RE: Storage server 2003 SLOW!!!

[Kennedy, Jim]

Remote siteDNS issues? Not finding a DC properly to get GPO's. Also look at 
what you got in your logon scripts for the account you are using to log in 
with. Anything that might be calling a name you can't resolve.


From: Richard Stovall [mailto:rich...@gmail.com]
Sent: Tuesday, February 23, 2010 3:36 PM
To: NT System Admin Issues
Subject: Re: Storage server 2003 SLOW!!!

The behavior is different if you're physically at the console?
On Tue, Feb 23, 2010 at 3:30 PM, Carol Fee 
mailto:c...@massbar.org>> wrote:
I have a Storage Server 2003 and another Server 2003 Standard that takes at 
least 20 minutes to load the RDP desktop.  Once you get there, everything else 
seems fine.  I can't for the life of me figure out why.

CFee
From: Steve Kelsay [mailto:kels...@sctax.org]
Sent: Tuesday, February 23, 2010 11:09 AM
To: NT System Admin Issues
Subject: Storage server 2003 SLOW!!!

Does anyone else have this problem? Remoting to the server using Remote 
desktop, the "applying Security Settings" stays on for 45 minutes, then I can 
sign on, but the "Applying Computer Settings" box stays up for another 2-3 
hours. Once on the system, a simple thing like a Flash player upgrade (to get a 
broadband speed test done) takes over an hour. This is on several of these 
servers. Naturally, all are at remote sites.


















~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Cisco servers?

[Kennedy, Jim]

They have a new server line and they are teaming up with someone to do VM's on 
them. That is the extent of my knowledge.


-Original Message-
From: Maglinger, Paul [mailto:pmaglin...@scvl.com] 
Sent: Thursday, February 18, 2010 1:38 PM
To: NT System Admin Issues
Subject: RE: Cisco servers?

I haven't seen anything about that.

-Original Message-
From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Wednesday, February 17, 2010 9:10 AM
To: NT System Admin Issues
Subject: RE: Cisco servers?

Did I hear something about them OEM'ing Fujitsu blade servers or
something like that?

-sc

> -Original Message-
> From: Maglinger, Paul [mailto:pmaglin...@scvl.com]
> Sent: Wednesday, February 17, 2010 10:08 AM
> To: NT System Admin Issues
> Subject: Cisco servers?
> 
> Just got an email from our Cisco rep that Cisco now "does servers".
I'm not
> talking about the Cisco branded HPs.  These look entirely different.
Anyone
> out there heard anything about them (aside from what the sales people
tell
> you)?
> 
> 
> Paul
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Gpupdate /force not forcing update

[Kennedy, Jim]

Correct. This isn't a group policy change, it was a membership change to a 
group. That requires a relog, in the case of a machine a restart.


From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Thursday, February 18, 2010 10:20 AM
To: NT System Admin Issues
Subject: Re: Gpupdate /force not forcing update

Don't access tokens for group memberships only get updated when you log out 
(user) or restart (machine)? I may be completely wrong...I last paid attention 
to this sort of thing back in the Win2K days.
On 18 February 2010 14:47, John Hornbuckle 
mailto:john.hornbuc...@taylor.k12.fl.us>> 
wrote:
I just had a bit of weirdness with a machine not updating its group policy the 
way I expected.

Yesterday I removed a machine (Vista) from a group using ADUC. Today when I ran 
gpresult on the machine, it still showed that it was a member of the group. The 
time stamp of the last policy update was recent, and I checked the DC the 
machine had gotten the update from and confirmed that that DC knew the machine 
was no longer a member of the group. Yet the machine still thought it was.

So I ran gpupdate /force, then another gpresult after that. Same thing-the 
machine still showed as being a member of the group I had removed it from 
nearly 24 hours earlier.

Lastly, I rebooted the machine. Logged back in, ran gpresult, and all was fine. 
The machine was no longer a member of the group.

My question is, why didn't gpupdate /force accomplish this? If a reboot was 
necessary for the change to apply, normally gpupdate will tell me that. It 
didn't, though.

Is this a bug, or by design?



John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us







NOTICE: Florida has a broad public records law. Most written communications to 
or from this entity are public records that will be disclosed to the public and 
the media upon request. E-mail communications may be subject to public 
disclosure.



--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Reader, Acrobat, and Flash security updates

[Kennedy, Jim]

Just to expand, that process is painless. Fill out the form and in a few 
minutes you get the authorizaion via email.

-Original Message-
From: Phil Brutsche [mailto:p...@optimumdata.com] 
Sent: Friday, February 12, 2010 1:47 PM
To: NT System Admin Issues
Subject: Re: Reader, Acrobat, and Flash security updates

For Flash you need to register to get a redistribution license.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Penetration Testing

[Kennedy, Jim]

This is probably the most awesome father moment of my life (and he has provided 
many). My son is on the Metasploit team, and is the author of Fast-Track.


From: Marc Maiffret [mailto:marc.maiff...@fireeye.com]
Sent: Thursday, February 11, 2010 1:46 PM
To: NT System Admin Issues
Subject: RE: Penetration Testing

Metasploit is going to be the best free tool you can use to do pentesting 
around software vulnerabilities etc... Backtrack is a good free linux boot 
cd/image that has basically every major pentest tool on it should you want to 
do wireless testing etc... This is a good documented framework around testing 
http://www.isecom.org/osstmm/

Commercial pentest tools are Core Impact and Immunity's Canvas are good also.

From: Mark Robinson [mailto:mark.robin...@cips.org]
Sent: Wednesday, February 10, 2010 7:51 AM
To: NT System Admin Issues
Subject: Penetration Testing

Hi there,

Does anyone know of a good quality, free, network-layer penetration testing 
tool?

Many thanks

Mark Robinson
IT Technical Support Analyst
The Chartered Institute of Purchasing & Supply
Tel: +44 (0) 1780 761526 Fax: +44 (0) 1780 751610
www.cips.org




IMPORTANT INFORMATION


Internet communications are not secure and therefore CIPS does not accept legal 
responsibility for the contents of any e-mail message sent via this medium. The 
content of any e-mail communication is the view of the individual and CIPS does 
not accept legal liability for the contents. Although this message and any 
attachments are believed to be free of virus or other defect that might affect 
any computer system into which it is received and opened, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by CIPS for any loss or damage in any way arising 
from its use.

CIPS runs the following software packages: MS Office Suite 2003, MS Visio 2003, 
MS Project 2002. Please ensure that any files you send are compatible.


The Chartered Institute of Purchasing & Supply (CIPS) is an organisation 
incorporated under Royal Charter and is based at Easton House, Easton on the 
Hill, Stamford, Lincs PE9 3NZ, tel: +44 (0)1780 756777, and is a registered 
Charity number 1017938. CIPS Services Limited is a wholly owned subsidiary 
company of CIPS, registered in England under number 2610367 and is registered 
at the address shown above. Both organisations operate under a group VAT 
registration number: 3426 489 42.


--
Scanned by iCritical.






--
This message has been scanned for viruses and
dangerous content by
Mailscanner and is
believed to be clean.





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: backspace working as the delete key

[Kennedy, Jim]

Are you using an USB keyboard with a PS2 converter to plug into the KVM. I have 
seen what you described happen that way sometimes.


From: Miguel González Castaños [miguel_3_gonza...@yahoo.es]
Sent: Tuesday, February 09, 2010 4:51 PM
To: NT System Admin Issues
Subject: Re: backspace working as the delete key

John Aldrich wrote:
>
> Sounds like your KVM is messing things up. Maybe time to buy something
> better.
>
I finally managed changing the mapping with keytweak. Yes, this KVM
doesn't look to be good

Thanks!

Miguel

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: OT ? Server ROI - Reuse ?

[Kennedy, Jim]

Point three is an excellent point. If the life of the app extends beyond a 
couple of years then moving it around and all that downtime/hassle negates any 
perceived loss of RoI.



-Original Message-
From: Charlie Kaiser [mailto:charl...@golden-eagle.org] 
Sent: Tuesday, February 09, 2010 12:48 PM
To: NT System Admin Issues
Subject: RE: OT ? Server ROI - Reuse ?

3. How much longer will the server need to be utilized? Another 3 years?
Will it still be viable for that time? Or will patches/firmware/drivers
become unavailable/outdated? How much harder will it be to replace the
server once the MCA is running on it? Doing it at upgrade time is usually
much easier.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: OT ? Server ROI - Reuse ?

[Kennedy, Jim]

We recycle servers like that downward from mission critical to lesser important 
things. That satisfies the bean counters and keeps mission critical on new 
solid hardware. So, do you have an older server that could be replaced with 
this less older server.

As for the bean counters that is simple. How much an hour will the company lose 
if this app goes down. They need to answer that and accept the loss in revenue 
if they insist on reusing the server. Ultimately if it isn't your decision then 
it isn't your responsibility.



From: Jeremy Anderson [mailto:jer...@mapiadmin.net]
Sent: Tuesday, February 09, 2010 12:36 PM
To: NT System Admin Issues
Subject: OT ? Server ROI - Reuse ?

I am not even sure what the subject of this should be.  I have a server, it's 
about 3 years old, the warranty expires in 15 days.  It runs a %mission 
critical App%.  This App is going to be replaced with %new mission critical 
app%.  This server meets the hardware requirements for %new app% just fine. (it 
does require a BIOS update)  Its been a stable and reliable server for the last 
3 years.

I can purchase an extended warranty for around $500, or I can purchase a new 
server for around $4500.00.

The bean counters say, buy the warranty, run %new app% on it, life is good and 
we save 4 grand.  My instinct is that this is a horrible idea, and we should 
just buy a new server.

If we run %new app% on %old server% we will be completely wiping and reloading 
the OS.

My question for everyone here is: How do I convince the bean counters that this 
is a bad idea.  Or, is it not a bad idea, and is a 3 year old server not really 
that old?  How do I justify spending 4k on a server when technically we have a 
perfectly good server sitting there to be reused?  Am I just getting distracted 
by bright shiny things?

%NewApp% is mission critical.  If %NewApp% is down, the company is dead in the 
water.  To put this in prospective however, %NewApp% will not be redundant, or 
even highly available and we are not even considering those options.
Think of %newApp% like an Exchange server, for a company that relies on Email 
for all their communication.
And yes, I know %newapp% should be clustered or highly available, but its not 
going to happen.

Does this email make sense?  Any help, or insight on the matter would be 
appreciated.

Thanks
Jeremy





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Outlook connection issues.

[Kennedy, Jim]

I will try that near the end of the day, and I was going in that direction too. 
OAB authentication might be an issue here...or something related to that.

But I just had an interesting conversation with one of my tech's who was 
looking at a machine with this issue. I don't know why he decided to do this 
but he changed the IP address to static and was able to set the user up on 
Outlook 2007. Then he flipped her back to dhcp, got an addy and it is all good 
on that machine now. He has done the exact same 'fix' to three machines now.



-Original Message-
From: Charlie Kaiser [mailto:charl...@golden-eagle.org] 
Sent: Wednesday, February 03, 2010 2:20 PM
To: NT System Admin Issues
Subject: RE: Outlook connection issues.

I had this a while back. Started right after applying, IIRC, 973917. Check
out this link:

http://forums.msexchange.org/m_1800473006/mpage_1/key_/tm.htm#1800525226

What fixed it for us was the last item; enabling kernel-mode auth. Tried
rollup 9 but that didn't do it for us.

***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
***  

> -Original Message-
> From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] 
> Sent: Wednesday, February 03, 2010 10:19 AM
> To: NT System Admin Issues
> Subject: Outlook connection issues.
> 
> Posted on the exchange list, but I am at a loss here big time 
> so I am reaching out where ever I can.
> 
>  
> 
> I have a real stumper this morning. A handful of users cannot 
> connect to their mailboxes.  Outlook XP hits them with the 
> 'offline' dialog box. This is in multiple buildings all being 
> serviced by different DC's and GC's.  Three servers. Hub/CAS, 
> then two mailbox servers.  All packed and rolled up. No 
> updates or anything like that in the last few weeks. Just 
> started this morning. The users are on different servers and 
> different stores.
> 
>  
> 
> The only common thread is Office XP. We were in the process 
> of upgrading people to Office 2007, so we decided to just 
> update the problem people right now since no 2007 users have 
> any issues. However when we upgrade the affected users Office 
> 2007 will also not work for them, it keeps prompting for 
> username/password during auto-discover and even if we do it manually.
> 
>  
> 
>  
> 
>  
> 
> 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Outlook connection issues.

[Kennedy, Jim]

It continues in safe mode, ran /cleanprofile and also deleted profiles.  I even 
took one of the impacted users machines and imaged it and did a fresh install 
of Office 2007. So a completely clean machine. The problem continued on the 
brand new machine.



From: Orland, Kathleen [mailto:korl...@rogers.com]
Sent: Wednesday, February 03, 2010 1:05 PM
To: NT System Admin Issues
Subject: RE: Outlook connection issues.

Does this behaviour continue if you open Outlook in safe mode? Have you tried 
creating a new Outlook profile for the affected user(s)?

From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
Sent: Wednesday, February 03, 2010 12:19 PM
To: NT System Admin Issues
Subject: Outlook connection issues.

Posted on the exchange list, but I am at a loss here big time so I am reaching 
out where ever I can.

I have a real stumper this morning. A handful of users cannot connect to their 
mailboxes.  Outlook XP hits them with the 'offline' dialog box. This is in 
multiple buildings all being serviced by different DC's and GC's.  Three 
servers. Hub/CAS, then two mailbox servers.  All packed and rolled up. No 
updates or anything like that in the last few weeks. Just started this morning. 
The users are on different servers and different stores.

The only common thread is Office XP. We were in the process of upgrading people 
to Office 2007, so we decided to just update the problem people right now since 
no 2007 users have any issues. However when we upgrade the affected users 
Office 2007 will also not work for them, it keeps prompting for 
username/password during auto-discover and even if we do it manually.







No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 9.0.733 / Virus Database: 271.1.1/2665 - Release Date: 02/03/10 
03:09:00





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Outlook connection issues.

[Kennedy, Jim]

Posted on the exchange list, but I am at a loss here big time so I am reaching 
out where ever I can.

I have a real stumper this morning. A handful of users cannot connect to their 
mailboxes.  Outlook XP hits them with the 'offline' dialog box. This is in 
multiple buildings all being serviced by different DC's and GC's.  Three 
servers. Hub/CAS, then two mailbox servers.  All packed and rolled up. No 
updates or anything like that in the last few weeks. Just started this morning. 
The users are on different servers and different stores.

The only common thread is Office XP. We were in the process of upgrading people 
to Office 2007, so we decided to just update the problem people right now since 
no 2007 users have any issues. However when we upgrade the affected users 
Office 2007 will also not work for them, it keeps prompting for 
username/password during auto-discover and even if we do it manually.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

OT Win 7 startup delay.

[Kennedy, Jim]

We only have a few Win 7 boxes in service, but as far as I can tell it is only 
me having this issue. Started yesterday afternoon. I swear to the Redmond Gods 
that I did not change anything on my account or machines or GPO's yesterday.

Takes forever to get past 'Please Wait' to get to the log on screen. It is 
clearly hanging trying to contact a domain controller and get gpo's and 
scripts. But the reason it is hanging there is because the network card has not 
gotten a link yet. GPO processing fails with 1129 (lack of network connectivity 
to a domain controller) then a few seconds later the NIC records an event that 
it has a link.

If I pull the network cable it starts up normally, then plug in the cable and 
it grabs an IP and runs just fine.

Updated NIC drivers. Deleted all the network connections and the NIC and 
reinstalled. Disabled all the power saving features on the NIC. Ran sfc - 
system file checker. Ran the Win 7 DVD repair process.

Boot logging shows something interesting, it loads ndproxy.sys once, then fails 
four times.

Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS


I am getting now where.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: N00b question

[Kennedy, Jim]

Create a contact 'I.T. Garage Clients' that is yourself in your local address 
book. That goes in the to field and all the rest go in another DL that goes in 
the BCC.


From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, January 26, 2010 10:26 AM
To: NT System Admin Issues
Subject: RE: N00b question

My bad, this would be for a non-Exchange-based system. Basically I want to send 
an e-mail to all my I.T. Garage clients at once without exposing everyone's 
e-mail address to everyone else.

Ideally I'd like the To: line to be "I.T. Garage clients" so they know I'm 
pretty much broadcasting to all my clients.

I want to send all of them this link, and they'd see I'm trying to cover 
everyone:
http://news.cnet.com/8301-27080_3-10441004-245.html?tag=mncol;title

Dave

From: Andrew Levicki [mailto:and...@levicki.me.uk]
Sent: Tuesday, January 26, 2010 7:15 AM
To: NT System Admin Issues
Subject: Re: N00b question

And don't forget to hide the distribution list from the Global Address List, 
otherwise people can see the recipients that way.

Not sure you'd even need a distribution list, though, just BCC recipients...

Andrew
2010/1/26 Steven M. Caesare mailto:scaes...@caesare.com>>
Does sending to that list by adding them to the BCC: line rather than the To: 
field do what you want?

-sc

From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, January 26, 2010 10:11 AM
To: NT System Admin Issues
Subject: N00b question

You'd think I would know this one, but I don't. How do I create a distribution 
list that I can use that doesn't list the recipients once I send it?
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764












--
Kind regards,

Andrew Levicki MCITP MCSE CCNA
and...@levicki.me.uk
www.andrewlevicki.eu









~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

OT Norlight Communications.

[Kennedy, Jim]

Anyone using/used them? They are offering us a pretty good deal on some 
dedicated connections between our buildings.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: GPO Best Practices

[Kennedy, Jim]

Yes, that is how restricted groups work, it over writes whatever is existing on 
the current machine. The best way to do it, then your GPO is the definitive 
authority on who is a local admin. So yes, servers should be in separate OU's 
so they can have their own GPO's on this issue and all the others that you 
decide to do.



From: John Bowles [mailto:john.bow...@wlkmmas.org]
Sent: Wednesday, January 20, 2010 10:00 AM
To: NT System Admin Issues
Subject: GPO Best Practices

I have a customer who is looking to implement a GPO to add Domain Admins to all 
the workstations and servers.  I was looking into using Restricted Groups to 
tackle this task, but it seems if you use Restricted Groups you will lose 
anything outside of the groups you have listed in the restricted groups, that 
reside in local admin group of workstations or servers.

My question is, if I recall a finely tuned AD the concept was to have your 
workstations and servers in seperate OU's right?  This way you can have 
seperate sets of GPO's for each class, either workstations or servers?

Or, is there just a flat out easier way to push certain accounts to the servers 
and workstations?

Thanks,


John Bowles






~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: just who's in charge here (dom controller query)

[Kennedy, Jim]

For time it is the PDC emulator that is the king.  For the GPO issue check the 
srv records in DNS for starters.



From: paul chinnery [mailto:pdw1...@hotmail.com]
Sent: Tuesday, January 19, 2010 10:53 AM
To: NT System Admin Issues
Subject: just who's in charge here (dom controller query)

When we upgraded Exchange to 2007, we had to install W2k3 dc's. Right now we 
are in mixed mode as we have to keep a couple of the W2k DC's running.  W2K3-DC 
(server) is the ops master and pdc emulator.
However, I have run into two situations where it seems the old W2K DC (DC1) ops 
master seems to be causing problems.
Case 1: Windows time.  It appears most pc's are syncing their clocks to DC1 
instead of W2K3-DC.
Case 2: GPO's are not applying properly (note we don't have that many and they 
only apply to specific computers). Usually the error on the pc in question is 
that it can't contact a domain controllers to get the policy.
I'm perplexed over this as I thought that whatever was the Ops Master for the 
domain was the top-level controller (for want of a better phrase).


Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. Sign up 
now.




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Migrate DHCP database

[Kennedy, Jim]

+1

From: Webster [mailto:carlwebs...@gmail.com]
Sent: Friday, January 15, 2010 11:56 AM
To: NT System Admin Issues
Subject: RE: Migrate DHCP database

Have used it countless times with no issues.


Webster

From: Christopher Bodnar [mailto:christopher_bod...@glic.com]
Subject: Migrate DHCP database

Anyone follow this procedure before?

http://support.microsoft.com/kb/325473

This will be from a 2003 domain controller in a child domain to a 2003 member 
server in the parent. If so any issues you ran into not covered in the article?





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Local Admin Permissions WAS: RE: Internet Policy

[Kennedy, Jim]

Any changes to your UAC settings recently? I am betting/guessing it is a 
function of that system.


