulled out of the air for PC power supply
units are 0.6 PF for a standard PSU, and 0.9 PF for a PFC PSU.  I have
no idea how much things vary in practice.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/

RE: ( OT ) Convert mA to Watts

[Ken Cornetet]

Power factor is a bit difficult to explain, but here goes:

Ohm's law: Volts = Amps * resistance
Watts = Volts * Amps or substituting, Watts = Volts squared / resistance.


Power factor is the ratio of "real" power divided by the apparent power. Under 
what circumstances do real and apparent power differ from each other? There are 
two reasons for this:


1.   A nonlinear load (like something with rectifiers) will present a 
resistance that appears to vary with the instantaneous voltage. For a 
sinusoidal alternating voltage, this leads to a non-sinusoidal current, which 
creates a non-sinusoidal power. This non sinusoidal power will deliver less 
average power than the equivalent sinusoidal power.

2.   A reactive load (capacitive and inductive) will have a sinusoidal 
current, but it will lead or lag the voltage. This means that any instantaneous 
power (voltage * current) will be less than the average voltage times the 
average current.

This means that with a power factor, you get less "work" (power) for a given 
voltage and current. In other words, a load with a power factor less than 1 
requires more "push" (current) to get the same amount of work done as a load 
with a power factor of one.

A real world example:

Let's say you have a UPS running on batteries that produces 120V AC. This feeds 
a reactive load that draws 60 Watts at a power factor of .5. This means that 
your battery is supply 60 Watts of power (assuming 100% UPS efficiency), BUT 
your UPS is delivering a current of 1 Amp (not 60/120 or .5 Amps) because of 
the power factor. This is why UPS are rated in VA instead of Watts.

Ken Cornetet 812.482.8499
To err is human - to moo, bovine.

From: James Kerr [mailto:cluster...@gmail.com]
Sent: Thursday, October 20, 2011 12:58 PM
To: NT System Admin Issues
Subject: Re: ( OT ) Convert mA to Watts

You lost me at "factor".
On Tue, Oct 18, 2011 at 12:37 PM, Ben Scott 
mailto:mailvor...@gmail.com>> wrote:
On Tue, Oct 18, 2011 at 12:15 PM, Stefan Jafs 
mailto:stefan.j...@gmail.com>> wrote:
> I guess the big unknown is the PF, I assumed 60% (based on Googeling), the
> is a power supply, would it not be higher for a transformer load?
 To continue the water analogy, power factor is like a big reserve
tank right before the water tap.  It can cause your water demand to be
out-of-sync with the apparent water usage (coming out of the tap).
You run the faucet for a bit, and the tank starts to drain, but the
supply pipe isn't touched.  Then the tank starts to fill, pulling from
the supply pipe.  Then you shut the faucet off, but the tank keeps
filling.

 Or so I'm given to understand; the actual mechanism behind power
factor is magic to me.  I know a purely resistive load -- like a space
heater -- has a power factor of 1.0.  "Inductive loads" are
"reactive", whatever that means.  :)  Apparently AC motors are
"inductive".  Rectifiers -- like in an AC->DC power supply, such as in
a PC -- are also apparently "reactive".  "Power factor correction"
helps turn equipment with a lower power factor into something with a
higher power factor.

 The numbers I usually see pulled out of the air for PC power supply
units are 0.6 PF for a standard PSU, and 0.9 PF for a PFC PSU.  I have
no idea how much things vary in practice.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: fake-out NetBIOS

[Ken Cornetet]

There are two ways to do this:

New (supported) way:
Disable strict name checking on the server.
Create a DNS alias (CNAME)

Old:
On the server, add the alias under this key: 
HKLM\System\CurrentControlSet\Services\LanManServer\Parameters 
REG_Multi_String=OptionalNames. This will cause the server to answer to the 
additional names, as well as advertise the alias in WINS.

Note: The new way does not work on domain controllers (at least it didn't the 
last time I tried it).

Ken Cornetet 812.482.8499
To err is human - to moo, bovine.

From: David Lum [mailto:david@nwea.org]
Sent: Thursday, September 29, 2011 9:09 AM
To: NT System Admin Issues
Subject: fake-out NetBIOS

How do I go about having a Windows client (XP, or 7) connect to a UNC that's 
different from the actual hostname w/out using a FQDN? I have a server named 
BOB but I want users to be able to attach using \\FRED.
David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Tell me about your experience with free filtering proxies

[Ken Cornetet]

I used Dan's Guardian (http://dansguardian.org/) for years to filter what my 
kids could get to. It seemed to work well. They were constantly asking me to 
whitelist sites for them.

Ken Cornetet 812.482.8499
To err is human - to moo, bovine.

From: John Cook [mailto:john.c...@pfsf.org]
Sent: Tuesday, August 23, 2011 10:02 AM
To: NT System Admin Issues
Subject: Tell me about your experience with free filtering proxies

I've been asked to research the possibilities for setting up a filtering 
mechanism for a public resource center. These will be open access computers, 
probably 8 - 10, for kids to get on for school work or whatever. My concern is 
someone doing or viewing something illegal or totally inappropriate, it's a CYA 
measure for the nonprofit I work for. Any thoughts on specific applications (I 
was looking at Squid and Foxy) or a different approach are most welcome.

TIA

John Cook
Systems Administrator
Partnership for Strong Families


CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you really need 
to.


This email and any attached files are confidential and intended solely for the 
intended recipient(s). If you are not the named recipient you should not read, 
distribute, copy or alter this email. Any views or opinions expressed in this 
email are those of the author and do not represent those of the company. 
Warning: Although precautions have been taken to make sure no viruses are 
present in this email, the company cannot accept responsibility for any loss or 
damage that arise from the use of this email or attachments.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: WIndows 95 and Server 2008 R2 DCs

[Ken Cornetet]

I find that KB article confusing - it confirms that Server 2008 can do LM 
authentication, and that it uses the registry key to control what 
authentication is accepted  . We've had group policy in place for ages 
(possibly ever since we went to Active Directory) that does what that KB 
suggests (allows LanMan authentication, but tries to negotiate NTLM and NTLMv2)

I've verified that the 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\LMCompatibilityLevel is 
set to 0 or 1 (depending on the group policy setting), but yet it will not 
authenticate.

I notice that the KB article says only "Server 2008" not "Server 2008 R2" (Or 
Windows 7). I wonder if MS completely eliminated LanMan authentication 
compatibility on Server 2008 R2? I don't recall ever reading this in any of the 
release notes or planning guides.

Ken Cornetet 812.482.8499
To err is human - to moo, bovine.

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Tuesday, August 16, 2011 2:24 PM
To: NT System Admin Issues
Subject: Re: WIndows 95 and Server 2008 R2 DCs

Given the business situation, it would seem that you have the choice between 
the following:

-- Upgrading to 2008R2, and not authenticating the Win95 systems at all (as it 
is not supported) - http://support.microsoft.com/kb/954387
-- Leaving the Win2K3 DCs in place

ASB

http://about.me/Andrew.S.Baker

Harnessing the Advantages of Technology for the SMB market...



On Tue, Aug 16, 2011 at 12:50 PM, Ken Cornetet 
mailto:ken.corne...@kimball.com>> wrote:
I have some Windows 95 computers authenticating against my domain. Currently, 
the domain is running on Server 2003 DCs, but I am in the process of upgrading 
to Server 2008 R2 DCs. I have already started to deploy Server 2008 DCs.

I have one location that has a couple of Windows 95 computers, and they cannot 
authenticate against a Server 2008 R2 DC - even with what I think is the 
appropriate group policy (the same policy allows the Windows 95 machines to 
authenticate against Server 2003 DCs).

OK, I know, Windows 95. But, these are used as controllers in some 
multi-million dollar machinery that was purchased long ago from a company that 
is now defunct. Replacing this equipment is simply not an option. Upgrading the 
OS is not an option. Installing the AD client extension for Windows 9x *might* 
be an option, but only as a last resort. The factory guys who maintain this 
equipment obviously do not like to stir the soup, because the apparently only 
human left on earth who can support this equipment charges 5 figures to just 
answer the phone.

Here's what I have in the Default Domain Controller Policy:
Microsoft network client: Digitally sign communications (always) Disabled
Microsoft network server: Digitally sign communications (always) Disabled
Microsoft network server: Digitally sign communications (if client agrees) 
Enabled
Network security: Do not store LAN Manager hash value on next password change 
Disabled
Network security: LAN Manager authentication level Send LM & NTLM - use NTLMv2 
session security if negotiated
Allow cryptography algorithms compatible with Windows NT 4.0 Enabled

Any suggestions?

Ken Cornetet 812.482.8499
To err is human - to moo, bovine.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: WIndows 95 and Server 2008 R2 DCs

[Ken Cornetet]

It is preferable to have them authenticate to the domain, but I might be able 
to convince them to authenticate  to a local account on the file server they 
hit. The problem is that I assume whenever the file server gets upgraded to 
Server 2008 R2, the same problem will occur.

Ken Cornetet 812.482.8499
To err is human - to moo, bovine.

From: Guyer, Don [mailto:don.gu...@fiserv.com]
Sent: Tuesday, August 16, 2011 12:55 PM
To: NT System Admin Issues
Subject: RE: WIndows 95 and Server 2008 R2 DCs

Do they "have to" auth against the domain?

Don Guyer
Windows Systems Engineer
RIM Operations Engineering Distributed - A Team, Tier 2
Enterprise Technology Group
Fiserv
don.gu...@fiserv.com
Office: 1-800-523-7282 x 1673
Fax: 610-233-0404
www.fiserv.com<http://www.fiserv.com/>
[cid:image001.jpg@01CC5C14.326409E0]

From: Ken Cornetet [mailto:ken.corne...@kimball.com]
Sent: Tuesday, August 16, 2011 12:51 PM
To: NT System Admin Issues
Subject: WIndows 95 and Server 2008 R2 DCs

I have some Windows 95 computers authenticating against my domain. Currently, 
the domain is running on Server 2003 DCs, but I am in the process of upgrading 
to Server 2008 R2 DCs. I have already started to deploy Server 2008 DCs.

I have one location that has a couple of Windows 95 computers, and they cannot 
authenticate against a Server 2008 R2 DC - even with what I think is the 
appropriate group policy (the same policy allows the Windows 95 machines to 
authenticate against Server 2003 DCs).

OK, I know, Windows 95. But, these are used as controllers in some 
multi-million dollar machinery that was purchased long ago from a company that 
is now defunct. Replacing this equipment is simply not an option. Upgrading the 
OS is not an option. Installing the AD client extension for Windows 9x *might* 
be an option, but only as a last resort. The factory guys who maintain this 
equipment obviously do not like to stir the soup, because the apparently only 
human left on earth who can support this equipment charges 5 figures to just 
answer the phone.

Here's what I have in the Default Domain Controller Policy:
Microsoft network client: Digitally sign communications (always) Disabled
Microsoft network server: Digitally sign communications (always) Disabled
Microsoft network server: Digitally sign communications (if client agrees) 
Enabled
Network security: Do not store LAN Manager hash value on next password change 
Disabled
Network security: LAN Manager authentication level Send LM & NTLM - use NTLMv2 
session security if negotiated
Allow cryptography algorithms compatible with Windows NT 4.0 Enabled

Any suggestions?

Ken Cornetet 812.482.8499
To err is human - to moo, bovine.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: Batch file syntax question

[Ken Cornetet]

>From set /?

set Var1=%1#
Sets "Var1" to first parameter passed to the batch file (%1) and appends a "#"

set Var1=%Var1:"=%
Removes  all occurrences of the double-quote character in Var1

set Var1=%Var1:\#=%
Removes all occurrences of "\#" in Var1

set Var1=%Var1:#=%
Removes all occurrences of the hash character ("#") in Var1

Ken Cornetet 812.482.8499
To err is human - to moo, bovine.

From: Oliver Marshall [mailto:oliver.marsh...@g2support.com]
Sent: Thursday, July 28, 2011 8:23 AM
To: NT System Admin Issues
Subject: Batch file syntax question

Does anyone know what this does to this variable?

set Var1=%1#
set Var1=%Var1:"=%
set Var1=%Var1:\#=%
set Var1=%Var1:#=%



[cid:image002.png@01CC4D01.2F47C340]


Network Support
Online Backups
Server Management

[http://www.g2support.com/googleapps.jpg]

Tel: 0845 307 3443
Email: oliver.marsh...@g2support.com
Web: http://www.g2support.com<http://www.g2support.com/>
Twitter: g2support<http://twitter.com/home?status=@g2support>
Newsletter: http://www.g2support.com/newsletter
Mail: 2 Roundhill Road, Brighton, Sussex, BN2 3RF

Have you said something nice about us to a friend or colleague ?
Let us say thanks. Find out more at 
www.g2support.com/referral<http://www.g2support.com/referral>

G2 Support LLP is registered at Mill House, 103 Holmes Avenue, HOVE
BN3 7LE. Our registered company number is OC316341.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<><>

RE: I need a Landline! You read that right.

[Ken Cornetet]

AT&T microcells are limited. In fact, you must enter the mobile numbers of the 
phones allowed to use it (you can have 10 numbers).

I have one and it works very well.

Caveats:

1.   If you "daisy-chain" it (plug it into an Ethernet connection, and plug 
a PC into it), it does "naughty" DHCP things. It caches DHCP information from 
the DHCP server, then pretends to be that DHCP server to the PC. Maddening when 
you are trying to troubleshoot. Yes, I learned this the hard way.

2.   It needs to be close to a window for the GPS to come up. If it can't 
see satellites, it doesn't come up. There is an antenna jack, but the docs are 
kind of vague on obtaining and using an external GPS antenna.

