RE: LTO4 Back Up Processes
We've been researching replacing our LTO2 tape library with LTO4, and the information we've gathered is: LTO drives are read/write compatible with the previous generation of tapes just read compatible with the 2nd previous generation of tapes. So... LTO4 drives can: read/write to LTO3 tapes Read only to LTO2 tapes Cannot work with LTO1 tapes Scott -Original Message- From: mqcarp [mailto:mqcarpen...@gmail.com] Sent: Wednesday, August 26, 2009 8:34 AM To: NT System Admin Issues Subject: OT: LTO4 Back Up Processes Our LTO3 library just hit the skids so before I look at replacing it I am looking around to make sure this is still best practice. Other than those that do back up to disk and archive to tape processes, is LTO4 libraries best practice, and are they backward compatible to LTO3 and LTO2 tapes (I will double check this elsewhere also, just wanted to throw it out and get experienced feedback). ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Windows 7
In the RC, I got the sidebar to run each time by adding the registry key: HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run Sidebar : REG_SZ : C:\Program Files\Windows Sidebar\sidebar.exe /autoRun Scott Kaufman ITT ESI, Inc. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Monday, August 17, 2009 12:24 PM To: NT System Admin Issues Subject: Re: Windows 7 I'll have to check this evening. It seems integrated into the primary Explorer process. -ASB On Mon, Aug 17, 2009 at 9:34 AM, Micheal Espinola Jr michealespin...@gmail.commailto:michealespin...@gmail.com wrote: Does the sidebar still run as an independent process, or has it been integrated into Explorer? -- ME2 On Mon, Aug 17, 2009 at 8:53 AM, Andrew S. Bakerasbz...@gmail.commailto:asbz...@gmail.com wrote: Windows 7 is very, very nice. I especially like how the Taskbar has been changed, and the fact that you no longer need a sidebar (just drop it on the desktop). It's faster than Vista. I have two installs done so far -- a clean x64 and an in-place upgrade of x86, and they're both running smoothly. Wireless networking configuration is MUCH better than before. Overall, lots of pleasant changes including performance and usability. I have 3 more systems to convert by the end of the month, or early September. -ASB --- http://Home.ASBzone.com/ASB/ http://www.linkedin.com/in/AndrewBaker --- On Sun, Aug 16, 2009 at 9:05 PM, Jon Harris jk.har...@gmail.commailto:jk.har...@gmail.com wrote: I have my first Windows 7 x64 Enterprise client up and running. I have added the RSAT for 7 RTM, and the System Center Essentials Console as well. Office Enterprise 2007 and a couple of more applications like Forefront Client Security. I have run into on issue that may be just a bug in my setup or something more but I can only get 2 Hotmail accounts configured. Under Vista I had three. System Center Essentials can not deploy a client to this system but I have just started looking at the issues. Other than what I have mentioned so far I see a big differences in the GUI (think some users will like it others will dislike it but all will need training). The load time is much faster to get to the login but about the same to get to a useable desktop but I have not really done any timing of the loads. The ability to load Bluetooth devices as in they are ready at the login prompt, very sweet. Cisco AnyConnect works a bit faster but we will see if it stays that way. Windows Explorer GUI is a major change and I think the users will hate it. The Firewall GUI has been changed big time but I think this is a good change. It is easier to see what applications are permitted under which of 3 network conditions. You can make changes but at the moment I need to be the Administrator to make the changes (users are permitted to allow exceptions by GPO). All of this within about 2 hours of loading and starting work with if. Loading the OS (scratch load), loading the Vista drivers, and loading all the applications took about 12 hours in total with about 2 to 3 of those hours spent transfering files from a USB drive. I did all the patching off domain and only put the machine into the domain after it was loaded with programs/applications but before any AV or personal files. Adding it to the domain and getting it configured with AV was just as fast as with Vista or faster. Windows Update Services seems to be a bit faster. Jon Harris ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: OT Win 7 sharing
Disable the firewall? Have had no issues with Win7 RC on a domain joined non-domain joined computers connecting to/from file servers (2k3 R2 2k8) for file copying. -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Tuesday, August 11, 2009 1:31 PM To: NT System Admin Issues Subject: OT Win 7 sharing Driving me crazy, just want to be able to connect to my desktop from server to copy stuff back and forth. Vista was no problem. \\desktopname gets me network path was not found. Same with the full domain name. 2008, XP 2003 and 2003 r2 same result. Got it all turned on in the domain tab in network sharing and discovery. Any ideas anyone? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Exchange 2007 PFs
I believe Microsoft's plan all along has been to get org's to migrate PF's to SharePoint. That's what I remember during the pre-Exchange discussions. Scott Kaufman Lead Network Analyst ITT ESI, Inc. From: Benjamin Zachary - Lists [mailto:li...@levelfive.us] Sent: Sunday, July 12, 2009 9:39 AM To: NT System Admin Issues Subject: RE: Exchange 2007 PFs I gave up and went in and created PF's and set it all up. I don't know how MS plans to get rid of them unless you can create 'ghost' mailboxes that can easily share out the data. From: Benjamin Zachary - Lists [mailto:li...@levelfive.us] Sent: Saturday, July 11, 2009 6:34 PM To: NT System Admin Issues Subject: Exchange 2007 PFs Most of my clients have been upgrading to Ex2007 and we were able to keep PF's. However, I just installed SBS2008 and didn't want to 'migrate' it because the server had several problems we didn't want to carry over. The only problem is they used PF's for a few things. A shared calendar, contacts and a mailbox where all the incoming faxes would get placed. Im looking at the room/equipment mailboxes but they don't look like they will fit the bill. Is the only way to do this to create a generic user then share out the contacts and calendar and make that the shared ones? Can the users be able to add those as a favorite and outlook address book? Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Script to remove Norton Security Scan
Bingfu should be called BingO
And that's the nameO
From: Sherry Abercrombie [mailto:saber...@gmail.com]
Sent: Tuesday, June 23, 2009 2:24 PM
To: NT System Admin Issues
Subject: Re: Script to remove Norton Security Scan
Bingfu just doesn't sound the same as gogglefu...