From: Glen Johnson [mailto:gjohn...@vhcc.edu]
Sent: Friday, January 15, 2010 11:08 AM
To: NT System Admin Issues
Subject: RE: Local Admin Permissions WAS: RE: Internet Policy

Yeah, I loved that feature till it just recently stopped.
Anyone know what might cause that.
Now when I open ADU&C or any other MMC, it just opens but admin related stuff 
is grayed out.
I can shift, right click and runas, enter admin username and password and it 
works as it should.


From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
Sent: Friday, January 15, 2010 8:47 AM
To: NT System Admin Issues
Subject: RE: Local Admin Permissions WAS: RE: Internet Policy

Win 7 makes that whole process much easier. It seems to know what needs admin 
permissions so you just click it as normal and it pops the dialog box for you. 
Very handy and painless for the MMC admin tools like ADUC and so on.


From: James Kerr [mailto:cluster...@gmail.com]
Sent: Thursday, January 14, 2010 5:16 PM
To: NT System Admin Issues
Subject: Re: Local Admin Permissions WAS: RE: Internet Policy

Good idea, never thought of that.
- Original Message -
From: James Hill<mailto:james.h...@superamart.com.au>
To: NT System Admin Issues<mailto:ntsysadmin@lyris.sunbelt-software.com>
Sent: Thursday, January 14, 2010 5:05 PM
Subject: Local Admin Permissions WAS: RE: Internet Policy

I don't even run my desktop as an admin and I don't allow any of the other IT 
staff to run as admins either.

That's what run-as is for.


From: James Kerr [mailto:cluster...@gmail.com]
Sent: Friday, 15 January 2010 8:02 AM
To: NT System Admin Issues
Subject: Re: Internet Policy

+1000

Even the top dog at our company is a standard user. My boss is a standard user. 
Only admins are me and my minion.

James
- Original Message -
From: James Hill<mailto:james.h...@superamart.com.au>
To: NT System Admin Issues<mailto:ntsysadmin@lyris.sunbelt-software.com>
Sent: Thursday, January 14, 2010 4:21 PM
Subject: RE: Internet Policy

Sometimes that just requires making it painless for them.  So that they don't 
notice they aren't admins because it isn't causing any issues.

Sometimes it means educating management on the risks of being admins and how it 
could affect their business.

If all that fails then sometimes you are stuck with terrible management :)

From: Jon Harris [mailto:jk.har...@gmail.com]
Sent: Friday, 15 January 2010 6:43 AM
To: NT System Admin Issues
Subject: Re: Internet Policy

That is good if you can get management buy in but not always possible.

Jon
On Thu, Jan 14, 2010 at 3:27 PM, James Hill 
mailto:james.h...@superamart.com.au>> wrote:
Agreed.  No offence intended but I'm amazed at how many people still allow 
users to be more than just that, users.

I've never allowed it any company I have worked for.  There are always ways to 
work around any picky apps that want higher permissions.

From: Jon Harris [mailto:jk.har...@gmail.com<mailto:jk.har...@gmail.com>]
Sent: Friday, 15 January 2010 4:14 AM

To: NT System Admin Issues
Subject: Re: Internet Policy

Power Users can install software just FYI.

Jon
On Thu, Jan 14, 2010 at 9:41 AM, John Aldrich 
mailto:jaldr...@blueridgecarpet.com>> wrote:
Sounds reasonable to me. I wish I could enforce a more restrictive policy than 
we do here, but I really don't have the resources to enforce much of anything. 
We have people using FaceBook/MySpace and doing online shopping, etc. I've told 
people numerous times not to download anything, period, without explicit 
permission, but they tend to do so anyway, up to and including installing apps.

I finally had enough of people installing crap with spyware attached and pretty 
much removed local admin permissions and made most users "Power Users" so they 
can have enough permissions to run stuff, but not install anything! So far that 
seems to be working. As I work on desktop machines, I find coupon printer 
software and other "crap" that has been installed over the years and clean it 
out.

Back to the topic at hand, I think that's a reasonable policy. I would suggest 
outlawing social networking sites and game sites (yahoo games) as those often 
seem to have spyware/adware associated with them and even just playing online 
games could lead to a "drive by install" of malware due to exploits.

[cid:image001.jpg@01CA95D4.BD4F32D0][cid:image002@01ca95d4.bd4f32d0]

From: James Kerr [mailto:cluster...@gmail.com<mailto:cluster...@gmail.com>]
Sent: Thursday, January 14, 2010 9:35 AM
To: NT System Admin Issues
Subject: Internet Policy

I know this has been discussed in the past but I'm in the process of making 
changes to ours so I was interested in a little input from my peers. We have 
always had a policy of not allowing our desktops, em

RE: Local Admin Permissions WAS: RE: Internet Policy

[Kennedy, Jim]

Win 7 makes that whole process much easier. It seems to know what needs admin 
permissions so you just click it as normal and it pops the dialog box for you. 
Very handy and painless for the MMC admin tools like ADUC and so on.


From: James Kerr [mailto:cluster...@gmail.com]
Sent: Thursday, January 14, 2010 5:16 PM
To: NT System Admin Issues
Subject: Re: Local Admin Permissions WAS: RE: Internet Policy

Good idea, never thought of that.
- Original Message -
From: James Hill
To: NT System Admin Issues
Sent: Thursday, January 14, 2010 5:05 PM
Subject: Local Admin Permissions WAS: RE: Internet Policy

I don't even run my desktop as an admin and I don't allow any of the other IT 
staff to run as admins either.

That's what run-as is for.


From: James Kerr [mailto:cluster...@gmail.com]
Sent: Friday, 15 January 2010 8:02 AM
To: NT System Admin Issues
Subject: Re: Internet Policy

+1000

Even the top dog at our company is a standard user. My boss is a standard user. 
Only admins are me and my minion.

James
- Original Message -
From: James Hill
To: NT System Admin Issues
Sent: Thursday, January 14, 2010 4:21 PM
Subject: RE: Internet Policy

Sometimes that just requires making it painless for them.  So that they don't 
notice they aren't admins because it isn't causing any issues.

Sometimes it means educating management on the risks of being admins and how it 
could affect their business.

If all that fails then sometimes you are stuck with terrible management :)

From: Jon Harris [mailto:jk.har...@gmail.com]
Sent: Friday, 15 January 2010 6:43 AM
To: NT System Admin Issues
Subject: Re: Internet Policy

That is good if you can get management buy in but not always possible.

Jon
On Thu, Jan 14, 2010 at 3:27 PM, James Hill 
mailto:james.h...@superamart.com.au>> wrote:
Agreed.  No offence intended but I'm amazed at how many people still allow 
users to be more than just that, users.

I've never allowed it any company I have worked for.  There are always ways to 
work around any picky apps that want higher permissions.

From: Jon Harris [mailto:jk.har...@gmail.com]
Sent: Friday, 15 January 2010 4:14 AM

To: NT System Admin Issues
Subject: Re: Internet Policy

Power Users can install software just FYI.

Jon
On Thu, Jan 14, 2010 at 9:41 AM, John Aldrich 
mailto:jaldr...@blueridgecarpet.com>> wrote:
Sounds reasonable to me. I wish I could enforce a more restrictive policy than 
we do here, but I really don't have the resources to enforce much of anything. 
We have people using FaceBook/MySpace and doing online shopping, etc. I've told 
people numerous times not to download anything, period, without explicit 
permission, but they tend to do so anyway, up to and including installing apps.

I finally had enough of people installing crap with spyware attached and pretty 
much removed local admin permissions and made most users "Power Users" so they 
can have enough permissions to run stuff, but not install anything! So far that 
seems to be working. As I work on desktop machines, I find coupon printer 
software and other "crap" that has been installed over the years and clean it 
out.

Back to the topic at hand, I think that's a reasonable policy. I would suggest 
outlawing social networking sites and game sites (yahoo games) as those often 
seem to have spyware/adware associated with them and even just playing online 
games could lead to a "drive by install" of malware due to exploits.

[cid:image001.jpg@01CA95BF.47B90380][cid:image002@01ca95bf.47b90380]

From: James Kerr [mailto:cluster...@gmail.com]
Sent: Thursday, January 14, 2010 9:35 AM
To: NT System Admin Issues
Subject: Internet Policy

I know this has been discussed in the past but I'm in the process of making 
changes to ours so I was interested in a little input from my peers. We have 
always had a policy of not allowing our desktops, email and Internet connection 
to be used for personal use at all. That being said we have always turned a 
blind eye to occasional personal use through the day. This has been a problem 
for us. Now we are looking to change the policy to reflect that we do allow 
this type of use.

We want the staff to know that's its ok but we also want them to know what's 
not ok. I was looking to basically say the following. "Some personal Internet 
use is allowed but must not interfere with the performance of work duties and 
responsibilities. Personal Internet use must be restricted to reasonable sites 
and materials such as news or information that might be considered reasonable 
if read as a text publication in an office environment." I'm also going to add 
that downloading files is not allowed unless approved by IT and that this 
includes email attachments from personal email as well. Any thoughts?

RE: Backup Exec 12.5 file restore missing a bunch of files

[Kennedy, Jim]

What local and domain groups does the local administrator account belong to. 
Got to be one, or more.


-Original Message-
From: Charlie Kaiser [mailto:charl...@golden-eagle.org] 
Sent: Thursday, January 14, 2010 1:22 PM
To: NT System Admin Issues
Subject: RE: Backup Exec 12.5 file restore missing a bunch of files

OK. This is getting stranger... :-)
I logged into the server with the local admin account (which I NEVER do) and
all the files show up. My own account that I was logging in with is a DA
account. I tried adding my account directly to the local administrators
group. Still only see half the files.

Obviously a perms issue, but why? Even an elevated Explorer window doesn't
show all the files...

***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
***  

> -Original Message-
> From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] 
> Sent: Thursday, January 14, 2010 11:03 AM
> To: NT System Admin Issues
> Subject: RE: Backup Exec 12.5 file restore missing a bunch of files
> 
> 
> Does the account running the BE service have the same perms 
> as the account doing the folder right clicking and checking? 
> I think the right clicking account is lacking some perms on 
> the target drive.
> 
> 
> 
> -Original Message-
> From: Charlie Kaiser [mailto:charl...@golden-eagle.org]
> Sent: Thursday, January 14, 2010 1:01 PM
> To: NT System Admin Issues
> Subject: Backup Exec 12.5 file restore missing a bunch of files
> 
> File server migration project. Old file server W2K3. New file 
> server W2K8 SP2. Backup server also W2K8 SP2 running BE 12.5.
> Rather than using robocopy et al, decided to try a backup restore.
> 
> Backed up current file server "\Public" folder (Note: not an 
> Exchange PF; just file structure), backup successful. Total 
> volume ~80 Gigs.
> 
> Performed redirect restore (including perms), completed 
> successfully, job log shows ~80 gigs restored minus a few 
> insignificant exceptions.
> 
> Went to new file server selected properties of restored 
> folder. Imagine my surprise when the total size of \public 
> was only 40g. Some quick checking shows files missing from a 
> variety of folders.
> Original folder props: 267,572 Files, 55,373 folders New 
> folder props: 160,009 files, 43,339 folders.
> 
> Nothing significant in event log or BE job log.
> 
> Any ideas? My next step is to blow away the new folder and 
> restore again, this time with destination auditing in place. 
> If that doesn't work, a call to Symantec.
> 
> But I'm wondering if it's a W2K8 issue. Perms, etc?
> 
> TIA.
> 
> ***
> Charlie Kaiser
> charl...@golden-eagle.org
> Kingman, AZ
> *** 
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource 
> hog! ~ ~ 
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> 
> ~ Finally, powerful endpoint security that ISN'T a resource 
> hog! ~ ~ 
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Backup Exec 12.5 file restore missing a bunch of files

[Kennedy, Jim]

Does the account running the BE service have the same perms as the account 
doing the folder right clicking and checking? I think the right clicking 
account is lacking some perms on the target drive.



-Original Message-
From: Charlie Kaiser [mailto:charl...@golden-eagle.org] 
Sent: Thursday, January 14, 2010 1:01 PM
To: NT System Admin Issues
Subject: Backup Exec 12.5 file restore missing a bunch of files

File server migration project. Old file server W2K3. New file server W2K8
SP2. Backup server also W2K8 SP2 running BE 12.5.
Rather than using robocopy et al, decided to try a backup restore.

Backed up current file server "\Public" folder (Note: not an Exchange PF;
just file structure), backup successful. Total volume ~80 Gigs.

Performed redirect restore (including perms), completed successfully, job
log shows ~80 gigs restored minus a few insignificant exceptions.

Went to new file server selected properties of restored folder. Imagine my
surprise when the total size of \public was only 40g. Some quick checking
shows files missing from a variety of folders.
Original folder props: 267,572 Files, 55,373 folders
New folder props: 160,009 files, 43,339 folders.

Nothing significant in event log or BE job log.

Any ideas? My next step is to blow away the new folder and restore again,
this time with destination auditing in place. If that doesn't work, a call
to Symantec.

But I'm wondering if it's a W2K8 issue. Perms, etc?

TIA.

***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
*** 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Motorola Droid - Exchange

[Kennedy, Jim]

Do you have OWA on 443? Just point it at that URL, that is all we had to do on 
our one and only Droid.


From: Phil Guevara [pguev...@mhccov.org]
Sent: Tuesday, January 12, 2010 7:41 PM
To: NT System Admin Issues
Subject: RE: Motorola Droid - Exchange

Yes I disassociated it first.

Best Regards,
Phil


From: Daniel Rodriguez [mailto:drod...@gmail.com]
Sent: Tuesday, January 12, 2010 4:27 PM
To: NT System Admin Issues
Subject: Re: Motorola Droid - Exchange


Did you disassociate the first Exchange server? You can only have one Exchange 
server comnected at a time. But I only have the HTC Eris with the 1.7 Android 
OS.
On Jan 12, 2010 7:21 PM, "Phil Guevara" 
mailto:pguev...@mhccov.org>> wrote:
Anyone have a Motorola droid hooked up to exchange??

I can’t get the damn thing to work. I tried it for another exchange server and 
it worked but when I try it on ours it doesn’t. Does anyone know if it requires 
port 443 to work? Is there any resources online that show what requirements are 
needed on the firewall and on exchange.
Best Regards,
Phil



__ Information from ESET NOD32 Antivirus, version of virus signature 
database 4765 (20100112) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com










__ Information from ESET NOD32 Antivirus, version of virus signature 
database 4765 (20100112) __


The message was checked by ESET NOD32 Antivirus.


http://www.eset.com


__ Information from ESET NOD32 Antivirus, version of virus signature 
database 4765 (20100112) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com






~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Is E-mail the right solution for this request?

[Kennedy, Jim]

Or sharepoint depending upon the document type.



From: Kennedy, Jim
Sent: Tuesday, January 12, 2010 9:29 AM
To: NT System Admin Issues
Subject: RE: Is E-mail the right solution for this request?

I think this is one of those situations where you need to ask more questions. 
Where are all of these items coming from, I would be especially interested in 
where the 'invoices' are coming from. How many projects are there?  Public 
folder for each project under a tree maybe.



From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, January 12, 2010 9:24 AM
To: NT System Admin Issues
Subject: Is E-mail the right solution for this request?

Saw this Help Desk ticket flow to my team today:

"Need a mailbox set up for expense reports: This mailbox will be for expense 
reports to go into for projects.  The expense reports and invoices will be sent 
to this mailbox via e-mail. "

Expense reports and invoices being stored in Exchange doesn't feel like the 
right solution here. Expense reports are submitted via e-mail, but putting them 
all into one mailbox doesn't seem like the best long-term solution, seems like 
they should be emailed into something moredunno...scalable perhaps.

I can see this being easy to implement initially but I'm not sure it will have 
the manageability they'll need in oh, a year or two, but I can't think of 
anything better off the top of my head.

Anyone?
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764






~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Is E-mail the right solution for this request?

[Kennedy, Jim]

I think this is one of those situations where you need to ask more questions. 
Where are all of these items coming from, I would be especially interested in 
where the 'invoices' are coming from. How many projects are there?  Public 
folder for each project under a tree maybe.



From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, January 12, 2010 9:24 AM
To: NT System Admin Issues
Subject: Is E-mail the right solution for this request?

Saw this Help Desk ticket flow to my team today:

"Need a mailbox set up for expense reports: This mailbox will be for expense 
reports to go into for projects.  The expense reports and invoices will be sent 
to this mailbox via e-mail. "

Expense reports and invoices being stored in Exchange doesn't feel like the 
right solution here. Expense reports are submitted via e-mail, but putting them 
all into one mailbox doesn't seem like the best long-term solution, seems like 
they should be emailed into something moredunno...scalable perhaps.

I can see this being easy to implement initially but I'm not sure it will have 
the manageability they'll need in oh, a year or two, but I can't think of 
anything better off the top of my head.

Anyone?
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764






~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: How long to get a server?

[Kennedy, Jim]

That is insane. Cancel them.



From: Matt Plahtinsky [mailto:cbusitl...@gmail.com]
Sent: Wednesday, January 06, 2010 8:50 AM
To: NT System Admin Issues
Subject: How long to get a server?

So how long does it take to get a server after you order one?  I ordered two 
servers (nothing special) from Dell for a small business that I am supporting.  
Rep said it would take 7-14 days max to build and would then overnight the 
servers to me.  That was a month and a half ago.  We have got 4 notices that 
the servers have been delayed.  At this point they are 1 month late and we 
just got another delayed notice.

Just checking to see if this is within what you all would consider a acceptable 
time frame for getting a servers.   I have recently started on a Disaster 
Recovery plan that if our building should burn down or servers get stolen that 
we would order new ones from Dell, however if the business was down for a month 
and a half while we were waiting for servers I would be out of a job..   
Going to have to rethink the DR plan for servers as I guess getting new ones in 
a day or two is out of the question

I wander if I would get faster service if I was an Enterprise size company 
instead of an SMB

Thanks

Matt





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Win7 God mode?

[Kennedy, Jim]

+1 on 64 bit. Thanks for the info Dave.

Also, I just made one on a server share, then hit a couple of Win 7 machines 
with \\servername\share then clicked the GodMode 
folder I created in the share and it hooks to the local machine.



From: Sam Cayze [mailto:sam.ca...@rollouts.com]
Sent: Tuesday, January 05, 2010 10:52 AM
To: NT System Admin Issues
Subject: RE: Win7 God mode?

Worked great here on x64 Win7


From: Steven M. Caesare [mailto:scaes...@caesare.com]
Sent: Tuesday, January 05, 2010 9:51 AM
To: NT System Admin Issues
Subject: RE: Win7 God mode?
Well I just tried it and it works.

sc

From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, January 05, 2010 10:43 AM
To: NT System Admin Issues
Subject: Win7 God mode?

Anyone?
http://news.cnet.com/8301-13860_3-10423985-56.html
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764














~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Looking for a simple FTP / FTPs - server

[Kennedy, Jim]

Filzilla should meet all of that. If I recall the user transfer is a tiny bit 
more involved...you have to run a little script that comes with it to transfer 
users.

http://wiki.filezilla-project.org/Main_Page



-Original Message-
From: Buchenauer Christian [mailto:cbuchena...@gmail.com] 
Sent: Tuesday, January 05, 2010 7:03 AM
To: NT System Admin Issues
Subject: Looking for a simple FTP / FTPs - server

Hi list,

I am in the need of a simple ftp/ftps server for windows. Key criteria is that 
the server software
- writes the log into a flat file
- stores the user database in a flat file

We need to be able to easily copy the whole configuration to another host; 
therefore any database-driven system is a no-go. The user base will be around 
50 - 100 users; we do not need a fully fledged beast for hundreds of users.

I checked the latest versions of Serv-U and WS_FTP Server; both of them use 
databases for user config and/or logging and are thus a no-go.

I thought about using an older version of Serv-U or GlobalScape which use flat 
files only but I would like to check with the list first.

Does anyone know of another small, simple FTP server (ssh is not required) 
which we could use?

Thanks for any hints.

Chris
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

OT Cisco CSA EOL?

[Kennedy, Jim]

Anyone else hearing that the next version of Cisco CSA will be the last? And if 
so could you give me a general idea of who your source is please. I am hearing 
it in multiple places but the sources are not totally reliable. I want to make 
sure of my info before I stuff our recent purchase of the product down Cisco’s 
throat.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: 2003 -> 2008 sales pitch, sorta

[Kennedy, Jim]

ABE is available for 2003 SP1 and up.