3.   Your phone must be 3G capable.

4.Non AT&T GSM phones (Trac, StraightTalk, Net10, etc) won't work on it.

5.   Range is very limited

I'm probably going to replace my land-line with skype. Low per minute cost, and 
no monthly cost. There are a ton of other VoIP vendors out there with very 
reasonable rates.

If you want the full-blown nerd solution, have a look here:  
http://pbxinaflash.net/


Ken Cornetet 812.482.8499
To err is human - to moo, bovine.

From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
Sent: Monday, July 11, 2011 3:16 PM
To: NT System Admin Issues
Subject: RE: I need a Landline! You read that right.

Network extender for your cell carrier and create your own cell tower in your 
basement with it. Just be aware that it will be a 'public' cell tower, last I 
looked you cannot limit who can use it. I think it is a 911 issue..

For example from Verizon:   
http://support.vzw.com/information/network_extender.html


From: Sam Cayze [mailto:sca...@gmail.com]
Sent: Monday, July 11, 2011 3:09 PM
To: NT System Admin Issues
Subject: OT: I need a Landline! You read that right.

So...
Thought I'd build a nice new home office in the basement.  After layers of new 
insulation, soundproofing, and drywall, my cell phone no longer works down 
there!  Oops :-\

Considering how much I telecommute, I need to get some sort of landline 
installed.  VOIP/SIP/Digital through Comcast, I'm considering it all.  But, I'm 
not too well versed on the options avail.  I still support an old PBX at our 
office, and built a SIP fax service/server, but my telco experience is pretty 
limited outside of that.  I'd like to avoid Comcast (Personal reasons and I 
often cancel it and go through our Municipal WiFi).

Any suggestions you guys have off the top of your head?  A good service that 
sticks out that you would like to plug?

Something that incorporated with Google Voice would be a plus... (Not sure 
anything does).  I do use the new Sprint/Google Voice offering, so I can mask 
the new number with my Sprint number, and I can easily have my Sprint number 
ring the new number too.

Thanks.  Open to ideas.


-Sam



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Another BGINFO question

[Ken Cornetet]

We run BGINFO via a batch file that first runs a VBscript program that collects 
various information about the server and puts it in the registry. We configure 
BGINFO to read and display these registry entries.

Ken Cornetet 812.482.8499
To err is human - to moo, bovine.

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Friday, June 24, 2011 4:48 AM
To: NT System Admin Issues
Subject: Re: Another BGINFO question

You can use WMI queries in bginfo, IIRC

Might need a lot of customisation, but this should give you some pointers

http://www.edugeek.net/forums/scripts/57330-bginfo-dispaying-text-custom-query.html
On 24 June 2011 08:14, Gavin Wilby 
mailto:gavin.wi...@gmail.com>> wrote:
This should be an easy one to someone that knows, how can I insert the AD 
computer description into a servers BGINFO screen?

I have to remote into a lot of servers on some sites and it would be useful to 
have the description available on the screen as a lot of them dont have clear 
computer hostnames.

--
Gavin Wilby,
Twitter: http://twitter.com/gavin_wilby
GSXR Blog: http://www.stoof.co.uk

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin



--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

* IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is addressed. If 
you have received this message it was obviously addressed to you and therefore 
you can read it, even it we didn't mean to send it to you. However, if the 
contents of this email make no sense whatsoever then you probably were not the 
intended recipient, or, alternatively, you are a mindless cretin; either way, 
you should immediately kill yourself and destroy your computer (not necessarily 
in that order). Once you have taken this action, please contact us.. no, sorry, 
you can't use your computer, because you just destroyed it, and possibly also 
committed suicide afterwards, but I am starting to digress..

The originator of this email is not liable for the transmission of the 
information contained in this communication. Or are they? Either way it's a 
pretty dull legal query and frankly one I'm not going to dwell on. But should 
you have nothing better to do, please feel free to ruminate on it, and please 
pass on any concrete conclusions should you find them. However, if you pass 
them on via email, be sure to include a disclaimer regarding liability for 
transmission.

In the event that the originator did not send this email to you, then please 
return it to us and attach a scanned-in picture of your mother's brother's wife 
wearing nothing but a kangaroo suit, and we will immediately refund you exactly 
half of what you paid for the can of Whiskas you bought when you went to Pets 
At Home yesterday.

We take no responsibility for non-receipt of this email because we are running 
Exchange 5.5 and everyone knows how glitchy that can be. In the event that you 
do get this message then please note that we take no responsibility for that 
either. Nor will we accept any liability, tacit or implied, for any damage you 
may or may not incur as a result of receiving, or not, as the case may be, from 
time to time, notwithstanding all liabilities implied or otherwise, ummm, hell, 
where was I...umm, no matter what happens, it is NOT, and NEVER WILL BE, OUR 
FAULT!

The comments and opinions expressed herein are my own and NOT those of my 
employer, who, if he knew I was sending emails and surfing the seamier side of 
the Internet, would cut off my manhood and feed it to me for afternoon tea.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Image Editing software [OT]

[Ken Cornetet]

Trivia - that is why FORTRAN only reads the first 72 columns of the input 
"deck". This allows the programmer to configure their keypunch machine to 
automatically punch an  auto-incrementing number in columns 73 through 80.

That way, if you drop your deck, you run them through a card sorter.

Ken Cornetet 812.482.8499
To err is human - to moo, bovine.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Friday, June 10, 2011 4:05 PM
To: NT System Admin Issues
Subject: RE: Image Editing software [OT]

Nope... I took Fortran (that was WATFOR, before any of that crazy Fortran-77 
stuff) and BASM (IBM Basic Assembler) on punch cards.

You want to see a grown man cry? See a punch-card operator drop his 1000-card 
deck while loading it into a punch card reader.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Steven Peck [mailto:sep...@gmail.com]
Sent: Friday, June 10, 2011 4:00 PM
To: NT System Admin Issues
Subject: Re: Image Editing software

I've heard people talk about this BT (Before Terminals) but always just 
discounted them as crazy people.  Like Big Foot.

:)
On Fri, Jun 10, 2011 at 9:10 AM, Guyer, Don 
mailto:don.gu...@fiserv.com>> wrote:
I was feeling old, a few minutes ago...

:p

Don Guyer
Windows Systems Engineer
RIM Operations Engineering Distributed - A Team, Tier 2
Enterprise Technology Group
Fiserv
don.gu...@fiserv.com<mailto:don.gu...@fiserv.com>
Office: 1-800-523-7282 x 1673
Fax: 610-233-0404
www.fiserv.com<http://www.fiserv.com>

-Original Message-
From: Webster [mailto:carlwebs...@gmail.com<mailto:carlwebs...@gmail.com>]
Sent: Thursday, June 09, 2011 7:24 PM
To: NT System Admin Issues
Subject: RE: Image Editing software

I survived on an IBM 360/25 with no fancy "terminal" thingy to get in my
way!  Programming a punch card machine for IBM COBOL and Assembler code
is
da bomb! :)


Webster

> -Original Message-
> From: Rankin, James R 
> [mailto:kz2...@googlemail.com<mailto:kz2...@googlemail.com>]
> Subject: Re: Image Editing software
>
> I used to live a fulfilled electronic life using a 1K ZX81
>
> --Original Message--
> From: Michael B. Smith
> Subject: RE: Image Editing software
> Sent: 9 Jun 2011 23:45
>
> Who needs more than 640K?
>
> -Original Message-
> From: Ben Scott [mailto:mailvor...@gmail.com<mailto:mailvor...@gmail.com>]
> Subject: Re: Image Editing software
>
> On Thu, Jun 9, 2011 at 2:56 PM, Kennedy, Jim
> mailto:kennedy...@elyriaschools.org>> wrote:
> > But the bottom line is Adobe imaging products just don't play well
in
> > a network environment. They still strongly recommend against editing
a
> > file on a server with Photoshop, they say copy it locally first.
>
>   This "network" idea will never take off anyway.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: burn in software

[Ken Cornetet]

Memtest86+ http://www.memtest.org/

Ken Cornetet 812.482.8499
To err is human - to moo, bovine.

From: James Kerr [mailto:cluster...@gmail.com]
Sent: Monday, June 06, 2011 3:44 PM
To: NT System Admin Issues
Subject: burn in software

I have a shiny new server that's been giving some grief and restarting every so 
often with critical memory errors for one of the memory modules. I want to run 
some software that will work the machine hard so I can get it to crash again 
otherwise it may take days for the error to occur and I would really like to 
get the machine into production as soon as possible. Any recommendations? Free 
is a requirement because I don't feel like filling out paperwork. ;-)

James

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: VM's in AD

[Ken Cornetet]

Depends – do you owe me money, or do I owe you money?

Yes.

Ken Cornetet 812.482.8499
To err is human - to moo, bovine.

From: Daniel Rodriguez [mailto:drod...@gmail.com]
Sent: Thursday, June 02, 2011 8:37 AM
To: NT System Admin Issues
Subject: RE: VM's in AD


Are you in southern Indiana?
On Jun 2, 2011 8:34 AM, "Ken Cornetet" 
mailto:ken.corne...@kimball.com>> wrote:
> We virtualize EVERYTHING that can run virtual regardless. The only things we 
> have that aren't virtual is our big SAP app and DB servers, and when the next 
> version of ESX comes out with more memory and CPUs per virtual, we are going 
> after some of them.
>
> This used to cause no end of whining from our application owners and business 
> units: "Oh, our app/database/whatever is too resource intensive to run 
> virtual", "We have to have real hardware for our mission critical apps", etc. 
> Fortunately, our director took a hard line that virtual is THE standard 
> unless someone can PROVE that their app or DB can't run virtual.
>
> About the only thing we do different for VMs is that our critical servers get 
> a weekly snapshot of the VMDK files backed up to storage across town (via a 
> script) for disaster recovery purposes. For DR, we spin up the copied VMDK 
> files on a couple of ESX servers at our alternate datacenter, then we use our 
> normal backup system to recover volatile data. This sped up our disaster 
> recovery by about a factor of three.
>
> We love ESX/VSphere!
>
>
> Ken Cornetet 812.482.8499
> To err is human - to moo, bovine.
>
> From: David Lum [mailto:david@nwea.org<mailto:david@nwea.org>]
> Sent: Wednesday, June 01, 2011 12:06 PM
> To: NT System Admin Issues
> Subject: VM's in AD
>
> Do you guys treat VM's any differently than a physical machine? In my 
> environment we are starting to get several of our Mac developers having WinOS 
> VM's running on them.
> David Lum
> Systems Engineer // NWEATM
> Office 503.548.5229 // Mobile 503.267.9764
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to 
> listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com><mailto:listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>>
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to 
> listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: VM's in AD

[Ken Cornetet]

We virtualize EVERYTHING that can run virtual regardless. The only things we 
have that aren't virtual is our big SAP app and DB servers, and when the next 
version of ESX comes out with more memory and CPUs per virtual, we are going 
after some of them.

This used to cause no end of whining from our application owners and business 
units: "Oh, our app/database/whatever is too resource intensive to run 
virtual", "We have to have real hardware for our mission critical apps", etc. 
Fortunately, our director took a hard line that virtual is THE standard unless 
someone can PROVE that their app or DB can't run virtual.

About the only thing we do different for VMs is that our critical servers get a 
weekly snapshot of the VMDK files backed up to storage across town (via a 
script) for disaster recovery purposes. For DR, we spin up the copied VMDK 
files on a couple of ESX servers at our alternate datacenter, then we use our 
normal backup system to recover volatile data. This sped up our disaster 
recovery by about a factor of three.

We love ESX/VSphere!


Ken Cornetet 812.482.8499
To err is human - to moo, bovine.

From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, June 01, 2011 12:06 PM
To: NT System Admin Issues
Subject: VM's in AD

Do you guys treat VM's any differently than a physical machine? In my 
environment we are starting to get several of our Mac developers having WinOS 
VM's running on them.
David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Mobile 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Extending 2003r2 domain to 2008r2

[Ken Cornetet]

I just did ForestPrep/DomainPrep/RODCPrep a few days ago and it will be a while 
before I start deploying Server 2008 R2 DCs.

BTW, You don't need to extend the schema for photos - 2003 level has the 
attribute you need: thumbnailPhoto

Ken Cornetet 812.482.8499
To err is human - to moo, bovine.

From: Senter, John [mailto:john.sen...@etrade.com]
Sent: Wednesday, June 01, 2011 1:02 PM
To: NT System Admin Issues
Subject: Extending 2003r2 domain to 2008r2

We are currently running 2003r2 domain controllers and the company is wanting 
to be able to upload user pictures so they appear in Outlook 2010.  One of the 
requirements is to extend the schema to 2008/2008r2.  We have a ways to go 
before we can put up any 2008 domain controllers because of some older apps 
that may not work well.  So the question is has anyone done the forestprep to 
extend the schema to 2008, but not bring up any 2008 domain controllers?  If 
so, any issues short term or long term?

Thanks
js


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Are printer-related registry keys are safe to remove?

[Ken Cornetet]

Yes, they are safe to remove.

I created a batch file with these two lines and call it from a group policy 
logoff script.

reg DELETE "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Devices" /va /f
reg DELETE "HKCU\Software\Microsoft\Windows NT\CurrentVersion\printerports" /va 
/f

I will have to say, though, that this seems to make some user's Citrix session 
hang (they never logoff after closing their last app). I will probably move 
this to a logon script at some point.

Ken Cornetet 812.482.8499
To err is human - to moo, bovine.

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Wednesday, March 30, 2011 4:01 AM
To: NT System Admin Issues
Subject: Are printer-related registry keys are safe to remove?

