RE: test

[Osborne, Richard]

Without an e-mail from the list every 30 minutes or so I start to worry
that my Internet e-mail isn't working!

-Original Message-
From: Donald Bittenbender [mailto:donald.bittenben...@gfi.com] 
Sent: Wednesday, December 28, 2011 8:29 AM
To: NT System Admin Issues
Subject: RE: test

Yes, it seems to be very quiet this week on the list.


Donald Bittenbender
Software Developer
GFI Software - www.gfi.com
Tel.: +1 866 389 5597 ext 6065Mob.: +1 727 748 2708

-Original Message-
From: Osborne, Richard [mailto:richard.osbo...@wth.org]
Sent: Wednesday, December 28, 2011 9:22 AM
To: NT System Admin Issues
Subject: test

Anyone home?



~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin






DISCLAIMER The information contained in this electronic mail may be
confidential or legally privileged. It is for the intended recipient(s)
only. Should you receive this message in error, please notify the sender
by replying to this mail. Please do not read, copy, forward or store
this message unless you are an intended recipient of it - unauthorized
use of contents is strictly prohibited. Unless expressly stated,
opinions in this message are those of the individual sender and not of
GFI. While all care has been taken, GFI is not responsible for the
integrity or the contents of this electronic mail and any attachments
included within. (GFI2011)

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

test

[Osborne, Richard]

Anyone home?



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: software

[Osborne, Richard]

We use Untangle to lockdown the free wireless we provide for visitors.
It works very well for us.

 

From: Roger Wright [mailto:rhw...@gmail.com] 
Sent: Thursday, November 17, 2011 9:26 AM
To: NT System Admin Issues
Subject: Re: software

 

I played with Untangle about 3 years ago and was quite impressed.  Used
it to setup a DMZ and do some AV & Spam filtering.


Roger Wright
___

If the universe is constantly expanding, how come I can't find a parking
space?

 

 





On Thu, Nov 17, 2011 at 12:08 AM, Jack  wrote:

Does anyone in this group have any experience with a product called
Untangle?  Untangel.com 

 

One of my staff came across this product and it almost sound too good to
be true

 

It appears to be a firewall product but since that is not my area I am
not totally sure if this is any good or not

 

Thanks for any advice about this.

 

Jack Smrekar

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Is this even possible

[Osborne, Richard]

You could try McGrath AutoPrint:
http://www.mcgrathtechnology.com/add-ins.

It's an Outlook add-in so you'd need a PC you could leave Outlook
running on.

-Original Message-
From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Tuesday, June 14, 2011 7:06 AM
To: NT System Admin Issues
Subject: RE: Is this even possible

Not with exchange 2003.

You are looking at webdav or mapi (or an enabling technology like
Redemption or CDO).

Still certainly doable.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com


-Original Message-
From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] 
Sent: Tuesday, June 14, 2011 7:50 AM
To: NT System Admin Issues
Subject: RE: Is this even possible

Powershell script using EWS to access the mb with attachment extraction?

If that sounds acceptable, between help here and the web, I am sure we
can hack up something.

jlc

-Original Message-
From: Nigel Parker [mailto:nigel.par...@ultraframe.co.uk] 
Sent: Tuesday, June 14, 2011 4:27 AM
To: NT System Admin Issues
Subject: RE: Is this even possible

Hi 
Yep 2003 exchange 

Problem is I cant code,
Wonder if there is a tool that could poll the mailbox and print out?

Thanks for the comments  

-Original Message-
From: Matthew B Ames [mailto:matthew.a...@qinetiq.com] 
Sent: 14 June 2011 11:04
To: NT System Admin Issues
Subject: RE: Is this even possible

Add another mailbox to the distribution list, and then write a simple
app to monitor the new account, extract the attachment(s) print & the
delete the message.  However there may be neater solutions out there.
This is the first idea which jumps out of my head (as I have no specific
knowledge of Exchange, which I guess you are running - 2003).

-Original Message-
From: Nigel Parker [mailto:nigel.par...@ultraframe.co.uk]
Sent: 14 June 2011 10:56
To: NT System Admin Issues
Subject: Is this even possible

Had a request
When an email hits a certain Email distribution list they would like the
attachment to be printed on a printer down on the shop floor As far as I
know the name of the attachment will be the same 

Is it possible to do this in an automated way?

Nigel Parker

Systems Engineer
Ultraframe (UK) Ltd
Tel:   01200 452329
Fax:   01200 452201
Web:   
Email: 


Please consider the environment before printing this e-mail

The statements and opinions expressed in this email are my own and may
not represent those of Ultraframe (UK) Ltd.
This email is subject to copyright and the information contained in it
is confidential and may be legally privileged. It is sent out only for
intended recipient(s). Access to this email by anyone else is
unauthorised. If you are not an intended recipient, any disclosure,
copying, distribution or other use or any action taken or omitted to be
taken in reliance on it, is prohibited and unlawful.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

This email and any attachments to it may be confidential and are
intended solely for the use of the individual to whom it is addressed.
If you are not the intended recipient of this email, you must neither
take any action based upon its contents, nor copy or show it to anyone.
Please contact the sender if you believe you have received this email in
error. QinetiQ may monitor email traffic data and also the content of
email for the purposes of security. QinetiQ Limited (Registered in
England & Wales: Company Number: 3796233) Registered office: Cody
Technology Park, Ively Road, Farnborough, Hampshire, GU14 0LX
http://www.qinetiq.com.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



Please consider the environment before printing this e-mail

The statements and opinions expressed in this email are my own and may
not represent those of Ultraframe (UK) Ltd.
This email is subject to copyright and the information contained in it
is confidential and may be legally privileged. It is sent out only for
intended recipient(s). Access to this email by anyone else is
unauthorised. If you are not an intended recipient, any disclosure,
copying, distribution or other use or any action taken or omitted to be
taken in reliance on it, is prohibited and unlawful.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forum

RE: ISA 2006 default domain

[Osborne, Richard]

Yes.