-Original Message-
From: David Lum [mailto:david@nwea.org] 
Sent: Tuesday, December 22, 2009 2:41 PM
To: NT System Admin Issues
Subject: 2003 -> 2008 sales pitch, sorta

Here's what I have pulled from MS's website on 2008 Server and pared down. 
Sorry if the cut and paste from Word isn't pretty (looks way better in a Word 
doc). This is actually two doc's merged into one (and yes I know ABE was 
available as an add-in in earlier 
OS's).

How would you guys repackage this to present to less technical management? I'm 
guessing for them it should be just a couple of paragraph's, right?

Server 2008 enhancements over Server 2003

. Fine-Grained password policies 

Provides different password and account lockout policies for different sets of 
users in a domain.

. Read-Only Domain Controllers

A read-only domain controller (RODC) is a new type of domain controller in the 
Windows Server® 2008 operating system.  RODC's have unidirectional 
communication because writeable DC's do not need to pull data from them (and 
thus less network traffic). RODC's can have a local administrator account that 
has no domain privileges (this is called Administrator Role Separation).

. Access-Based Enumeration

Access-based enumeration displays only the files and folders that a user has 
permissions to access. If a user does not have Read (or equivalent) permissions 
for a folder, Windows hides the folder from the user's view

. Self-healing NTFS

Traditionally, the Chkdsk.exe tool was used to fix corruptions of NTFS file 
system volumes on a disk. In the Windows Server® 2008 operating system you can 
now use Self-healing NTFS to protect your entire file system efficiently and 
reliably, without having to be concerned about the details of file system 
technology. The self-healing process is enabled by default.

. Network Access Protection (NAP) 

NAP enforces health requirements by monitoring and assessing the health of 
client computers when they attempt to connect or to communicate on a network. 
If client computers are determined to be noncompliant with health requirements, 
they can be placed on a restricted network that contains resources to assist in 
remediating client systems so that they can become compliant with health 
policies.

. Print Services 

Print Services enables you to share printers on a network and centralize print 
server and network printer management tasks by using the Print Management 
snap-in. Print Management helps you monitor print queues and receive 
notifications when print queues stop processing print jobs. It also enables you 
to migrate print servers and deploy printer connections by using Group Policy. 
You can use Print Management with Group Policy to automatically deploy printer 
connections to users or computers and install the appropriate printer drivers.

-- GPO enhancements -

. All power options have been Group Policy enabled
. You can centrally restrict devices from being installed on computers in your 
organization. You will now be able to create policy settings to control access 
to devices such as USB drives, CD-RW drives, DVD-RW drives, and other removable 
media
. Ability to assign printers based on location in the organization or a 
geographic location
. Administrators can now delegate to users the ability to install printer 
drivers by using Group Policy
. 

2008 R2 domain controller enhancements over Server 2008

-- Active Directory Domain Services -

. Active Directory Recycle Bin 

Information technology (IT) professionals can use Active Directory Recycle Bin 
to undo an accidental deletion of an Active Directory object

. Active Directory Best Practices Analyzer

The Active Directory Best Practices Analyzer (BPA) uses Windows PowerShell 
cmdlets to gather run-time data. It analyzes Active Directory settings that can 
cause unexpected behavior. It then makes Active Directory configuration 
recommendations in the context of your deployment

. Managed Service Accounts

Managed Service Accounts provide simple management of service accounts. At the 
Windows Server 2008 R2 domain functional level, this feature provides better 
management of service principal names (SPNs). Managed Service Accounts help 
lower total cost of ownership (TCO) by reducing service outages (for manual 
password resets and related issues). You can run one Managed Service Account 
for each service that is running on a server, without any human intervention 
for password management.

. Offline domain join

You can use offline domain join to join computers to a domain without 
contacting a domain controller over the network. You can join computers to the 
domain when they first start up after an operating system installation. No 
additional restart is necessary to complete the domain join. For example, an 
organization might need to deploy many virtual machines within a datacenter. 
Offline domain join makes it possible for the virtual mach

RE: Need more IP addresses

[Kennedy, Jim]

We expanded to 255.255.252.0 at 16 different buildings doing it as you 
describe. It was painless and everyone ran just fine the next day. We could 
bang out static printers and static devices in an hour or so. Two techs did 
that while I flipped the router and dhcp, then I helped them finish up.


From: Glen Johnson [mailto:gjohn...@vhcc.edu]
Sent: Thursday, December 17, 2009 3:59 PM
To: NT System Admin Issues
Subject: RE: Need more IP addresses

Change the DHCP lease to 1 day.  Shut down everything except the DHCP server, 
change the subnet mask and then bring everything back up, it should get new 
subnet mask.
If you have devices with manually configured IP addresses, then they would 
obviously have to be changed.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Best way to get remote access to new network PCs

[Kennedy, Jim]

Maybe they should. Not being a smart-aleck here but if you bought themset 
them up and then shipped them. That sounds a whole lot easier and less hassle 
for the users at the other end.



From: Don Kuhlman [mailto:drkuhl...@yahoo.com]
Sent: Thursday, December 17, 2009 2:54 PM
To: NT System Admin Issues
Subject: Best way to get remote access to new network PCs


Since the machines don't come to me or other support before arriving at the 
site, I've never used an imaging solution to build them.
















~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Thursday Funny Request

[Kennedy, Jim]

That is the part I don't get. Based upon his/her request the installer 
shouldn't even need to know the password. It should just install with the 
logged in credentials. And if it chokes on a complex password during install 
maybe because of a service it installs it will choke afterwards too.

Unless he/she is asking for the password to remain 'simple' after the 
install.Just because I am curious I would love to hear the rest of this 
story.



From: Sherry Abercrombie [mailto:saber...@gmail.com]
Sent: Thursday, December 17, 2009 9:32 AM
To: NT System Admin Issues
Subject: Re: Thursday Funny Request

What I want to know is what kind of application in 2009 "requires" a network 
password to not be complex to be installed?

I'm just glad he's not in the office yet because I would have to rip him to 
shreds.yeah you can call me alice.
On Thu, Dec 17, 2009 at 8:14 AM, David Lum 
mailto:david@nwea.org>> wrote:
A complex password is so easy to create this sentence is one. *Any* properly 
formatted sentence is an adequately complex "password". People see me enter my 
password and ask "how do you remember all that?". A 25 character sentence is 
easier to remember than some bizarre mix of random characters of half the 
length.

Even 17 December 2009 is a complex password - does SQL not allow spaces in 
passwords? You security experts, is "Sr2FDeT2M0hProYMs" a more complex password 
than "There once was a man from Nantucket."? The latter is a 35 character 
password that I'm sure most of you could remember.
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764
From: Sherry Abercrombie [mailto:saber...@gmail.com]
Sent: Thursday, December 17, 2009 5:46 AM

To: NT System Admin Issues
Subject: Re: Thursday Funny Request

A complex password is S easy to create, just look at what is used whenever 
you go to a MS training class:  p...@ssw0rd, or something along those lines.  
Even todays date configured correctly meets the password complexity 
requiremends17December2009.  Sheesh...now I've quit laughing and am 
bordering on being pissed off.
On Thu, Dec 17, 2009 at 7:39 AM, Jon Harris 
mailto:jk.har...@gmail.com>> wrote:
Sounds to me like you have some people working as DBA's that should be watched 
ALL the time to me.

Jon
On Thu, Dec 17, 2009 at 8:37 AM, Sherry Abercrombie 
mailto:saber...@gmail.com>> wrote:
Got this request from on of our DBA's, I'm waiting to respond until after I 
stop laughing hysterically:

Need domain policy temporarly changed on dbaserver to remove requirment for  
Windows complex password, so application can be installed and then the policy 
can be reactivated.


--
Sherry Abercrombie

"Any sufficiently advanced technology is indistinguishable from magic."
Arthur C. Clarke












--
Sherry Abercrombie

"Any sufficiently advanced technology is indistinguishable from magic."
Arthur C. Clarke
Sent from Keller, TX, United States











--
Sherry Abercrombie

"Any sufficiently advanced technology is indistinguishable from magic."
Arthur C. Clarke
Sent from Keller, TX, United States





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: newer laptop and Windows xp

[Kennedy, Jim]

+1 We have to do that here reasonably often.


From: Stephan Barr [mailto:stephanbarr.li...@gmail.com]
Sent: Monday, December 14, 2009 2:34 PM
To: NT System Admin Issues
Subject: Re: newer laptop and Windows xp

XP works fine on SATA it's more likely a BIOS issue as mentioned. You can 
emulate PATA operation; check it out.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Move File shares from one drive to another?

[Kennedy, Jim]

I would use robocopy to copy them over. Then regedit share paths in 
hklm\system\currentcontrolset\services\lanmanserver\shares


From: Bryan Garmon [mailto:bryan.gar...@gmail.com]
Sent: Friday, December 11, 2009 11:50 AM
To: NT System Admin Issues
Subject: Move File shares from one drive to another?

I need to move a few hundred Windows 2003 NTFS file shares from one drive to 
another. Any native command line utilities for doing this? I tried "xcopy /E /F 
/K /O /X /Y" and that appears to have grabbed the ACLs for the files, but it 
didn't recreate the shares on the new drives.

Thoughts?





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: OTish: Weather cam for work

[Kennedy, Jim]

+1 on Axis. We have 6 or 8 of them outside and they are trouble free for a 
couple of years. Only issue is there is a codex or something (don't remember 
for sure what it was) that requires admin rights to install on the desktop.


-Original Message-
From: Phillip Partipilo [mailto:p...@psnet.com] 
Sent: Thursday, December 10, 2009 4:21 PM
To: NT System Admin Issues
Subject: RE: OTish: Weather cam for work

At my last job, we installed one of these on the roof:

http://www.axis.com/products/cam_2130/index.htm

Inside an outdoor weatherproof dome, of course.

Really sweet camera.

Might be overkill.

 
Phillip Partipilo
Parametric Solutions Inc.
Jupiter, Florida
(561) 747-6107
 
 
-Original Message-
From: Webster [mailto:carlwebs...@gmail.com] 
Sent: Thursday, December 10, 2009 4:05 PM
To: NT System Admin Issues
Subject: RE: OTish: Weather cam for work



Yes, you will need 32 ports opened on your FW! :)  Unless the camera is a 
Celsius version.


Webster

> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Thursday, December 10, 2009 2:59 PM
> To: NT System Admin Issues
> Subject: OTish: Weather cam for work
> 
> All,
> 
> We're looking at potentially getting an external cam that puts up
> pictures of the parking lot so that employees can see what the snow
> conditions are in the parking lot. Needs to be weather resistant, of
> course.
> 
> Definitely doesn't need to do more than a picture every minute or so -
> it's not for surveillance.
> 
> Anyone have recommendations on something like that? Any tips on what's
> needed to install it, too?


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~




--
If this email is spam, report it here:
http://www.onlymyemail.com/view/?action=reportSpam&Id=ODEzNjQ6MTAxNzcyMjgxNTpwanBAcHNuZXQuY29t


THIS ELECTRONIC MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL
AND PROPRIETARY PROPERTY OF THE SENDER. THE INFORMATION IS 
INTENDED FOR USE BY THE ADDRESSEE ONLY. ANY OTHER INTERCEPTION,
COPYING, ACCESSING, OR DISCLOSURE OF THIS MESSAGE IS PROHIBITED.
IF YOU HAVE RECEIVED THIS MESSAGE IN ERROR, PLEASE IMMEDIATELY
NOTIFY THE SENDER AND DELETE THIS MAIL AND ALL ATTACHMENTS. DO NOT
FORWARD THIS MESSAGE WITHOUT PERMISSION OF THE SENDER. 



THIS ELECTRONIC MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL
AND PROPRIETARY PROPERTY OF THE SENDER. THE INFORMATION IS 
INTENDED FOR USE BY THE ADDRESSEE ONLY. ANY OTHER INTERCEPTION,
COPYING, ACCESSING, OR DISCLOSURE OF THIS MESSAGE IS PROHIBITED.
IF YOU HAVE RECEIVED THIS MESSAGE IN ERROR, PLEASE IMMEDIATELY
NOTIFY THE SENDER AND DELETE THIS MAIL AND ALL ATTACHMENTS. DO NOT
FORWARD THIS MESSAGE WITHOUT PERMISSION OF THE SENDER. 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Ironport question

[Kennedy, Jim]

Ok, had some more coffee. This is url blocking in email.

Yes, the Ironport is accepting the traffic then blocking it on the machine. 
Outside hosting of email filtering fixes that if it is an issue for you, but 
less control over the system. Pick your poison.


From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
Sent: Thursday, December 10, 2009 11:16 AM
To: NT System Admin Issues
Subject: RE: Ironport question

It is blocking requests from your users to bad websites? Then no, your users 
request www.BadURL.com<http://www.BadURL.com> and the ironport tells them no 
right away. It does not fetch the pages and then tell them no.

Or is it blocking access to your internal website/systems from bad area's? Then 
yes, those requests are crossing your pipe to the net. But it is just the 
request for access, not all of the data. The request gets knocked down before 
that. If you want it knocked down sooner you need your ISP to do it.


From: David W. McSpadden [mailto:dav...@imcu.com]
Sent: Thursday, December 10, 2009 11:11 AM
To: NT System Admin Issues
Subject: Ironport question

Does anyone know if the ironport url blocking appliance blocks the traffic 
prior to it ingressing the network.

I am having bandwidth issues and I see the ironport blocking gigs of requests 
but I have heard that the data comes into the ironport and gets knocked down 
there.
Well that would have already choked my 3MB line to the Internet.  So I am 
confused if I am actually using the gigs of bandwidth just so ironport can 
block??
Does this even make sense??









~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Ironport question

[Kennedy, Jim]

It is blocking requests from your users to bad websites? Then no, your users 
request www.BadURL.com and the ironport tells them no 
right away. It does not fetch the pages and then tell them no.

Or is it blocking access to your internal website/systems from bad area's? Then 
yes, those requests are crossing your pipe to the net. But it is just the 
request for access, not all of the data. The request gets knocked down before 
that. If you want it knocked down sooner you need your ISP to do it.


From: David W. McSpadden [mailto:dav...@imcu.com]
Sent: Thursday, December 10, 2009 11:11 AM
To: NT System Admin Issues
Subject: Ironport question

Does anyone know if the ironport url blocking appliance blocks the traffic 
prior to it ingressing the network.

I am having bandwidth issues and I see the ironport blocking gigs of requests 
but I have heard that the data comes into the ironport and gets knocked down 
there.
Well that would have already choked my 3MB line to the Internet.  So I am 
confused if I am actually using the gigs of bandwidth just so ironport can 
block??
Does this even make sense??





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: VIRUS INSTALLED ON RESTRICTED USER PROFILE

[Kennedy, Jim]

My bet is it didn't. It created it using an elevated service maybe. Or got hit 
it across the network from another machine..that is exactly how conflikr 
works. What virus is it?



From: Murray Freeman [mailto:mfree...@alanet.org]
Sent: Thursday, December 03, 2009 3:55 PM
To: NT System Admin Issues
Subject: VIRUS INSTALLED ON RESTRICTED USER PROFILE

Yesterday, one of my users got infected with a trojan, and since all our users 
are "restricted users", we were trying to figure out if perhaps the computer's 
local administrator permissions allowed this to happen. It turns out that a new 
profile was created named "" with administrative permissions, So, my 
question is how can a virus/trojan create a user while logged in as a 
restricted user?


Murray






~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Startup script security context

[Kennedy, Jim]

Brilliant idea. But change it to 'At  Startup' for the context of how he 
describes when it runs now?


From: Jackson, Jeff [mailto:jeff.jack...@rbza.com]
Sent: Monday, November 30, 2009 1:07 PM
To: NT System Admin Issues
Subject: RE: Startup script security context

How about running the script as a scheduled task? Set the task up on the "At 
logon" schedule. And, of course, use "Run as:" to define the account you want 
it to run as.

Jeff

From: Ken Schaefer [mailto:k...@adopenstatic.com]
Sent: Monday, November 30, 2009 7:59 AM
To: NT System Admin Issues
Subject: RE: Startup script security context

I don't believe that is possible in any supported way. The GPO policy 
processing engine invokes the various extensions for processing each policy, 
and that runs as LocalSystem, and invokes each engine as LocalSystem.

What problem are you trying to solve? It may be possible impersonate another 
user (though probably not safely via script, but your script could invoke 
something else)

Cheers
Ken

From: Christopher Bodnar [mailto:christopher_bod...@glic.com]
Sent: Monday, 30 November 2009 11:37 PM
To: NT System Admin Issues
Subject: Startup script security context

I have a startup script running as part of the local group policy on a server. 
I know it's running in the context of the Local System account. Is there any 
way to modify that to use a different account?

Thanks,









~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Google Wave Invite Available

[Kennedy, Jim]

kennedyjam...@gmail.com please sir.



From: leftongr...@gmail.com [mailto:leftongr...@gmail.com]
Sent: Wednesday, November 25, 2009 9:19 AM
To: NT System Admin Issues
Subject: Re: Google Wave Invite Available

Yay- I have 8 available!
Sent: 2jbr...@gmail.com
(7 now)
Anyone else?

Sent on the Sprint(r) Now Network from my BlackBerry(r)


From: Jeff Brown <2jbr...@gmail.com>
Date: Wed, 25 Nov 2009 07:59:17 -0600
To: NT System Admin Issues
Subject: Re: Google Wave Invite Available

I asked once before and didn't get one.  
2jbr...@gmail.com

Thanks so much.
On Wed, Nov 25, 2009 at 6:41 AM, Kelsay, Mark 
mailto:mark.kel...@confused.com>> wrote:
Jumping in a little late, but I have 5 to give away.  Email me at mkelsay at 
gmail.com and I will send you an invite.


Mark



From: Benjamin Zachary - Lists 
[mailto:li...@levelfive.us]
Sent: 25 November 2009 04:12

To: NT System Admin Issues
Subject: RE: Google Wave Invite Available

Oh yah I guess it would be easier: 
benzach...@gmail.com if that speeds things up

From: Benjamin Zachary - Lists 
[mailto:li...@levelfive.us]
Sent: Tuesday, November 24, 2009 10:57 PM
To: NT System Admin Issues
Subject: RE: Google Wave Invite Available

Id like to get one, tried a couple of other routes but most of them are out :(

Mucho gracias as I stand in line with the rest of the poor folk heh

From: MarvinC [mailto:marv...@gmail.com]
Sent: Tuesday, November 24, 2009 9:24 PM
To: NT System Admin Issues
Subject: Re: Google Wave Invite Available

Got mine! Thanks Jason!
On Tue, Nov 24, 2009 at 4:32 PM, Jason Morris 
mailto:jmor...@mjmc.com>> wrote:
Got Woody and Marvin, now I'm out.

From: MarvinC [mailto:marv...@gmail.com]
Sent: Tuesday, November 24, 2009 2:45 PM

To: NT System Admin Issues
Subject: Re: Google Wave Invite Available

I think this is how I received my first gmail account so if anyone have any 
waves remaining I'd appreciate one and will be sure to pass along any that 
become available to me.

tia
On Tue, Nov 24, 2009 at 2:40 PM, David Lum 
mailto:david@nwea.org>> wrote:
Me me me!

From: Jeff Johnson 
[mailto:jjohn...@hydraflowusa.com]
Sent: Tuesday, November 24, 2009 11:40 AM

To: NT System Admin Issues
Subject: RE: Google Wave Invite Available

Dave, Don, Ken and Joseph.  DONE!

Jeff Johnson
Systems Administrator
714-773-2600 Office
714-773-6351 Fax
[cid:image001.jpg@01CA6DB0.9B6F3A30]

From: David Fernlund 
[mailto:david.fernl...@sarcom.com]
Sent: Tuesday, November 24, 2009 11:32 AM
To: NT System Admin Issues
Subject: RE: Google Wave Invite Available

Yes would be interested in one as well

David Fernlund
david.fernl...@sarcom.com

From: Don Guyer 
[mailto:don.gu...@prufoxroach.com]
Sent: Tuesday, November 24, 2009 11:34 AM
To: NT System Admin Issues
Subject: RE: Google Wave Invite Available

Me three...