On Tue, Jun 23, 2009 at 1:12 PM, Maglinger, Paul pmaglin...@scvl.com
wrote:
Wha no Bing?
-Original Message-
From: Gene Giannamore [mailto:gene.giannam...@abideinternational.com]
Sent: Tuesday, June 23, 2009 11:43 AM
To: NT System Admin Issues
Subject: RE: Script to remove Norton Security Scan
Googled it
http://community.norton.com/norton/board/message?board.id=otherthread.i
d=6787view=by_date_ascendingpage=2
http://community.norton.com/norton/board/message?board.id=otherthread.
i%0Ad=6787view=by_date_ascendingpage=2
Gene Giannamore
Abide International Inc.
Technical Support
561 1st Street West
Sonoma,Ca.95476
(707) 935-1577Office
(707) 935-9387Fax
(707) 766-4185Cell
gene.giannam...@abideinternational.com
www.abideinternational.com
-Original Message-
From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, June 23, 2009 9:05 AM
To: NT System Admin Issues
Subject: Script to remove Norton Security Scan
I'm trying to script the removal of Norton Security Scan...I have the
following uninstall string:
C:\Program
Files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\License
Type\2.3.0.26\InstStub.exe /x
Problem is it brings up a confirmation prompt, so if I PSEXEC it, it
just sits waiting. I've tried /remove, /quiet, and /noprompt but those
didn't work. Does anyone know of a switch the might bypass that stuff?
I'd rather not just blow away the directory any leave open reg entries
around...
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
--
Sherry Abercrombie
Any sufficiently advanced technology is indistinguishable from magic.
Arthur C. Clarke
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Press F1 to continue after updates.
Are you getting a System FRU not programmed message? Or an ESM error on POST? If so, shutdown the server and unplug the power cords. Wait a few minutes. Hold in the power button for a minute. Plug power cords back in and power on. Error should go away F1 prompt to continue should no longer appear. We get this occasionally on Dell Servers (26xx to Rxxx series), and the above works every time. Still haven't found out what causes the error or why it happens though :( Scott Kaufman Lead Network Analyst ITT ESI, Inc. -Original Message- From: Steve Kelsay [mailto:kels...@sctax.org] Sent: Friday, June 12, 2009 9:34 AM To: NT System Admin Issues Subject: Press F1 to continue after updates. After rolling out the MS updates last night, I had three different models of servers that failed to restart, having the Press F1 to Continue message. Pressing it let it start properly, but I had to drive in and attach a keyboard to the front of the box to do it. Is this a coincidence, or has someone else noticed this happening after the updates? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Windows 2003 Server Issue.
Has the system registry has been configured to shutdown when the security log is full? You could go into recovery console, and rename %systemroot%\system32\config rename SecEvent.Evt Or boot the server off a BartPE/UBCD disk, open the security eventlog on the server, save it off clear the log. You can do the same thing with Application System, that might give you something else to look at. HTH Scott From: Daniel Rodriguez [mailto:drod...@gmail.com] Sent: Monday, June 01, 2009 6:18 PM To: NT System Admin Issues Subject: Windows 2003 Server Issue. I have a Dell PowerEdge with Windows 2003 Standard Server. Someone with admin rights has done something to the server. Issue: When powering up the server, shows that it is loading, gets to the grey screen with status messages. When it gets to 'Network Connections' there is an error message stating that a service or drivers did not load and to look at the Event View for more details. It then shows the login screen for a split second and then Windows performs a shutdown. This happens when I try to go into Safe Mode, as well. Ideas? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Windows 2003 Server Issue.
Duh!! My mistake.. I've never configured a server with that setting thus have not seen it happen. just remember the setting Scott -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Monday, June 01, 2009 9:44 PM To: NT System Admin Issues Subject: Re: Windows 2003 Server Issue. On Mon, Jun 1, 2009 at 9:34 PM, Scott Kaufman at HQ skauf...@ittesi.com wrote: Has the system registry has been configured to shutdown when the security log is full? That results in an immediate STOP error (BSOD), not a graceful shutdown. The description in SECPOL.MSC is misleading. The actual registry entry is not: CrashOnAuditFail. :-) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: MS CRM List
While I haven't found a list such as this, there are lots of blogs, and Microsoft has newsgroups for Dynamics CRM. Depending on what you're trying to do or problem to solve, our developers myself have found decent information from Google searches. YMMV. Scott From: Bill Lambert [mailto:blamb...@concuity.com] Sent: Wednesday, May 27, 2009 6:47 PM To: NT System Admin Issues Subject: MS CRM List Hello all... Does anyone know if a list like this one for MS Dynamics CRM? Any links would be appreciated! Thanks. Bill Lambert Windows System Administrator Concuity A healthcare division of Trintech, Inc. Phone 847-941-9206 Fax 847-465-9147 NASDAQ: TTPA The information contained in this e-mail message, including any attached files, is intended only for the personal and confidential use of the recipient(s) named above. If you are not the intended recipient (or authorized to receive information for the recipient) you are hereby notified that you have received this communication in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please contact the sender by reply email and delete all copies of this message. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.gif
RE: Any one using Great Plains?