 

From: Todd Lemmiksoo [mailto:tlemmik...@gmail.com] 
Sent: Wednesday, February 23, 2011 11:59 AM
To: NT System Admin Issues
Subject: Re: ISA 2006 default domain

 

Is the ISA server part of the domain.

On Wed, Feb 23, 2011 at 11:05 AM, Osborne, Richard
 wrote:

We are swapping over from an ISA 2000 to an ISA 2006 proxy server.  We
have some PCs that auto-login with a username that doesn't have Internet
access.  Our users are used to starting IE and answering the proxy login
prompt using just their username but the new server requires
"domain\username".  Strangely if we configure Internet Explorer to use
the IP address of the new server instead of the hostname, it accepts
"username" without the "domain\".

 

Any thoughts on how to make ISA 2006 act the same as ISA 2000?  I would
prefer not to configure IE to use the IP address in case we need to
change it at some point.  Thanks.

 

Richard Osborne
Information Systems
Jackson-Madison County General Hospital

NOTICE:  (1) The foregoing is not intended to be a legally binding or
legally effective electronic signature. (2) This message may contain
legally privileged or confidential information.  If you are not the
intended recipient of this message, please so notify me, disregard the
foregoing message, and delete the message immediately.  I apologize for
any inconvenience this may have caused.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




-- 
T. Todd Lemmiksoo

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

ISA 2006 default domain

[Osborne, Richard]

We are swapping over from an ISA 2000 to an ISA 2006 proxy server.  We
have some PCs that auto-login with a username that doesn't have Internet
access.  Our users are used to starting IE and answering the proxy login
prompt using just their username but the new server requires
"domain\username".  Strangely if we configure Internet Explorer to use
the IP address of the new server instead of the hostname, it accepts
"username" without the "domain\".
 
Any thoughts on how to make ISA 2006 act the same as ISA 2000?  I would
prefer not to configure IE to use the IP address in case we need to
change it at some point.  Thanks.
 
Richard Osborne
Information Systems
Jackson-Madison County General Hospital

NOTICE:  (1) The foregoing is not intended to be a legally binding or
legally effective electronic signature. (2) This message may contain
legally privileged or confidential information.  If you are not the
intended recipient of this message, please so notify me, disregard the
foregoing message, and delete the message immediately.  I apologize for
any inconvenience this may have caused.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: What's Your Phone? [OT]

[Osborne, Richard]

Musical explanation of BBQ styles:

http://www.youtube.com/watch?v=6ubTQfr_tyY

 

 

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Wednesday, January 05, 2011 10:11 AM
To: NT System Admin Issues
Subject: RE: What's Your Phone? [OT]

 

I use quite a few of Alton’s recipes. (Ssss – don’t tell anyone.) I love 
his scientific approach.

 

Don’t get me wrong – I enjoy watching Paula Deen – she is from the Deep South, 
after all and she reminds me of my grandmother 20 years ago – but I never could 
do that “little here, little there” kind of cooking. Hat’s off to the people 
who can.

 

I know BBQ is very regional. It can change dramatically in a 20 mile drive. But 
that’s what makes it fun. J

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: Daniel Rodriguez [mailto:drod...@gmail.com] 
Sent: Wednesday, January 05, 2011 10:50 AM
To: NT System Admin Issues
Subject: Re: What's Your Phone? [OT]

 

Hmm I am from Texas. I have also have traveled alot. It seems that it 
depends on where you are at that the definition of BBQ changes. Kansas BBQ is 
different than Oklahoma, Texas different than Georgia. It also seems to be a 
matter of preference. 

In 'Feasting on Asphalt', Alton Brown comments on this, as they stopped by and 
had a BBQ sandwich that had the tangy vinegar sauce. He also had some BBQ when 
he got to middle of the country. His observations are quite interesting. 

On Wed, Jan 5, 2011 at 10:38 AM, Michael B. Smith  wrote:

Don’t call me a farily.

 

J

 

Oh believe me – I KNOW what’s right – Carolina BBQ with spicy vinegar BBQ 
sauce. But I allow other people to be wrong. J

 

Plenty of variation available with whether you make your BBQ from whole hog (a 
pig pickin’) or pork butt.

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: Jonathan Link [mailto:jonathan.l...@gmail.com] 
Sent: Wednesday, January 05, 2011 10:15 AM


To: NT System Admin Issues

Subject: Re: What's Your Phone? [OT]

 

I'm suprised at the decorum on this list when discussing BBQ.  I've seen people 
come to blows farily quickly. :-)

On Wed, Jan 5, 2011 at 10:10 AM, Michael B. Smith  wrote:

Ok, I can go along with that. :-)

 

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com  


-Original Message-

From: Bill Humphries [mailto:nt...@hedgedigger.com]
Sent: Wednesday, January 05, 2011 10:04 AM
To: NT System Admin Issues

Subject: Re: What's Your Phone? [OT]

technically a whole shoulder includes the butt.


Michael B. Smith wrote:

> What do you consider the difference between a pork butt and a pork shoulder?
>
> Regards,
>
> Michael B. Smith
> Consultant and Exchange MVP
> http://TheEssentialExchange.com  
>
>
> -Original Message-
> From: Erik Goldoff [mailto:egold...@gmail.com]
> Sent: Wednesday, January 05, 2011 9:49 AM
> To: NT System Admin Issues
> Subject: RE: What's Your Phone? [OT]
>
> For about $150 I did get a decent smoker from Walmart that's lasted 3 or 4 
> years outside so far, great for smoked pork butt and pork shoulder ( NOT the 
> same cut here ), also good for sausage,  salmon, chicken, turkey, and makes a 
> GREAT smoked standing prime rib roast !!!
>
>
> Erik Goldoff
> IT  Consultant
> Systems, Networks, & Security
>
> '  Security is an ongoing process, not a one time event ! '
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-

RE: Office decorations - Are they allowed for you?

[Osborne, Richard]

During university I worked a co-op term at the weather office and won a
12-pack in the Xmas exchange.  It was wrapped in an old weather map and
I got lots of interesting looks on the bus ride home.