Don Guyer
Systems Engineer - Information Services
Prudential, Fox & Roach/Trident Group
431 W. Lancaster Avenue
Devon, PA 19333
Direct: (610) 993-3299
Fax: (610) 650-5306
don.gu...@prufoxroach.com

From: Ken Hoegeman 
[mailto:ken.hoege...@gmail.com]
Sent: Tuesday, November 24, 2009 2:33 PM
To: NT System Admin Issues
Subject: Re: Google Wave Invite Available

Nor would I
On Tue, Nov 24, 2009 at 2:32 PM, Joseph Heaton 
mailto:jhea...@dfg.ca.gov>> wrote:
I wouldn't turn down an invite...

>>> Jason Morris mailto:jmor...@mjmc.com>> 11/24/2009 11:11 
>>> AM >>>
I started a public Wave, maybe we can get together in there and see how it 
might work with collaboration amongst us. Search for: with:public sunbelt

We could also use that for sending out invites, if still needed.

-Original Message-
From: Suhail Muhammed [mailto:smuham...@unicef.org]
Sent: Monday, November 23, 2009 2:59 PM
To: NT System Admin Issues
Subject: Re: Google Wave Invite Available



A bit late...Any more left?

Suhail

|>
| From:  |
|>
 >--|
 |Stefan Jafs mailto:stefan.j...@gmail.com>> 

  |
 >--|
|>
| To:|
|>
 >--|
 |"NT System Admin

RE: Supporting former employer

[Kennedy, Jim]

I think the reply came through pretty quick, it just took Mr. Ziots 9 months to 
type it.  :)



From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Tuesday, November 24, 2009 9:34 AM
To: NT System Admin Issues
Subject: Re: Supporting former employer

Am I losing the plot, or did that reply just take about nine months to come 
through?
2009/11/24 Ziots, Edward mailto:ezi...@lifespan.org>>
Personally,

Consultation would be my choice. You did what any good employee would
do, when leaving, training the next person to take over the position,
which means they are responsible, and not you..

If they need help from you, then its going to have to be after-hours and
a per-hour charge for X number of hours ( Minimum 3 usually)

Z

Edward Ziots
Network Engineer
Lifespan Organization
MCSE,MCSA,MCP+I, ME, CCA, Security +, Network +
ezi...@lifespan.org
Phone:401-639-3505

-Original Message-
From: Chris Blair 
[mailto:chris_bl...@identisys.com]
Sent: Monday, February 23, 2009 12:19 PM
To: NT System Admin Issues
Subject: Supporting former employer

I changed jobs last December and left on good terms with everyone. I
gave my 2-week notice, worked long hours to train the desktop support
person so he could take over my duties. Well I got a call from them
today that the network is down. I know what the issue is and I even
trained the desktop person on how to fix it before I left (and numerous
times before that).



So how would you handle the situation? Would you take the time to fix it
by walking the desktop person through it over the phone? Would you offer
up your services as a consultant?



















~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~



--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

http://raythestray.blogspot.com





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Early OT: Friday Link

[Kennedy, Jim]

It is. It is along the same lines as The Three Wolf Moon T-Shirts on Amazon. 
That one is epic. Although the makers of that shirt are getting rich, it is all 
they make anymore and they can't keep up.

http://www.amazon.com/Mountain-Mens-Three-Short-Sleeve/dp/B002HJ377A



From: Richard Stovall [mailto:richard.stov...@researchdata.com]
Sent: Thursday, November 19, 2009 4:21 PM
To: NT System Admin Issues
Subject: RE: Early OT: Friday Link

Hilarious.  This has the feel of some massive joke.  Maybe this is how you 
Rickroll Amazon by putting up a fake product?

From: Webster [mailto:webs...@carlwebster.com]
Sent: Thursday, November 19, 2009 4:14 PM
To: NT System Admin Issues
Subject: Early OT: Friday Link

http://www.amazon.com/Mobile-Office-WM-01-Laptop-Steering/dp/B000IZGIA8/ref=cm_cr_pr_product_top

Make sure to check out the customer images and read the customer "reviews".  
The "reviews are hilarious.


Webster









~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Lansweeper advice.

[Kennedy, Jim]

I was doing it by adding the below to the users login VBS script. Everything 
else in the script works, and if I manually run the script after logging in it 
works. But not during login. The docs say run it as the user..XP machines 
stall for some time then are ok but it has not run. Win 7 machines stall 
forever then come up with a blank desktop.

But again if I browse to the logon script and double click it as the user it 
fires fine and shows up. All the testing utilities for Lansweeper and their 
knowledgebase ideas come back as ok.

Dim WshNetwork
Set WshShell = CreateObject("WScript.Shell")
WshShell.run "\\domain\netlogon\VBS\Machine\LanSweeper\lsclient.exe 
mylansweeperserver.domain.local",0


From: Bill Songstad [mailto:bsongs...@gmail.com]
Sent: Thursday, November 19, 2009 2:06 PM
To: NT System Admin Issues
Subject: Re: Lansweeper advice.

I can't say anything about how the premium version works, but I had no problems 
executing the lsclient remotely using a couple of two-liner batch files and 
psexec with a domain admin account.

This command triggers the lansweeper client on all the workstations listed in 
C:\pcs.txt which you create and drop somewhere (c:\ 
in this example):

psexec @c:\pcs.txt -u domain\domainadminaccount 
"\\fileserver\share\lansweeper.bat"

Lansweeper.bat has to be put on a share and basically points to the 
lsclient.exe for all the workstations to find and directs them to your 
lansweeper server netbios name.  Mine has just this line:

"\\server\share\lsclient.exe" 
mylansweeperserver

What is more trouble is figuring out how to get it to rescan things after it 
has built the database once.  Finally found that in the Lansweeper 
configuration utility.

-Bill
On Thu, Nov 19, 2009 at 7:31 AM, Kennedy, Jim 
mailto:kennedy...@elyriaschools.org>> wrote:

Ok, I have seen this mentioned many times here so I am looking at it real hard. 
I like it a lot, using the free version I have to have the client execute an 
exe as they log on to 'phone home'. Having a heck of a time getting that to run 
under a user account (non-admin). The pay version uses AD to look up computers 
and poll them, no client side software needed.



I have no desire to fight this for testing when we plan to just do the premium 
version if it passes testing. So the question is those of you using the premium 
AD feature is it pretty trouble free...it finds your machines and reports on 
them ok.



JK










~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Lansweeper advice.

[Kennedy, Jim]

Ok, I have seen this mentioned many times here so I am looking at it real hard. 
I like it a lot, using the free version I have to have the client execute an 
exe as they log on to 'phone home'. Having a heck of a time getting that to run 
under a user account (non-admin). The pay version uses AD to look up computers 
and poll them, no client side software needed.



I have no desire to fight this for testing when we plan to just do the premium 
version if it passes testing. So the question is those of you using the premium 
AD feature is it pretty trouble free...it finds your machines and reports on 
them ok.



JK

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Win 7 logon script (RESOLVED)

[Kennedy, Jim]

I went with the reg hack rather than disable the whole UAC. Opens an exploit 
theoretically but we also run CSA so I think that will keep us good to go.



From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com]
Sent: Wednesday, November 18, 2009 2:27 PM
To: NT System Admin Issues
Subject: RE: Win 7 logon script (RESOLVED)

wwi?
Registry hack did the trick?



From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
Sent: Wednesday, November 18, 2009 2:22 PM
To: NT System Admin Issues
Subject: RE: Win 7 logon script (RESOLVED)
TYVM Carl and David.


From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Wednesday, November 18, 2009 2:16 PM
To: NT System Admin Issues
Subject: RE: Win 7 logon script


Either do share mappings with GP Preferences, or apply this registry hack and 
reboot:



Windows Registry Editor Version 5.00



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]

"EnableLinkedConnections"=dword:0001



Carl



-Original Message-----
From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
Sent: Wednesday, November 18, 2009 2:02 PM
To: NT System Admin Issues
Subject: Win 7 logon script



Having some odities with Windows 7. Just a few of us using it right now. A 
simple VBS script applied to the user via GPO. There is also a my doc's 
redirect in the same GPO that applies and works just fine. But the below script 
does not map drives in Windows 7, yet it does in XP. No errors return from the 
script and if I copy the script to my desktop after logging on and double click 
it the drives map just fine.



And it is not just mappings, there are other items in the script that do not 
run either. I have just shortened it for testing.



Any ideas gang?





Dim objNetwork



Set objNetwork = WScript.CreateObject("WScript.Network")



objNetwork.MapNetworkDrive "S:", "\\server\share1"

objNetwork.MapNetworkDrive "T:", "\\server\share2"

objNetwork.MapNetworkDrive "U:", "\\server\share3"

objNetwork.MapNetworkDrive "V:", "\\server\share4"



~ Finally, powerful endpoint security that ISN'T a resource hog! ~

~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~















~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Win 7 logon script (RESOLVED)

[Kennedy, Jim]

TYVM Carl and David.


From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Wednesday, November 18, 2009 2:16 PM
To: NT System Admin Issues
Subject: RE: Win 7 logon script


Either do share mappings with GP Preferences, or apply this registry hack and 
reboot:



Windows Registry Editor Version 5.00



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]

"EnableLinkedConnections"=dword:0001



Carl



-Original Message-----
From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
Sent: Wednesday, November 18, 2009 2:02 PM
To: NT System Admin Issues
Subject: Win 7 logon script



Having some odities with Windows 7. Just a few of us using it right now. A 
simple VBS script applied to the user via GPO. There is also a my doc's 
redirect in the same GPO that applies and works just fine. But the below script 
does not map drives in Windows 7, yet it does in XP. No errors return from the 
script and if I copy the script to my desktop after logging on and double click 
it the drives map just fine.



And it is not just mappings, there are other items in the script that do not 
run either. I have just shortened it for testing.



Any ideas gang?





Dim objNetwork



Set objNetwork = WScript.CreateObject("WScript.Network")



objNetwork.MapNetworkDrive "S:", "\\server\share1"

objNetwork.MapNetworkDrive "T:", "\\server\share2"

objNetwork.MapNetworkDrive "U:", "\\server\share3"

objNetwork.MapNetworkDrive "V:", "\\server\share4"



~ Finally, powerful endpoint security that ISN'T a resource hog! ~

~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~







~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Win 7 logon script

[Kennedy, Jim]

Having some odities with Windows 7. Just a few of us using it right now. A 
simple VBS script applied to the user via GPO. There is also a my doc's 
redirect in the same GPO that applies and works just fine. But the below script 
does not map drives in Windows 7, yet it does in XP. No errors return from the 
script and if I copy the script to my desktop after logging on and double click 
it the drives map just fine.

And it is not just mappings, there are other items in the script that do not 
run either. I have just shortened it for testing.

Any ideas gang?


Dim objNetwork

Set objNetwork = WScript.CreateObject("WScript.Network")

objNetwork.MapNetworkDrive "S:", "\\server\share1"
objNetwork.MapNetworkDrive "T:", "\\server\share2"
objNetwork.MapNetworkDrive "U:", "\\server\share3"
objNetwork.MapNetworkDrive "V:", "\\server\share4"

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Windows 7 Mouse Hover to Click

[Kennedy, Jim]

Gotta be. I have several Win 7 boxes and have never seen this.


From: Steven M. Caesare [mailto:scaes...@caesare.com]
Sent: Tuesday, November 17, 2009 10:33 AM
To: NT System Admin Issues
Subject: RE: Windows 7 Mouse Hover to Click

H my Win7 boxen don't do that.

Any chance this is a mouse/touchpad driver feature?

-sc

From: Steve Kelsay [mailto:kels...@sctax.org]
Sent: Tuesday, November 17, 2009 10:22 AM
To: NT System Admin Issues
Subject: Windows 7 Mouse Hover to Click

Am I the only one that hates this feature? It seems like such a security 
nightmare, where users will hover over a popup to read it ,and the hover-click 
feature will automatically execute it. (Honest, I never downloaded that porn, 
it just clicked itself! And they are right. )

How to disable it? I see on Google lots about setting the hover time to 0, but 
there are warnings against doing that. What is the best way to disable this 
feature?











~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Not wanting to be a spammer

[Kennedy, Jim]

That won't fix PTR issues if the IP's are owned by the ISP, they are 
authoritative for the records on the IP address space.


From: Kim Longenbaugh [mailto:k...@colonialsavings.com]
Sent: Tuesday, November 17, 2009 9:36 AM
To: NT System Admin Issues
Subject: RE: Not wanting to be a spammer

Start hosting your own DNS and cut out that middleman.


From: David W. McSpadden [mailto:dav...@imcu.com]
Sent: Tuesday, November 17, 2009 8:21 AM
To: NT System Admin Issues
Subject: Re: Not wanting to be a spammer

They either won't or don't know how but it is an avenue I can never get them to 
understand.

From: Richard Stovall
Sent: Tuesday, November 17, 2009 9:00 AM
To: NT System Admin Issues
Subject: RE: Not wanting to be a spammer

The reverse lookup (PTR record) is created by the ISP that actually assigns the 
ip address space you use.  You'll need to ask them to create one for you.

From: David W. McSpadden [mailto:dav...@imcu.com]
Sent: Tuesday, November 17, 2009 8:51 AM
To: NT System Admin Issues
Subject: Not wanting to be a spammer

I have an email mailer I am supposed to send out.
It is going to 12000 customers that have asked to be notified by email.
I got that script late last week and I have it set up to run from my machine, 
relay off my exchange server, through my Ironport, and out my firewall.
I do not host the mail at imcu.com and that is the address space I want to sent 
it from.  In testing yesterday it seems that everyone will flag me
as a spammer because the email source can not be reverse looked up properly.  
Now I do own a second domain.  imcu.org and I do have an MX record that points 
to my
firewall.  This seems to be the better way to do it.  Have it come from 
x...@imcu.org but have a reply to of 
x...@imcu.com.
I do host the imcu.org mail server internally so I could just relay off that 
smtp server through the ironport and out the firewall with little or no worries 
of getting blacklisted.

Right???
Am I even close to thinking this through correctly??

















~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: To All my fellow Vets.....Happy Veterans' Day!

[Kennedy, Jim]

Veteran refers to someone that has served active duty. That is my definition 
anyway, and I think it is pretty much the common accepted definition. 180 days 
of active duty is the benchmark from the Feds for many 'Veteran' benefits.

I am NOT belittling a reservist, they make huge sacrifices themselves and as 
the last 9 years have proven they can go active a lot. I hold them in the same 
high regard as active duty. Just different terms to describe who they are.



From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, November 11, 2009 9:30 AM
To: NT System Admin Issues
Subject: RE: To All my fellow Vets.Happy Veterans' Day!

Can someone please define "Veteran" for me - it means at some point being 
full-time military and 8 years of just reserves or NG doesn't count, right? 
Sometimes the topic of veteran comes up and my wife and I have a little 
discussion, but there's no way it's the same because part time mean you don't 
have to deal with most of the same issues the real servicemen go through. The 
only "real" thing about NG/Reserves is the 16 weeks of basic training and 
getting to blow stuff up a few times a year if you're 11C (mortars). Oh, and 
MRE's one weekend a month and two weeks a year. Driving Gama Goats too, but now 
I digress...

Anyhow, happy Veteran's day to those of you who had to put up with true 
hardship in terms of sacrificing civilian life among other things! My dad was 
regular Army - arty - for the Vietnam years (two tours!) and then NG afterward. 
A brother went full time for many years too, crazy bastages.

I could never get myself to go full-time, but I sure as hell appreciate those 
that do.

Dave Lum
ARNG, 1983 -1991, E5 (11C)
 41st IB, Oregon

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Wednesday, November 11, 2009 6:06 AM
To: NT System Admin Issues
Subject: Re: To All my fellow Vets.Happy Veterans' Day!

Happy Veterans Day.


US ARMY, 1987-1991, SPC/E4 (52D)
12th Engineering Battalion, Dexheim, Germany

ASB (My XeeSM Profile)
Providing Competitive Advantage through Effective IT Leadership

On Wed, Nov 11, 2009 at 8:16 AM, Todd Lemmiksoo 
mailto:tlemmik...@all-mode.com>> wrote:

Remember, Never forget!

Kurt.I'm not a Marine, Army, I fought along side the Marines in Vietnam. 
Was their artillery support recon.

Todd Lemmiksoo
Network Administrator

All-Mode Communications, Inc.
1725 Dryden Road
Freeville, New York  13068
(607) 347-4164 x440
1-877-ALLMODE  (toll free)
http://www.all-mode.com














~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: INTERNET SLOWNESS

[Kennedy, Jim]

Advertising Agency, I can't begin to describe it. You had a problem with 
YouTube, they didn't care if the staff used YouPorn. I got yelled at for 
deleting 10 gigs of pirated music off a server..

From: Jon Harris [mailto:jk.har...@gmail.com]
Sent: Tuesday, November 10, 2009 11:04 AM
To: NT System Admin Issues
Subject: Re: INTERNET SLOWNESS

A bonded T1 for 50 users?  My previous gig we only had one T1 for that many and 
until the users started pulling UTube during the day it was more than enough.  
After that the pipe was full and everyone complained.

Good luck,

Jon
On Tue, Nov 10, 2009 at 10:57 AM, John Aldrich 
mailto:jaldr...@blueridgecarpet.com>> wrote:
Try looking at the T1 router to see if there are any errors on the line. Try 
going to somewhere like speedtest.net and run an 
internet speed test.  Finally call your internet provider and see if there are 
any errors or alarms on your line. Also, you might want to make sure someone 
hasn't plugged in a switch to itself or into two different network jacks. We 
had a situation like that a couple times earlier this year and it brought our 
network to a crawl.

[cid:image001.jpg@01CA6200.C2B1BA70][cid:image002@01ca6200.c2b1ba70]

From: Murray Freeman [mailto:mfree...@alanet.org]
Sent: Tuesday, November 10, 2009 10:45 AM

To: NT System Admin Issues
Subject: INTERNET SLOWNESS

Good Morning. I'm trying to determine the cause of internet access slowness 
here. We are a small organization of fewer than 40 employees, and use a bonded 
T1 line (3.0) for internet access. Our staff has complained about internet 
access slowness to me and I've suggested tha the problem is with the Internet, 
not our access. We are not budgeted to increase our access, and I'm not sure 
that that is the answer. Using Internet Explorer 8, I can see by the status bar 
at the bottom the message "waiting" and the url involved. Am I missing 
something here? Are there some things I can do to speed up internet access, or 
is the Internet just too clogged with activity?


Murray






No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.425 / Virus Database: 270.14.59/2494 - Release Date: 11/10/09 
07:38:00










~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<><>

RE: INTERNET SLOWNESS

[Kennedy, Jim]

To dovetail on the below  http://www.speedtest.net/  is a good place to test 
from. You can pick points all over the world and see what you get.

FWIW I had a bonded T1 at a 50 user office, it was not enough. It was 
saturated. HOWEVER, these were heavy surfers and downloaders, an advertising 
agency.



From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org]
Sent: Tuesday, November 10, 2009 10:53 AM
To: NT System Admin Issues
Subject: Re: INTERNET SLOWNESS


There's a chance you no longer have bonded T1's...

Go online to find connection testers.  See if your bandwidth is 1000 - 1500 
rather than approaching 3000.  This would indicate a failed T1 somewhere.

Then, check your services router (where the two T1's connect), then possibly 
the building's NetPOP to check for lights.

When this happened to us a few months back, we lucked out.  The break was a bad 
cable between the wall jack and the router.  (What we were dreading was to find 
that the long long cable between our server room and the building NetPOP was 
broken - that would have been slow and expensive to replace!)
--
Richard D. McClary
Systems Administrator, Information Technology Group

ASPCA(r)
1717 S. Philo Rd, Ste 36
Urbana, IL  61802

richardmccl...@aspca.org

P: 217-337-9761
C: 217-417-1182
F: 217-337-9761
www.aspca.org


The information contained in this e-mail, and any attachments hereto, is from 
The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and 
is intended only for use by the addressee(s) named herein and may contain 
legally privileged and/or confidential information. If you are not the intended 
recipient of this e-mail, you are hereby notified that any dissemination, 
distribution, copying or use of the contents of this e-mail, and any 
attachments hereto, is strictly prohibited. If you have received this e-mail in 
error, please immediately notify me by reply email and permanently delete the 
original and any copy of this e-mail and any printout thereof.