I don't have any experience with Great Plains...but... What perf counters are you looking at? Is this a new TS farm, or an existing one? Is this a .NET app? Got a network trace? What happens if you login to the console run the application? Have you used sysinternals tools to see if the app is having troubles access registry keys, file system, etc...? What happens if you run the application from a desktop, same thing or snappy load/run times? Scott Kaufman Lead Network Analyst ITT ESI, Inc. From: Tom Miller [mailto:tmil...@hnncsb.org] Sent: Wednesday, April 22, 2009 4:19 PM To: NT System Admin Issues Subject: Any one using Great Plains? Hi Everyone, We are moving to MS Dynamics Great Plains, version 10. We go live in a few months. What I see is that the Great Plains client is slow on remote desktops and via the Terminal Servers. The client goes non-responsive for a minute, then finally the user can log on, select the company, and go about his business. Once in the client performance, while not blazing, is acceptable. Closing the client is pretty quick. The terminal servers are loaded with memory and CPUs and there is barely a performance change when the GP client loads. On the GP SQL 2005 server, same thing. I've been looking at performance stats all day and except for the occasional CPU spike, nothing is going on. I'm guessing the is a SQL issue? Any suggestions? I have other SQL 2005 apps on other servers and don't see this sort of slow client issue. Thanks, Tom Miller Engineer, Information Technology Hampton-Newport News Community Services Board 757-788-0528 Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: ISA 2006 Authentication Page
You're going to have to edit the logon pages to automatically append the UPN, or put the netbios domain name in front of the username. If you have multiple domains, you're going to have to have some way for users to select which domain they are trying to logon to. Editing the pages is supported by Microsoft. We've done it here. It's pretty much all Javascript to do this. Scott Kaufman Lead Network Analyst ITT ESI, Inc. From: Don Ely [mailto:don@gmail.com] Sent: Tuesday, April 14, 2009 12:48 PM To: NT System Admin Issues Subject: ISA 2006 Authentication Page Hey folks, I am trying to make ISA not require the NETBIOS domain name as part of the username when clients login. In other words, no CONTOSO\JackRyan, but just JackRyan for the username. I can do this for a single domain, but cannot seem to make it work for the child domains that are a part of the CONTOSO forest... Setup is like this... ISA 2006 in Workgroup mode in a DMZ. Windows 2003 Native Forest called CONTOSO with three child domains on the internal network. LDAPS authentication is configured from the ISA server to the CONTOSO forest. I am trying to publish MOSS 2007 from the Internal Network to the ISA server in the DMZ which works fine aside from the need to have a domain name specified to logon the user. I understand that out of the box this is how ISA 2006 works, but I have heard rumors there are ways around it so I can just provide a username... Any thoughts? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: File Server Security; Best Practice.
+1 on not using Everyone replacing it with Authenticated Users Scott Kaufman Lead Network Analyst ITT ESI, Inc. From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, April 01, 2009 10:51 AM To: NT System Admin Issues Subject: Re: File Server Security; Best Practice. I must be extra anal - I set the share permissions to Authenticated Users/Full Control :-) 2009/4/1 Ben Scott mailvor...@gmail.com On Wed, Apr 1, 2009 at 7:32 AM, Stephen Wimberly riverside...@gmail.com wrote: I now have two coworkers that insist on adding user objects rather than security groups directly to the file shares as well as specific folders under the file share. As everyone else said, they're wrong. Microsoft's best practices documentation says this, somewhere. Also, in general, it's recommended not to use share permissions at all. Use NTFS permissions for access control, and set the shares to Everyone/Full Control. There are exceptions, but this is the good rule. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: IE 8 SLOWNESS WHEN OPENING
I've been using IE8 since RC now RTM. I had a few issues with the RC (mostly around unresponsive tabs the compatibility of websites), but after installing the RTM, I've not yet had any issues like I did with the RC. I also have yet to see any issues that you're describing. What I don't like about Task Manager is you can't see the processes in a hierarchal manner...for that Process Explorer is great. So, when you kill one in Task Manager, you don't know if you're killing the parent process, or a child process (e.g. tab). At least with Process Explorer, you can see which process is the parent terminate appropriately. The most # of iexplore.exe processes I've seen has been 8 (one parent, 7 child as seen in Process Explorer). I had 3 separate IE windows with various number of tabs per window open to various websites (both internal external). None of the IE windows/tabs had slowness all respond quickly when switching to/from them. This is on my daily work laptop - Dell Latitude E5400, Vista Business x86 4GB ram - with all the usual office applications running. Scott Kaufman Lead Network Analyst ITT ESI, Inc. From: Murray Freeman [mailto:mfree...@alanet.org] Sent: Friday, March 27, 2009 3:18 PM To: NT System Admin Issues Subject: IE 8 SLOWNESS WHEN OPENING I reviewed Firefox 3, and have been impressed when compared to IE7, so when IE8 became available in final release, I installed it. Initially, I was very impressed by how quick it opened, but in the last couple of weeks, it's ridiculouly slow. In fact, it not only takes forever, but it's near impossible to shut it down. When I go into task manager, I find 2 IEexplore processes, yet under IE7 there was only one IEexplore process. So, I terminate one of the IE processes and both close, yet my machine then locks up and sometimes I have to reboot. Anybody have any ideas as to what is going on here? I'm testing both IE8 and Firefox with the idea of seklecting one for our office. Initially IE8 was opening faster than Firefox, but now Firefox is opening faster. I'm concerned that perhaps it's something on my machine, so I do not want to make a decision until I have all the facts. Murray ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: IIS6 windows authentication question