There are two Registry keys - HKCU\Software\Microsoft\Windows 
NT\CurrentVersion\Devices\ and HKCU\Software\Microsoft\Windows 
NT\CurrentVersion\PrinterPorts - that, in a terminal services environment, seem 
to fill up with vast amounts of printers, apparently enumerated from any user 
that has ever logged on. Now some older pieces of software seem to look here 
for their printer settings, to the extent that when there are approximately 500 
entries in there, meaning that the printing from these apps is very, very slow. 
According to an MS article these keys are for user preferences for print 
devices in Windows NT 4.0, so, would I be right in assuming I could simply 
remove all entries from these keys at logoff without causing myself any 
problems?

TIA,



JR

--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

IMPORTANT: This email is intended for the use of the individual addressee(s) 
named above and may contain information that is confidential, privileged or 
unsuitable for overly sensitive persons with low self-esteem, no sense of 
humour or irrational religious beliefs. If you are not the intended recipient, 
any dissemination, distribution or copying of this email is not authorised 
(either explicitly or implicitly) and constitutes an irritating social faux pas.

Unless the word absquatulation has been used in its correct context somewhere 
other than in this warning, it does not have any legal or no grammatical use 
and may be ignored. No animals were harmed in the transmission of this email, 
although the kelpie next door is living on borrowed time, let me tell you. 
Those of you with an overwhelming fear of the unknown will be gratified to 
learn that there is no hidden message revealed by reading this warning 
backwards, so just ignore that Alert Notice from Microsoft.

However, by pouring a complete circle of salt around yourself and your computer 
you can ensure that no harm befalls you and your pets. If you have received 
this email in error, please add some nutmeg and egg whites, whisk and place in 
a warm oven for 40 minutes.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Exchange Database -- VMDK or RAW?

[Ken Cornetet]

No, we back up within the Exchange server using Legato Networker.

Ken Cornetet 812.482.8499
To err is human - to moo, bovine.

-Original Message-
From: Jon D [mailto:rekcahp...@gmail.com] 
Sent: Tuesday, March 15, 2011 11:24 AM
To: NT System Admin Issues
Subject: Re: Exchange Database -- VMDK or RAW?

Awesome Ken! Thanks!
Do you backup with something like ESXRanger or Veeam?
If so, any issues with them backing up huge VMDKs?


Thanks,
Jon


On Tue, Mar 15, 2011 at 9:53 AM, Ken Cornetet  wrote:
> VMDK.
>
> We have two mailbox servers handling about 4000 mailboxes each. Each Exchange 
> server uses multiple storage groups with multiple databases spread across 
> three drive letters - one drive for log files, the other two for stores.
>
> These three drive letters correspond directly to three VMDK files that live 
> in one VMFS which lives on one SAN LUN (but that LUN is spread across 15 
> spindles).
>
> I have noticed that Exchange 2007 hits the disks much less than Exchange 2003.
>
> We also force our users (via group policy) to run Outlook in cached mode 
> which also cuts way back on the disk hits.
>
> Ken Cornetet 812.482.8499
> To err is human - to moo, bovine.
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Exchange Database -- VMDK or RAW?

[Ken Cornetet]

VMDK.

We have two mailbox servers handling about 4000 mailboxes each. Each Exchange 
server uses multiple storage groups with multiple databases spread across three 
drive letters - one drive for log files, the other two for stores.

These three drive letters correspond directly to three VMDK files that live in 
one VMFS which lives on one SAN LUN (but that LUN is spread across 15 spindles).

I have noticed that Exchange 2007 hits the disks much less than Exchange 2003. 

We also force our users (via group policy) to run Outlook in cached mode which 
also cuts way back on the disk hits.

Ken Cornetet 812.482.8499
To err is human - to moo, bovine.

-Original Message-
From: Jon D [mailto:rekcahp...@gmail.com] 
Sent: Monday, March 14, 2011 9:31 AM
To: NT System Admin Issues
Subject: Exchange Database -- VMDK or RAW?

For those who have your Exchange boxes inside of VMWare, did you put
your databases inside VMDK files, or did you go RAW?
VMDK seems like it would be easier to manage, but I'm wondering about
size issues, performance, etc.



Thanks,
Jon

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Sysvol perms in 2008

[Ken Cornetet]

I had a bizarre problem  somewhat like this when I upgraded my test domain. 
Domain controllers lost the ability to apply machine group policy. User policy 
applied fine.

It turns out that “bypass traverse checking” had somehow gotten turned off in 
the domain controller default policy. This didn’t affect the DCs when they were 
server 2003 because computers had permissions all the way down the SYSVOL path 
to the “policies” folder.

However, Server 2008 R2 (don’t know about 2008) makes SYSVOL\{YourDomainFQDN} a 
reparse point to “c:\Windows\SYSVOL\domain”, and the permissions along the new 
path are more restrictive than in previous versions of windows.

The moral of the story is that there are now two sets of permissions that 
control access to the stuff under SYSVOL , and make sure you haven’t turned off 
“bypass traverse checking”.

Ken Cornetet 812.482.8499
To err is human - to moo, bovine.

From: Richard Stovall [mailto:rich...@gmail.com]
Sent: Monday, March 14, 2011 6:15 PM
To: NT System Admin Issues
Subject: Re: Sysvol perms in 2008

From what I can tell it shouldn't be applicable to the issue you're seeing, but 
out of curiosity did you run "adprep32 /domainprep /gpprep" when you upgraded 
the domain?
On Mon, Mar 14, 2011 at 1:39 PM, Kennedy, Jim 
mailto:kennedy...@elyriaschools.org>> wrote:

I am having GPO weirdness. Desktops are getting denied on accessing my Software 
Policies. I THINK this started with our upgrade to 2008 R2 DC’s.  Did perms 
change somewhere along the way and I missed it…it almost seems as if computer 
accounts are no longer members of Authenticated Users. I have always had my 
basic software installs like flash and whatnot in sysvol/netlogon. That is what 
is failing now.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Connecting via DNS alias..in a loop, sorta

[Ken Cornetet]

Are you using certificates to secure your RDP sessions? If so, you'll need a 
certificate on Server2 that has the name FriendlyName1.

I was running a pilot farm of Server 2008 R2 RDS servers. The servers were 
divvied up into silos, and each silo had multiple A records pointing to the 
servers in that silo. For example:

Rd1 10.0.0.1
Rd1 10.0.0.2
Rd1 10.0.0.3

Rd2 10.0.0.4
Rd2 10.0.0.5

Etc

The servers in silo "rd1" had certificates with the name rd1, the servers in 
rd2 had a cert named rd2, etc. I remember configuring the RDweb server to build 
RPD connections based on the rdX names. The pilot didn't work out, so the farm 
is long gone. I can't go check the details.


Ken Cornetet 812.482.8499
To err is human - to moo, bovine.

From: David Lum [mailto:david@nwea.org]
Sent: Thursday, March 03, 2011 5:51 PM
To: NT System Admin Issues
Subject: Connecting via DNS alias..in a loop, sorta

I have an RDS server that I want users to RDP to from RDWeb. From VPN or local 
machine they can RDP just fine, and from the RDWeb (where there is an icon TO 
the RDP app) they can connect to the HOSTNAME (Server2) but when trying to 
connect to Server2 via a DNS Alias (FriendlyName1) the message is "access 
denied"

I'm thinking it's a security thing to prevent spoofing.

The Setup
RDWeb server / gateway = Server1
RDAppServer1 = Server2
FriendlyName1 DNS Alias pointing to Server2

In essence they are trying to RDP to Server2 from the RDP application published 
from Server2 but using the alias instead of hostname fails.

Clear as mud?
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 503.548.5229 // (Cell) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Licensing Q.

[Ken Cornetet]

They want you to buy an MSDN license for that.

From: David Lum [mailto:david@nwea.org]
Sent: Thursday, February 10, 2011 9:16 AM
To: NT System Admin Issues
Subject: Licensing Q.

I have a client that just last night I stood up their 2nd Hyper-V server. They 
are an SBS 2003 shop and now I (think I) have the capability to test upgrading 
to a 2008 DC in a sandbox.

Question: Am I violating a license agreement by using a copy of the production 
SBS server in a VM environment to test changes that if successful will get 
deployed to the production SBS server? The VM won't talk to anything outside 
its sandbox I just intend to test a schema change and 2008 DC addition so I can 
be comfortable what I doing will work in their environment. I'm pretty sure the 
letter of the EULA is "only one copy bub" but I don't think what I'd like to do 
is really against the intent. I can't imagine MS would want me to buy an SBS 
2003 license just to stand up a test box just to test a change.

Or maybe they do?
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 503.548.5229 // (Cell) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: IPv6 question

[Ken Cornetet]

Unchecking IPv6 does nothing, for all intents and purposes. Setting that 
registry value is the only way to turn it off.

From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu]
Sent: Wednesday, February 09, 2011 3:10 PM
To: NT System Admin Issues
Subject: RE: IPv6 question

Question-I've been watching this thread, and honestly haven't read up on the 
IPv6 stuff lately (although we're getting there eventually).  In our 
environment, we've disabled IPv6 on every WS08+ server by importing the reg 
value:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters]
"DisabledComponents"=dword:

And then also unchecking the box by IPv6 (probably not necessary to do both) 
and the LLMNR boxes, probably similar to what Chris is doing.

So far, we've not run into support issues (had it come up once on a PSS call, 
but it wasn't a problem), but it is always a concern.

So, is there a difference when it comes to support between just unchecking the 
box for IPv6 and disabling it altogether via regedit, or do they both create 
"issues"?

I'll follow up with some of the links posted, and I don't mind changing what 
we've been doing if it means the difference in support, but not for no reason.  
I'm not the network person here, so hopefully the following makes sense, but 
early on, we had found that leaving IPv6 enabled on servers (DCs specifically) 
was causing some lookup problems from Vista/7 clients.  The servers would 
register A and  records, and the client machines would try to communicate 
via IPv6 at times, but our network infrastructure is not yet set up to route it 
successfully, so failures happen.

-Bonnie

From: Free, Bob [mailto:r...@pge.com]
Sent: Tuesday, February 08, 2011 4:12 PM
To: NT System Admin Issues
Subject: RE: IPv6 question

> I would say that you put yourself, at best, in a supportability grey area.

We were basically told that but in a little, well actually, a lot  stronger 
terms a little over a year ago by a PFE. He said not to even consider doing it. 
We were specifically discussing DCs but he said we would basically be in an 
unsupported configuration. A number of articles have been published since that 
echo that sentiment

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Tuesday, February 08, 2011 1:58 PM
To: NT System Admin Issues
Subject: RE: IPv6 question

None of these are true:

 *   Conservation of system resources (CPU, memory)
 *   Smaller footprint, smaller code base, etc
 *   Newer code, more likely to be exploited in the near future
The IP stack was COMPLETELY re-implemented in Vista/2008. IPv4 as well as IPv6.

They are integrated.

Finally, no testing is done by any engineering group with IPv6 disabled. I 
would say that you put yourself, at best, in a supportability grey area.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Christopher Bodnar [mailto:christopher_bod...@glic.com]
Sent: Tuesday, February 08, 2011 4:51 PM
To: NT System Admin Issues
Subject: IPv6 question

While the discussion of IPv6 is in play.

Just wanted to put  this out there to start a discussion. see what others are 
doing ,and get some feedback:

When we initially configured our "Gold build" for Windows Server 2008, the 
decision was made to disable the following on all network adapters:

 *   Disable IPv6
 *   Disable Link-Layer Topology Discovery Mapper I/O Driver
 *   Disable Link-Layer Topology Discovery Responder

Justifications for this were:

 *   Fewer protocols on the network reduce network traffic
 *   Conservation of system resources (CPU, memory)
 *   Smaller footprint, smaller code base, etc
 *   Newer code, more likely to be exploited in the near future
 *   No current plans to use IPv6 internally in the near future
 *   No Exchange in our environment (Notes shop)
 *   No MS Outlook in our environment (Notes shop)

So far we have had no issues at all with this decision. As we go further along 
in our migration to the a new 2008 R2 domain which is Windows Sever 2008 R2 
FFL, I wanted to make sure that this is still valid, and that we won't run into 
any issues. I've been looking at the following articles:

http://blogs.technet.com/b/netro/archive/2010/11/24/arguments-against-disabling-ipv6.aspx
http://searchnetworking.techtarget.com.au/tips/21232-Disabling-IPv6-in-Windows-Vista-Pros-and-cons
http://technet.microsoft.com/en-us/library/bb457011.aspx





All comments and opinions welcome.

Thanks,


Chris Bodnar, MCSE
Technical Support III
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my

RE: 2008 Server Ran DCPROMO into existing domain and it says it completed succesfully but on reboot, NLA, Base filtering etc wont start

[Ken Cornetet]

I recently had pretty much the same thing happen.

I *think* what caused the problem for me was using SCCM OS deployment to build 
my Server 2008 R2 systems in our production domain, then moving them to our 
test domain, then DCPROMOing up.

My solution was to build two more Server 2008 R2 systems from SCCM, but I did 
not have SCCM put them in a domain, I left them workgroup servers. I then 
DCPROMO'd up.

The old DCs had to be DCPROMO /forceremoval. Then, I used "AD Sites and 
Service" to remove all of the metadata and server objects (YEA! No more 
ntdsutil mega-typing sessions to clean up metadata!). Finally, I cleaned up DNS 
and all seems well.



From: Graeme Carstairs [mailto:loonyto...@gmail.com]
Sent: Thursday, January 27, 2011 12:36 PM
To: NT System Admin Issues
Subject: 2008 Server Ran DCPROMO into existing domain and it says it completed 
succesfully but on reboot, NLA, Base filtering etc wont start

Hi,

I am having some serious issues with a newley promoted 2008 DC.