 

From: Don Guyer [mailto:don.gu...@prufoxroach.com] 
Sent: Wednesday, December 08, 2010 2:41 PM
To: NT System Admin Issues
Subject: RE: Office decorations - Are they allowed for you?

 

M.beer and cheesecake.

 

You guys hiring?!

 

J

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com

 

From: Jonathan Link [mailto:jonathan.l...@gmail.com] 
Sent: Wednesday, December 08, 2010 3:38 PM
To: NT System Admin Issues
Subject: Re: Office decorations - Are they allowed for you?

 

I bake 'em if I want 'em.

On a related holiday party track.

The last three years at our Christmas party we have a white elephant
gift exchange.  I'm aware of another name for it, but it escapes me at
the moment.  Pick a number from the hat, you open a gift in sequence.
You can steal someone else's gift.  We have a limit of three steals.
I've brought a cheesecake (that I made) three years in a row.  It is
always the most stolen gift[1], and people have been eyeing me to see
which gift I bring.  The wrapped object is a certificate/photo of said
cheescake, which is housed at a secure location until the end of the
exchange to prevent a cheescake fight.  Although, this year it might be
entertaining to see if a fight ensues...

 

This year's cheesecake will be a vanilla chocolate swirl on a brownie
crust.

[1] One year someone brought a six pack of some beer which was stolen
the max number of times, the final one was by me.  It was tasty, but the
brand escapes me now...

On Wed, Dec 8, 2010 at 2:54 PM, Raper, Jonathan - Eagle
 wrote:

Our PC Connection account rep sent us homemade chocolate chip cookies
today (second year in a row that she's done that), and I'm eating one
right now...If yours isn't doing the same, then you need to do one or
all of the following:

 

1.  give them grief 
2.  ask for a different account rep that bakes cookies 
3.  spend a TON of money with them like we did. 

 

J

Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.com
www.eaglemds.com 



From: James Kerr [mailto:cluster...@gmail.com] 
Sent: Wednesday, December 08, 2010 2:40 PM 


To: NT System Admin Issues

Subject: Re: Office decorations - Are they allowed for you?

 

They stopped sending me the box of cookies years ago and I've bought a
ton from them the last few years. Anyway, I'm buying most of my hardware
through PC Connection now so I guess I won't be expecting any cookies
this year again.

 

James

- Original Message - 

From: pdw1...@hotmail.com 

To: NT System Admin Issues
  

Sent: Wednesday, December 08, 2010 1:38 PM

Subject: RE: Office decorations - Are they allowed for you?

 

You still get cookies from them?  Last year all we got was a
card saying they donated the cash equivalent to a charity. (In the same
vein as a couple of the other posts, that message from them sure sounded
a lot like George telling people he donated their present to the 'human
fund.') 



> Date: Tue, 7 Dec 2010 13:43:59 -0600
> Subject: Re: Office decorations - Are they allowed for you?
> From: stevey...@gmail.com
> To: ntsysadmin@lyris.sunbelt-software.com
> 
> If you use CDW, check with your rep regarding the holiday ti n
of
> cookies...I have had one four years in a row. Makes my office
very
> popular (like it wasnt before)
> 
> On Tuesday, December 7, 2010, Don Guyer
 wrote:
> > I've never worked at a company where it was "frowned" upon.
> >
> > I have a USB-fed LED decoration that spells out "JOY",
hooked up to my
> > laptop. Other cubes/areas are heavily decorated.
> >
> > Previous job I had, each dept had their own trees setup in
their areas.
> >
> > ***holding my tongue on the whole "Holiday" issue***
> >
> > :p
> >
> > Don Guyer
> > Systems Engineer - Information Services
> > Prudential, Fox & Roach/Trident Group
> > 431 W. Lancaster Avenue
> > Devon, PA 19333
> > Direct: (610) 993-3299
> > Fax: (610) 650-5306
> > don.gu...@prufoxroach.com
> >
> >
> > -Original Message-
> > From: Joseph Heaton [mailto:jhea...@dfg.ca.gov]
> > Sent: Tuesday, December 07, 2010 2:11 PM
> > To: NT System Admin Issues
> > Subject: OT: Office decorations - Are they allowed for you?
> 

RE: Screensaver & Wallpaper Policies/Options?

[Osborne, Richard]

We use Netpresenter to create informational screen savers for certain
PCs, but I like Cameron's idea below better.  

 

From: Cameron [mailto:cameron.orl...@gmail.com] 
Sent: Wednesday, November 10, 2010 12:56 PM
To: NT System Admin Issues
Subject: Re: Screensaver & Wallpaper Policies/Options?

 

I set this up using GPO and a fileshare about 3 years ago. The *news*
items were saved as .jpg's and dumped into a file share that would be
accessed by all computers and the screensaver was set as the slideshow
that accessed that folder. It actually works pretty well.

On Wed, Nov 10, 2010 at 12:34 PM, Paul Hutchings
 wrote:

At long last we may be going to bring in company wallpaper and
screensavers.

 

I'm aware you can do this via GPO but I've not had cause to do more than
the basics so far.

 

One thing that's been mentioned is being able to display news/events
info as part of either the wallpaper or screensaver.

 

So I'd be looking for an IT solution that once set, would allow another
area of the business to either dump some pictures somewhere, or put some
web pages somewhere, and those become that day/week's wallpapers and
screensaver.

 

Of course there are issues such as controlling who can access the
repositories, but focussing purely on "how would we do this?", does
anyone do anything similar right now, and if so how please?

 

Thanks,

Paul



MIRA Ltd

 

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England

Registered in England and Wales No. 402570

VAT Registration  GB 114 5409 96

 

The contents of this e-mail are confidential and are solely for the use
of the intended recipient.  If you receive this e-mail in error, please
delete it and notify us either by e-mail, telephone or fax.  You should
not copy, forward or otherwise disclose the content of the e-mail as
this is prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Unix pains

[Osborne, Richard]

My co-worker the AIX admin says change the word 'respawn' to 'off' in
inittab.  This will prevent the system from recreating the devices when
the machine reboots & runs hardware detection.