With IE Integrated Authentication, 99% of the time with this issue, the website is not in the Local Intranet zone. IE6 7 by default enables Integrated Authentication. However, only the Local Intranet zone is configured to automatically logon. As a previous poster said, if the URL is just http://server then IE will default to Local Intranet. But if you use http://server.fqdn.com IE will use the Internet zone. If your using a FQDN, put the server name, or just *.fqdn.com in the Local Intranet Sites for Integrated Authentication to work. Scott Kaufman Lead Network Analyst ITT ESI, Inc. -Original Message- From: Dennis Melahn [mailto:den...@advancedav.com] Sent: Wednesday, March 25, 2009 10:59 AM To: NT System Admin Issues Subject: IIS6 windows authentication question Guys, I have an internal website on a domain machine (S2K3) that I would like to keep secure by using windows authentication. It is currently working ok except I would like it to use windows authentication and not prompt the domain users for their credentials. If windows authentication is selected why is it still prompting for domain user credentials? What am I missing? Before I go seeking some IIS forums I thought I bounce it off the people I trust first. If the authentication exchange initially fails to identify the user, the browser will prompt the user for a Windows user account user name and password. Thanks, Dennis ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Can not open PST files
As other esteemed members have said, get the PST's off the network server back to local machine. Follow that up with a backup procedure for just the PSTs. Microsoft never intended for PSTs to be used across the network. For starters, configure your Anti-Virus solution on the file server to exclude .PST files. We ran into the same situation with a large x86 2k3 file server, and the following set of registry key changes has made a considerable performance difference for users. Please note, that if your file server is performing any other role, these changes could adversely affect the functionality of those roles... YMMV. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management SystemPages : Reg_Dword Default: 0x3c00 Changed: 0x HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager HeapDeCommitFreeBlockThreshold : Reg_Dword Default: 0x0 Changed: 0x0004 The next two were changed based on http://support.microsoft.com/default.aspx/kb/312362 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management PagedPoolSize : Reg_Dword Default: 0x0 Changed: 0x HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management PoolUsageMaximum: Reg_Dword Default: 0x0 Changed: 0x3c You will have to reboot the server for these changes to take effect. Scott Kaufman Lead Network Analyst ITT ESI, Inc. From: Kevan Dickinson [mailto:kevan.dickin...@cmi-plc.com] Sent: Monday, March 23, 2009 8:50 PM To: NT System Admin Issues Subject: Can not open PST files Since Friday afternoon I have been having some people report that they can not open their PST files. All PST files are stored in users home drives on the Network. When trying to open the file from within Outlook they are told that they do not have permission to open the file. However they have full read and write access to the file. I reapplied permissions just in case. If I copy the PST locally then the file can be opened. I know that Microsoft does not support PST's on a Network drive but we have worked this way for many years and I know that lots of other people do as well. Anyone any idea what may be happening here? It's affecting about 10% of our users at the moment and as I said earlier started happening on Friday afternoon. The clients are running a mixture of Office 2003 and Office 2007. We use Exchange server 2003. Any help or suggestions would be appreciated. Kevan Dickinson Network Manager NSF-CMI 23 Lodge Road Hanborough Business Park, Long Hanborough, Oxford, OX29 8SJ, UK T:+44 01993 885661 E:kevan.dickin...@nsf-cmi.com W:www.nsf-cmi.com ***Disclaimer*** The contents of this Email may be privileged and are confidential. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Should you wish to use Email as a mode of communication, NSF-CMi Ltd and its subsidiaries are unable to guarantee the security of Email content outside of our own computer systems. This footnote also confirms that this Email message has been checked by MailMarshal for the presence of computer viruses. Whilst we run anti-virus software, you are solely responsible for ensuring that any Email or attachment you receive is virus free. We disclaim any liability for any damage you suffer as a consequence of receiving any virus. NSF-CMi Ltd Registered in England No: 1899857 Registered Office 4th Floor, 35 New Bridge Street, London, EC4V 6BW ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Can not open PST files
PST's can only be opened by a single user, and really, you have to close Outlook before the PST is release for another user to open it. Exchange Public Folders are on way to group that information. Definitely makes it easier for multiple people to access the same information. I personally would go with SharePoint Services (the free download) for putting project documentation e-mails into a logical grouping. However, that requires the users to think differently, and you'll have to weigh the pro/cons of support, backup/recovery, end user training, etc... Scott Kaufman Lead Network Analyst ITT ESI, Inc. From: René de Haas [mailto:rene.deh...