"Murray Freeman"  wrote on 11/10/2009 09:44:57 AM:

> Good Morning. I'm trying to determine the cause of internet access
> slowness here. We are a small organization of fewer than 40
> employees, and use a bonded T1 line (3.0) for internet access. Our
> staff has complained about internet access slowness to me and I've
> suggested tha the problem is with the Internet, not our access. We
> are not budgeted to increase our access, and I'm not sure that that
> is the answer. Using Internet Explorer 8, I can see by the status
> bar at the bottom the message "waiting" and the url involved. Am I
> missing something here? Are there some things I can do to speed up
> internet access, or is the Internet just too clogged with activity?
>
> Murray
>
>
>





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: [LIST ADMIN MESSAGE] r.gri...@wind.blackberry.com

[Kennedy, Jim]

This guy  has sent 6 NDR's from is crackberry to me so far. It may be a clue to 
the list errors or it could be someone that needs to be unsubscribed.


From: Sam Cayze [sam.ca...@rollouts.com]
Sent: Friday, October 30, 2009 6:32 PM
To: NT System Admin Issues
Cc: s...@sunbelt-software.com
Subject: RE: [LIST ADMIN MESSAGE]  Your membership on ntsysadmin has been put 
on hold

I'm getting NDRs from Lyris now:

From: postmas...@wind.blackberry.com
Your message:
To: r.gri...@wind.blackberry.com
Subject: FW: Your membership on ntsysadmin has been put on hold
Sent Date: 01:06 + has not been delivered to the recipient's
BlackBerry Handheld.


Sam




-Original Message-
From: Stu Sjouwerman [mailto:s...@sunbelt-software.com]
Sent: Friday, October 30, 2009 3:04 PM
To: NT System Admin Issues
Subject: [LIST ADMIN MESSAGE] Your membership on ntsysadmin has been put
on hold

Hi All,  Lyris apparently had a hiccup

Everyone got a "relay denied" that is reporting this problem.
Every single one of these people had a DNS lookup failure by Lyris (the
hiccup).
When this hiccup occurred, Lyris started using mxs1.fides.com
(66.45.246.210)
as the mail server, which denied relay. According to information, it all
goes back
to http://www.telnetcom.us/

I'm wondering if this was some sort of routing problem on the 28th of
October, but
that's when everyone's emails failed to deliver. It seem to occur in the
morning all
the way through the afternoon on that day until things started working
again. Not
sure why everyone just now got the hold messages. We will open a support
ticket
with Lyris on this.

Warm regards,

Stu Sjouwerman
Founder, VP Marketing.
P: +1-727-562-0101 ext 218
F: +1-727-562-5199
s...@sunbelt-software.com



-Original Message-
From: Free, Bob [mailto:r...@pge.com]
Sent: Friday, October 30, 2009 3:30 PM
To: NT System Admin Issues
Subject: RE: Your membership on ntsysadmin has been put on hold

+ whatever. I could see some activity in gmail but my work account has
been barren since Wed.

The sendmail guys insist it isn't anything here so could it have been
satan? Or just that friggin lyris thing I keep hearing about? LOL

-Original Message-
From: Phillip Partipilo [mailto:p...@psnet.com]
Sent: Friday, October 30, 2009 11:56 AM
To: NT System Admin Issues
Subject: RE: Your membership on ntsysadmin has been put on hold

Oddly enough I didn't get one.  Isn't it weird, how, if you step back a
bit,
and look at our reliance on this list, how much of a tragedy it is when
you
aren't receiving emails from it? :-)


Phillip Partipilo
Parametric Solutions Inc.
Jupiter, Florida
(561) 747-6107



-Original Message-
From: Wulff Jr, Ronald J. [mailto:rwu...@reedsmith.com]
Sent: Friday, October 30, 2009 11:21 AM
To: NT System Admin Issues
Subject: RE: Your membership on ntsysadmin has been put on hold



Same here.  I wasn't bouncing any and none showed up in the spam
filters.  I am assuming it was just a glitch



-Original Message-
From: Scott Schneider [mailto:sschnei...@inscapesolutions.com]
Sent: Friday, October 30, 2009 11:03 AM
To: NT System Admin Issues
Subject: RE: Your membership on ntsysadmin has been put on hold

No fluke I got it too. Checked my mail server and didn't see any bounced
emails. Lyris is suspect I think

-Original Message-
From: Sam Cayze [mailto:sam.ca...@rollouts.com]
Sent: October-30-09 11:00 AM
To: NT System Admin Issues
Subject: FW: Your membership on ntsysadmin has been put on hold

Didn't get any emails from Lyris for about 4 days, now this.  Now I am
back on.

Is this a Fluke?  So, what did I miss?

Sam




-Original Message-
From: Lyris ListManager
[mailto:lyris-nore...@lyris.sunbelt-software.com]
Sent: Friday, October 30, 2009 2:00 AM
To: Sam Cayze
Subject: Your membership on ntsysadmin has been put on hold


This email message is to notify you that your membership to ntsysadmin
has been put on "hold".

This means that you will not receive mail from 'ntsysadmin'.

Your subscription has been held because at least 30 recent messages have
been either bounced by your email system, or could not be delivered at
all.

Your membership can be restored to "normal", by sending the command
"unhold"
to ly...@lyris.sunbelt-software.com

Note that if your email address continues to reject mail your
subscription will once again be "held".

You may want to contact the people responsible for your electronic mail
to determine why your email address has been having trouble.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

* * *

This E-mail, along with any attachments, is considered confidential and
may
well be legally privileged. If you have received it in error, you are on
notice of its status. Please 

RE: Smartboard Software Recommendations

[Kennedy, Jim]

It does. One key and it is wide open to install anywhere you want per the 
license. We can even let students or staff install it at home if they want, the 
license specifically mentions that.  They want to sell smartboards not software 
is the impression I have from how they have it set up. So the more they get 
people in an organization using the software the more likely that org will buy 
more boards.


From: Joe Tinney [mailto:jtin...@lastar.com]
Sent: Friday, October 30, 2009 2:28 PM
To: NT System Admin Issues
Subject: RE: Smartboard Software Recommendations

laptops if the licensing and deployment options allow for that easily and 
affordably



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Smartboard Software Recommendations

[Kennedy, Jim]

We too have dedicated machines for the screens but what happens is they want to 
make presentations on their own computer so they want the software on it to 
create then they show it on the dedicated machines.



From: Kevin Lundy [mailto:klu...@gmail.com]
Sent: Friday, October 30, 2009 2:26 PM
To: NT System Admin Issues
Subject: Re: Smartboard Software Recommendations

Just curious - are users needing it for laptops they bring into a room?  Or is 
there some functionality I may have missed?

We have a dedicated computer in each conference room, so we install it there.
On Fri, Oct 30, 2009 at 2:20 PM, Kennedy, Jim 
mailto:kennedy...@elyriaschools.org>> wrote:
Sorry, didn't answer the deploy issue.

We deploy software that requires admin privs via a web page. We put the install 
up on a share, then use Wingnut Software's RUNas utility to run it with an 
elevated account. Anyone wants the software they go there and click the 
download. The RunAs was a real deal...like a hundred bucks or so for a our 
whole domain. JoeWare also has a free version but I like Wingnut's because it 
is encrypted.



From: Kennedy, Jim
Sent: Friday, October 30, 2009 2:17 PM

To: NT System Admin Issues
Subject: RE: Smartboard Software Recommendations

If you bought a SMART brand then you got a license for Smart Notebook and that 
is what I would recommend. We are edu but the software is not at all specific 
to edu needs. It will do a good job for you and we have found it to be very 
stable and dependable. Just turn off the automatic updates when you install it. 
The nags for none admin users will drive them crazy, they update the software 
10 or 15 times a day. Ok, not that much but it seems like it.



From: Joe Tinney [mailto:jtin...@lastar.com<mailto:jtin...@lastar.com>]
Sent: Friday, October 30, 2009 2:14 PM
To: NT System Admin Issues
Subject: OT: Smartboard Software Recommendations

Guys and gals,
I'm looking for suggestions/options on smartboard software. 
I've been tasked with the planning (on the IT side of things) on how to 
implement two smart boards, a SMART brand mobile board and a wall mounted 
Promethean board. I am a total n00b to this so any general pointers would be 
great as well. The equipment has already been purchased but the software has 
not.

A few general questions:

1)  What is everyone using for software? (the free version, pay for 
version, etc)

2)  Is there 'universal' software that can be used? (looking to only have 
to deploy one package instead of 2)

3)  Are there any good/great 3rd party products that can be used to enhance 
this in a business environment?

4)  Does anyone have any experience deploying the software required for 
Promethean and SMART boards that doesn't involve the use of the sneakernet and 
user interaction?

It looks like this technology is primarily used in an educational environment. 
We are not an educational facility and our goal is to use these to enhance 
business meetings and presentations. Any information that you have to 
contribute from that angle would be great.

Thanks in advance,
Joe














~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Smartboard Software Recommendations

[Kennedy, Jim]

Sorry, didn't answer the deploy issue.

We deploy software that requires admin privs via a web page. We put the install 
up on a share, then use Wingnut Software's RUNas utility to run it with an 
elevated account. Anyone wants the software they go there and click the 
download. The RunAs was a real deal...like a hundred bucks or so for a our 
whole domain. JoeWare also has a free version but I like Wingnut's because it 
is encrypted.



From: Kennedy, Jim
Sent: Friday, October 30, 2009 2:17 PM
To: NT System Admin Issues
Subject: RE: Smartboard Software Recommendations

If you bought a SMART brand then you got a license for Smart Notebook and that 
is what I would recommend. We are edu but the software is not at all specific 
to edu needs. It will do a good job for you and we have found it to be very 
stable and dependable. Just turn off the automatic updates when you install it. 
The nags for none admin users will drive them crazy, they update the software 
10 or 15 times a day. Ok, not that much but it seems like it.



From: Joe Tinney [mailto:jtin...@lastar.com]
Sent: Friday, October 30, 2009 2:14 PM
To: NT System Admin Issues
Subject: OT: Smartboard Software Recommendations

Guys and gals,
I'm looking for suggestions/options on smartboard software. 
I've been tasked with the planning (on the IT side of things) on how to 
implement two smart boards, a SMART brand mobile board and a wall mounted 
Promethean board. I am a total n00b to this so any general pointers would be 
great as well. The equipment has already been purchased but the software has 
not.

A few general questions:

1)  What is everyone using for software? (the free version, pay for 
version, etc)

2)  Is there 'universal' software that can be used? (looking to only have 
to deploy one package instead of 2)

3)  Are there any good/great 3rd party products that can be used to enhance 
this in a business environment?

4)  Does anyone have any experience deploying the software required for 
Promethean and SMART boards that doesn't involve the use of the sneakernet and 
user interaction?

It looks like this technology is primarily used in an educational environment. 
We are not an educational facility and our goal is to use these to enhance 
business meetings and presentations. Any information that you have to 
contribute from that angle would be great.

Thanks in advance,
Joe





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Smartboard Software Recommendations

[Kennedy, Jim]

If you bought a SMART brand then you got a license for Smart Notebook and that 
is what I would recommend. We are edu but the software is not at all specific 
to edu needs. It will do a good job for you and we have found it to be very 
stable and dependable. Just turn off the automatic updates when you install it. 
The nags for none admin users will drive them crazy, they update the software 
10 or 15 times a day. Ok, not that much but it seems like it.



From: Joe Tinney [mailto:jtin...@lastar.com]
Sent: Friday, October 30, 2009 2:14 PM
To: NT System Admin Issues
Subject: OT: Smartboard Software Recommendations

Guys and gals,
I'm looking for suggestions/options on smartboard software. 
I've been tasked with the planning (on the IT side of things) on how to 
implement two smart boards, a SMART brand mobile board and a wall mounted 
Promethean board. I am a total n00b to this so any general pointers would be 
great as well. The equipment has already been purchased but the software has 
not.

A few general questions:

1)  What is everyone using for software? (the free version, pay for 
version, etc)

2)  Is there 'universal' software that can be used? (looking to only have 
to deploy one package instead of 2)

3)  Are there any good/great 3rd party products that can be used to enhance 
this in a business environment?

4)  Does anyone have any experience deploying the software required for 
Promethean and SMART boards that doesn't involve the use of the sneakernet and 
user interaction?

It looks like this technology is primarily used in an educational environment. 
We are not an educational facility and our goal is to use these to enhance 
business meetings and presentations. Any information that you have to 
contribute from that angle would be great.

Thanks in advance,
Joe





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Your membership on ntsysadmin has been put on hold

[Kennedy, Jim]

It's a little broke. For me a few weeks ago it was a single failure and it 
wasn't a permanent failure it was a time out on my receiving MTA it got bogged 
down. The list took me off for that one transient failure. I finally got a hold 
of Stu and hooked me up the admin and they had me going again in a matter of 
minutes.

As for what you missed, we solved world hunger, energy issues, world peace and 
a few other global issues.



-Original Message-
From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Friday, October 30, 2009 11:00 AM
To: NT System Admin Issues
Subject: FW: Your membership on ntsysadmin has been put on hold

Didn't get any emails from Lyris for about 4 days, now this.  Now I am
back on.

Is this a Fluke?  So, what did I miss?

Sam


 

-Original Message-
From: Lyris ListManager
[mailto:lyris-nore...@lyris.sunbelt-software.com] 
Sent: Friday, October 30, 2009 2:00 AM
To: Sam Cayze
Subject: Your membership on ntsysadmin has been put on hold


This email message is to notify you that your membership to ntsysadmin
has been put on "hold".

This means that you will not receive mail from 'ntsysadmin'.

Your subscription has been held because at least 30 recent messages have
been either bounced by your email system, or could not be delivered at
all.

Your membership can be restored to "normal", by sending the command
"unhold"
to ly...@lyris.sunbelt-software.com

Note that if your email address continues to reject mail your
subscription will once again be "held".

You may want to contact the people responsible for your electronic mail
to determine why your email address has been having trouble.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Directory not shared.....but already shared?

[Kennedy, Jim]

Also a handy key to remember if you are rebuilding a server that has a boatload 
of shares...export the key and import it into the new server.


From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, October 27, 2009 1:49 PM
To: NT System Admin Issues
Subject: RE: Directory not shared.but already shared?

+1

If not there, do a registry search for the share name.

From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
Sent: Tuesday, October 27, 2009 10:37 AM
To: NT System Admin Issues
Subject: RE: Directory not shared.but already shared?

Can you hit the share via \\servername?  What do you see 
in computer management under shares?  Might help to remove it from the 
registry...HKLM\System\CurrentcontrolSet\Services\Lanmanserver\Shares



From: David [mailto:blazer...@gmail.com]
Sent: Tuesday, October 27, 2009 1:29 PM
To: NT System Admin Issues
Subject: Directory not shared.but already shared?

I restored a data directory to a new server (SBS).  It does not show in the 
file tree as shared.  But, when I attempt to share it, it says it is already 
shared under that name.  And, in addition, permissions have been a bit funky.  
I can't find the specific enough Google terms to troubleshoot this -- anyone 
seen that behavior?

Thanks,

David













~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Directory not shared.....but already shared?

[Kennedy, Jim]

Can you hit the share via \\servername?  What do you see 
in computer management under shares?  Might help to remove it from the 
registry...HKLM\System\CurrentcontrolSet\Services\Lanmanserver\Shares



From: David [mailto:blazer...@gmail.com]
Sent: Tuesday, October 27, 2009 1:29 PM
To: NT System Admin Issues
Subject: Directory not shared.but already shared?

I restored a data directory to a new server (SBS).  It does not show in the 
file tree as shared.  But, when I attempt to share it, it says it is already 
shared under that name.  And, in addition, permissions have been a bit funky.  
I can't find the specific enough Google terms to troubleshoot this -- anyone 
seen that behavior?

Thanks,

David





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Ammo for apple mac sales pitch

[Kennedy, Jim]

Mr. Baker is 169 percent correct, and said it the best out of everyone that was 
going in this direction.


From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Friday, October 23, 2009 9:14 AM
To: NT System Admin Issues
Subject: Re: Ammo for apple mac sales pitch



Simply start off the meeting with the statement that you're eager to bring in 
anything to the organization that improves productivity, reduces cost or 
overhead, or otherwise helps the bottom-line.  Double kudos if it improves the 
top-line in some way.





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Ammo for apple mac sales pitch

[Kennedy, Jim]

Just to echo and expand on what some others have said...you should remain 
focused on making the rep prove how these Macs are going to help the company 
make more money or make its users be more efficient.

Besides training you consider the training for the users.that is actually a 
bigger issue and their lost productivity.




From: Glen Johnson [mailto:gjohn...@vhcc.edu]
Sent: Thursday, October 22, 2009 7:24 PM
To: NT System Admin Issues
Subject: Ammo for apple mac sales pitch

Our boss wants my assistant and me to meet with a rep who wants us to put in 
some macs.
We are a %100 windows shop, no mac experience and with only two of us, we 
really don't want any more added to our overloaded plates.
Other than the cost to train one or both of us, cost for some centralized 
patching, centralized management, what other reasons can yall recommend we use 
to prevent this from happening.
I don't want to be dishonest with him, but I would hate to see this dumped on 
us without us presenting all the valid reasons we can come up with.
We have a windows 2008 domain and I think you have to turn on some less secure 
authentication in the domain to allow them to login.  Anyone know if that is 
correct?
What about centralized password policies, screen savers, and such?
Thanks for any ammo anyone cares to provide.





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Constantly getting locked of 2003 domain

[Kennedy, Jim]

Those random letter strings at the bottom are not good. This worm usually 
blocks most of the anti-virus websites. See if you can get to trendmicro.com or 
mcafee or symantec. Or hit this link and see if you can see their logo's

http://www.confickerworkinggroup.org/infection_test/cfeyechart.html

Can you just fdisk this machine, or is it mission critical?


From: Jason Morris [jmor...@mjmc.com]
Sent: Tuesday, October 20, 2009 4:46 PM
To: NT System Admin Issues
Subject: RE: Constantly getting locked of 2003 domain

Sorry, missed CurrentVersion

[cid:image002.png@01CA519C.8D4C8230]

From: Jimmy Tran [mailto:jt...@teachtci.com]
Sent: Tuesday, October 20, 2009 3:33 PM
To: NT System Admin Issues
Subject: RE: Constantly getting locked of 2003 domain

This is what I get which looks normal:



[cid:image003.png@01CA519C.8D4C8230]

Jimmy

From: Jason Morris [mailto:jmor...@mjmc.com]
Sent: Tuesday, October 20, 2009 1:10 PM
To: NT System Admin Issues
Subject: RE: Constantly getting locked of 2003 domain

That���s because Conficker runs as the Network Services Account.

Look under:
HKLM\Software\Microsoft\Windows NT\SVCHost\NETSVCS and see if there is any 
gobbledygook at the bottom of the entries. Th�s your DLL that is running 
under Windows\System32.



From: Jimmy Tran [mailto:jt...@teachtci.com]
Sent: Tuesday, October 20, 2009 3:08 PM
To: NT System Admin Issues
Subject: RE: Constantly getting locked of 2003 domain

No services running under my account when logged in as a different user.
Jimmy


From: Roger Wright [mailto:rhw...@gmail.com]
Sent: Tuesday, October 20, 2009 1:06 PM
To: NT System Admin Issues
Subject: Re: Constantly getting locked of 2003 domain

Any services running under your account with an old password?


Roger Wright
___

Sent from Tampa, FL, United States
On Tue, Oct 20, 2009 at 4:00 PM, Jimmy Tran 
mailto:jt...@teachtci.com>> wrote:
Every 5 minutes or so, I get lock out of our domain.  I ran EventCombMT and 
traced it back to a specific machine.  Does anyone have any suggestions on what 
I can do to figure out what program/service is attempting to contact the DC 
with an incorrect password?�ve been dealing with this all morning and it is 
driving me crazy.


Windows 2003 Domain
Windows XP SP3 machine

Thanks,

Jimmy


















--

The pages accompanying this email transmission contain information from MJMC, 
Inc., which

is confidential and/or privileged. The information is to be for the use of the 
individual

or entity named on this cover sheet. If you are not the intended recipient, you 
are

hereby notified that any disclosure, dissemination, distribution, or copying of 
this

communication is strictly prohibited. If you received this transmission in 
error, please

immediately notify us by telephone so that we can arrange for the retrieval of 
the original

document.









--
The pages accompanying this email transmission contain information from MJMC, 
Inc., which
is confidential and/or privileged. The information is to be for the use of the 
individual
or entity named on this cover sheet. If you are not the intended recipient, you 
are
hereby notified that any disclosure, dissemination, distribution, or copying of 
this
communication is strictly prohibited. If you received this transmission in 
error, please
immediately notify us by telephone so that we can arrange for the retrieval of 
the original
document.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Constantly getting locked of 2003 domain

[Kennedy, Jim]

And while you are tracking this down, change your password to something very 
strong if it isn't already. It is running a dictionary attack against your 
account and if it gets it all heck is going to break loose. It will use your 
credentials to infect every machine it can find.