 

HTH.

 

 

From: Cameron [mailto:cameron.orl...@gmail.com] 
Sent: Tuesday, October 05, 2010 11:37 AM
To: NT System Admin Issues
Subject: OT: Unix pains

 

Good afternoon all!

 

I know there are a few *nix gurus out there, so I'm hoping someone can
point me in the right direction. I have a faxing program that is trying
to allocate resources to physical faxes but it causes a segmentation
fault.

 

I've tried deleting the two lines in the /etc/inittab file that are
causing me the grief and that will actually allow me to re-enable the
two faxes but when the box is restarted...bam...they are back! (I've
also tried commenting them out with the same results)

 

Version AIX 5.3

 

The lines are (within /etc/inittab)

 

tty3:2:respawn: /usr/sbin/getty /dev/tty3

tty4:2:respawn: /usr/sbin/getty /dev/tty4

 

How do I stop them from reappearing?

 

TIA!

Cameron

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Biometric AD authentication

[Osborne, Richard]

We are just starting to migrate from a no-longer-supported biometric app
to Sentillion (recently purchased by Microsoft).  So far it looks good.
We are a health care org and have been using biometrics/single-sign-on
for years.  It adds a layer of complexity but prevents password sharing
and saves users from having to remember multiple passwords.

 

From: Jim Holmgren [mailto:jholmg...@xlhealth.com] 
Sent: Wednesday, September 15, 2010 12:53 PM
To: NT System Admin Issues
Subject: Biometric AD authentication

 

Greetings,

I've been tasked with coming up with some solutions for biometric AD
authentication.

Quick background:

We are in the healthcare field and will be providing tablet PCs to some
of our practitioners.  We have been going around about how to provide
authentication to these folks with minimal security compromises.  The
tablets will be running Windows 7 Pro (Dell Latitude XT2's at the
moment) locked down pretty tight, but to avoid the 'sticky note'
password keeper on a very portable device that will contain PHI, we are
looking at requiring login with a fingerprint and pin.

Any suggestions/recommendations from those that have
been-there-done-that with Biometric AD auth would be greatly
appreciated.

Thanks,

Jim

Jim Holmgren

Manager of Server Engineering

XLHealth Corporation

The Warehouse at Camden Yards

351 West Camden Street, Suite 100

Baltimore, MD 21201 

410.625.2200 (main)

443.524.8573 (direct)

443-506.2400 (cell)

www.xlhealth.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


CONFIDENTIALITY NOTICE: This email, including attachments, is for the
sole use of the intended recipient(s) and may contain confidential
and/or protected health information. Under the Federal Law (HIPAA), the
intended recipient is obligated to keep this information secure and
confidential. Any disclosure to third parties without authorization from
the member of as permitted by law is prohibited and punishable under
Federal Law. If you are not the intended recipient, please contact the
sender by reply e-mail and destroy all copies of the original message. 

NOTA DE CONFIDENCIALIDAD: Este mensaje incluyendo cualquier anejo es
para uso exclusivo del (los) destinatario (s) y puede incluir
informaci?n confidencial y/o informaci?n de salud protegida. La Ley
Federal (HIPAA) establece que el destinatario est? obligado a mantener
la informaci?n confidencial y sequra. HIPAA proh?be y castiga cualquier
divulgaci?n a terceras personas sin autorizaci?n del afiliado o
permitido por ley. Si usted no es el destinatario, redirija esta mensaje
al remitente, y destruye cualquier copia existente del mensaje original.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: OT: Completely off topic

[Osborne, Richard]

I liked the La Brea tar pits museum.

 

Griffith Park Observatory for views & movie nerddom (site of the finale
of "Rebel Without A Cause").

 

Petersen Automotive Museum if you like cars.

 

Hollywood walk of fame.

 

From: Kelsey, John [mailto:jckel...@drmc.org] 
Sent: Friday, September 10, 2010 3:11 PM
To: NT System Admin Issues
Subject: RE: OT: Completely off topic

 

I recommend the Nine Steakhouse at the Palms.  DEE-LISH !!

 

From: Jeff Steward [mailto:jstew...@gmail.com] 
Sent: Thursday, September 09, 2010 8:55 AM
To: NT System Admin Issues
Subject: Re: OT: Completely off topic

 

I highly recommend Delmonico's Steakhouse in the  Venetian.  Pricey, but
*very* good.

 

-Jeff Steward

On Thu, Sep 9, 2010 at 1:13 AM, James Hill
 wrote:

Thanks Brian.  Keen on the food recommendations.  I had the Getty on my
list too as I have heard it's good.

 

Vegas accommodation is locked in but we only have the first visit to LA
booked accommodation wise (and actually staying at Santa Monica).
Basically it's LA/santa monica (2 days) - Vegas (5 days) - LA (2days) -
Cruise/mexico (7 days) - LA (2days) - Home.

 

 

 

 

From: Brian Desmond [mailto:br...@briandesmond.com] 
Sent: Thursday, 9 September 2010 1:43 PM


To: NT System Admin Issues

Subject: RE: OT: Completely off topic

 

Add Hoover Dam to your Vegas list.

 

Do you like good (like really good) food? That's probably my favorite
thing to do (and spend money on) in both of these places. If you want
some food recommendations in LA let me know. I'd also look up when the
Food Trucks are all out in Venice (it's a couple days a month I think)
as they're a unique experience. 

 

In LA, I'd add The Getty, Venice, Santa Monica, possibly drive down to
San Diego (spend a night or two there it's really nice and totally
different - only like 90 mins away). The USS Midway is fun in San Diego,
you can actually take light rail to Tijuana also. Drive through like La
Jolla and such along the coast. In general driving along the coast (PCH)
is generally very pretty. Topanga Canyon north of LA is a fun drive. The
San Diego Zoo is one of the top zoos out there (though I haven't yet
been). Legoland and Disneyland are nearby to both if you're in to either
of those things. Hollywood walk of fame of course. Personally I think
you have too much time in both of these places. Are you open to
customizing a bit? 