@woodward.com] Sent: Tuesday, March 24, 2009 10:13 AM To: NT System Admin Issues Subject: RE: Can not open PST files Agree, but I explained the thing to a project manager who used them a lot. He explained to me he wanted to keep the emails concerning a project together with other documents of a project. Seems logical. After our conversation he still only connects to 2 of them. Any suggestions as to how we can get him off pst-files and store the emails in a logical way so they are easy to find for him and others needing them? So far my thought was public folders, but that is still another place to store them, albeit a much better place in my opinion. Thanks René From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Tuesday, March 24, 2009 2:53 PM To: NT System Admin Issues Subject: Re: Can not open PST files What Kurt said, and: Stop doing it. Seriously. Keep .PSTs local and backup the files periodically. Lots of people are doing it wrong. -- ME2 On Mon, Mar 23, 2009 at 8:50 PM, Kevan Dickinson kevan.dickin...@cmi-plc.com wrote: I know that Microsoft does not support PST's on a Network drive but we have worked this way for many years and I know that lots of other people do as well. Any help or suggestions would be appreciated. *** The information in this e-mail is confidential and intended solely for the individual or entity to whom it is addressed. If you have received this e-mail in error please notify the sender by return e-mail delete this e-mail and refrain from any disclosure or action based on the information. *** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: free iso editor
I use ImgBurn (http://www.imgburn.com/) for ISO authoring. Love it! You can't add a file to an ISO. You can extract the files from the ISO, add/delete/modify the files as needed re-create the ISO with ImgBurn. If it's bootable, then do more google searching on how to make a bootable ISO. Scott Kaufman Lead Network Analyst ITT ESI, Inc. From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Monday, March 23, 2009 4:50 PM To: NT System Admin Issues Subject: Re: free iso editor http://www.google.com/search?q=free+iso+creator I cant recall the names of any off-hand, but they exist. -- ME2 On Mon, Mar 23, 2009 at 4:39 PM, N Parr npar...@mortonwelding.com wrote: winrar can extract, don't know about add -Original Message- From: Miguel Gonzalez [mailto:miguel_3_gonza...@yahoo.es] Sent: Monday, March 23, 2009 2:36 PM To: NT System Admin Issues Subject: free iso editor Hi, I have a bootable CD ISO. I want to add a text file to it. I've been googling around and I couldn't find any free tool that can do the job. Any way to do this? Thanks, Miguel ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: VMware - Vcenter resize?
You need to first allocate more space for the VM, like to 50GB. Then boot the VM with an ISO image that has a disk resizing utility and increase the drive size to use all of the 50GB. You should be to point the Infrastructre client directly to the esx server, logon as root and manipulate the VM to boot off the ISO. Scott Kaufman Lead Network Analyst ITT ESI, Inc. From: Craig Gauss [mailto:gau...@rhahealthcare.org] Sent: Friday, March 20, 2009 10:10 AM To: NT System Admin Issues Subject: VMware - Vcenter resize? The group that configured our VMware infrastructure created vcenter as a virtual machine. It was only sized at 20GB. We are continually running out of space. Anyone know what would be the easiest way to resize the VM? I have resized VMs in the past with no issues but am not sure how to do the VCenter server. Craig Gauss, Technical Supervisor/Security Officer Riverview Hospital Association Phone: 715-423-6060 ext. 8572 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Internet connectivity
We ran into these issues last year with a number of providers, when trying to run cable/dsl to our remote locations to offload Internet traffic. It all depends on if the provider already provides access to the area, and if not, then they have to run the line. Depending on the area, they might have to pay a developer for access to the property running the line, construction costs, permits, new equipment, etc... Usually the first company in an area/business park has to pay the large fee for new construction, then other businesses will get the benefit. Sometimes the providers will bury the construction costs into the MRC, if you can sign for a 3-5 year service engagement. Scott Kaufman Lead Network Analyst ITT ESI, Inc. -Original Message- From: Holstrom, Don [mailto:dholst...@nbm.org] Sent: Tuesday, March 10, 2009 12:45 PM To: NT System Admin Issues Subject: RE: Internet connectivity Comcast. -Original Message- From: Sam Cayze [mailto:sam.ca...@rollouts.com] Sent: Tuesday, March 10, 2009 11:34 AM To: NT System Admin Issues Subject: RE: Internet connectivity I was really under the impression that cable providers would wire anything for a customer, and absorb the costs. 1 Block, 15,000K? Yikes. Mind sharing the company name? -Original Message- From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Tuesday, March 10, 2009 10:18 AM To: NT System Admin Issues Subject: RE: Internet connectivity Just remember that a T1 normally is guaranteed 1.544mbps speed both ways and *most* DSL is rated as up to which starts at zero ... Check the Service Level Agreements of any DSL you'd be considering, as far as guaranteed bandwidth, and response time to trouble tickets Erik Goldoff IT Consultant Systems, Networks, Security -Original Message- From: Holstrom, Don [mailto:dholst...@nbm.org] Sent: Tuesday, March 10, 2009 10:02 AM To: NT System Admin Issues Subject: Internet connectivity My museum is disconnected from any other blocks by cable TV, so I cannot hook up to that without a $15,000 fee. I have FIOS at home and am loving it, even though they lied to me about connectivity and I cannot run test web sites from home and I send them way too much dough every month... Would a T-1 be a better connection than a 768 up by 5 or 6 MB download or some other such DSL? I remember using a T-1 much earlier in my career and it was pretty good, but of course we didn't have the constant use the web gets by the youngsters now. I have about 60 serious web users and also run Exchange 2003. I don't need to host any websites but I do have a couple of dozen remote access users... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Office Communicator to MSN Messenger..