DCPROMO completed succesfully, and then I restarted the server, and from there 
it all went wrong.


The following services wont start giving access denied errors,

Base Filering Engine
DHCP Client
Diagnostic Policy Service
Windows Time




The following give the Dependency service doesnt exist or has been marked for 
Deletion.
DNS Server
File Replication Services
IKE and Auth IP
Intersite Messaging
Kerberos



Dependancy Service or Group Failed ot Start

IPSEC Policy Agent
Windows FIrewall


The NLS and NLA services also werent starting but I fixed them but the only way 
I could get them to start was to give everyon full control to the reg key, but 
I tried for BFE and that didnt work, and for obvious reason I dont want that to 
work,.

I tried to DCPROMO it down but it would not let me as it was running domain 
services.

any help would be greatly appreciated.

thanks

Graeme






--
Good news everyone, you have just received and e-mail from me!

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Moving VM's between vCenter clusters?

[Ken Cornetet]

Well, tie me to a sow's belly and roll me in the mud! This threw me for a loop 
trying to figure out how vsphere could know the difference, but then it hit me 
- it doesn't matter. A block of zeros is still a block of zeros no matter where 
it is used. All wmware needs to do is remember that a certain range of disk 
blocks are zeros, and it doesn't need to allocate space until those blocks are 
read.

-Original Message-
From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] 
Sent: Wednesday, January 26, 2011 2:05 PM
To: NT System Admin Issues
Subject: RE: Moving VM's between vCenter clusters?

It's a fair question and one to which I'm not going to claim I know the answer 
beyond "they must be special zeroes"

http://www.virtualizationteam.com/virtualization-vmware/vsphere-virtualization-vmware/vmware-esx-4-reclaiming-thin-provisioned-disk-unused-space.html

http://ben.neise.co.uk/index.php/2009/10/using-sdelete-to-maximise-the-amount-of-disk-space-reclaimed-during-conversion-to-thin-provisioned-disks/

http://communities.vmware.com/thread/226985

http://www.yellow-bricks.com/2009/07/31/storage-vmotion-and-moving-to-a-thin-provisioned-disk/
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Moving VM's between vCenter clusters?

[Ken Cornetet]

But how would vsphere know how much free space is inside of an NTFS file 
system? How would vsphere know the difference between a block of zeros that are 
NTFS free space, and a block of zeros that are part of a file?

From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk]
Sent: Wednesday, January 26, 2011 11:38 AM
To: NT System Admin Issues
Subject: RE: Moving VM's between vCenter clusters?

My understanding is that when migrating to vsphere 4.1 that the same as with a 
new VM, you can choose to move the thick VMDK or you can move it and 
reprovision it as a thin VMDK, in which case running sdelete first just 
optimizes how much space vsphere thinks is in use within the VMDK.
From: Ken Cornetet [mailto:ken.corne...@kimball.com]
Sent: 26 January 2011 16:34
To: NT System Admin Issues
Subject: RE: Moving VM's between vCenter clusters?

I don't think the thin provisioning is relevant. The vmdk files will be moved 
as they are.

From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk]
Sent: Wednesday, January 26, 2011 10:09 AM
To: NT System Admin Issues
Subject: Moving VM's between vCenter clusters?

I have a new SAN and vCenter server and vSphere hosts which I'm finalizing 
testing.

One thing I've not been able to easily try is how to get the VM's off my 
existing hosts and onto the new hosts.

My understanding is that I should be able to simply join the current vSphere 
boxes (ESX 3.5) to the new vCenter and from there, do a migration (offline) of 
the VM's to the new servers and storage.

I'm using thin provisioning on the new SAN and within vSphere so I need to run 
something like sdelete in each existing VM to zero the free space, but other 
than that, have I missed anything blindingly obvious please?

Thanks,
Paul

MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
Registered in England and Wales No. 402570
VAT Registration  GB 100 1464 84

The contents of this e-mail are confidential and are solely for the use of the 
intended recipient.  If you receive this e-mail in error, please delete it and 
notify us either by e-mail, telephone or fax.  You should not copy, forward or 
otherwise disclose the content of the e-mail as this is prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Moving VM's between vCenter clusters?

[Ken Cornetet]

I don't think the thin provisioning is relevant. The vmdk files will be moved 
as they are.

From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk]
Sent: Wednesday, January 26, 2011 10:09 AM
To: NT System Admin Issues
Subject: Moving VM's between vCenter clusters?

I have a new SAN and vCenter server and vSphere hosts which I'm finalizing 
testing.

One thing I've not been able to easily try is how to get the VM's off my 
existing hosts and onto the new hosts.

My understanding is that I should be able to simply join the current vSphere 
boxes (ESX 3.5) to the new vCenter and from there, do a migration (offline) of 
the VM's to the new servers and storage.

I'm using thin provisioning on the new SAN and within vSphere so I need to run 
something like sdelete in each existing VM to zero the free space, but other 
than that, have I missed anything blindingly obvious please?

Thanks,
Paul

MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
Registered in England and Wales No. 402570
VAT Registration  GB 100 1464 84

The contents of this e-mail are confidential and are solely for the use of the 
intended recipient.  If you receive this e-mail in error, please delete it and 
notify us either by e-mail, telephone or fax.  You should not copy, forward or 
otherwise disclose the content of the e-mail as this is prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Export attachments from outlook folder

[Ken Cornetet]

I have perl code to do this. It would require a small bit of work to get it to 
work in your environment. Let me know if you want it.

From: Oliver Marshall [mailto:oliver.marsh...@g2support.com]
Sent: Thursday, December 09, 2010 8:48 AM
To: NT System Admin Issues
Subject: Export attachments from outlook folder

Hi,

Slightly OT but does anyone know a way to export all the attachments within an 
Outlook folder to a folder on the hard disk? A utility perhaps or a script? We 
have a folder containing loads of CVs attached to emails and we want them in a 
folder on the network as just docs.

Any ideas?

Olly



[cid:image002.png@01CB9786.86334570]


Network Support
Online Backups
Server Management

[http://www.g2support.com/googleapps.jpg]

Tel: 0845 307 3443
Email: oliver.marsh...@g2support.com
Web: http://www.g2support.com
Twitter: g2support
Newsletter: http://www.g2support.com/newsletter
Mail: 2 Roundhill Road, Brighton, Sussex, BN2 3RF

Have you said something nice about us to a friend or colleague ?
Let us say thanks. Find out more at 
www.g2support.com/referral

G2 Support LLP is registered at Mill House, 103 Holmes Avenue, HOVE
BN3 7LE. Our registered company number is OC316341.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<><>

RE: How to set template for new AD user defaults

[Ken Cornetet]

Creating users in AD is very simple to do via COM with VBScript, Perl, etc (as 
long as exchange isn't involved).

I can give you some sample code if you like.

-Original Message-
From: Mike Leone [mailto:oozerd...@gmail.com] 
Sent: Tuesday, November 09, 2010 2:07 PM
To: NT System Admin Issues
Subject: How to set template for new AD user defaults

I have a Win 2003 AD. I would like to set new defaults for new user
creation (for example, ideally I want the "email address" to default to
"firstname.lastn...@my.tld", among a couple of other things). I remember
being able to do this in older versions of Netware, but I can't seem to
find out how to set this for AD. My searches keep coming up with how to
change the default user settings in profiles, but that isn't what I am
looking to do. I'm talking about using AD U&C to create users, BTW, not
creating them via DSADD or other methods.

Pointers/examples, anyone?

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: MS10-070 & .NET 3.0

[Ken Cornetet]

I *think* in my case, I’m covered since I have .NET 3.5, and I’ve installed the 
patch for that.

However, it just occurred to me that someone with a Server 2008 box using the 
built-in .NET 3.0 has no way to patch this vulnerability, other than installing 
3.5.

From: Christopher Bodnar [mailto:christopher_bod...@glic.com]
Sent: Wednesday, September 29, 2010 5:28 PM
To: NT System Admin Issues
Subject: Re: MS10-070 & .NET 3.0

Its' my understanding that 3.0 installs 2.0, so that makes sense that 2.0 patch 
installed.


Chris Bodnar, MCSE
Systems Engineer
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003



From:    Ken Cornetet 
To:"NT System Admin Issues" 
Date:09/29/2010 04:04 PM
Subject:MS10-070 & .NET 3.0




I’m confused…

I’ve been looking over bulletin MS10-070 for a bit and trying to determine how 
to patch my Server 2008 SP2 x64 servers. When I look at “features” in server 
manager, I see .NET 3.0 installed as a feature. When I look at “Programs and 
Features”, I see .NET 3.5 SP1.

Looking at MS10-070 it specifically says that all versions of .NET are 
vulnerable except 1.0 SP3. However, when you read the “Affected and 
Non-Affected Software” .NET 3.0 is never listed as affected or not affected.

I downloaded all of the patches that were listed (1.1 SP1, 2.0 SP2, 3.5, 3.5 
SP1, and 4.0) and applied them. As expected, the 1.1 SP1 patch failed to apply 
because that version of .NET is not installed.

The 2.0 version DID apply even though .NET 2.0 is not shown as being installed.

The 3.5 version failed to apply (as expected).

The 3.5 SP1 version applied as expected.

Why did 2.0 install? And, more importantly, where do I get the patch for .NET 
3.0?

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

- This message, and any attachments to 
it, may contain information that is privileged, confidential, and exempt from 
disclosure under applicable law. If the reader of this message is not the 
intended recipient, you are notified that any use, dissemination, distribution, 
copying, or communication of this message is strictly prohibited. If you have 
received this message in error, please notify the sender immediately by return 
e-mail and delete the message and any attachments. Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

MS10-070 & .NET 3.0

[Ken Cornetet]

I'm confused...

I've been looking over bulletin MS10-070 for a bit and trying to determine how 
to patch my Server 2008 SP2 x64 servers. When I look at "features" in server 
manager, I see .NET 3.0 installed as a feature. When I look at "Programs and 
Features", I see .NET 3.5 SP1.

Looking at MS10-070 it specifically says that all versions of .NET are 
vulnerable except 1.0 SP3. However, when you read the "Affected and 
Non-Affected Software" .NET 3.0 is never listed as affected or not affected.

I downloaded all of the patches that were listed (1.1 SP1, 2.0 SP2, 3.5, 3.5 
SP1, and 4.0) and applied them. As expected, the 1.1 SP1 patch failed to apply 
because that version of .NET is not installed.

The 2.0 version DID apply even though .NET 2.0 is not shown as being installed.

The 3.5 version failed to apply (as expected).

The 3.5 SP1 version applied as expected.

Why did 2.0 install? And, more importantly, where do I get the patch for .NET 
3.0?

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Photo catalog software

[Ken Cornetet]

Google's Picasa. Hands down best free photo manager.

From: Bob Fronk [mailto:b...@btrfronk.com]
Sent: Saturday, September 25, 2010 8:09 PM
To: NT System Admin Issues
Subject: OT: Photo catalog software

Today while looking for an old digital picture, I realized that simple folders 
and subfolders just does not work when trying to keep up with personal pictures.

Anyone use a good software that categorizes the pictures based off metadata and 
allows editing of subject, ect?

Thanks,

BF

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: KMS Help

[Ken Cornetet]

Last I checked, KMS running on server 2003 can't grant licenses for any OS 
newer than 2003.

From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
Sent: Wednesday, September 22, 2010 1:14 PM
To: NT System Admin Issues
Subject: KMS Help


Ok, I am not getting this KMS thing. Windows server 2003 with KMS 1.2 update on 
it.  It is registering in my DNS, seems to be ok there. Now I want it to 
activate my Win 7 and Office 2010 clients. So I fire the following command: 
 slmgr -IPK MY-WIN7-KEY-IN-HERE   and get a pop that says   Installed product 
key successfully.  However it does not show after that as a license on the KMS 
server using -dlv.  I have tried -ATO on the Win7 license and that fails.

I am missing something obvious here, I think I have made this too complicated 
in my head.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: ESXi fun

[Ken Cornetet]

I'm not sure if ESXi would see a USB drive or not, but even if it did, it isn't 
going to be able to write to an NTFS partition. FAT32 would work, but would 
only support drives of a limited size, and the file size would be limited to 
2gb, so you'd have to convert your vmdk files to the form where a vmdk is a 
collection of files under 2gb (I don't recall what ESX calls that).

Alternately, you could format the USB drive as EXT2. There are some windows 
drivers available that let you mount EXT2 drives.

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Monday, September 20, 2010 2:42 PM
To: NT System Admin Issues
Subject: ESXi fun

As some of you may have noticed, I'm currently engaged in a battle with a 
half-dead ESXi boxI'm on the verge of restoring from backup, but one last 
try

Does anyone know if there is any way to copy the virtual machine files from the 
ESXi "tech support mode" console onto, say, a USB drive, or somewhere else I 
might be able to load them onto a fresh ESXi install (this is because I'm 
betting ESXi doesn't support USB removable drives, although I am happy to be 
proved wrong)? The server isn't getting onto the network and there's no shared 
storage so it would have to be a "local" solution of some kind.

I'm at a new job so as I'm such a quiet guy I am not usually keen to ask too 
many questions of as-yet-unfamiliar co-workers, so I'm leaning on the old 
faithful mailing list pretty heavy here :-)

If no joy, I'll be pulling out the first backup tape I've ever touched in a 
long, long time

TIA,



JRR

--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: iTunes

[Ken Cornetet]

In a very theoretical way you are correct, but as a practical matter, not so 
much so.

Yes, it is theoretically possible that itunes could have a bug that could be 
triggered by a specifically malformed mp3 file, but the chance that the bug 
would lead to usable results by the “attacker” is extremely thin.