 

 

 

Thanks,

Brian Desmond

br...@briandesmond.com

 

c - 312.731.3132

 

 

From: James Hill [mailto:james.h...@superamart.com.au] 
Sent: Wednesday, September 08, 2010 6:45 PM


To: NT System Admin Issues

Subject: RE: OT: Completely off topic

 

Haha.. ok on list it is.

 

I'll be on the West Coast.  Mainly after things to do in LA and Vegas.
Have 4-6 days in LA and 5 in Vegas so not a lot of time.  Will have a
car though.  After that I'm on a boat for 7 days down to Mexico and
back.

 

So far for LA:-

 

* Tar Pits

* Long Beach

* Universal Studios

* Eat something with cheese on it (I've heard it's really hard
to find in the U.S. J)

 

Vegas:-

 

* Grand Canyon (of course)

* cirque du soleil

* Obvious stuff like walking the strip and checking out each of
the big casinos

* Crazy as it sounds I'm more interested in the shows etc rather
than the gambling.

 

I'll be sure to bring some koala toys (after I remove the made in china
label).  I've heard I'll have to talk slow so that you Yanks can
understand me.

 

As for the "crikey!" comment I actually don't live that far from
Australia Zoo which was built by Steve Irwin (which is one of the few
people that ever uses that word these days)

 

Wouldn't mind jumping around like a fool in front of a Microsoft Kinect
if I can find one.

 

James.

 

 

 

From: Richard Stovall [mailto:rich...@gmail.com] 
Sent: Thursday, 9 September 2010 11:05 AM
To: NT System Admin Issues
Subject: Re: OT: Completely off topic

 

Crikey, mate!  If you want "some tips from some of the locals on this
list", just ask.  We're already here!

 

And since you asked, here are a few:

 

1) North America is really, really large.  (Maybe even larger than
Australia!)  The farther north you go, the heavier clothing you'll need.

2) Always buy Americans a beer first.  After that they'll fall all over
themselves to return the kindness for the rest of the night.  And to
hear your funny accent.  Seriously.  You'll come out way ahead on this
one, and save a tonne of money.

3) 2) Does not work on people from Canada or Mexico.

4) Tell them your great grandfather was a hardened, unrepentant criminal
from England.  They expect to hear it anyway, even if he was a priest,
or an Aborigine, or a Prime Minister.

5) Bring your a Koala with you as an ice breaker.  Everyone has one,
right?

 

If I've missed anything, just ask.

 

Cheers, G'day, and all that stuff.

 

RS

 

On Wed, Sep 8, 2010 at 8:03 PM, James Hill
 wrote:

I'm holidaying in North America next month and woul

RE: WSUS tools?

[Osborne, Richard]

I just tried this tool and I'm confused.  Is it anything more than a
command-line version of the Server Cleanup Wizard in the WSUS 3.0 GUI?
Thanks.

 

 

From: Justin Thomas [mailto:jat...@gmail.com] 
Sent: Wednesday, August 04, 2010 4:54 PM
To: NT System Admin Issues
Subject: Re: WSUS tools?

 

I use the WSCleanup tool from codeplex for number 1. Works like a charm.

 

http://wsus.codeplex.com/releases/view/17612

On Wed, Aug 4, 2010 at 4:33 PM, Kurt Buff  wrote:

I've got to clean up our WSUS installation after the departure of a
minion, and I'm trying to find find some tools to help with the task.

Here's a couple of wishes:

1) Ability to clean out superseded updates - decline them, or
whatever, so I only see what's current

2) Ability to prep updates for a target group and set them to go
at a future date/time.
 For instance, I might have to leave on Tuesday for a couple
of days, and want to prepare my
 test group to receive the latest set on Wednesday after 6pm.

It looks like WSUSter (http://www.wsus.nl/site/content/view/23/38/)
would be useful for (1) but haven't implemented it yet - do any of you
have experience with it and like it? Any alternatives that you like?

I haven't found *anything* for (2) yet, and am hoping someone has
found something to satisfy that desire.

Kurt


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~




-- 
Probable Contrarian

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Dell - IDRAC6 Enterprise vs IDRAC6 Express

[Osborne, Richard]

Agreed; the ability to mount media is very handy to setup servers
remotely and the KVM doesn't get you that.

 

You don't need a separate network port for the DRAC nowadays.  You can
assign it a different IP address but use one port for it and the live
NIC.  Of course, if that link goes bad you're out of luck.

 

The DRAC remote console is quite a bit snapper than the Dell (Avocent)
KVM one.

 

I have not seen any issues with reliability on either flavor of DRAC.

 

Buy both unless your budget is really tight!

 

From: Sean Martin [mailto:seanmarti...@gmail.com] 
Sent: Tuesday, August 17, 2010 12:53 PM
To: NT System Admin Issues
Subject: Re: Dell - IDRAC6 Enterprise vs IDRAC6 Express

 

We primarily use out-of-band features within the Dell Blade Chassis,
which is great, but we also have a few stand-alone servers with iDRACs.
They are definitely handy to have, especially with the ability to mount
virtual media. I have experienced a handful of issues with servers not
booting, hardware errors, etc. (over many years) that was a result of a
bad DRAC, but not enough to sway me from using them.

 

If mounting virtual media is not a requirement, I would look again at
the cost comparison between IP KVMs and individual DRACs for each
server. I don't know what the exact costs are for DRACs, but I dont
think a 16 port IP KVM would cost much more than 16 DRACs. You also need
to factor in a dedicated switch port for the DRAC vs. a single port an
IP KVM. 

 

Centralized management may be another consideration. I think some of the
IP KVM offerings allow multiple switches to be daisy chained that can be
managed through a single interface. 

 

- Sean 

On Tue, Aug 17, 2010 at 9:39 AM, Fred Sawyer
 wrote:

Is anyone using either the IDRAC6 Enterprise or Express.  From what I am
reading the Express card offers a basic web-interface that can be used
to remotely reboot that machine.  Where the Enterprise version offers
remote ability to mount media as well as direct console access.