We have OCS running in dev, but only for a few users and no external IM capabilities. Last time we checked, I believe the price was $1 per user per year to have access to all public IM networks (MSN, AIM, Yahoo). From my understanding, you can federate with another organization without paying, just costs for public IM connectivity. Scott Kaufman Lead Network Analyst ITT ESI, Inc. From: Rob Bonfiglio [mailto:robbonfig...@gmail.com] Sent: Monday, March 09, 2009 11:33 AM To: NT System Admin Issues Subject: Re: Office Communicator to MSN Messenger.. No, but I've seen it done to AIM. It requires a Federation I believe, and I'm pretty sure you have to purchase those Federations from Microsoft. On Mon, Mar 9, 2009 at 11:19 AM, David Lum david@nwea.org wrote: Does anyone here have Office Communicator in their office and have it working with IM-ing to MSN or other public IM software? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Best way to print all AD Users (SOX req)
Dsquery user -limit 0 myuserlist.txt Will just dump the DN's of all user accounts. But just wait, they'll keep asking for more user information Scott Kaufman Lead Network Analyst ITT ESI, Inc. From: Marty Nelson [mailto:mnel...@transdyn.com] Sent: Monday, March 09, 2009 1:51 PM To: NT System Admin Issues Subject: Best way to print all AD Users (SOX req) Happy Monday all. Quick question, what's the best way to get a list of all of my AD users? It's one of the many SOX requirements that are being asked for, and it's getting old taking screen shots! Thanks, -Marty ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Bizarro-world: fixed! (mostly)
On XP/2k3, I used to issue the /setsntp: but found if I just use the w32tm command to set it to DOMHIER, that the PC would sync with the domain. On a 2k8 member server I ran your commands. As you can see below, the Type was already set for NT5DS prior to the commands, and remained the same afterwards. The only thing that changed was the NtpServer was deleted. C:\Windows\system32reg query hklm\system\currentcontrolset\services\w32time\parameters HKEY_LOCAL_MACHINE\system\currentcontrolset\services\w32time\parameters ServiceDllREG_EXPAND_SZ%systemroot%\system32\w32time.dll ServiceMainREG_SZSvchostEntry_W32Time ServiceDllUnloadOnStopREG_DWORD0x1 TypeREG_SZNT5DS NtpServerREG_SZtime.windows.com,0x9 C:\Windows\system32net time /setsntp: net stop w32time net start w32time The command completed successfully. The Windows Time service is stopping. The Windows Time service was stopped successfully. The Windows Time service is starting. The Windows Time service was started successfully. C:\Windows\system32reg query hklm\system\currentcontrolset\services\w32time\parameters HKEY_LOCAL_MACHINE\system\currentcontrolset\services\w32time\parameters ServiceDllREG_EXPAND_SZ%systemroot%\system32\w32time.dll ServiceMainREG_SZSvchostEntry_W32Time ServiceDllUnloadOnStopREG_DWORD0x1 TypeREG_SZNt5DS Scott Kaufman Lead Network Analyst ITT ESI, Inc. From: Free, Bob [mailto:r...@pge.com] Sent: Thursday, March 05, 2009 5:25 PM To: NT System Admin Issues Subject: RE: Bizarro-world: fixed! (mostly) /trivia It's not an option but you actually can set to Nt5DS quickly from the command line, I used to do it rather frequently at a site where people always fooled with the time service to get it back in the proper domain hierarchy with no fuss. If you issue net time /setsntp: with no value for the expected [:ntp server list] it will clear ntpserver value if it exists and it will swap from Type NTP to Nt5DS. Haven't tried in on 2008 but it always worked on past versions of windows... c:\admin\scriptsreg query hklm\system\currentcontrolset\services\w32time\parameters HKEY_LOCAL_MACHINE\system\currentcontrolset\services\w32time\parameters ServiceMainREG_SZSvchostEntry_W32Time ServiceDllREG_SZC:\WINDOWS\system32\w32time.dll TypeREG_SZNTP ntpserverREG_SZfubar c:\admin\scriptsnet time /setsntp: net stop w32time net start w32time The command completed successfully. The Windows Time service is stopping. The Windows Time service was stopped successfully. The Windows Time service is starting. The Windows Time service was started successfully. c:\admin\scriptsreg query hklm\system\currentcontrolset\services\w32time\parameters HKEY_LOCAL_MACHINE\system\currentcontrolset\services\w32time\parameters ServiceMainREG_SZSvchostEntry_W32Time ServiceDllREG_SZC:\WINDOWS\system32\w32time.dll TypeREG_SZNt5DS ./trivia J From: Scott Kaufman at HQ [mailto:skauf...@ittesi.com] Sent: Tuesday, March 03, 2009 10:26 AM To: NT System Admin Issues Subject: RE: Bizarro-world: fixed! (mostly) From the command line, I've never seen NT5DS as an option. Only have seen it in GPO's As such, in all environments I've worked on, as part of initial DC creation, I set the DC's to use the domain hierarchy, and configure the DC holding the PDCe role to sync to external NTP servers. In helping others, I have them run the same commands on all their DC's to make sure they all are synch'd to the PDCe first. Then have them configure the PDCe to synch to an outside source, usually over a weekend if the time difference is 5 minutes. Follow the above with using GPOs to use NT5DS for a time source on servers workstations. To date *knock on wood*, I've not had an AD environment get out of synch (time wise). An additional side benefit is end user perception, in that their cell phones computers now match, and aren't off by X minutes. As far as Phone systems, well if the phone system can be configured to synch to an NTP/SNTP server, I point them to the PDCe (or closest DC), but in the few phone systems I've worked on, it's hit or miss if it will actually synch time correctly. I tell users that the computer has the correct time, and it's synch'd from the atomic clocks. To verify, go to www.time.gov verify that the NTP time is +/- 3seconds of what the computer shows. Scott Kaufman Lead Network Analyst ITT ESI, Inc. From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Tuesday, March 03, 2009 12:12 PM To: NT System Admin Issues Subject: RE: Bizarro-world: fixed! (mostly) I would change the Type to NT5DS and let the PDCE set it's time using the domain hierarchy. Just curious, are all your DC's or servers set