It is a bit like saying that text files should be banned because some text file 
might possibly exist that causes notepad to download a trojan and install it. 
Possible, but not very likely.

From: Crawford, Scott [mailto:crawfo...@evangel.edu]
Sent: Thursday, September 16, 2010 11:22 AM
To: NT System Admin Issues
Subject: RE: iTunes


Music obtained from peer to peer networks is often infected.

No music format that I am aware of has the capability of carrying executable 
code.

All files – music or otherwise – are streams of 1’s and 0’s. I’s solely up to 
the application playing the files that determine what the bits mean. If there’s 
a security vulnerability in iTunes, then an MP3 file would be a likely vehicle 
for delivering it.  A file doesn’t need to be overtly “code” to exploit a 
vulnerability.

From: Ken Cornetet [mailto:ken.corne...@kimball.com]
Sent: Thursday, September 16, 2010 9:20 AM
To: NT System Admin Issues
Subject: RE: iTunes


Cons addressed in-line



CONS



It is more of an iTunes Store kiosk than a music manager.

iTunes store is available, but you don’t have to use it. What can’t iTunes do 
as a manager that other media players can do?



Encourages proliferation of illegally obtained music.

More so than Windows Media Player? Actually, I’d say that the ability to very 
easily buy music via the iTunes store discourages illegal music.



Music obtained from peer to peer networks is often infected.

No music format that I am aware of has the capability of carrying executable 
code.



Uses valuable bandwidth, streaming and downloading.

No more than WMP and you can easily block it if you like.



Windows Media Player is already included in Windows to play music.

Why is this a con for iTunes?



iTunes media is generally high bitrate, meaning audio and video will take up a 
lot of space.

iTunes does not control the bitrate of the digital media. The person creating 
the media controls the bitrate.



Massive memory footprint puts a strain on system resources.

I wouldn’t call iTunes svelte, but it isn’t horrible in its requirements. I run 
it on a Thinkpad T23 (900Mhz, 512MB) at home.



Time to backup user's files increases exponentially

Again, this has nothing to do with iTunes. Have the user put their music files 
somewhere other than their “My Documents”. Or, exclude media file types from 
being backed up.



Installs other required applications with it (Quicktime, Safari, 
AppleApplicationSupport, MobileMe, Bonjour, etc)

You don’t have to install Safari. The other stuff stays out of the way.



Requires frequent updating.

You can turn checking for updates off.



Requires admin rights to update it.

AFAIK, you have to be admin to even run iTunes. This does suck.



iTunes updates have a nasty history of triggering system crashes.

I call BS on this. I’ve certainly never had a crash from running iTunes.



PROS



Apple users like it.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~

~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~



---

To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/

or send an email to listmana...@lyris.sunbeltsoftware.com

with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: iTunes

[Ken Cornetet]

Cons addressed in-line



CONS



It is more of an iTunes Store kiosk than a music manager.

iTunes store is available, but you don’t have to use it. What can’t iTunes do 
as a manager that other media players can do?



Encourages proliferation of illegally obtained music.

More so than Windows Media Player? Actually, I’d say that the ability to very 
easily buy music via the iTunes store discourages illegal music.



Music obtained from peer to peer networks is often infected.

No music format that I am aware of has the capability of carrying executable 
code.



Uses valuable bandwidth, streaming and downloading.

No more than WMP and you can easily block it if you like.



Windows Media Player is already included in Windows to play music.

Why is this a con for iTunes?



iTunes media is generally high bitrate, meaning audio and video will take up a 
lot of space.

iTunes does not control the bitrate of the digital media. The person creating 
the media controls the bitrate.



Massive memory footprint puts a strain on system resources.

I wouldn’t call iTunes svelte, but it isn’t horrible in its requirements. I run 
it on a Thinkpad T23 (900Mhz, 512MB) at home.



Time to backup user's files increases exponentially

Again, this has nothing to do with iTunes. Have the user put their music files 
somewhere other than their “My Documents”. Or, exclude media file types from 
being backed up.



Installs other required applications with it (Quicktime, Safari, 
AppleApplicationSupport, MobileMe, Bonjour, etc)

You don’t have to install Safari. The other stuff stays out of the way.



Requires frequent updating.

You can turn checking for updates off.



Requires admin rights to update it.

AFAIK, you have to be admin to even run iTunes. This does suck.



iTunes updates have a nasty history of triggering system crashes.

I call BS on this. I’ve certainly never had a crash from running iTunes.



PROS



Apple users like it.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~

~   ~



---

To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/

or send an email to listmana...@lyris.sunbeltsoftware.com

with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: My first Win2008R2 Domain Server and IPv6

[Ken Cornetet]

What version of Exchange?

We had to disable IPv6 to get E2K7 working.

From: John Cook [mailto:john.c...@pfsf.org]
Sent: Wednesday, September 15, 2010 6:55 AM
To: NT System Admin Issues
Subject: Re: My first Win2008R2 Domain Server and IPv6

Exchange for one
John W. Cook
Systems Administrator
Partnership for Strong Families


From: Richard Stovall 
To: NT System Admin Issues 
Sent: Tue Sep 14 22:54:10 2010
Subject: Re: My first Win2008R2 Domain Server and IPv6
Haven't there have been a number of threads here over the last year or so that 
have warned against disabling IPv6 on Server 2008 / SP1 / R2.  I haven't paid 
particularly close attention, and forgive me for posting without having all my 
ducks lined up, but aren't there some things that break by disabling IPv6?

On Tue, Sep 14, 2010 at 4:06 PM, Jim von Stein 
mailto:jvonst...@soastc.org>> wrote:
Total 2008 Server/IPv6 noob question here:

I'm trying to bring up my first 2008 R2 domain server, and I hit a speed  bump 
with IPv6; dcpromo (at least the GUI version) won't proceed without some sort 
of IPv6 address. My ISP isn't supporting it yet, I'm not using it internally 
yet. Am I better off removing IPv6 from the interface(s) or doing a ULA (even 
though I don't know what I'm doing or what I'll eventually want to be doing).

Jim v.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you really need 
to.


This email and any attached files are confidential and intended solely for the 
intended recipient(s). If you are not the named recipient you should not read, 
distribute, copy or alter this email. Any views or opinions expressed in this 
email are those of the author and do not represent those of the company. 
Warning: Although precautions have been taken to make sure no viruses are 
present in this email, the company cannot accept responsibility for any loss or 
damage that arise from the use of this email or attachments.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Alternative VoIP Solutions

[Ken Cornetet]

Asterisk is THE open source VoIP solution. You can learn more at 
http://www.asterisk.org/

Asterisk is mind numbingly flexible (complex) and as a result, there are 
pre-configured distributions available, the most popular of which is probably 
PBX-in-a-flash. You can check it out here: http://pbxinaflash.net/

An up and coming VoIP system is FreeSwitch http://www.freeswitch.org/. 
FreeSwitch claims to be simpler and more stable than Asterisk, but it only does 
VoIP - it does not support analog line cards like Asterisk does.


-Original Message-
From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Thursday, September 09, 2010 8:32 AM
To: NT System Admin Issues
Subject: RE: Alternative VoIP Solutions

I know some "hobbyists" who have deployed linux-based VOIP PBX machines. I
will pass your message along to another mailing list I'm on and see if any
of them can help you. Right off the top of my head I can't think of the name
of the open-source solution they have used.



-Original Message-
From: Juma, Lumumba [mailto:lcj...@icipe.org] 
Sent: Thursday, September 09, 2010 7:27 AM
To: NT System Admin Issues
Subject: Alternative VoIP Solutions


Hi All,

We are exploring the market for VoIP solutions. However, known market
products like CISCO, Siemens, Alcatel are proving rather expensive for us as
a non-profit. Open source seems the way to go for us. Has any of you
deployed an open source VoIP solution? Support is a crucial factor for us,
we are based in Kenya East Africa. I will appreciate reference companies.

Thanks,

Lumumba.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Citrix XenAppPrep

[Ken Cornetet]

I use the cloning tool from citrixtools.net

Here's the steps that I do:

Create template by shutting down an app server and cloning to template. The 
only thing I do special at this point is to delete the SMS (Config Manager) 
certifificates. Not applicable unless you use Config Manager.

Deploy template using a customization configuration.

Power up new virtual and let customization do its thing (sysprep).

Log in after reboot. At this point there is no network connectivity. Run the 
Citrix.net cloning tool and tell it to not automatically start services, and 
tell it to prepare for normal cloning.

Verify that the cloning tool fixed the DSN files in C:\program 
files\Citrix\Independent Management Architecture (it usually does) and that it 
changes the MAC address in the C:\program files\Citrix\System32\ctxsta.config 
file (it usually doesn't)

Join virtual to domain, do patching, etc.

Run Citrix.net cloning tool and tell it to start the services.

Reboot. New server should show up in AMC.

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Wednesday, September 01, 2010 11:32 AM
To: NT System Admin Issues
Subject: Citrix XenAppPrep

Anyone using the XenAppPrep tool to deploy Citrix XenApp servers from VMWare 4 
templates? Does it seem to work OK in this configuration, or is it purely for 
use with the Citrix Provisioning Services?

TIA,



JRR

--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: terminal services/citrix/xen desktop etc for bean counters.

[Ken Cornetet]

For no more users than you are talking about, I'd set up a server with ESXi 4.1 
(free) and simply create a number of virtual XP or Win7 workstations. Users 
would RDP to them. Set up group policy so that they have roaming profiles.

The dual monitor requirement might be a bit tough in any environment. I guess 
they could create two RDP sessions to two different XP VMs.

-Original Message-
From: Bill Humphries [mailto:nt...@hedgedigger.com] 
Sent: Monday, August 30, 2010 5:05 PM
To: NT System Admin Issues
Subject: terminal services/citrix/xen desktop etc for bean counters.

Anyone here had any success with using these technologies in an 
accounting/CPA environment?  I have a 25 person CPA client that is 
interested in doing something to support working remotely for a few 
employees and also opening a 3 or 4 person branch office in the near 
future.  Lacerte and Quickbooks over a VPN just don't cut it.  Some 
items that make the project difficult...

1)  They went paperless a couple of years ago and dual monitors for 
everyone is important for workflow.  So, we need good support of dual 
monitors.
2) User rights.  Everyone right now is local admin on machines.  You can 
thank intuit for making it near impossible to avoid.
3) Quickbooks (see intuit issue above) claims terminal services is not 
supported in anything but their enterprise version.  They are a CPA firm 
and install multiple versions of quickbooks on workstations.  Not sure 
if using a VM, rather than TS gets around this.
4) Software/Printer installs.  Almost every intuit and CCH product they 
use comes with it's own PDF printer that must be installed.  This 
already causes the occasional printer driver problem on physical machines.

Anyone have any advice for what solutions would be right out or deserve 
consideration?  I just found out about Xen Desktop Express for 10 or 
fewer users.  That has piqued my interest.  The competitor to that is 
VMware's View, right?

Thanks for any help/knowledge you can share.

Bill

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
You are currently subscribed to ntsysadmin as: ken.corne...@kimball.com.
To unsubscribe click here: 
http://lyris.sunbelt-software.com/u?id=8059012.67666fbb400b98901288c4ba64435a95&n=T&l=ntsysadmin&o=9079786
or send a blank email to 
leave-9079786-8059012.67666fbb400b98901288c4ba64435...@lyris.sunbelt-software.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: 100/1000 base-T isolators?

[Ken Cornetet]

Keep in mind that X Base-T *is* electrically isolated. Look at a NIC and you'll 
see a small isolation transformer. These transformers work great up to a 
certain point (I'm guessing in the high hundreds of volts range). The kinds of 
induced voltage you get from lightening strikes can (and will) take them out, 
but floating grounds are not going to be an issue.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Monday, August 16, 2010 4:04 PM
To: NT System Admin Issues
Subject: RE: 100/1000 base-T isolators?

Well, I know that in at least a few of my customers I have "floating grounds" 
in between-floor connections. I'm looking to address that, but the IT guys look 
at me like I'm crazy, and the facilities guys say "why should a computer care"? 
Sofiber is the right long-term solution. :-P

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Jon Harris [mailto:jk.har...@gmail.com]
Sent: Monday, August 16, 2010 3:52 PM
To: NT System Admin Issues
Subject: Re: 100/1000 base-T isolators?

If those suggestions are not working you might want to have the client look at 
adding lightening rods to the buildings.  I had to isolate the buildings using 
fiber runs which seemed to work in my case that worked but then we were getting 
hit on the outside runs between buildings.  The buildings were in a "grove" of 
pines.  Also know as southern lightening rods.

Jon
On Mon, Aug 16, 2010 at 3:29 PM, Andy Shook 
mailto:andy.sh...@peak10.com>> wrote:
It was certified (Cat5e) but I don't remember who did the certification before 
ProtectNet went inline.  The APC gear was brought into play in response to a 
direct lighting strike that took out half my switching core and my entire phone 
system.  That was a July 4th weekend I will never forget...

Shook


-Original Message-
From: Raper, Jonathan - Eagle 
[mailto:jra...@eaglemds.com]
Sent: Monday, August 16, 2010 2:07 PM
To: NT System Admin Issues
Subject: RE: 100/1000 base-T isolators?

Hey Shook, just curious...in that environment, do you know for certain if the 
cable plant was CAT5/5e/6 certified with something like a Fluke, HP, or IDEAL 
LanTek Cable Certifier prior to the ProtectNet in place? It would be 
interesting to see how putting one of those in would impact certification of 
the wire.

Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.com
www.eaglemds.com

-Original Message-
From: Andy Shook [mailto:andy.sh...@peak10.com]
Sent: Monday, August 16, 2010 2:02 PM
To: NT System Admin Issues
Subject: RE: 100/1000 base-T isolators?
I've used APC ProtectNet in a prior position and I saw marginal success.  WHEN 
it let normal traffic through they were great...
Shook
-Original Message-
From: Michael B. Smith 
[mailto:mich...@smithcons.com]
Sent: Monday, August 16, 2010 12:53 PM
To: NT System Admin Issues
Subject: RE: 100/1000 base-T isolators?

Someone off-list pointed me to the APC ProtectNet series of products. I've 
placed an order for a few dozen of them. If they don't work out, I'll give 
BlackBox and Panamax a go.

Thanks!

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~
Any medical information contained in this electronic message is CONFIDENTIAL 
and privileged. It is unlawful for unauthorized persons to view, copy, 
disclose, or disseminate CONFIDENTIAL information. This electronic message may 
contain information that is confidential and/or legally privileged. It is 
intended only for the use of the individual(s) and/or entity named as 
recipients in the message. If you are not an intended recipient of this 
message, please notify the sender immediately and delete this material from 
your computer. Do not deliver, distribute or copy this message, and do not 
disclose its contents or take any action in reliance on the information that it 
contains.


Any medical information contained in this electronic message is CONFIDENTIAL 
and privileged. It is unlawful for unauthorized persons to view, copy, 
disclose, or disseminate CONFIDENTIAL information. This electronic message may 
contain information that is confidential and/or legally privileged. It is 
intended only for the use of the individual(s) and/or entity named as 
recipients in the message. If you are not an intended recipient of this 
message, please notify the sender immediately and delete this material from 
your computer. Do not deliver, distribute or copy this message, and do not 
disclose its contents or take any action in reliance on the information that it 
contains.

~ Finally, powerful endpoint security that ISN'T a resource ho

RE: Wireless Machine Authentication

[Ken Cornetet]

We use EAP-TLS authenticating to Microsoft's IAS. The workstations all have a 
machine certificate generated by an internal certificate server. Workstations 
authenticate and connect to wireless before the user ever logs in.

From: Kelsey, John [mailto:jckel...@drmc.org]
Sent: Friday, July 30, 2010 10:36 AM
To: NT System Admin Issues
Subject: FW: Wireless Machine Authentication

All Cisco LWAP access points using a 5508 wireless controller.  We have PEAP 
set up so users can authenticate on the wireless network using their AD 
login...peachy.

BUT...we have some machines that need to authenticate on the wireless before 
the user logs on (so they get can group policies and such).  I thought we could 
just provide a generic credential and it would work but no such luck.  How the 
heck do you make this work?  The workstations are XP SP3 with intel wireless 
cards.

Thanks all!

*
John C. Kelsey
DuBois Regional Medical Center
*:  814.375.3073
*  :   814.375.4005
*:   jckel...@drmc.org
*


This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. If 
you have received this email in error please notify the system manager. This 
message contains confidential information and is intended only for the 
individual named. If you are not the named addressee you should not 
disseminate, distribute or copy this e-mail.





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: hosed 2k8

[Ken Cornetet]

No, I don't think I ever found a KB for it. If memory serves, I found the 
answer in a MSDN discussion forum.

-Original Message-
From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Monday, July 12, 2010 11:47 PM
To: NT System Admin Issues
Subject: RE: hosed 2k8

Hmm - got a KB link for that IIS issue? I've done what you've described before, 
and not seen any issues.

Cheers
Ken

-Original Message-
From: Ken Cornetet [mailto:ken.corne...@kimball.com] 
Sent: Tuesday, 13 July 2010 5:36 AM
To: NT System Admin Issues
Subject: RE: hosed 2k8

You mentioned IIS. Did you perhaps recently install a certificate for use with 
IIS?

2k8 will freak out very, very badly if you install a cert that does not have a 
trusted root.

-Original Message-
From: S Powell [mailto:powe...@gmail.com]
Sent: Monday, July 12, 2010 5:18 PM
To: NT System Admin Issues
Subject: hosed 2k8

Hello World!

I have a 2008 server that this morning decided to go walkabout.

Parallels VM, 2008 server, Sharepoint.

I can get it to start up, and it looks like it is up and running, but almost 
none of the services are starting.
IIS fails, no networking, Backup exec, Net.MSmq Message queueing, AFD, DfsC, 
NetBios

yeah huge swaths of things not booting  rebooted several times, safe mode, 
last known good config etc.
can't install or uninstall anything.

I've been looking for a way to walk through it starting up service up one at a 
time and No Joy..

nothing will startup.

I and log into the server, and Server Manager comes up and it sits on 
"collecting Data"

anyone have any thoughts?


Google.com  Learn it. Live it. Love it.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: hosed 2k8

[Ken Cornetet]

You mentioned IIS. Did you perhaps recently install a certificate for use with 
IIS?

2k8 will freak out very, very badly if you install a cert that does not have a 
trusted root.

-Original Message-
From: S Powell [mailto:powe...@gmail.com] 
Sent: Monday, July 12, 2010 5:18 PM
To: NT System Admin Issues
Subject: hosed 2k8

Hello World!

I have a 2008 server that this morning decided to go walkabout.

Parallels VM, 2008 server, Sharepoint.

I can get it to start up, and it looks like it is up and running, but
almost none of the services are starting.
IIS fails, no networking, Backup exec, Net.MSmq Message queueing, AFD,
DfsC, NetBios

yeah huge swaths of things not booting  rebooted several times,
safe mode, last known good config etc.
can't install or uninstall anything.

I've been looking for a way to walk through it starting up service up
one at a time and No Joy..

nothing will startup.

I and log into the server, and Server Manager comes up and it sits on
"collecting Data"

anyone have any thoughts?


Google.com  Learn it. Live it. Love it.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: BAD joke

[Ken Cornetet]

A horse walks into a bar and the bartender says "What's with the long face, 
buddy?"

One atom meets up with another and asks how it is doing. The second atom says 
"Not so good, I've lost an electron.". The first says "Are you sure?". The 
second replies "I'm positive."


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Virtualizing applications

[Ken Cornetet]

I doubt Microsoft is ceding virtualized desktops. They just added virtual 
desktop and a slew of new virtual app features in server 2008 R2.

From: Webster [mailto:carlwebs...@gmail.com]
Sent: Wednesday, May 05, 2010 1:54 PM
To: NT System Admin Issues
Subject: RE: Virtualizing applications

Just between me and you (and everyone else on this list) my Citrix contacts are 
telling me to concentrate on App-V (and hurry up and write some articles on it).

Citrix is ceding streaming to App-V
Microsoft is ceding virtualized desktops to XenDesktop

Just what I have been told by several Citrites.

Hope to learn more at the Citrix Synergy next week and from all the CTP 
meetings.  I will fill you in on what is not NDA when I get back (just remind 
me).


Carl Webster
Citrix Technology Professional
http://dabcc.com/Webster




From: Tom Miller [mailto:tmil...@hnncsb.org]
Sent: Wednesday, May 05, 2010 9:29 AM
To: NT System Admin Issues
Subject: RE: Virtualizing applications

Wow, so no more streaming profiler.  I had issues with it off and on.  App-v it 
is.

>>> "Webster"  5/5/2010 12:13 PM >>>
Yes that is what I am saying.


Webster

From: Tom Miller [mailto:tmil...@hnncsb.org]
Subject: RE: Virtualizing applications

Webster are you saying use App-V instead of Citrix streaming?  I'll need to 
keep that in mind for XenDesktop when I roll that out.

>>> "Webster"  5/5/2010 10:44 AM >>>
Citrix now recommends using App-V with XenApp 6.  I would recommend going in 
that direction.  I will be as soon as I can find some lab time that is not 
spent writing articles.  Several of the CTPs are also App-V MVPs.



Carl Webster
Citrix Technology Professional
http://dabcc.com/Webster



From: James Rankin [mailto:kz2...@googlemail.com]
Subject: Virtualizing applications

We are in the process of migrating our Citrix 4.5 x86 Windows 2003 R2 farm to a 
brand new, Windows 2008 R2 XenApp 6 x64 environment. All is going swimmingly 
well...until a couple of departments remind us that they have some old apps 
that are vitally important to them they'd like including in the new deployment. 
All this after they forgot to mention it in the initial systems analysis and 
only two days before go-livethe lack of communication is an issue I'm not 
looking for advice on.

The issue I am concerned with is how to get these apps into the new 
environment. Naturally, they won't install on x64 servers or 2008. Because 
we're using XenApp 6 we can't join either MPS 4.5 or XenApp 5 servers to the 
farm, which would have been handy as we could have built an x86 server and 
published these apps on it. So I thought I'd fire up another server, install 
the Citrix Streaming Profiler and virtualize them as streamed applications to 
the new environment. No dice there either. The first of these problem apps uses 
a huge set of patches that have to be deployed through a vendor-specific 
patching tool, and this causes the profiler to crash. Same with the second app 
- it uses some strange installer procedures and the profiler fails when running 
it. So I am kind of at a dead end.

The only other thing I can think of is using App-V, but I'm worried that this 
will a) put me back a few days as I learn how to use it, and b) could possibly 
fail in the same way as the Citrix Profiler solution. There's also the problem 
of learning how to integrate XenApp 6 and App-V, which I am sure can be done 
but which I have no experience of. Either way, it seems a bit tricky.

Does anyone else have any bright ideas that might help out? Could I use RDP 
connections to a virtual x86 server with these apps on and use Terminal 
Services to "publish" applications in the same way as Citrix does, without the 
hassle of the incompatible farms in Citrix? Or is there some better way of 
virtualizing application access, or indeed any other way I could achieve this 
in the small timeframe I have been left with? All ideas, hints, tips and 
suggestions are gratefully accepted.








Confidentiality Notice: This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information. Any unauthorized review, use, disclosure, or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.









~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: www.Sunbelt-software.com down?

[Ken Cornetet]

It depends on how you define "round trip". I was thinking in terms of a round 
trip meaning to the satellite and back. But, you are correct in that a ping 
packet would travel 100,000 miles "round trip" from client to host to client. 

-Original Message-
From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Friday, April 30, 2010 10:05 AM
To: NT System Admin Issues
Subject: RE: www.Sunbelt-software.com down?

How do you figure ???

... if the orbital height is approx 22,000 to 26,000 miles, then 100,000
miles is a pretty close approximation as it takes 4 legs for a complete
round trip :
Outbound Uplink25,000 miles
Outbound Downlink  25,000
Inbound  Uplink25,000
Inbound  Downlink  25,000
100,000 miles total 

Erik Goldoff
IT  Consultant
Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '



-----Original Message-
From: Ken Cornetet [mailto:ken.corne...@kimball.com] 
Sent: Friday, April 30, 2010 9:51 AM
To: NT System Admin Issues
Subject: RE: www.Sunbelt-software.com down?

You are off by a factor of two on your round trip distance:
http://en.wikipedia.org/wiki/Geosynchronous_orbit


-Original Message-
From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Friday, April 30, 2010 9:23 AM
To: NT System Admin Issues
Subject: RE: www.Sunbelt-software.com down?

Quick approximations :

Speed of light is 186,000 miles per second.
Round-trip distance of VSAT is approx 100,000 miles ( up-down-up-back )
The mechanisms of the network always add to slow the theoretical max speed
So I stick with my 600-700ms best case scenario


Erik Goldoff
IT  Consultant
Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '



-Original Message-
From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Friday, April 30, 2010 9:14 AM
To: NT System Admin Issues
Subject: RE: www.Sunbelt-software.com down?

Hmm, that's about double what I remember, but maybe I was thinking of
single-leg latency.

Too busy to do the math on a Friday. :)

-sc

> -Original Message-
> From: Eldridge, Dave [mailto:d...@parkviewmc.com]
> Sent: Friday, April 30, 2010 9:12 AM
> To: NT System Admin Issues
> Subject: RE: www.Sunbelt-software.com down?
> 
> Same here. very painful. 1500 ms ping times with HughesNet
> 
> -Original Message-
> From: Steven M. Caesare [mailto:scaes...@caesare.com]
> Sent: Friday, April 30, 2010 7:06 AM
> To: NT System Admin Issues
> Subject: RE: www.Sunbelt-software.com down?
> 
> Hehe... I've done it. It's painful. But better than having to book a
plane ticket
> for emergencies.
> 
> Actually, TightVNC with local cursor update was bearable...
> 
> -sc
> 
> > -Original Message-
> > From: Erik Goldoff [mailto:egold...@gmail.com]
> > Sent: Friday, April 30, 2010 9:03 AM
> > To: NT System Admin Issues
> > Subject: RE: www.Sunbelt-software.com down?
> >
> > With anything bird based, you'll never get less than about 600-700ms
> latency
> > as a best case scenario, and then latency delays get worse from
there.
> > Don't even bother trying to use Citrix ICA or Terminal Server RDP
over
> a VSAT
> > link 
> >
> >
> > Erik Goldoff
> > IT  Consultant
> > Systems, Networks, & Security
> >
> > '  Security is an ongoing process, not a one time event ! '
> >
> >
> >
> > -Original Message-
> > From: James Kerr [mailto:cluster...@gmail.com]
> > Sent: Thursday, April 29, 2010 5:27 PM
> > To: NT System Admin Issues
> > Subject: Re: www.Sunbelt-software.com down?
> >
> > To hell with fixed wireless get an earth station installed!
> >
> >
> > - Original Message -
> > From: "Ben Scott" 
> > To: "NT System Admin Issues" 
> > Sent: Thursday, April 29, 2010 5:16 PM
> > Subject: Re: www.Sunbelt-software.com down?
> >
> >
> > > On Thu, Apr 29, 2010 at 3:07 PM, Stu Sjouwerman
> > >  wrote:
> > >> So we were 3 for 3 with internet services going down for a little
> > >> while there.
> > >
> > >  Thanks for the info, Stu.  Sharing info is good.
> > >
> > >  You may want to look into fixed-wireless connectivity.  Here at
> > > %WORK%, we have two 'net feeds.  One is an ordinary Comcast cable
> > > Internet feed.  The other is fixed-wireless, provider is a local
> ISP.
> > > Antenna on our roof goes to a tower at the top of a local hill.
> From
> > > that station they can hop to their local office a few towns over.
> > > 

RE: www.Sunbelt-software.com down?