I am trying to figure out how reliable the Enterprise card is for
remotely supporting a server.  From a cost analysis the IDRAC Enterprise
options is more affordable then a TCP/IP KVM such as a Raritan.

All feedback is greatly appreciated!

Cheers,

Fred

..
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: malware that creates Outlook rules

[Osborne, Richard]

Actually this was happening all weekend.  I was chasing my tail so hard I 
didn't think to e-mail this list until Monday.  Lesson learned.

Just to wrap up: thanks to Glen, Scott, Thomas, and anyone else who suggested 
the spam was coming from OWA via phished accounts.  I looked at the IIS logs on 
the OWA server and found entries like this:
... GET /exchange/bob.smith/Drafts/ Cmd=new 443 bsmith x.x.x.x 
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+InfoPath.2;+Crazy+Browser+3.0.3)...

Which I suppose shows new e-mails being created in the Drafts folder.  Any 
advice regarding interpreting these logs would be welcome.

After changing the affected user's passwords I think we are in the clear.  
Exchange queues are quiet since yesterday.

We publish OWA via ISA Server, so the OWA logs only the address of the ISA 
Server.  We checked our firewall logs and found quite a bit of traffic to OWA 
from Nigeria & India.  We're in Tennessee, so we are able to block those 
addresses as we won't have any legitimate traffic from them.

Based on the agent string above, I told URLScan to block Crazy Browser 
(http://www.crazybrowser.com/).  I wonder how many other browsers there are 
I've never even heard of.

Now I need to consider some kind of outbound anti-spam, figure out some 
scripting to notify me if the queues get out of hand, and get off all the 
blacklists I'm on.

--

From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] 
Sent: Monday, August 02, 2010 2:50 PM
To: NT System Admin Issues
Subject: RE: malware that creates Outlook rules


We're a Lotus Notes shop using Postini as a relay, if it makes any 
difference... 

We had one desktop system here, and a few in NYC, where spam as being spewed 
out.  This actually had nothing at all to do with Domino/Lotus but rather a 
rogue SMTP server which got snuck onto some workstations. 

We were able to track this down by monitoring SMTP traffic through our 
firewall.  All SMTP traffic was to be comming from only one IP at each 
location, and it was all supposed to be directed to our Postini host. 

At least yours does not seem to be happening on a weekend...
-- 
Richard D. McClary 
Systems Administrator, Information Technology Group 
ASPCA® 
1717 S. Philo Rd, Ste 36 
Urbana, IL  61802 
  
richardmccl...@aspca.org 
  
P: 217-337-9761 
C: 217-417-1182 
F: 217-337-9761 
www.aspca.org 
  
The information contained in this e-mail, and any attachments hereto, is from 
The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is 
intended only for use by the addressee(s) named herein and may contain legally 
privileged and/or confidential information. If you are not the intended 
recipient of this e-mail, you are hereby notified that any dissemination, 
distribution, copying or use of the contents of this e-mail, and any 
attachments hereto, is strictly prohibited. If you have received this e-mail in 
error, please immediately notify me by reply email and permanently delete the 
original and any copy of this e-mail and any printout thereof. 
  

"Osborne, Richard"  wrote on 08/02/2010 02:40:09 PM:

> I have been monitoring the Exchange queues.  It's the only way I can
> tell when it is happening.  I found the aqadmcli.exe utility and 
> have been using it to clean the queues (aqadmcli "delmsg 
> flags=SENDER,sender=bob.sm...@wth.org".
> 
> I'll check the OWA logs ASAP.
> 
> Assuming I have had three users reply to phishing e-mails, is there 
> anything to fix besides changing their passwords?
> 
> Thanks everyone for the suggestions.
> 
> -Original Message-
> From: Glen Johnson [mailto:gjohn...@vhcc.edu] 
> Sent: Monday, August 02, 2010 2:35 PM
> To: NT System Admin Issues
> Subject: RE: malware that creates Outlook rules
> 
> Also check those exchange smtp queues.
> If it is compromised accounts the spammers can send spam via you owa
> faster than your exchange server can process so it will get backed 
> up so disabling accounts or changing passwords wont stop it until 
> the queues are emptied.
> 
> 
> -Original Message-
> From: Osborne, Richard [mailto:richard.osbo...@wth.org] 
> Sent: Monday, August 02, 2010 3:32 PM
> To: NT System Admin Issues
> Subject: RE: malware that creates Outlook rules
> 
> I'm glad I'm not the only sufferer!
> 
> I'll try and answer the other questions that were asked:
> 
> 1) yes, the spam continued even with the user's account disabled and
> their PC powered off
> 2) yes, only our Exchange server can send SMTP to the Internet
> 3) my OWA servers are clean according to VIPRE & MalwareBytes
> 
> So far this has hit 3 users (out of ~5000).  I have not seen any 
> spam sent in the last 5 hours but I don't have any confidence that I
&

RE: malware that creates Outlook rules

[Osborne, Richard]

I have been monitoring the Exchange queues.  It's the only way I can tell when 
it is happening.  I found the aqadmcli.exe utility and have been using it to 
clean the queues (aqadmcli "delmsg flags=SENDER,sender=bob.sm...@wth.org".

I'll check the OWA logs ASAP.

Assuming I have had three users reply to phishing e-mails, is there anything to 
fix besides changing their passwords?

Thanks everyone for the suggestions.

-Original Message-
From: Glen Johnson [mailto:gjohn...@vhcc.edu] 
Sent: Monday, August 02, 2010 2:35 PM
To: NT System Admin Issues
Subject: RE: malware that creates Outlook rules

Also check those exchange smtp queues.
If it is compromised accounts the spammers can send spam via you owa faster 
than your exchange server can process so it will get backed up so disabling 
accounts or changing passwords wont stop it until the queues are emptied.


-Original Message-
From: Osborne, Richard [mailto:richard.osbo...@wth.org] 
Sent: Monday, August 02, 2010 3:32 PM
To: NT System Admin Issues
Subject: RE: malware that creates Outlook rules

I'm glad I'm not the only sufferer!