RE: QoS for VoIP on Cisco router
What have you configured on the other end for return traffic? The reason I ask is that several years ago when I was learning QoS, I had to configure it on both ends. The one time I put that knowledge to use for a VoIP solution, voice quality was good one way, but not the other, until I configured a mirrored QoS on the far end for return VoIP traffic. Scott Kaufman Lead Network Analyst ITT ESI, Inc. From: Rohyans, Aaron [mailto:arohy...@dpsciences.com] Sent: Friday, March 06, 2009 9:54 AM To: NT System Admin Issues Subject: RE: QoS for VoIP on Cisco router Looks good to me! J What is the speed of the link? Looks like a 384Kb/s FT1. Is this a Point to Point T1, or a DIA (Dedicated Internet Access) T1? How saturated is the link during congestion (you can do a show int ser0/0/0 during congestion and look at the rxload and txload to get an idea)? I'm assuming it's using HDLC based on the lack of extra config on the serial interface. What does the output of show policy-map interface serial 0/0/0 give you during times of congestion? Any drops? Is it matching traffic correctly? Hope this helps, Aaron T. Rohyans Senior Network Engineer CCIE #21945, CCSP, CCNA, CQS-Firewall, CQS-IDS, CQS-VPN, ISSP, CISP, JNCIA-ER DPSciences Corporation 7400 N. Shadeland Ave., Suite 245 Indianapolis, IN 46250 Office: (317) 348-0099 Fax: (317) 849-7134 arohy...@dpsciences.com mailto:dwiss...@dpsciences.com http://www.dpsciences.com/ From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com] Sent: Friday, March 06, 2009 9:17 AM To: NT System Admin Issues Subject: QoS for VoIP on Cisco router Could someone check my router config? I am no cisco expert (not even a CCNA)...but... I am trying to configure quality of service for voice over IP. I believe I have it set up correctly, but the users are still getting choppy phone conversations when there is other network traffic on the circuit. Here's a snip of the config: boot-start-marker boot-end-marker ! logging buffered 4096 debugging enable secret 5 ! no aaa new-model ! resource policy ! memory-size iomem 25 mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero no ip source-route ip cef ! no ip dhcp use vrf connected ip dhcp binding cleanup interval 10 ip dhcp excluded-address 192.168.6.1 ! ip domain name yourdomain.com ! class-map match-any af41 match ip dscp af41 class-map match-any ef match ip dscp ef ! policy-map 75_24 class ef priority percent 75 class af41 bandwidth percent 24 class class-default fair-queue set ip dscp default ! interface FastEthernet0/0 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$ ip address 192.168.6.1 255.255.255.0 duplex auto speed auto no keepalive ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 ip address xxx.xxx.xxx xxx.xxx.xxx.xxx service-module t1 timeslots 1-6 max-reserved-bandwidth 100 service-policy output 75_24 ! ip classless ip route 0.0.0.0 0.0.0.0 Serial0/0/0 ! no ip http server ip http access-class 23 ip http authentication local ip http timeout-policy idle 60 life 86400 requests 1 ! ~~ Any help/guidance is greatly appreciated. Thanks, Dave ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: file copy strangeness
Have you disabled the Scalable Network feature on the server? Did you check both the switch the nic settings on the servers to make sure they're identical? Scott Kaufman Lead Network Analyst ITT ESI, Inc. From: Kim Longenbaugh [mailto:k...@colonialsavings.com] Sent: Thursday, March 05, 2009 12:23 PM To: NT System Admin Issues Subject: file copy strangeness We have a workstation running Windows XP sp2. This workstation must transfer files from it's local C:\ to a folder on a network share. The file is typically about 330 megs or so. The problem is that copying the file is taking up to 30 minutes using Windows Exploder. The odd thing is, if we transfer a file TO the workstation from the network, it goes extremely fast. We also copied files to the workstation from other workstations with no appreciable delays. Does anyone recall a reason why copying a file from a work would go extremely slow, while transferring a file to the workstation goes at the expected speed? We've scanned for viruses and malware using McAffee and MalwareBytes both, with nothing detected. We've replaced the network cable, verified the speed/duplex settings (100/Full), and even replaced the nic. Oddly enough, replacing the nic made it worse...so we reverted to the onboard nic. The operator waited to report the issue for about 3 weeks after it started, so it's hard to say what changed for sure. Thanks, Kim ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Password Policy Change