[Ken Cornetet]

You are off by a factor of two on your round trip distance: 
http://en.wikipedia.org/wiki/Geosynchronous_orbit


-Original Message-
From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Friday, April 30, 2010 9:23 AM
To: NT System Admin Issues
Subject: RE: www.Sunbelt-software.com down?

Quick approximations :

Speed of light is 186,000 miles per second.
Round-trip distance of VSAT is approx 100,000 miles ( up-down-up-back )
The mechanisms of the network always add to slow the theoretical max speed
So I stick with my 600-700ms best case scenario


Erik Goldoff
IT  Consultant
Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '



-Original Message-
From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Friday, April 30, 2010 9:14 AM
To: NT System Admin Issues
Subject: RE: www.Sunbelt-software.com down?

Hmm, that's about double what I remember, but maybe I was thinking of
single-leg latency.

Too busy to do the math on a Friday. :)

-sc

> -Original Message-
> From: Eldridge, Dave [mailto:d...@parkviewmc.com]
> Sent: Friday, April 30, 2010 9:12 AM
> To: NT System Admin Issues
> Subject: RE: www.Sunbelt-software.com down?
> 
> Same here. very painful. 1500 ms ping times with HughesNet
> 
> -Original Message-
> From: Steven M. Caesare [mailto:scaes...@caesare.com]
> Sent: Friday, April 30, 2010 7:06 AM
> To: NT System Admin Issues
> Subject: RE: www.Sunbelt-software.com down?
> 
> Hehe... I've done it. It's painful. But better than having to book a
plane ticket
> for emergencies.
> 
> Actually, TightVNC with local cursor update was bearable...
> 
> -sc
> 
> > -Original Message-
> > From: Erik Goldoff [mailto:egold...@gmail.com]
> > Sent: Friday, April 30, 2010 9:03 AM
> > To: NT System Admin Issues
> > Subject: RE: www.Sunbelt-software.com down?
> >
> > With anything bird based, you'll never get less than about 600-700ms
> latency
> > as a best case scenario, and then latency delays get worse from
there.
> > Don't even bother trying to use Citrix ICA or Terminal Server RDP
over
> a VSAT
> > link 
> >
> >
> > Erik Goldoff
> > IT  Consultant
> > Systems, Networks, & Security
> >
> > '  Security is an ongoing process, not a one time event ! '
> >
> >
> >
> > -Original Message-
> > From: James Kerr [mailto:cluster...@gmail.com]
> > Sent: Thursday, April 29, 2010 5:27 PM
> > To: NT System Admin Issues
> > Subject: Re: www.Sunbelt-software.com down?
> >
> > To hell with fixed wireless get an earth station installed!
> >
> >
> > - Original Message -
> > From: "Ben Scott" 
> > To: "NT System Admin Issues" 
> > Sent: Thursday, April 29, 2010 5:16 PM
> > Subject: Re: www.Sunbelt-software.com down?
> >
> >
> > > On Thu, Apr 29, 2010 at 3:07 PM, Stu Sjouwerman
> > >  wrote:
> > >> So we were 3 for 3 with internet services going down for a little
> > >> while there.
> > >
> > >  Thanks for the info, Stu.  Sharing info is good.
> > >
> > >  You may want to look into fixed-wireless connectivity.  Here at
> > > %WORK%, we have two 'net feeds.  One is an ordinary Comcast cable
> > > Internet feed.  The other is fixed-wireless, provider is a local
> ISP.
> > > Antenna on our roof goes to a tower at the top of a local hill.
> From
> > > that station they can hop to their local office a few towns over.
> > > From there they have landlines to two different major providers.
> The
> > > local ISP even has plans to go wireless from their local office to
> > > their POP in Boston, about 50 miles away.
> > >
> > > -- Ben
> > >
> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~
> > >   ~
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> >   ~
> >
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> >   ~
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~
> 
> 
> 
> This message contains confidential information and is intended only
for the
> intended recipient(s). If you are not the named recipient you should
not
> read, distribute or copy this e-mail. Please notify the sender
immediately via
> e-mail if you have received this e-mail by mistake; then, delete this
e-mail
> from your system.
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ 

RE: Webtrends

[Ken Cornetet]

I can tell you one thing about Webtrends (at least up to version 8) - run it 
using the built in MySQL.

If you use SQL server, you will run into problems *every* time you upgrade, and 
their tech support people will be of little use. Believe me, I've spent many, 
many hours on the phone with their tech support. They only train on MySQL based 
systems. They know nothing about SQL server.

This might have changed recently - I've not worked much with it lately. 

-Original Message-
From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] 
Sent: Tuesday, April 20, 2010 7:10 PM
To: NT System Admin Issues
Subject: RE: Webtrends

Thanks.  Also trying to verify if it runs on Server 2k8 R2.  Their site says 
yes to 2k8 x64, but doesn't mention R2, which as we all know, is a much 
different beast.

>>> "Steven M. Caesare"  4/20/2010 3:56 PM >>>
I'll see if I can talk to the folks running it at our place to get some
opinions...

-sc

-Original Message-
From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] 
Sent: Tuesday, April 20, 2010 4:37 PM
To: NT System Admin Issues
Subject: Webtrends

Anyone out there using Webtrends Analytics?  Trying to gather some
information about the product, such as hardware requirements, etc, and
the site is confusing.  Also, would like to hear real-world experiences
with the product, and if you're not using Webtrends, but you do
analytics, I'd appreciate other options.

Our basic requirements:

Product needs to be database driven:  data retention, log retention in a
database structure.

Web trending

client statistics

File types requested, etc.


TIA,


Joe Heaton


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: question on cat-6 and 480V together

[Ken Cornetet]

I don't think the 480 line will induce enough noise into the network line to be 
a problem (the tightly twisted pairs in the cat 6 cable means a very good 
common mode noise rejection http://en.wikipedia.org/wiki/Twisted_pair).

I think the problem you are going to run into is lightening. Strikes anywhere 
close will produce voltage differentials large enough to fry the transceivers 
on either end of the run. Ethernet surge protectors on both ends will help this.

As others have mentioned, fiber is the way to go on this.

From: Eldridge, Dave [mailto:d...@parkviewmc.com]
Sent: Wednesday, April 07, 2010 7:55 AM
To: NT System Admin Issues
Subject: OT: question on cat-6 and 480V together

I am being told that one of our MRI machines is temporarily moving to a trailer 
out on the street and they want to pull overhead a cat-6 and 3phase 480V 
together. Way out of my league. Anyone see any noise issues with these tied 
together? Anything else I'm missing?
thanks


This e-mail contains the thoughts and opinions of the sender and does not 
represent official Parkview Medical Center policy.

This communication is intended only for the recipient(s) named above, may be 
confidential and/or legally privileged: and, must be treated as such in 
accordance with state and federal laws. If you are not the intended recipient, 
you are hereby notified that any use of this communication, or any of its 
contents, is prohibited. If you have received this communication in error, 
please return to sender and delete the message from your computer system.{token}





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: CompTIA certs

[Ken Cornetet]

Since we are on the subject of ancient history, anyone remember ARCnet? I used 
to run an ARCnet network for automated test equipment. Our older Z80 based 
testers ran a dedicated protocol for communicating to a central data collection 
server, and the newer MSDOS based testers ran Novell's LanWorkplace TCP/IP 
stack to do IP over ARCnet.

Packet drivers, ODI shims... fun, fun, fun!


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Terminal Server 2008 Question

[Ken Cornetet]

Create a batch file and make it the webapp.

The batch file would consist of something like:
R:\%USERNAME%\application.exe

From: Matt Plahtinsky [mailto:cbusitl...@gmail.com]
Sent: Wednesday, February 10, 2010 1:18 PM
To: NT System Admin Issues
Subject: Terminal Server 2008 Question

I have a question. I have an application that when run on a TS server needs to 
run its own instance.  See below example.  Works great running from the TS 
Server but I'm trying to figure out how / if I could publish the app through TS 
web applications.  Is there anyway to customize / personalize each users 
shortcut to the app?

User1 R:\User1\application.exe
User2 R:\User2\application.exe
User3 R:\User3\application.exe

Thanks

Matt





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: A blast from the past...

[Ken Cornetet]

Wow, I guess Andy Warhol was right: I've now had my 15 minutes of fame.

Geez, I miss Ed. Even though he and I sometimes disagreed, I always enjoyed 
yanking ol' Curmudgeon Spice's chain.

From: Don Ely [mailto:don@gmail.com]
Sent: Tuesday, December 08, 2009 10:21 AM
To: NT System Admin Issues
Subject: A blast from the past...

For those of you who think it can get ugly around here...

http://hellomate.typepad.com/exchange/2009/12/old-quotes-from-an-old-exchange-list.html







~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: dhcp reservations

[Ken Cornetet]

http://technet.microsoft.com/en-us/library/cc787375(WS.10).aspx#BKMK_addresdip


From: Benjamin Zachary - Lists [mailto:li...@levelfive.us]
Sent: Wednesday, October 14, 2009 5:23 PM
To: NT System Admin Issues
Subject: RE: dhcp reservations

Im aware of that and was thinking of unlimited, however whast happening is we 
have a network with multiple buildings and multiple lans. The network is pretty 
active in movement and equipment. The problem is that people are bringing 
devices in. we thought about managing it at the procurve switch but its just 
too much. We had all the reservations there but had to recently redo the scope 
when we added 150 computers to the network. Right now we have about 50 procurve 
switches and the help desk staff is not capable of managing them when they move 
departments around.

What we were doing before was activating the scope, and forcing all mac's into 
reservation so when we deployed new pc's we would put the reservation in there 
in advance and then the workstation/device was ready to go.

I see I can export the current list with mac address and can massage that 
pretty quick, but didn't see a decent way to import using netsh commands.

Thanks I will poke around on the netsh

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Wednesday, October 14, 2009 3:47 PM
To: NT System Admin Issues
Subject: Re: dhcp reservations

Typically, Microsoft clients do not change their DHCP address unless the 
address they had before is no longer available.  They request the address they 
had previously.

ASB (My XeeSM Profile)
Providing Competitive Advantage through Effective IT Leadership

On Wed, Oct 14, 2009 at 3:02 PM, Benjamin Zachary - Lists 
mailto:li...@levelfive.us>> wrote:
Anyone know of an easy way to convert dhcp to dhcp w/reservations?
We have a 450 user network with all dhcp but need them to not change for some 
new software. I was hoping I could just right click on the current dhcp lease 
and convert it to a reservation but no such luck :0

Id rather not have to input 450 mac addresses. Im tinkering with netsh dhcp 
server to see if anything looks possible but so far nothing good.

Thanks















~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: dhcp reservations

[Ken Cornetet]

I just realized that we are still running Microsoft DHCP at a remote location. 
I looked.  Under the scope properties, there is a section "Lease duration for 
DHCP clients". There is a radio button for "Unlimited". That sounds like it 
will give you what you want.

As Jonathan Link points out, you could also dump your leases to a file, use 
perl, VBscript, batch, etc to extract the IP addresses and MAC address, then 
build netsh commands to delete the lease, then add the reservation.

From: Ken Cornetet [mailto:ken.corne...@kimball.com]
Sent: Wednesday, October 14, 2009 3:12 PM
To: NT System Admin Issues
Subject: RE: dhcp reservations

What is the maximum lease time on MS DHCP server? Could you just crank it WAY 
up?

From: Benjamin Zachary - Lists [mailto:li...@levelfive.us]
Sent: Wednesday, October 14, 2009 3:02 PM
To: NT System Admin Issues
Subject: dhcp reservations

Anyone know of an easy way to convert dhcp to dhcp w/reservations?
We have a 450 user network with all dhcp but need them to not change for some 
new software. I was hoping I could just right click on the current dhcp lease 
and convert it to a reservation but no such luck :0

Id rather not have to input 450 mac addresses. Im tinkering with netsh dhcp 
server to see if anything looks possible but so far nothing good.

Thanks










~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: dhcp reservations

[Ken Cornetet]

What is the maximum lease time on MS DHCP server? Could you just crank it WAY 
up?

From: Benjamin Zachary - Lists [mailto:li...@levelfive.us]
Sent: Wednesday, October 14, 2009 3:02 PM
To: NT System Admin Issues
Subject: dhcp reservations

Anyone know of an easy way to convert dhcp to dhcp w/reservations?
We have a 450 user network with all dhcp but need them to not change for some 
new software. I was hoping I could just right click on the current dhcp lease 
and convert it to a reservation but no such luck :0

Id rather not have to input 450 mac addresses. Im tinkering with netsh dhcp 
server to see if anything looks possible but so far nothing good.

Thanks






~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Evian Ad on YouTube

[Ken Cornetet]

This is how you do a bottled water commercial: 
http://www.youtube.com/watch?v=AiYYDSivdRk


From: Sherry Abercrombie [mailto:saber...@gmail.com]
Sent: Thursday, July 09, 2009 9:21 AM
To: NT System Admin Issues
Subject: OT: Evian Ad on YouTube

Just released yesterday to YouTube to "gauge" peoples reaction, kinda weird, 
but cute.

http://www.youtube.com/watch?v=_PHnRIn74Ag



--
Sherry Abercrombie

"Any sufficiently advanced technology is indistinguishable from magic."
Arthur C. Clarke





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: older HP server

[Ken Cornetet]

That system has an integrated NetRAID SCSI raid card, which is really an AMI 
MegaRaid with HP firmware. I think you'll be ok.  I seem to recall that the 
NetRAID would only recognize drives up to a certain size (36GB perhaps). I may 
be misremembering that.