I'll try and answer the other questions that were asked:

1) yes, the spam continued even with the user's account disabled and their PC 
powered off
2) yes, only our Exchange server can send SMTP to the Internet
3) my OWA servers are clean according to VIPRE & MalwareBytes

So far this has hit 3 users (out of ~5000).  I have not seen any spam sent in 
the last 5 hours but I don't have any confidence that I have found the source.  
Maybe there's a PC with a high-privileged account that has been compromised and 
is sending out spam runs on a schedule?  Currently I am getting up-to-date on 
patches on all my Exchange boxes.

-Original Message-
From: Thomas Mullins [mailto:tsmull...@wise.k12.va.us]
Sent: Monday, August 02, 2010 2:17 PM
To: NT System Admin Issues
Subject: RE: malware that creates Outlook rules

We are having a similar issue.  We changed the users password, and since that 
user is in a meeting, we turned his machine off.  Looks like it has to be 
coming from OWA.  Here is some info from an error message our external MTA sent 
to me (our Exchange guys are looking into the matter):

Transcript of session follows.

 Out: 220 mail3.wise.k12.va.us ESMTP
 In:  EHLO mail.wise.k12.va.us
 Out: 250-mail3.wise.k12.va.us
 Out: 250-PIPELINING
 Out: 250-SIZE 8
 Out: 250-VRFY
 Out: 250-ETRN
 Out: 250-ENHANCEDSTATUSCODES
 Out: 250-8BITMIME
 Out: 250 DSN
 In:  MAIL FROM: SIZE=1163
 Out: 250 2.1.0 Ok
 In:  RCPT TO:
 Out: 250 2.1.5 Ok
 In:  RCPT TO:
 Out: 250 2.1.5 Ok
 In:  RCPT TO:
 Out: 250 2.1.5 Ok
 In:  RCPT TO:
 Out: 250 2.1.5 Ok
 In:  RCPT TO:
 Out: 250 2.1.5 Ok
 In:  RCPT TO:
 Out: 250 2.1.5 Ok
 In:  RCPT TO:
 Out: 250 2.1.5 Ok
 In:  RCPT TO:
 Out: 250 2.1.5 Ok
 In:  RCPT TO:
 Out: 250 2.1.5 Ok
 In:  RCPT TO:
 Out: 250 2.1.5 Ok
 In:  RCPT TO:
 Out: 250 2.1.5 Ok

Shane


-Original Message-
From: Roger Wright [mailto:rhw...@gmail.com]
Sent: Monday, August 02, 2010 2:35 PM
To: NT System Admin Issues
Subject: Re: malware that creates Outlook rules

Is your firewall set to only allow SMTP (port 25) traffic from your Exchange 
server?


Die dulci fruere!

Roger Wright
___




On Mon, Aug 2, 2010 at 2:21 PM, Osborne, Richard  
wrote:
> I disabled their accounts and it didn't help.
>
>
> -Original Message-
> From: Roger Wright [mailto:rhw...@gmail.com]
> Sent: Monday, August 02, 2010 1:09 PM
> To: NT System Admin Issues
> Subject: Re: malware that creates Outlook rules
>
> Have you had the users change their passwords yet?
>
>
> Die dulci fruere!
>
> Roger Wright
> ___
>
>
>
>
> On Mon, Aug 2, 2010 at 1:46 PM, Osborne, Richard 
>  wrote:
>> Has anyone seen malware that creates an Outlook rule that moves all 
>> new mail to Deleted Items and then sends out a bunch of spam?  I have 
>> a few users that have been hit with something I can't find.  I 
>> scanned the PCs with VIPRE, MalwareBytes, & Symantec's online scanner 
>> and didn't find anything.  Then I turned off the PCs and something is 
>> still accessing their mailboxes.  I scanned the Exchange server also.  
>> I am not seeing anything in Exchange User Monitor or Windows Security 
>> logs and our network guys say they don't see any unusual traffic to 
>> our Exchange server.
>>
>> Google finds a couple of people reporting the same thing but no 
>> resolution.
>>
>> Windows XP SP2 clients with Outlook 2002 & 2003; Exchange Server 2003
>> SP2 on Server 2003 SP1.
>>
>> Thanks for any ideas.
>>
>>
>>
>> Richard Osborne
>> Information Systems
>> Jackson-Madison County General Hospital
>>
>> NOTICE:  (1) The foregoing is not intended to be

RE: malware that creates Outlook rules

[Osborne, Richard]

I'm glad I'm not the only sufferer!

I'll try and answer the other questions that were asked:

1) yes, the spam continued even with the user's account disabled and their PC 
powered off
2) yes, only our Exchange server can send SMTP to the Internet
3) my OWA servers are clean according to VIPRE & MalwareBytes

So far this has hit 3 users (out of ~5000).  I have not seen any spam sent in 
the last 5 hours but I don't have any confidence that I have found the source.  
Maybe there's a PC with a high-privileged account that has been compromised and 
is sending out spam runs on a schedule?  Currently I am getting up-to-date on 
patches on all my Exchange boxes.

-Original Message-
From: Thomas Mullins [mailto:tsmull...@wise.k12.va.us] 
Sent: Monday, August 02, 2010 2:17 PM
To: NT System Admin Issues
Subject: RE: malware that creates Outlook rules

We are having a similar issue.  We changed the users password, and since that 
user is in a meeting, we turned his machine off.  Looks like it has to be 
coming from OWA.  Here is some info from an error message our external MTA sent 
to me (our Exchange guys are looking into the matter):

Transcript of session follows.