From: Kennedy, Jim
Sent: Tuesday, October 20, 2009 4:12 PM
To: NT System Admin Issues
Subject: RE: Constantly getting locked of 2003 domain

+1 on Conficker



From: Jason Morris [mailto:jmor...@mjmc.com]
Sent: Tuesday, October 20, 2009 4:10 PM
To: NT System Admin Issues
Subject: RE: Constantly getting locked of 2003 domain

That's because Conficker runs as the Network Services Account. :)

Look under:
HKLM\Software\Microsoft\Windows NT\SVCHost\NETSVCS and see if there is any 
gobbledygook at the bottom of the entries. That's your DLL that is running 
under Windows\System32.



From: Jimmy Tran [mailto:jt...@teachtci.com]
Sent: Tuesday, October 20, 2009 3:08 PM
To: NT System Admin Issues
Subject: RE: Constantly getting locked of 2003 domain

No services running under my account when logged in as a different user.
Jimmy


From: Roger Wright [mailto:rhw...@gmail.com]
Sent: Tuesday, October 20, 2009 1:06 PM
To: NT System Admin Issues
Subject: Re: Constantly getting locked of 2003 domain

Any services running under your account with an old password?


Roger Wright
___

Sent from Tampa, FL, United States
On Tue, Oct 20, 2009 at 4:00 PM, Jimmy Tran 
mailto:jt...@teachtci.com>> wrote:
Every 5 minutes or so, I get lock out of our domain.  I ran EventCombMT and 
traced it back to a specific machine.  Does anyone have any suggestions on what 
I can do to figure out what program/service is attempting to contact the DC 
with an incorrect password? I've been dealing with this all morning and it is 
driving me crazy.


Windows 2003 Domain
Windows XP SP3 machine

Thanks,

Jimmy


















--

The pages accompanying this email transmission contain information from MJMC, 
Inc., which

is confidential and/or privileged. The information is to be for the use of the 
individual

or entity named on this cover sheet. If you are not the intended recipient, you 
are

hereby notified that any disclosure, dissemination, distribution, or copying of 
this

communication is strictly prohibited. If you received this transmission in 
error, please

immediately notify us by telephone so that we can arrange for the retrieval of 
the original

document.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Constantly getting locked of 2003 domain

[Kennedy, Jim]

+1 on Conficker



From: Jason Morris [mailto:jmor...@mjmc.com]
Sent: Tuesday, October 20, 2009 4:10 PM
To: NT System Admin Issues
Subject: RE: Constantly getting locked of 2003 domain

That's because Conficker runs as the Network Services Account. :)

Look under:
HKLM\Software\Microsoft\Windows NT\SVCHost\NETSVCS and see if there is any 
gobbledygook at the bottom of the entries. That's your DLL that is running 
under Windows\System32.



From: Jimmy Tran [mailto:jt...@teachtci.com]
Sent: Tuesday, October 20, 2009 3:08 PM
To: NT System Admin Issues
Subject: RE: Constantly getting locked of 2003 domain

No services running under my account when logged in as a different user.
Jimmy


From: Roger Wright [mailto:rhw...@gmail.com]
Sent: Tuesday, October 20, 2009 1:06 PM
To: NT System Admin Issues
Subject: Re: Constantly getting locked of 2003 domain

Any services running under your account with an old password?


Roger Wright
___

Sent from Tampa, FL, United States
On Tue, Oct 20, 2009 at 4:00 PM, Jimmy Tran 
mailto:jt...@teachtci.com>> wrote:
Every 5 minutes or so, I get lock out of our domain.  I ran EventCombMT and 
traced it back to a specific machine.  Does anyone have any suggestions on what 
I can do to figure out what program/service is attempting to contact the DC 
with an incorrect password? I've been dealing with this all morning and it is 
driving me crazy.


Windows 2003 Domain
Windows XP SP3 machine

Thanks,

Jimmy


















--

The pages accompanying this email transmission contain information from MJMC, 
Inc., which

is confidential and/or privileged. The information is to be for the use of the 
individual

or entity named on this cover sheet. If you are not the intended recipient, you 
are

hereby notified that any disclosure, dissemination, distribution, or copying of 
this

communication is strictly prohibited. If you received this transmission in 
error, please

immediately notify us by telephone so that we can arrange for the retrieval of 
the original

document.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Flag message in outlook reduces its size

[Kennedy, Jim]

No change in size here with Outlook 2007 over Exchange 2007. Sizes remain the 
same.


From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com]
Sent: Tuesday, October 20, 2009 8:46 AM
To: NT System Admin Issues
Subject: Flag message in outlook reduces its size


Anyone know why this happens?

If I flag an email in outlook (red, blue, green, whatever), the size of the 
email immediately changes (sometimes as much as 50%).

Then, even if I clear the flag, the email stays at the new reduced size.

Outlook 2003 SP3
Exchange 2003 SP2

Just something I noticed today...can anyone else verify?






~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Exch2003 to 2007 experiences?

[Kennedy, Jim]

An Edge server is not required at all.

If this is going to be a one box install that is inside your network I would 
not do an Edge server at all. Just Hub CAS and Mailbox are all that are needed.

Edge servers are for a specific purpose. They go into the DMZ, they are not 
really part of your AD or your Exchange organizationthey just replicate the 
info they need to function. That way if they get owned your whole org is not 
owned, theoretically.


4. Do I "require" a seperate Edge Server?  Or can that be on the same box
as our hub transport, client mailboxes, etc.? (it seems doing a "typical"
installation of Exchange 2007 puts it all on all box even though the
"typical" installation doesnt say anything at all about Edge Transport?) 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

MS fubar's Firefox again

[Kennedy, Jim]

They did this once before not long ago, now they are at it again. I guess their 
plan is not to make IE secure but rather to make other browsers as insecure as 
they are.

http://www.computerworld.com/s/article/9139518/Mozilla_blocks_Microsoft_s_sneaky_Firefox_plug_in?taxonomyId=125



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: NTFS permissions issue

[Kennedy, Jim]

Set up one set of empty dummy folders with the perms you need, somewhere else 
outside this folder setup. Rename them to the new department as you need them 
and robocopy them to the real destination. Rinse, Lather, Repeat for each 
department.



-Original Message-
From: jesse-r...@wi.rr.com [mailto:jesse-r...@wi.rr.com] 
Sent: Monday, October 12, 2009 1:20 PM
To: NT System Admin Issues
Subject: RE: NTFS permissions issue


PS - I even tried setting the permissions on the department folders to
FOLDER ONLY permissions (for applys onto), and the permissions from the
department folder were STILL pushed down to the subfolders underneath it
when I copied the subfolder1 and subfolder2 over (removing the original
permissions of those 2 folders).



Original Message:
-
From: jesse-r...@wi.rr.com jesse-r...@wi.rr.com
Date: Mon, 12 Oct 2009 13:16:19 -0400
To: ntsysadmin@lyris.sunbelt-software.com
Subject: NTFS permissions issue



trying to figure out a way to accomplish this...

I have a folder structure as follows

-department1
--subfolder1
--subfolder2

-department2
--subfolder1
--subfolder2

.etc

The permissions on the subfolders are very specific and they take make
awhile to set up.  Each time I create a new department folder (and there
are TONS of them) I create the 2 subfolders underneath it and have to
manually set the permissions on them (which is a pain).  Is there ANYWAY I
can setup the subfolders so that when I create new department folders, I
can copy another folder's subfolders into the newly created folder, and NOT
have the subfolder's copied permissions get overwritten by the folder
inheritence of the newly created departmental folder?   (copying folders
ALWAYS inherits the permissions of the parent folder they are copied to...
and I do NOT have the option to "move" the folder either).

If I didn't explain this well, please let me know.
J





mail2web.com - What can On Demand Business Solutions do for you?
http://link.mail2web.com/Business/SharePoint



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~



mail2web LIVE - Free email based on Microsoft(r) Exchange technology -
http://link.mail2web.com/LIVE



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: A poke in the eye for cloud computing?

[Kennedy, Jim]

2008ish so I vote MS failing

http://www.microsoft.com/presspass/press/2008/feb08/02-11acquisition.mspx




From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
Sent: Monday, October 12, 2009 11:54 AM
To: NT System Admin Issues
Subject: Re: A poke in the eye for cloud computing?

I've got to assume this is a Danger failing, and not a Microsoft failing.   
When did Microsoft acquire Danger?

--
ME2

On Mon, Oct 12, 2009 at 10:51 AM, Ben Scott 
mailto:mailvor...@gmail.com>> wrote:
 Seems more like a poke in the eye for Microsoft.  How the heck do
you loose an entire server cluster??

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~






~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Price of Office 2007 Pro

[Kennedy, Jim]

Not 100 percent certain but that sounds like less than our EDU price.



-Original Message-
From: Phillip Partipilo [mailto:p...@psnet.com] 
Sent: Friday, October 09, 2009 12:57 PM
To: NT System Admin Issues
Subject: Price of Office 2007 Pro

Maybe call this a jaded Friday for me, but get a load of this.  I found this
seller on the tubes that is selling full retail box Office 2007 Professional
for $165 apiece. Is this an insane number or normal?  It costs so much more
everywhere else.  And today the order arrived in the mail, and it is the
real frickin deal, shrinkwrapped real product, hinged plastic case, with the
hologrammed COA and discs, it looks damn legit to me. How the heck could
this have been so cheap?

 
Phillip Partipilo
Parametric Solutions Inc.
Jupiter, Florida
(561) 747-6107
 
 



THIS ELECTRONIC MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL
AND PROPRIETARY PROPERTY OF THE SENDER. THE INFORMATION IS 
INTENDED FOR USE BY THE ADDRESSEE ONLY. ANY OTHER INTERCEPTION,
COPYING, ACCESSING, OR DISCLOSURE OF THIS MESSAGE IS PROHIBITED.
IF YOU HAVE RECEIVED THIS MESSAGE IN ERROR, PLEASE IMMEDIATELY
NOTIFY THE SENDER AND DELETE THIS MAIL AND ALL ATTACHMENTS. DO NOT
FORWARD THIS MESSAGE WITHOUT PERMISSION OF THE SENDER. 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Once more - software RAID

[Kennedy, Jim]

+1

Windows RAID is the equivalent of nothing, imho.



From: John Aldrich [mailto:jaldr...@blueridgecarpet.com]
Sent: Thursday, October 08, 2009 11:40 AM
To: NT System Admin Issues
Subject: RE: Once more - software RAID

If it were me, I'd go buy a RAID card and stick it in there and build the 
machine from scratch.

[cid:image001.jpg@01CA480C.230FB5C0][cid:image002@01ca480c.230fb5c0]

From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org]
Sent: Thursday, October 08, 2009 11:37 AM
To: NT System Admin Issues
Subject: Once more - software RAID


Greetings!

I pulled a PE-850 out of storage to re-build.  It will be running Windows 2003 
SP2.  Its sticker said two SATA drives...

It turns out it lacks a PERC (Dell RAID controller).  Given that each disk has 
more than adequate space for both a system partition and the data partition 
(for its intended use), what is the consensus...

Is the Microsoft "software RAID", to mirror the disks in a quasi RAID1, better 
than nothing, the equivalent of nothing, or worse than nothing?

Thanks!
--
Richard D. McClary
Systems Administrator, Information Technology Group

ASPCA(r)
1717 S. Philo Rd, Ste 36
Urbana, IL  61802

richardmccl...@aspca.org

P: 217-337-9761
C: 217-417-1182
F: 217-337-9761
www.aspca.org


The information contained in this e-mail, and any attachments hereto, is from 
The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and 
is intended only for use by the addressee(s) named herein and may contain 
legally privileged and/or confidential information. If you are not the intended 
recipient of this e-mail, you are hereby notified that any dissemination, 
distribution, copying or use of the contents of this e-mail, and any 
attachments hereto, is strictly prohibited. If you have received this e-mail in 
error, please immediately notify me by reply email and permanently delete the 
original and any copy of this e-mail and any printout thereof.










~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<><>

RE: Why is Windows Time service crap?

[Kennedy, Jim]

Jumping in late here but let me agree the time service is crap. Here is how I 
overcame it.

I use our core Cisco router for the authoritative time source. It does a good 
job of keeping it's clock current. I do not sync it outside I do it manually if 
I ever notice a time difference. Since starting to use it I have only had to do 
this once or twice in the last few years and that was due to power outages. You 
do have to config it to be a time server but it is easy. The PDC emulator 
points to it for its time source. GPO tells everyone else to use the standard 
windows hierarchy.

Here is the key for us;  I set a scheduled task for every server, dc's and 
member servers alike to stop and start the time service twice a day. Once at 6 
am and once at 6 pm. That keeps them right on the money.

Since doing that I have not had any issues for several years.


From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Friday, September 18, 2009 11:45 AM
To: NT System Admin Issues
Subject: Re: Why is Windows Time service crap?

To follow up on what Ben and Bob have mentioned, you only want/need the DC with 
the PDCe role to get its time externally, and the other systems will get the 
time from that one.

What I do then, is to run a script that sets the time server for all other 
systems to be blank.  (Actually, I let 2 DCs sync outside)

The time for all my systems remains in sync (my logging script checks this 
every morning).

I have not used an external NTP application for the better part of this decade.

-ASB: http://XeeSM.com/AndrewBaker

On Fri, Sep 18, 2009 at 11:37 AM, Free, Bob mailto:r...@pge.com>> 
wrote:

[1] You configure the PDCe of the forest root to become the authoritative time 
source for your forest. There is a (fairly) strict hierarchy that is 
automagically maintained with the other DCs peering up to that one, DCs in 
child domains peering to their respective PDCe,  member servers and 
workstations peering up to their respective DCs. "You" don't need to "point" 
anything to anything other than the root PDCe. I'd respectfully submit that 
there is something wrong in your configuration if things are that bad.



Configure the Windows Time service on the PDC emulator ( 
http://go.microsoft.com/fwlink/?LinkId=91969)



[2]Common issues I've seen are misconfiguration, firewall/network issues and 
users who have the user right to set system time.



Configure a client computer for automatic domain time synchronization ( 
http://go.microsoft.com/fwlink/?LinkId=91376)



I would have agreed with your sentiment in NT and actually ran the W32port of 
NTP on my DCs back than but for the vast majority of the >20K machines in my 
main forest w23time is sufficient. It has improved with every version of 
windows and the documentation is an order of magnitude better than it used to 
be. The biggest offset among my DCs today is +0.0128225s. We do have special 
use cases where we employ other methods but they are definitely the exception 
rather than the rule where a particular client needs millisecond accuracy..



Windows Time Service Technical Reference 
http://technet.microsoft.com/en-us/library/cc773061(WS.10).aspx



I would start at the top and get all the DCs properly synched  and work your 
way down from there. What version of AD are you running?





From: richardmccl...@aspca.org 
[mailto:richardmccl...@aspca.org]
Sent: Friday, September 18, 2009 7:37 AM

To: NT System Admin Issues
Subject: Why is Windows Time service crap?



Greetings!

I have workstations and servers in my domain whose time is all over the place!

Two servers I manually sync'd with a domain controller less than 24 hours ago 
are now once again 3 minutes behind.

Workstations are up to 5 minutes one way or the other.

I know this keeps coming up here, but again, please...
1. With multiple domain controllers, does one pick one of them, sync to an 
outside time source, then somehow point the other DCs to this DC?  If so, then 
one puts in the name of the selected DC in the registry settings for time 
services?  OR, does one make sure all the DCs point to the same external NTP 
server?

2. Why do servers and workstations drift off, time-wise?  How to stop this?
--
Richard D. McClary
Systems Administrator, Information Technology Group

ASPCA(r)
1717 S. Philo Rd, Ste 36
Urbana, IL  61802

richardmccl...@aspca.org

P: 217-337-9761
C: 217-417-1182
F: 217-337-9761
www.aspca.org








~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: My Docs Redirection

[Kennedy, Jim]

Windows update or here:  
http://technet.microsoft.com/en-us/windowsserver/grouppolicy/default.aspx

Got to add them to XP via an update.


From: David Mazzaccaro [david.mazzacc...@hudsonhhc.com]
Sent: Wednesday, September 16, 2009 4:23 PM
To: NT System Admin Issues
Subject: RE: My Docs Redirection

Guess not... where can I get those?


From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
Sent: Wednesday, September 16, 2009 3:58 PM
To: NT System Admin Issues
Subject: RE: My Docs Redirection

It is part of the spiffy newer group policy preferences….do you have those 
deployed?

User>Policies>Folder Redirection.  You set Documents there then in the same 
area the other folders are listed. Hit them and tell them what to do there.


From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com]
Sent: Wednesday, September 16, 2009 3:39 PM
To: NT System Admin Issues
Subject: RE: My Docs Redirection

Somehow I am still missing that... where is this setting?



From: Chris Blair [mailto:chris_bl...@identisys.com]
Sent: Wednesday, September 16, 2009 2:44 PM
To: NT System Admin Issues
Subject: RE: My Docs Redirection
I somehow missed that. Thanks!

From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
Sent: Wednesday, September 16, 2009 1:05 PM
To: NT System Admin Issues
Subject: RE: My Docs Redirection

In the GPO don’t move my music, leave it behind on the local machine. Same with 
My Pictures if that suits your needs.



From: Chris Blair [mailto:chris_bl...@identisys.com]
Sent: Wednesday, September 16, 2009 2:02 PM
To: NT System Admin Issues
Subject: My Docs Redirection

I am in the testing phase of rolling out My Docs offline sync via GPO. Is there 
a good way to exclude the “My Music” folder? Or does anyone have a good list of 
files to exclude?



























~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: My Docs Redirection

[Kennedy, Jim]

It is part of the spiffy newer group policy preferencesdo you have those 
deployed?

User>Policies>Folder Redirection.  You set Documents there then in the same 
area the other folders are listed. Hit them and tell them what to do there.


From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com]
Sent: Wednesday, September 16, 2009 3:39 PM
To: NT System Admin Issues
Subject: RE: My Docs Redirection

Somehow I am still missing that... where is this setting?



From: Chris Blair [mailto:chris_bl...@identisys.com]
Sent: Wednesday, September 16, 2009 2:44 PM
To: NT System Admin Issues
Subject: RE: My Docs Redirection
I somehow missed that. Thanks!

From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
Sent: Wednesday, September 16, 2009 1:05 PM
To: NT System Admin Issues
Subject: RE: My Docs Redirection

In the GPO don't move my music, leave it behind on the local machine. Same with 
My Pictures if that suits your needs.



From: Chris Blair [mailto:chris_bl...@identisys.com]
Sent: Wednesday, September 16, 2009 2:02 PM
To: NT System Admin Issues
Subject: My Docs Redirection

I am in the testing phase of rolling out My Docs offline sync via GPO. Is there 
a good way to exclude the "My Music" folder? Or does anyone have a good list of 
files to exclude?


















~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Real a/v Testing

[Kennedy, Jim]

Wait a few days, Conflicker 2.0 is about to be unleashed. It appears one of the 
patches opened another similar vulnerability.


From: Roger Wright [mailto:rhw...@gmail.com]
Sent: Wednesday, September 16, 2009 1:52 PM
To: NT System Admin Issues
Subject: Real a/v Testing
I've created a virtual machine and want to test VIPRE and perhaps another a/v 
solution against real malware.

What sites can I hit that'll try to push various malware infections?


Roger Wright
___











__ Information from ESET NOD32 Antivirus, version of virus signature 
database 4431 (20090916) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com


__ Information from ESET NOD32 Antivirus, version of virus signature 
database 4431 (20090916) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: My Docs Redirection

[Kennedy, Jim]

In the GPO don't move my music, leave it behind on the local machine. Same with 
My Pictures if that suits your needs.



From: Chris Blair [mailto:chris_bl...@identisys.com]
Sent: Wednesday, September 16, 2009 2:02 PM
To: NT System Admin Issues
Subject: My Docs Redirection

I am in the testing phase of rolling out My Docs offline sync via GPO. Is there 
a good way to exclude the "My Music" folder? Or does anyone have a good list of 
files to exclude?






~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: can't mount usb drives without admin permissions

[Kennedy, Jim]

Find the software on the drive and runas it for him and install it, should only 
need to be done once. Or tell the user to hit cancel, their type of thumbdrive 
isn't supported. Depends what your policy is on that kind of stuff.