From: Len Hammond [mailto:lenhammo...@gmail.com]
Sent: Monday, June 22, 2009 9:28 PM
To: NT System Admin Issues
Subject: older HP server

I think hat I know the answer to this question but would like to verify it.  
Recently I picked up an older HP Netserver LH3. It has several Ultra 2 SCSI 
drives in it. Can I put in U3 or U160 drives and have them work? I know they 
are more expensive but I have several on hand with out a home. If I bump up the 
drive space I might have a client that could use it.

--
Len Hammond
CSI:Hartland





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Free Server Virtualization Options: VMware Server, ESXi, XenServer, Hyper-V, and others...

[Ken Cornetet]

Maybe I'm misunderstanding the original question, but you don't need any sort 
of file transfer software to move virtuals between ESXi (and ESX) hosts that 
are on a SAN. Simply make the same storage available to all hosts. You can 
remove a virtual from inventory on one system, and add it to inventory on 
another. No vmotion or virtual center required. 


-Original Message-
From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Friday, June 12, 2009 1:41 PM
To: NT System Admin Issues
Subject: RE: Free Server Virtualization Options: VMware Server, ESXi, 
XenServer, Hyper-V, and others...

Really? Take a look at "Veeam SCP".. .I got about the same performance as the 
command line, but was an easy point-n-click way to do it. Free download.

If you want, I can dig up the actual SCP command I used if you wanna go that 
route.

-sc

> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Friday, June 12, 2009 1:41 PM
> To: NT System Admin Issues
> Subject: Re: Free Server Virtualization Options: VMware Server, ESXi,
> XenServer, Hyper-V, and others...
> 
> I had real problems getting scp to work on it. Perhaps you had better
> luck with that.
> 
> On Fri, Jun 12, 2009 at 05:48, Steven M. Caesare
> wrote:
> > Well, you may have to define "damned painful".
> >
> > With not too much effort/googling you can xfer files directly between
> ESXi hosts.
> >
> > I recently moved my exchange server from one ESXi host to another..
> although it took a couple hours, it sure beat the alternatives...
> >
> > -sc
> >
> >> -Original Message-
> >> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> >> Sent: Thursday, June 11, 2009 7:23 PM
> >> To: NT System Admin Issues
> >> Subject: Re: Free Server Virtualization Options: VMware Server,
> ESXi,
> >> XenServer, Hyper-V, and others...
> >>
> >> No to VMWare server.
> >>
> >> Qualified yes to ESXi - it's damned painful if you have to move VMs
> >> between machines, and getting SSH running is not terribly intuitive,
> >> but it's definitely doable.
> >>
> >> Sun has a virtualization product called VirtualBox, but I don't know
> >> its licensing status or capabilities, and there's also Virtual Iron,
> >> which I've heard good things about but haven't used, and also don't
> >> know the licensing for.
> >>
> >> This is a decent place to start looking:
> >>
> >> http://en.wikipedia.org/wiki/Full_virtualization
> >>
> >> On Thu, Jun 11, 2009 at 14:15, Matthew W.
> >> Ross wrote:
> >> > Greetings, List.
> >> >
> >> > There are so many available Virtual Server solutions available
> now,
> >> and it's time for us to look at moving from our current VMWare 1.0
> >> server solution. As our budget has been greatly reduced, we are
> >> currently looking at the free products:
> >> >
> >> > VMWare Server 2.0
> >> > ESXi
> >> > XenServer
> >> > Hyper-V
> >> > Any others I've missed.
> >> >
> >> > I'm wondering if anybody can vouch for or against any of these
> >> products, and express any useful experiences you've had.
> >> >
> >> > Thanks all,
> >> >
> >> >
> >> > --Matt Ross
> >> > Ephrata School District
> >> >
> >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> >> > ~ 
> >> >  >> >
> >> >
> >>
> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> >> ~  >
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~  
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Free Server Virtualization Options: VMware Server, ESXi, XenServer, Hyper-V, and others...

[Ken Cornetet]

If you allow your ESX and ESXi servers to see the same storage, moving a 
virtual is as simple as removing it from inventory on one host and adding it on 
the other.

I do this routinely.


-Original Message-
From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Friday, June 12, 2009 8:49 AM
To: NT System Admin Issues
Subject: RE: Free Server Virtualization Options: VMware Server, ESXi, 
XenServer, Hyper-V, and others...

Well, you may have to define "damned painful".

With not too much effort/googling you can xfer files directly between ESXi 
hosts.

I recently moved my exchange server from one ESXi host to another.. although it 
took a couple hours, it sure beat the alternatives...

-sc

> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Thursday, June 11, 2009 7:23 PM
> To: NT System Admin Issues
> Subject: Re: Free Server Virtualization Options: VMware Server, ESXi,
> XenServer, Hyper-V, and others...
> 
> No to VMWare server.
> 
> Qualified yes to ESXi - it's damned painful if you have to move VMs
> between machines, and getting SSH running is not terribly intuitive,
> but it's definitely doable.
> 
> Sun has a virtualization product called VirtualBox, but I don't know
> its licensing status or capabilities, and there's also Virtual Iron,
> which I've heard good things about but haven't used, and also don't
> know the licensing for.
> 
> This is a decent place to start looking:
> 
> http://en.wikipedia.org/wiki/Full_virtualization
> 
> On Thu, Jun 11, 2009 at 14:15, Matthew W.
> Ross wrote:
> > Greetings, List.
> >
> > There are so many available Virtual Server solutions available now,
> and it's time for us to look at moving from our current VMWare 1.0
> server solution. As our budget has been greatly reduced, we are
> currently looking at the free products:
> >
> > VMWare Server 2.0
> > ESXi
> > XenServer
> > Hyper-V
> > Any others I've missed.
> >
> > I'm wondering if anybody can vouch for or against any of these
> products, and express any useful experiences you've had.
> >
> > Thanks all,
> >
> >
> > --Matt Ross
> > Ephrata School District
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~  >
> >
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: DPM Prerequisite software

[Ken Cornetet]

Protected clients need hotfix 940349. See
http://technet.microsoft.com/en-us/library/bb808827.aspx

 

From: Bob Fronk [mailto:b...@btrfronk.com] 
Sent: Tuesday, February 03, 2009 8:56 PM
To: NT System Admin Issues
Subject: DPM Prerequisite software

 

I am running into an issue I can't figure out.  DPM 2007 installed and
able to protect some servers.  However, when setting up a protection
group for a few servers, the error pops that "this item cannot be
protected because some prerequisite software is not missing"

 

I have checked and re-installed the vss update rollup.  

 

The SQL servers are running 2000 SP4.

 

The Exchange server is 2003 patched and up-to-date.

 

The MS Virtual Server is 2005 R2 SP1.

 

The OS on all the servers is 2003 patched and up-to-date service pack.

 

I am obviously missing something.  Any DPM experts have an idea?

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: SMB question..

[Ken Cornetet]

I see where there are several responses to your note - this question always 
sparks a debate.

The short answer is that what you are doing will work fine (with a couple of 
minor caveats - see below).

Your hardware is not only sufficient, but probably way overkill - you could 
easily run that mix with a single CPU and 2GB of RAM. In fact, putting in any 
more than 4GB of ram is wasted in your scenario.

CAVEATS:

Disaster recovery - having exchange on a DC complicates DR a bit - Microsoft 
has papers on how to handle this.

Exchange installed on a DC results in a server that can take forever to 
shutdown. 

The /3GB switch. Microsoft says any Exchange 2000 or 2003 server with more than 
1GB of ram needs it (http://support.microsoft.com/kb/823440), but also 
recommends NOT using that on DCs, so that leaves you kind of stuck. Most 
likely, you will not see any issues without the /3GB switch. If you do (event 
log entries about memory fragmentation), set up an automated weekly reboot.

Note: these caveats apply to SBS as well.



-Original Message-
From: Cesare' A. Ramos [mailto:cra...@idfllc.com] 
Sent: Monday, January 26, 2009 7:54 PM
To: NT System Admin Issues
Subject: SMB question..

Hello all.

We are having an internal tech discussion and wanted to have some thoughts from 
others.  The thoughts can be either opinion or reality.

We have a handful of small clients, less than 50 users (50 is an average.  The 
majority are under 20) that are currently running a single server that is 
acting as AD, file, print, IIS, DHCP, Internal DNS, and Exchange 2003 server on 
MS Windows 2003 standard server.

From the books, I can agree that this may be pushing the hardware, if not sized 
correctly.  The servers are all running qty 2 dual core processors, 4 to 8 GB 
of RAM, and over 500GB of available storage with all running.

The internal conversation / discussion that we are having is that a single 
server cannot run all these items as it will lead to issues and error in the 
server.  One of the guys, states that he feels that services such as server 
will become unstable.

Is MS Windows SBS and option yet but not a reality..

Thoughts..

CAR
Mobile: 786-412-1746
e-Mail: cra...@idfllc.com
BB Pin:  305083B1
AIM: cramosMIA
MSN: cramos...@hotmail.com
Yahoo: cramosMIA

This e-Mail and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. If 
you have received this e-Mail in error please notify the sender via returned 
e-Mail. Please note that any views or opinions presented in this e-Mail are 
solely those of the author and do not necessarily represent those of the 
company. Although IDF operates anti-virus programs, it does not accept 
responsibility for any damage whatsoever that is caused by viruses being passed.

** Think before you print this message. **

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Skype

[Ken Cornetet]

We are deploying it here to a few users.

 

I'm using group policy to turn off being a supernode, downloads,
listening on tcp ports, and 3rd party access to the Skype API.

 

Our security folks reviewed it and are happy.

 

From: Tim Evans [mailto:tev...@sparling.com] 
Sent: Thursday, January 15, 2009 11:01 AM
To: NT System Admin Issues
Subject: Skype

 

Has anyone looked at Skype recently?  We've got a client that wants us
to use Skype for communications with them. I've always been a little
leery of using them in a business environment, but looking at it now, I
see they have a MSI download for easy deployment and a group policy
template for central administration of settings. It all looks pretty
cool. While the security guy in me wants to say no, I'm having a hard
time finding a reason not to say OK.

 

I'm curious what the members of this esteemed group think about it

 

 

...Tim

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: VMWare Product Confusion

[Ken Cornetet]

It *allows* it, but it does not include it. For those features you need
a VirtualCenter license, and to get that, you might as well buy ESX. 

 

From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Monday, January 05, 2009 8:32 PM
To: NT System Admin Issues
Subject: RE: VMWare Product Confusion

 

"ESXi does not allow Vmotion, Centralized Mgmt of multiple servr..."

Oh it sure does!

 



From: gswe...@actsconsulting.net [mailto:gswe...@actsconsulting.net] 
Sent: Monday, January 05, 2009 5:17 PM
To: NT System Admin Issues
Subject: RE: VMWare Product Confusion

ESXi does not allow Vmotion, Centralized Mgmt of multiple servers, etc.
basically it's the essentials of ESX..Just virtualization and nothing of
the advanced feature sets that the full (Paid) versions of ESX allow.

 

 

From: Roger Wright [mailto:rwri...@evatone.com] 
Sent: Monday, January 05, 2009 6:04 PM
To: NT System Admin Issues
Subject: RE: VMWare Product Confusion

 

Simple and concise!  Thanks...

 

   

 

Roger Wright

Network Administrator

Evatone, Inc.

727.572.7076  x388

_  

 

From: Klint Price - ArizonaITPro [mailto:kpr...@arizonaitpro.com] 
Sent: Monday, January 05, 2009 5:39 PM
To: NT System Admin Issues
Subject: Re: VMWare Product Confusion

 

1.x and 2.x run on top of Windows while ESXi has it's own OS, and runs
independent of Windows.

ESXi is a stripped down version of ESX.  You will see huge increases in
VM performance under ESXi.

Klint



Roger Wright wrote: 

So what are the primary differences between v1.x , and v2.0 and ESXi?

 

   

 

Roger Wright

Network Administrator

Evatone, Inc.

727.572.7076  x388

_  

 

From: gswe...@actsconsulting.net [mailto:gswe...@actsconsulting.net] 
Sent: Monday, January 05, 2009 5:05 PM
To: NT System Admin Issues
Subject: RE: VMWare Product Confusion

 

We have moved all of our clients to ESXi that were using Server 1.x or
2.0 unless there was some specific reason the Host OS had to stay
online.  Not many cases of those though.

The only main issue was some NIC driver issues on some whitebox machines
we have been begging to get rid of.

 

From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] 
Sent: Monday, January 05, 2009 5:00 PM
To: NT System Admin Issues
Subject: RE: VMWare Product Confusion

 

No, ESXi is free now, and I would use it in a heartbeat over server.
jlc

 

From: Roger Wright [mailto:rwri...@evatone.com] 
Sent: Monday, January 05, 2009 2:55 PM
To: NT System Admin Issues
Subject: VMWare Product Confusion

 

I'm running with several VMs under VMware Server 1.0.8, primarily
because it was free and gave us an opportunity to move into the virtual
arena.

 

Is VMware Server 2.0 also free to use?  If so, any reason not to move to
2.0?

 

Is this the highest level VMWare product which is available at no cost?

 

 

Roger Wright

Network Administrator

Evatone, Inc.

727.572.7076  x388

  

 

_

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~