 Out: 220 mail3.wise.k12.va.us ESMTP
 In:  EHLO mail.wise.k12.va.us
 Out: 250-mail3.wise.k12.va.us
 Out: 250-PIPELINING
 Out: 250-SIZE 8
 Out: 250-VRFY
 Out: 250-ETRN
 Out: 250-ENHANCEDSTATUSCODES
 Out: 250-8BITMIME
 Out: 250 DSN
 In:  MAIL FROM: SIZE=1163
 Out: 250 2.1.0 Ok
 In:  RCPT TO:
 Out: 250 2.1.5 Ok
 In:  RCPT TO:
 Out: 250 2.1.5 Ok
 In:  RCPT TO:
 Out: 250 2.1.5 Ok
 In:  RCPT TO:
 Out: 250 2.1.5 Ok
 In:  RCPT TO:
 Out: 250 2.1.5 Ok
 In:  RCPT TO:
 Out: 250 2.1.5 Ok
 In:  RCPT TO:
 Out: 250 2.1.5 Ok
 In:  RCPT TO:
 Out: 250 2.1.5 Ok
 In:  RCPT TO:
 Out: 250 2.1.5 Ok
 In:  RCPT TO:
 Out: 250 2.1.5 Ok
 In:  RCPT TO:
 Out: 250 2.1.5 Ok

Shane


-Original Message-
From: Roger Wright [mailto:rhw...@gmail.com] 
Sent: Monday, August 02, 2010 2:35 PM
To: NT System Admin Issues
Subject: Re: malware that creates Outlook rules

Is your firewall set to only allow SMTP (port 25) traffic from your
Exchange server?


Die dulci fruere!

Roger Wright
___




On Mon, Aug 2, 2010 at 2:21 PM, Osborne, Richard
 wrote:
> I disabled their accounts and it didn't help.
>
>
> -Original Message-
> From: Roger Wright [mailto:rhw...@gmail.com]
> Sent: Monday, August 02, 2010 1:09 PM
> To: NT System Admin Issues
> Subject: Re: malware that creates Outlook rules
>
> Have you had the users change their passwords yet?
>
>
> Die dulci fruere!
>
> Roger Wright
> ___
>
>
>
>
> On Mon, Aug 2, 2010 at 1:46 PM, Osborne, Richard
>  wrote:
>> Has anyone seen malware that creates an Outlook rule that moves all new
>> mail to Deleted Items and then sends out a bunch of spam?  I have a few
>> users that have been hit with something I can't find.  I scanned the PCs
>> with VIPRE, MalwareBytes, & Symantec's online scanner and didn't find
>> anything.  Then I turned off the PCs and something is still accessing
>> their mailboxes.  I scanned the Exchange server also.  I am not seeing
>> anything in Exchange User Monitor or Windows Security logs and our
>> network guys say they don't see any unusual traffic to our Exchange
>> server.
>>
>> Google finds a couple of people reporting the same thing but no
>> resolution.
>>
>> Windows XP SP2 clients with Outlook 2002 & 2003; Exchange Server 2003
>> SP2 on Server 2003 SP1.
>>
>> Thanks for any ideas.
>>
>>
>>
>> Richard Osborne
>> Information Systems
>> Jackson-Madison County General Hospital
>>
>> NOTICE:  (1) The foregoing is not intended to be a legally binding or
>> legally effective electronic signature. (2) This message may contain
>> legally privileged or confidential information.  If you are not the
>> intended recipient of this message, please so notify me, disregard the
>> foregoing message, and delete the message immediately.  I apologize for
>> any inconvenience this may have caused.
>>
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: malware that creates Outlook rules

[Osborne, Richard]

I disabled their accounts and it didn't help.


-Original Message-
From: Roger Wright [mailto:rhw...@gmail.com] 
Sent: Monday, August 02, 2010 1:09 PM
To: NT System Admin Issues
Subject: Re: malware that creates Outlook rules

Have you had the users change their passwords yet?


Die dulci fruere!

Roger Wright
___




On Mon, Aug 2, 2010 at 1:46 PM, Osborne, Richard
 wrote:
> Has anyone seen malware that creates an Outlook rule that moves all new
> mail to Deleted Items and then sends out a bunch of spam?  I have a few
> users that have been hit with something I can't find.  I scanned the PCs
> with VIPRE, MalwareBytes, & Symantec's online scanner and didn't find
> anything.  Then I turned off the PCs and something is still accessing
> their mailboxes.  I scanned the Exchange server also.  I am not seeing
> anything in Exchange User Monitor or Windows Security logs and our
> network guys say they don't see any unusual traffic to our Exchange
> server.
>
> Google finds a couple of people reporting the same thing but no
> resolution.
>
> Windows XP SP2 clients with Outlook 2002 & 2003; Exchange Server 2003
> SP2 on Server 2003 SP1.
>
> Thanks for any ideas.
>
>
>
> Richard Osborne
> Information Systems
> Jackson-Madison County General Hospital
>
> NOTICE:  (1) The foregoing is not intended to be a legally binding or
> legally effective electronic signature. (2) This message may contain
> legally privileged or confidential information.  If you are not the
> intended recipient of this message, please so notify me, disregard the
> foregoing message, and delete the message immediately.  I apologize for
> any inconvenience this may have caused.
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

malware that creates Outlook rules

[Osborne, Richard]

Has anyone seen malware that creates an Outlook rule that moves all new
mail to Deleted Items and then sends out a bunch of spam?  I have a few
users that have been hit with something I can't find.  I scanned the PCs
with VIPRE, MalwareBytes, & Symantec's online scanner and didn't find
anything.  Then I turned off the PCs and something is still accessing
their mailboxes.  I scanned the Exchange server also.  I am not seeing
anything in Exchange User Monitor or Windows Security logs and our
network guys say they don't see any unusual traffic to our Exchange
server.

Google finds a couple of people reporting the same thing but no
resolution.

Windows XP SP2 clients with Outlook 2002 & 2003; Exchange Server 2003
SP2 on Server 2003 SP1.

Thanks for any ideas.



Richard Osborne
Information Systems
Jackson-Madison County General Hospital

NOTICE:  (1) The foregoing is not intended to be a legally binding or
legally effective electronic signature. (2) This message may contain
legally privileged or confidential information.  If you are not the
intended recipient of this message, please so notify me, disregard the
foregoing message, and delete the message immediately.  I apologize for
any inconvenience this may have caused.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~