Or fdisk/delete the software installation for them if they don't need the 
software, get rid of it for them.


-Original Message-
From: Miguel Gonzalez [mailto:miguel_3_gonza...@yahoo.es] 
Sent: Tuesday, September 15, 2009 4:15 PM
To: NT System Admin Issues
Subject: RE: can't mount usb drives without admin permissions

I've googled a bit and seems that i'm not the first one seeing this.

The funny thing is that I'm required admin credentials but if i cancel, i can 
still access the data. It seems that it requires the admin credential to 
install the software? That's a little bit weird, isn't it?

I have tried to change local policies and allowing to format and eject 
removable devices as some people suggest, but no love...

Any ideas?

Miguel

--- El mar, 15/9/09, Kennedy, Jim  escribió:

> De: Kennedy, Jim 
> Asunto: RE: can't mount usb drives without admin permissions
> Para: "NT System Admin Issues" 
> Fecha: martes, 15 septiembre, 2009 3:32
> 
> 
> 
>  
>  
> 
> 
> 
> 
> 
> #yiv967668432 p.MsoNormal
>   {margin-left:3.0pt;}
> 
> 
> 
> 
>  
> 
> 
> 
> +1 
> 
> Software for some built in
> encryption, or syncing system or
> something along those lines. It is on the thumb drive with
> an
> autorun.ini.   Which brings up that you should
> consider disabling the
> autorun also. 
> 
>    
> 
> 
> 
> 
> 
> From: Tom Miller
> [mailto:tmil...@hnncsb.org] 
> 
> Sent: Tuesday, September 15, 2009 3:28 PM
> 
> To: NT System Admin Issues
> 
> Subject: Re: can't mount usb drives without
> admin permissions 
> 
> 
> 
> 
> 
>    
> 
> Probably
> more he can't run the software for it, but that's
> not always needed to just get
> file access.
> 
> 
> 
> >>> Miguel Gonzalez
>  9/15/2009 2:26
> PM >>>
> 
> An user has reported that can't mount USB drives
> without admin permissions (he
> is a regular user). I'm going to check his local
> policies but anyone has ever
> seen something like this? 
> 
> 
> 
> Miguel
> 
> 
> 
> 
> 
>   
> 
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a
> resource hog! ~
> 
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> 
> ~
> 
> 
> 
>  
> 
> Confidentiality
> Notice: This e-mail message, including attachments, is for
> the sole use of the
> intended recipient(s) and may contain confidential and
> privileged information.
> Any unauthorized review, use, disclosure, or distribution
> is prohibited. If you
> are not the intended recipient, please contact the sender
> by reply e-mail and
> destroy all copies of the original message.  
> 
>   
> 
>   
> 
> 
>  
> 
>  
> 
>  
> 
> 
> 


  

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: can't mount usb drives without admin permissions

[Kennedy, Jim]

+1
Software for some built in encryption, or syncing system or something along 
those lines. It is on the thumb drive with an autorun.ini.   Which brings up 
that you should consider disabling the autorun also.

From: Tom Miller [mailto:tmil...@hnncsb.org]
Sent: Tuesday, September 15, 2009 3:28 PM
To: NT System Admin Issues
Subject: Re: can't mount usb drives without admin permissions

Probably more he can't run the software for it, but that's not always needed to 
just get file access.

>>> Miguel Gonzalez  9/15/2009 2:26 PM >>>
An user has reported that can't mount USB drives without admin permissions (he 
is a regular user). I'm going to check his local policies but anyone has ever 
seen something like this?

Miguel




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


Confidentiality Notice: This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information. Any unauthorized review, use, disclosure, or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Possible to have GPO assigned software package install at shutdown?

[Kennedy, Jim]

That is how I do many of them. I also use an if exists clause so it does not 
run every time.

Here is the one I use to reset the computers in windows update. It looks for a 
text file, if it exists it knows hit has already run...if not it runs and 
creates it for the next time.

if exist c:\wsus.txt goto end
echo %date% %time% >> c:\wsus.txt
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v 
AccountDomainSid /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v 
PingID /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v 
SusClientId /f
net stop wuauserv
net start wuauserv
wuauclt /resetauthorization /detectnow
:end




-Original Message-
From: Eric Wittersheim [mailto:eric.wittersh...@gmail.com] 
Sent: Wednesday, September 09, 2009 9:32 AM
To: NT System Admin Issues
Subject: Re: Possible to have GPO assigned software package install at shutdown?

Hmm, Would I then make a batch file to call the msi?  I'll give that a
shot.  Thanks.

On 9/9/09, Kennedy, Jim  wrote:
>
> Assign it as a shutdown script, it is in the computer configuration/windows
> settings/scripts section. There is both startup and shutdown.
>
>
> -Original Message-
> From: Eric Wittersheim [mailto:eric.wittersh...@gmail.com]
> Sent: Wednesday, September 09, 2009 9:23 AM
> To: NT System Admin Issues
> Subject: Possible to have GPO assigned software package install at shutdown?
>
> I have a VPN client that I am trying to deploy software to via GPO.
> The problem is that the client connects via the windows VPN client and
> it makes the connection after the computer runs it startup scripts and
> applying the software policy.  Is there anyway to have the software
> install at shutdown instead of startup?  The client is XP SP3 and
> server is W2k3 SP2.
>
> TIA,
>
> Eric
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Possible to have GPO assigned software package install at shutdown?

[Kennedy, Jim]

Assign it as a shutdown script, it is in the computer configuration/windows 
settings/scripts section. There is both startup and shutdown.


-Original Message-
From: Eric Wittersheim [mailto:eric.wittersh...@gmail.com] 
Sent: Wednesday, September 09, 2009 9:23 AM
To: NT System Admin Issues
Subject: Possible to have GPO assigned software package install at shutdown?

I have a VPN client that I am trying to deploy software to via GPO.
The problem is that the client connects via the windows VPN client and
it makes the connection after the computer runs it startup scripts and
applying the software policy.  Is there anyway to have the software
install at shutdown instead of startup?  The client is XP SP3 and
server is W2k3 SP2.

TIA,

Eric

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: OT: Need a developer / Need info

[Kennedy, Jim]

W...Lexington. I will be blowing through there on my bike next Thursday on 
my way to Deals Gap. I love the horse farms on 68, I always go that way.




From: Bob Fronk [mailto:b...@btrfronk.com]
Sent: Thursday, September 03, 2009 2:27 PM
To: NT System Admin Issues
Subject: RE: OT: Need a developer / Need info
Lexington, Kentucky.

Well... I really don't know what I need, which lead to the post.  Maybe someone 
more knowledgeable could lead me with questions to figure out what I need?  
(Besides a nap).

From: asbz...@gmail.com [mailto:asbz...@gmail.com]
Sent: Thursday, September 03, 2009 3:26 PM
To: NT System Admin Issues
Subject: Re: OT: Need a developer / Need info

You have to clearly define what you need before you can say who you would need 
to do it.

Also, what area are you in? That would have a bearing on salary.

Sent from my Verizon Wireless BlackBerry


From: Bob Fronk
Date: Thu, 3 Sep 2009 15:16:07 -0400
To: NT System Admin Issues
Subject: OT: Need a developer / Need info
Hi all,

We are discussing the need for an "in-house" developer to assist in designing 
and implementing an "on line" solution for tracking specific information, 
reporting on that information, showing trends, etc.  It would be a web based 
product, probably SQL backend (although that is certainly open).

There would be several other small projects as well.  I am not sure if this 
will be a full time position or a contract position for a couple years.

What I would like to ask the group is:


1.)   What skill set am I looking for?

2.)   What is the estimated salary for someone like this?

3.)   What do you think is the best way to find someone?

Thanks.





















~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: GPO filtering

[Kennedy, Jim]

I think you should be looking at assigned software VIA group policy.
http://support.microsoft.com/kb/302430


From: Tom Miller [mailto:tmil...@hnncsb.org]
Sent: Tuesday, September 01, 2009 4:21 PM
To: NT System Admin Issues
Subject: RE: GPO filtering

That's already enabled for the particular user group.  You are saying I have to 
apply this to PCs as well?  The problem is I want this to apply to whatever PC 
the user logs into, since many of our users move around.

>>> "Free, Bob"  9/1/2009 4:08 PM >>>
Sounds like you are on Scope tab, look at the delegation tab, you should see 
the group you added, click the advanced button in the lower right, it will 
bring up the usual ACL editor, the group of computers you want the GPO to apply 
to must have both Read and Apply Group Policy.
It is confusing because you would think the path to edit it is in the scope 
tab, you can add/remove  security principals there but not edit them.


From: Tom Miller [mailto:tmil...@hnncsb.org]
Sent: Tuesday, September 01, 2009 12:45 PM
To: NT System Admin Issues
Subject: RE: GPO filtering

Where is this?  I must be having a brain cramp.  The screen I am looking at has 
the applied OU (Links) at the top and Security filtering in the bottom pane.  
Or do you mean the ACL on the OU where the GPO is applied?

Same results user or computer, by the way.

>>> Brian Desmond  9/1/2009 3:24 PM >>>
There is a checkbox in the ACL to grant that group the right to Apply this 
Policy as well as Read. You want both of those.

Thanks,
Brian Desmond
br...@briandesmond.com

c - 312.731.3132

Active Directory, 4th Ed - http://www.briandesmond.com/ad4/
Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian

From: Tom Miller [mailto:tmil...@hnncsb.org]
Sent: Tuesday, September 01, 2009 2:20 PM
To: NT System Admin Issues
Subject: GPO filtering

I have a need to create a GPO that will run an install.  The install file is an 
MSI for Terminal Server application access for several applications.

The issue I am having is security filtering.  I want the GPO to apply to a 
group of users.  If I remove "authenticated users" and add the group, nothing 
happens.  Group Policy modeling lists the GPO as denied and inaccessible.  If I 
add the specific PCs, this works.

Looking at my various books there is no mention of the requirement to add 
workstations or workstation groups the GPO security to get it to work.

Suggestions?



Tom Miller
Engineer, Information Technology
Hampton-Newport News Community Services Board
757-788-0528


Confidentiality Notice: This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information. Any unauthorized review, use, disclosure, or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.










Confidentiality Notice: This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information. Any unauthorized review, use, disclosure, or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.










Confidentiality Notice: This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information. Any unauthorized review, use, disclosure, or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: GPO filtering

[Kennedy, Jim]

Applied as a Machine Policy?
When you remove authenticated users you are, in effect, removing the computers 
also unless you give them perms another way. A computer is an authenticated 
user when it authenticates.

From: Tom Miller [mailto:tmil...@hnncsb.org]
Sent: Tuesday, September 01, 2009 3:20 PM
To: NT System Admin Issues
Subject: GPO filtering

I have a need to create a GPO that will run an install.  The install file is an 
MSI for Terminal Server application access for several applications.

The issue I am having is security filtering.  I want the GPO to apply to a 
group of users.  If I remove "authenticated users" and add the group, nothing 
happens.  Group Policy modeling lists the GPO as denied and inaccessible.  If I 
add the specific PCs, this works.

Looking at my various books there is no mention of the requirement to add 
workstations or workstation groups the GPO security to get it to work.

Suggestions?



Tom Miller
Engineer, Information Technology
Hampton-Newport News Community Services Board
757-788-0528


Confidentiality Notice: This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information. Any unauthorized review, use, disclosure, or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: MSINFO popping up

[Kennedy, Jim]

+1

It was a heck of a fight with our desktop support here, but I won about 1.5 
years ago and we took it away from everyone. Lot of crying and a fair amount of 
work getting a few things to work.

But they came up to me a few months ago and apologized and thanked me. Their 
life is much easier now. And most importantly it is much better for the users, 
their machines are not blown up all the time anymore.



From: Kevin Lundy [mailto:klu...@gmail.com]
Sent: Tuesday, September 01, 2009 2:44 PM
To: NT System Admin Issues
Subject: Re: MSINFO popping up



Yes, it takes work, but it can be done.  Our desktops have been significantly 
more stable and 100% infection free since we did the lockdown about 7 years 
ago.  My license compliance is as good as I think can be.




On Tue, Sep 1, 2009 at 2:32 PM, John Aldrich 
mailto:jaldr...@blueridgecarpet.com>> wrote:

Well, that's all well and good for technical people like you and me, but for 
non-technical people, it's hard to do so... especially when they don't have 
elevated privileges on the domain. :)



[cid:image001.jpg@01CA2B13.AB928640][cid:image002@01ca2b13.ab928640]



From: Jon Harris [mailto:jk.har...@gmail.com<mailto:jk.har...@gmail.com>]
Sent: Tuesday, September 01, 2009 1:57 PM

To: NT System Admin Issues
Subject: Re: MSINFO popping up



Sorry I forgot to add IMNSHO.  I don't run as administrator on any box unless I 
absolutely need to and only for the task at hand.



Jon

On Tue, Sep 1, 2009 at 1:55 PM, Jon Harris 
mailto:jk.har...@gmail.com>> wrote:

He should be running as an User not an Admin.  That is what runas is for.



Jon

On Tue, Sep 1, 2009 at 1:26 PM, John Aldrich 
mailto:jaldr...@blueridgecarpet.com>> wrote:

Good point. That being said, when I ran msinfo32 on my machine, it *looked*
like what was on the user's machine. Next time it happens, I'll try to make
it a point to look at the task manager.

-Original Message-
From: Kennedy, Jim 
[mailto:kennedy...@elyriaschools.org<mailto:kennedy...@elyriaschools.org>]

Sent: Tuesday, September 01, 2009 1:22 PM
To: NT System Admin Issues

Subject: RE: MSINFO popping up



Check the process in task manager. Help About could be forged.


-Original Message-

From: John Aldrich 
[mailto:jaldr...@blueridgecarpet.com<mailto:jaldr...@blueridgecarpet.com>]
Sent: Tuesday, September 01, 2009 1:14 PM
To: NT System Admin Issues

Subject: RE: MSINFO popping up

Nope. It was an MS System Info window. Or at least that's what "help
->About" said it was. I don't know. I've never seen it before.




-Original Message-

From: Steven M. Caesare 
[mailto:scaes...@caesare.com<mailto:scaes...@caesare.com>]
Sent: Tuesday, September 01, 2009 1:01 PM
To: NT System Admin Issues

Subject: RE: MSINFO popping up

No chance it was MSCONFIG?

If you make changes to your startup behavior via MSCONFIG, by default it
runs again at next boot/logon.

-sc

-Original Message-

From: John Aldrich 
[mailto:jaldr...@blueridgecarpet.com<mailto:jaldr...@blueridgecarpet.com>]
Sent: Tuesday, September 01, 2009 12:39 PM
To: NT System Admin Issues

Subject: RE: MSINFO popping up

Well, it was definitely the Microsoft System Information tool... but
what
caused it to pop up, I haven't a clue. Just for giggles I'll go install
MalwareBytes on that machine and make sure it's not infested or
anything.




-Original Message-
From: Kennedy, Jim 
[mailto:kennedy...@elyriaschools.org<mailto:kennedy...@elyriaschools.org>]

Sent: Tuesday, September 01, 2009 12:09 PM
To: NT System Admin Issues

Subject: RE: MSINFO popping up

Fire up task manager when it happens. See what the process is.
Msinfo.exe is
a virus/adware usually and msinfo32.exe is part of the OS.




-Original Message-

From: John Aldrich 
[mailto:jaldr...@blueridgecarpet.com<mailto:jaldr...@blueridgecarpet.com>]
Sent: Tuesday, September 01, 2009 11:56 AM
To: NT System Admin Issues

Subject: RE: MSINFO popping up

User reports that he doesn't recall any consistency in what he was doing
immediately prior to the MSINFO window popping up.

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com<mailto:mailvor...@gmail.com>]

Sent: Tuesday, September 01, 2009 11:10 AM
To: NT System Admin Issues
Subject: Re: MSINFO popping up

2009/9/1 John Aldrich 
mailto:jaldr...@blueridgecarpet.com>>:
> One of my users has an HP Pavilion laptop ...

 Standard question: What release and edition of Windows, and what
Service
Pack?

> ... starting to pop up more and more often ... turned out to be
MSINFO.

 I can't even start MSINFO from Start -> Run on my box.  I have to
hunt down the icon in the Start Menu.

 What's he doing when/before MSINFO opens?  What programs are running
in the background?  Check startup items.  I seem to recall MSINFO was
introduced as part of MS Offic

RE: MSINFO popping up

[Kennedy, Jim]

Check the process in task manager. Help About could be forged.


-Original Message-
From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Tuesday, September 01, 2009 1:14 PM
To: NT System Admin Issues
Subject: RE: MSINFO popping up

Nope. It was an MS System Info window. Or at least that's what "help
->About" said it was. I don't know. I've never seen it before.




-Original Message-
From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Tuesday, September 01, 2009 1:01 PM
To: NT System Admin Issues
Subject: RE: MSINFO popping up

No chance it was MSCONFIG?

If you make changes to your startup behavior via MSCONFIG, by default it
runs again at next boot/logon.

-sc

-Original Message-
From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Tuesday, September 01, 2009 12:39 PM
To: NT System Admin Issues
Subject: RE: MSINFO popping up

Well, it was definitely the Microsoft System Information tool... but
what
caused it to pop up, I haven't a clue. Just for giggles I'll go install
MalwareBytes on that machine and make sure it's not infested or
anything.




-----Original Message-
From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] 
Sent: Tuesday, September 01, 2009 12:09 PM
To: NT System Admin Issues
Subject: RE: MSINFO popping up

Fire up task manager when it happens. See what the process is.
Msinfo.exe is
a virus/adware usually and msinfo32.exe is part of the OS.




-Original Message-
From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Tuesday, September 01, 2009 11:56 AM
To: NT System Admin Issues
Subject: RE: MSINFO popping up

User reports that he doesn't recall any consistency in what he was doing
immediately prior to the MSINFO window popping up. 

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Tuesday, September 01, 2009 11:10 AM
To: NT System Admin Issues
Subject: Re: MSINFO popping up

2009/9/1 John Aldrich :
> One of my users has an HP Pavilion laptop ...

  Standard question: What release and edition of Windows, and what
Service
Pack?

> ... starting to pop up more and more often ... turned out to be
MSINFO.

  I can't even start MSINFO from Start -> Run on my box.  I have to
hunt down the icon in the Start Menu.

  What's he doing when/before MSINFO opens?  What programs are running
in the background?  Check startup items.  I seem to recall MSINFO was
introduced as part of MS Office (way back when); maybe check around in
there?

  Do you have good anti-virus?  Does the user have admin rights?

> He says that
> typically, no matter what he does, the laptop shuts down on him
shortly
> after seeing the window pop up.

  Do you have the auto-reboot on STOP feature turned on?  If so, that
often translates into "my computer is shutting off" from the users.

  We turn turn this off as part of our standard config.  It's one of
Microsoft's dumber ideas, IMNSHO.  System Properties -> Advanced tab
-> Startup and Recovery Settings -> "Automatically restart".

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

No virus found in this incoming message.
Checked by AVG - www.avg.com 
Version: 8.5.409 / Virus Database: 270.13.74/2339 - Release Date:
09/01/09
06:52:00

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


No virus found in this incoming message.
Checked by AVG - www.avg.com 
Version: 8.5.409 / Virus Database: 270.13.74/2339 - Release Date:
09/01/09
06:52:00

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


No virus found in this incoming message.
Checked by AVG - www.avg.com 
Version: 8.5.409 / Virus Database: 270.13.74/2339 - Release Date: 09/01/09
06:52:00

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: OTish Odd FF vs IE display issue.

[Kennedy, Jim]

Pulled your response out of our email archiver, I must have mass deleted it 
over the weekend. You sir are a genius. Tyvm, it was driving me crazy.



-Original Message-
From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] 
Sent: Tuesday, September 01, 2009 12:48 PM
To: NT System Admin Issues
Subject: RE: OTish Odd FF vs IE display issue.

No sir, I did not. Usually you have real good answers too!



-Original Message-
From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] 
Sent: Tuesday, September 01, 2009 12:45 PM
To: NT System Admin Issues
Subject: Re: OTish Odd FF vs IE display issue.

Did you see my previous reply?

--
ME2



On Tue, Sep 1, 2009 at 12:36 PM, Kennedy,
Jim wrote:
> IE 8 and FF 3.5.2 for sure for me. I am seeing a bunch of people on a message 
> board I hang at report the same thing.so might be universal. I wonder if 
> the hoster isn't doing a detect on the browser and feeding two different 
> pages.
>
>
>
>
> -Original Message-
> From: Angus Scott-Fleming [mailto:angu...@geoapps.com]
> Sent: Tuesday, September 01, 2009 12:25 PM
> To: NT System Admin Issues
> Subject: Re: OTish Odd FF vs IE display issue.
>
> On 31 Aug 2009 at 9:46, Kennedy, Jim  wrote:
>
>> Ok, so at the link below if you go there with Firefox you see a set of
>> pictures of aleged damage to a car that ran over a mattress.
>>
>> But if you go there with IE you see completely different pictures. You can
>
> Which version of Internet Explorer?
>
>> see it easiest if you look at the last picture. Completely different people
>> looking at the underside of the car.
>>
>> Any guesses as to why?
>>
>>
>> http://safetyandstaffing.blogspot.com/2009/04/woman-runs-over-mattress-on-hi
>> ghway.html
>>
>>
>> Also, if you are behind a caching proxy you will see the same pictures, but
>> that is to be expected.
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>>
>
>
> --
> Angus Scott-Fleming
> GeoApps, Tucson, Arizona
> 1-520-290-5038
> +---+
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: OTish Odd FF vs IE display issue.

[Kennedy, Jim]

No sir, I did not. Usually you have real good answers too!



-Original Message-
From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] 
Sent: Tuesday, September 01, 2009 12:45 PM
To: NT System Admin Issues
Subject: Re: OTish Odd FF vs IE display issue.

Did you see my previous reply?

--
ME2



On Tue, Sep 1, 2009 at 12:36 PM, Kennedy,
Jim wrote:
> IE 8 and FF 3.5.2 for sure for me. I am seeing a bunch of people on a message 
> board I hang at report the same thing.so might be universal. I wonder if 
> the hoster isn't doing a detect on the browser and feeding two different 
> pages.
>
>
>
>
> -Original Message-
> From: Angus Scott-Fleming [mailto:angu...@geoapps.com]
> Sent: Tuesday, September 01, 2009 12:25 PM
> To: NT System Admin Issues
> Subject: Re: OTish Odd FF vs IE display issue.
>
> On 31 Aug 2009 at 9:46, Kennedy, Jim  wrote:
>
>> Ok, so at the link below if you go there with Firefox you see a set of
>> pictures of aleged damage to a car that ran over a mattress.
>>
>> But if you go there with IE you see completely different pictures. You can
>
> Which version of Internet Explorer?
>
>> see it easiest if you look at the last picture. Completely different people
>> looking at the underside of the car.
>>
>> Any guesses as to why?
>>
>>
>> http://safetyandstaffing.blogspot.com/2009/04/woman-runs-over-mattress-on-hi
>> ghway.html
>>
>>
>> Also, if you are behind a caching proxy you will see the same pictures, but
>> that is to be expected.
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>>
>
>
> --
> Angus Scott-Fleming
> GeoApps, Tucson, Arizona
> 1-520-290-5038
> +---+
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: OTish Odd FF vs IE display issue.

[Kennedy, Jim]

IE 8 and FF 3.5.2 for sure for me. I am seeing a bunch of people on a message 
board I hang at report the same thing.so might be universal. I wonder if 
the hoster isn't doing a detect on the browser and feeding two different pages.




-Original Message-
From: Angus Scott-Fleming [mailto:angu...@geoapps.com] 
Sent: Tuesday, September 01, 2009 12:25 PM
To: NT System Admin Issues
Subject: Re: OTish Odd FF vs IE display issue.

On 31 Aug 2009 at 9:46, Kennedy, Jim  wrote:

> Ok, so at the link below if you go there with Firefox you see a set of
> pictures of aleged damage to a car that ran over a mattress.
> 
> But if you go there with IE you see completely different pictures. You can

Which version of Internet Explorer?

> see it easiest if you look at the last picture. Completely different people
> looking at the underside of the car.
> 
> Any guesses as to why?
> 
> 
> http://safetyandstaffing.blogspot.com/2009/04/woman-runs-over-mattress-on-hi
> ghway.html
> 
> 
> Also, if you are behind a caching proxy you will see the same pictures, but
> that is to be expected.
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> 


--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
+---+




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: MSINFO popping up

[Kennedy, Jim]

Fire up task manager when it happens. See what the process is. Msinfo.exe is a 
virus/adware usually and msinfo32.exe is part of the OS.




-Original Message-
From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Tuesday, September 01, 2009 11:56 AM
To: NT System Admin Issues
Subject: RE: MSINFO popping up

User reports that he doesn't recall any consistency in what he was doing
immediately prior to the MSINFO window popping up. 

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Tuesday, September 01, 2009 11:10 AM
To: NT System Admin Issues
Subject: Re: MSINFO popping up

2009/9/1 John Aldrich :
> One of my users has an HP Pavilion laptop ...

  Standard question: What release and edition of Windows, and what Service
Pack?

> ... starting to pop up more and more often ... turned out to be MSINFO.

  I can't even start MSINFO from Start -> Run on my box.  I have to
hunt down the icon in the Start Menu.

  What's he doing when/before MSINFO opens?  What programs are running
in the background?  Check startup items.  I seem to recall MSINFO was
introduced as part of MS Office (way back when); maybe check around in
there?

  Do you have good anti-virus?  Does the user have admin rights?

> He says that
> typically, no matter what he does, the laptop shuts down on him shortly
> after seeing the window pop up.

  Do you have the auto-reboot on STOP feature turned on?  If so, that
often translates into "my computer is shutting off" from the users.

  We turn turn this off as part of our standard config.  It's one of
Microsoft's dumber ideas, IMNSHO.  System Properties -> Advanced tab
-> Startup and Recovery Settings -> "Automatically restart".

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

No virus found in this incoming message.
Checked by AVG - www.avg.com 
Version: 8.5.409 / Virus Database: 270.13.74/2339 - Release Date: 09/01/09
06:52:00

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Adding 2008 DC to 2000 Domain

[Kennedy, Jim]

Run it so you can add them later if you decide you need one.


From: James Kerr [mailto:cluster...@gmail.com]
Sent: Tuesday, September 01, 2009 10:07 AM
To: NT System Admin Issues
Subject: Adding 2008 DC to 2000 Domain

Im trying to add a 2008 DC to a 2000 domain with one 2000 DC. I ran adprep 
/forestprep and /domainprep with the 2008 adprep. However when I run dcpromo to 
add the 2008 DC I get a popup stating, "you will not be able to install a 
read-only domain controller in this domain because "adprep /rodcprep" was not 
yet run. Do you want to continue? Yes or No.

Whats this all about? I just want to install this DC as a normal DC, not a read 
only DC, in fact I dont even know what a read only DC is. Should I just hit yes 
to continue?

James





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

OTish Odd FF vs IE display issue.

[Kennedy, Jim]

Ok, so at the link below if you go there with Firefox you see a set of pictures 
of aleged damage to a car that ran over a mattress.

But if you go there with IE you see completely different pictures. You can see 
it easiest if you look at the last picture. Completely different people looking 
at the underside of the car.

Any guesses as to why?


http://safetyandstaffing.blogspot.com/2009/04/woman-runs-over-mattress-on-highway.html


Also, if you are behind a caching proxy you will see the same pictures, but 
that is to be expected.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: [On-Topic] Patching with PSEXEC

[Kennedy, Jim]

Ok, I am going off in a completely different direction. I did not see the part 
where you talked to others about PSEXEC so I don't know why you are going in 
that direction.

Why not just script it to the machines via GPO. If it is a machine policy the 
install/update will run with elevated privs so you will not have any trouble. 
You can get a run down on almost any app at this site, as far as what switches 
and what package to use to get them deployed.

http://www.appdeploy.com/

Your script can log the ip/machine name as it deploys.


From: tony patton [mailto:tony.pat...@quinn-insurance.com]
Sent: Monday, August 31, 2009 5:59 AM
To: NT System Admin Issues
Subject: [On-Topic] Patching with PSEXEC

Hey all,

Following on from IE8 doesn't work thread, management here wants start using 
PSEXEC to patch applications.

I'm a bit hesitant to use it for patching 2800 desktops for Adobe reader, 
flash, firefox and UltraVNC, fine for running scripts and such, just not sure 
about patching.

Logging is a whole other thing, personally, I don't want to be able to log 
which machines were successful, failed or not on
as there would be no incentive to get a proper patching solution.
I can wrap a batch file around it to re-direct output to a file, so the 
possibility of logging is there.

What are the pitfalls that any of you that use this approach have come across?

Also thanks to Sam Cayze for the PSEXEC command for Adobe, hadn't attempted to 
work out the command for Flash but this does it, saved me a bit of work :-)

Slightly off-topic, don't know why anyone would want to leave this list, keeps 
me sane most days.

Sorry if this is a bit all over the place, 11am and been here before 7 :-(
All information greatly appreciated.

Regards

Tony Patton
Desktop Operations Cavan
Ext 8078
Direct Dial 049 435 2878
email: tony.pat...@quinn-insurance.com



http://www.quinn-insurance.com



This e-mail is intended only for the addressee named above. The contents

should not be copied nor disclosed to any other person. Any views or

opinions expressed are solely those of the sender and

do not necessarily represent those of QUINN-Insurance, unless otherwise

specifically stated . As internet communications are not secure,

QUINN-Insurance is not responsible for the contents of this message nor

responsible for any change made to this message after it was sent by the

original sender. Although virus scanning is used on all inbound and

outbound e-mail, we advise you to carry out your own virus check before

opening any attachment. We cannot accept liability for any damage sustained

as a result of any software viruses.







QUINN-Life Direct Limited is regulated by the Financial Regulator.

QUINN-Insurance Limited is regulated by the Financial Regulator and

regulated by the Financial Services Authority for the conduct of UK

business.







QUINN-Life Direct Limited is registered in Ireland, registration number

292374 and is a private company limited by shares.

QUINN-Insurance Limited is registered in Ireland, registration number

240768 and is a private company limited by shares.

Both companies have their head office at Dublin Road, Cavan, Co. Cavan.





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

[OT] Good NT sysadmin list?

[Kennedy, Jim]

I should have know that. Those are the tags used on SPAM-L, now I know why. 
That list doesn't accept messages unless you have them tagged properly.


-Original Message-
From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] 
Sent: Friday, August 28, 2009 3:57 PM
To: NT System Admin Issues
Subject: Re: OT Good NT sysadmin list?

Ahh, good to know!

--
ME2



On Fri, Aug 28, 2009 at 3:33 PM, Ben Scott wrote:
> On Fri, Aug 28, 2009 at 3:10 PM, Micheal Espinola Jr
>  wrote:
>> OT tags typically get lost in the replies.  People have to remember to
>> keep editing the subject line.
>
>  Outbreak -- I mean, Outlook -- tends to eat any two-letter prefix in
> the subject line.  (Grrr.)  I've noticed that square bracket tags,
> e.g., [OT], are not usually consumed by Lookout.
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

OT Good NT sysadmin list?

[Kennedy, Jim]

I think this whole issue could be resolved if we tagged our subjects. Then both 
'sides' can live in harmony.







~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Websense vs. Barracuda

[Kennedy, Jim]

Barracuda has lost their way, imho. They are not what they used to be. Each new 
software 'update' is just messier and messier.



-Original Message-
From: Charlie Kaiser [mailto:charl...@golden-eagle.org] 
Sent: Thursday, August 27, 2009 6:30 PM
To: NT System Admin Issues
Subject: Websense vs. Barracuda

Small business client; 2 locations, 25 users SoCal, 35 users NorCal. T1
between the sites, separate internet pipes at each location. Running AD,
Cisco VoIP, and some SQL over the WAN.
Need to implement web filtering. I've used websense a lot, but not for a few
years. Never used the barracuda.
Client requirements: 
1. Filter sites by group or individual (i.e., block social networking but
allow linkedin)
2. Granular filtering by user or AD group.
3. Per-user reporting
4. Reasonably simple management interface
I believe either product will perform these tasks easily enough. Tech
requirements are a bit fuzzy, and depend on the implementation.
If we use WS, I could implement a shared DB, but I don't think the WAN
latency is going to support it, especially with the VoIP QOS in place. I'm
seeing ~28 average, 48 max on pings. WS spec is 30ms, so I don't believe I
can realistically do this. I have a call into WS to discuss, though.
Assuming stand-alone installations (which isn't a deal-breaker from an admin
POV), I'd need two pizza-box servers and WS per-user licensing.
If I go with barracuda, I just buy two appliances and pay for the annual
maintenance.
Both look like I'd need to configure two devices each time I needed to make
a change

While I haven't fleshed out all the costs, it's looking like the barracuda
comes out a bit ahead on price, which is a factor. Anyone used both?
Thoughts on one or the other?

Thanks!


***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
*** 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: WSUS SP2 is out

[Kennedy, Jim]

+1



From: Richard Stovall [mailto:richard.stov...@researchdata.com]
Sent: Wednesday, August 26, 2009 10:19 AM
To: NT System Admin Issues
Subject: RE: WSUS SP2 is out

Nope.  Not in my case.

From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com]
Sent: Wednesday, August 26, 2009 10:13 AM
To: NT System Admin Issues
Subject: RE: WSUS SP2 is out

requires reboot?



From: Richard Stovall [mailto:richard.stov...@researchdata.com]
Sent: Wednesday, August 26, 2009 10:02 AM
To: NT System Admin Issues
Subject: RE: WSUS SP2 is out
I approved it in WSUS and installed it a few minutes ago.  It updates the db, 
then goes through the install wizard which kinda freaked me out for a brief 
moment.  I thought for a second I would have to recreate groups, etc., but it 
kept all the settings.

You need the Microsoft Report Viewer Redistributable 2008.  If it's not 
installed, the WSUS upgrade will continue but tell you to install it manually 
before using the management GUI.  I *believe* the latest version is available 
here:

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=6ae0aa19-3e6c-474c-9d57-05b2347456b1

Seems to work without any issues both locally on the WSUS server and from the 
mmc snap-in on my workstation.

From: Stephen Wimberly [mailto:riverside...@gmail.com]
Sent: Wednesday, August 26, 2009 9:51 AM
To: NT System Admin Issues
Subject: Re: WSUS SP2 is out

Odd how the install instructions they don't even indicate that WSUS could be 
used to install the SP.  It hit my WSUS server last night, seems I could just 
approve the update, but that isn't even an option on that site, seems one would 
have to install it manually.

















~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: IIS services disappearing

[Kennedy, Jim]

What version of Exchange? Outlook 2007 is supported on an Exchange 2007 server 
I believe.

http://blogs.msdn.com/dgoldman/archive/2007/02/27/installing-outlook-2007-on-an-exchange-2007-server.aspx



On Tue, Aug 25, 2009 at 9:34 PM, Silvio L. Nisgoski 
mailto:nisgo...@gmx.de>> wrote:
Hmm, let me try to explain the situation better .
Outlook is not to be installed in this server, nor are excel, frontpage, etc.

The machine was chugging along all happy, messages in, messages out, etc.

Then a part-time employee of the customer, tasked with the implementation of an 
intranet of sorts, read don´t-know-where that to use some tool for his intranet 
he should upgrade office in the server.

Well, this particular server had access instaled in it, due to an tracking app 
that they use.

Well, then this guy upgrades office ( 2003 ) to 2007. He said he used just an 
upgrade pack, don´t know what he meant with that, because what I saw was a 
fully complete copy of office 2007 enterprise.

About half an hour later, people start complaining that the webmail wasn´t 
functioning anymore. Then they called me. In the initial questioning phase ( 
what happened, what was installed, etc, ) they mentioned the upgrade. I seem to 
remember of this occurring in a 2003/IIS server befor, so I looked in IIS 
Manager, and there were no sites defined there. Restoring a backup of the 
metabase had no effect. In the Services app, there were no ocurrences of WWW 
service, SMTP service, etc.

When I uninstalled IIS, and reinstalled, the missing services got back, and 
also the disappeared web sites.

But I would like to know how is that the installation of office causes this. 
They swear that no prompts of any sort, asking if they did really really want 
do destroy their server, appeared.

Any idea ?

Thanks.





- Original Message - From: "Richard Stovall" 
mailto:rich...@gmail.com>>
To: "NT System Admin Issues" 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Sent: Tuesday, August 25, 2009 8:43 PM
Subject: Re: IIS services disappearing



Though it's most likely unrelated to your issue, Microsoft pretty much
does not support running Outlook on an Exchange server (at least
through Exchange 2003).

http://support.microsoft.com/kb/266418

I would start by getting into supported configuration and trying again.

Do you have any more information?

On Tue, Aug 25, 2009 at 11:46 AM, Silvio L. 
Nisgoskimailto:nisgo...@gmx.de>> wrote:
Hello,

Does anyone has experienced the same, and has an explanation of the causes :
a customer installed Office 2007 in a 2003R2 server, with Exchange running,
and this made (after half an hour , they say ) all the IIS sites disappear (
metabase corruption, I think ) .

When looking at the problem, I saw that the IIS services had also
disappeared from the system. AFter uninstalling IIS, and reinstalling, we
got it back to working.

But how would the office installation make this ? Their IT people who
installed it got a good slapping, but I would like to know the causes from a
scientific and curious point of view...

thanks.






~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~







~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: webcam software

[Kennedy, Jim]

+1

UStream is the bomb.



From: Erik Goldoff [mailto:egold...@gmail.com]
Sent: Tuesday, August 25, 2009 10:44 AM
To: NT System Admin Issues
Subject: RE: webcam software

So your webcams are gonna be mobile with laptop users ?...

One method I've used in the past to provide webcam views of charity fundraising 
events is to setup an account on Ustream  ( http://www.ustream.tv/ ) and 
'broadcast' , once setup they'll provide a URL for sharing (and other code in 
case you want to embed in your own web page)
pretty simple, reliable, and free

Erik Goldoff

IT  Consultant

Systems, Networks, & Security



From: Jeff Brown [mailto:2jbr...@gmail.com]
Sent: Tuesday, August 25, 2009 10:27 AM
To: NT System Admin Issues
Subject: Re: webcam software
More info. sorry.  already purchased MS Lifecam's.  Using Thinkpad's with XP.  
Very mobile users. 3 different offices plus outside travel.  would really like 
to be able to send and email with a link that the recipient would then click to 
make connection WITHOUT having to download client software.
On Tue, Aug 25, 2009 at 9:17 AM, Erik Goldoff 
mailto:egold...@gmail.com>> wrote:
What are they trying to accomplish ?  Might be simpler to use IP webcams with 
built in http server instead of computer connected ... then have a port/address 
translation forward through firewall to IP webcam

Then your clients can use pretty much whatever browser they have handy

Erik Goldoff

IT  Consultant

Systems, Networks, & Security



From: Jeff Brown [mailto:2jbr...@gmail.com]
Sent: Tuesday, August 25, 2009 10:11 AM
To: NT System Admin Issues
Subject: webcam software
Was recently asked to provide webcam's for 2 owners.  I have never used one.  
Looking for recomendations for best software/tool to make "clientless" 
connections over the web???

thanks for any help.

Jeff


















~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Right to create share on server?

[Kennedy, Jim]

Give the 'partial-admin' a root folder and share it..full control to them. That 
would probably get you there assuming all the shares are inside of that..


From: Jeff Bunting [mailto:bunting.j...@gmail.com]
Sent: Monday, August 24, 2009 11:37 AM
To: NT System Admin Issues
Subject: Re: Right to create share on server?

I'd think you'd still need the ability to modify NTFS permissions...
On Mon, Aug 24, 2009 at 11:32 AM, James Rankin 
mailto:kz2...@googlemail.com>> wrote:
Would granting them permissions on the 
HKLM\System\CurrentControlSet\Services\LanManServer keys and subkeys allow 
this? I am shooting in the dark here but would be interested to know if it 
works or not...
2009/8/24 Christopher Bodnar 
mailto:christopher_bod...@glic.com>>


Windows Server 2003:



We are looking at delegating some administrative tasks. One of these tasks is 
creating shares on member servers. Is it possible to delegate this task without 
adding the user to the local administrators group?



Thanks,







Chris Bodnar, MCSE
Sr. Systems Engineer
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003









This message, and any attachments to it, may contain information that is 
privileged, confidential, and exempt from disclosure under applicable law. If 
the reader of this message is not the intended recipient, you are notified that 
any use, dissemination, distribution, copying, or communication of this message 
is strictly prohibited. If you have received this message in error, please 
notify the sender immediately by return e-mail and delete the message and any 
attachments. Thank you.



--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

http://raythestray.blogspot.com










~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~