It's not 90 days from when you set the policy, it's 90 days from the last password change on the user account. If you change the policy to be 90 days, all user accounts that have the password last set date that is greater than 90 days will immediately get set to change password at next logon. Unless you can guarantee that all user account passwords were changed within 90 days, I'd start with a long time frame, like 200 days, and each month (or two weeks) keep reducing it down until you get to 90 days. Or be prepared for a lot of helpdesk calls user complaining. Also check any service accounts, as those accounts will get the same thing services will start failing. Lived through this a few times from consultants changing it because upper management said to change it based on a recommendation/report from another third party blah blah blah, but didn't take the time to look at the user accounts determine how many would get affected by the change. It will be a great test of your customer service skills resolve if you just implement the change :) Scott Kaufman Lead Network Analyst ITT ESI, Inc. -Original Message- From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, March 04, 2009 11:03 AM To: NT System Admin Issues Subject: RE: Password Policy Change You mean, 90 days from the day you set the policy? -Original Message- From: Cameron Cooper [mailto:ccoo...@aurico.com] Sent: Wednesday, March 04, 2009 10:59 AM To: NT System Admin Issues Subject: RE: Password Policy Change If I remember correctly, when we implemented this (every 90 days) the passwords would change after the time frame was set to expire. ___ Cameron Cooper IT Director - CompTIA A+ Certified Aurico Reports, Inc Phone: 847-890-4021Fax: 847-255-1896 ccoo...@aurico.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Password Policy Change
I agree in principal with Michael, but the reality of changing service accounts that often can incur a very high management overhead, unless you have a well documented/scripted/automated solution in place that can change the password on the accounts, bounce the services verify everything is hunky-dory. I've not looked for this solution, and have skimmed marketing material that this is possible. I also would assume the same as Kurt, rainbow tables pass-the-hash if the previous employee had access to the password hash. Far more serious IMO, is where the employee might have made a copy of the service account username/password, and the system is exposed to the internet. When I make a service account, I set the password to at least 16 characters, which should force AD to not store the NTLM hash, make the password a complete jumble of random ASCII characters. Then I deny TS logon dial-in access. On occasion I've even gone so far as to specify which computers that account can logon to. Scott Kaufman Lead Network Analyst ITT ESI, Inc. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, March 04, 2009 4:10 PM To: NT System Admin Issues Subject: Re: Password Policy Change I was only thinking about the standard user base, but I think I agree. Elucidate your thoughts? *Every* employee termination, or only upon termination where the employee/manager had access to privileged accounts? I assume that you're thinking about rainbow tables and pass-the-hash attacks. On Wed, Mar 4, 2009 at 12:29, Michael B. Smith mich...@theessentialexchange.com wrote: I think that's fine as long as you change the passwords on any higher-privilege accounts upon every employee termination, managerial change, or every two weeks and review the need-to-know of those passwords on a regular basis. I am one of a relatively small (but growing) contingent who believes that any higher-privilege account (including service account) should be changed far more frequently than a low-privilege/normal-user account. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, March 04, 2009 2:49 PM To: NT System Admin Issues Subject: Re: Password Policy Change If the account was created more than 60 days ago, setting this policy will force a password change at next logon. If the account was created less than 60 days ago, setting this policy will force a password change when the account reaches 60 days. FWIW, I don't like a 60 day period. If I had my druthers, I'd enforce a very long password (greater than 16 characters) and force the password change at 180 or 365 days. This is spite of rainbow tables and pass-the-hash attacks. Kurt On Wed, Mar 4, 2009 at 07:51, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: Right now, our users' passwords don't expire. We're looking at changing that. My question is this... If I decide to enable password expiration, how is the expiration date calculated for my users? Let's say that today I set passwords to expire every 60 days. Will all current users' passwords expire 60 days from today? Or will all current users' passwords expire today, if those passwords are 60 days or older? John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/���~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/���~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/�� ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Bizarro-world: fixed! (mostly)
On the remote DC, open a command prompt type: W32tm /config /syncfromflags:DOMHIER /update Net stop w32time net start w32time On the PDCe server, I configure it to synch from external sources with the following command: w32tm /config /manualpeerlist:pool.ntp.org nist.netservicesgroup.com time-a.timefreq.bldrdoc.gov time-b.timefreq.bldrdoc.gov time-c.timefreq.bldrdoc.gov time.nist.gov nist1-ny.witime.net time-a.nist.govtime-b.nist.gov nist1-dc.witime.net nist1.aol-va.symmetricom.com /reliable:yes /syncfromflags:MANUAL /update Scott Kaufman Lead Network Analyst ITT ESI, Inc. From: David Lum [mailto:david@nwea.org] Sent: Tuesday, March 03, 2009 11:34 AM To: NT System Admin Issues Subject: RE: Bizarro-world: fixed! (mostly) Site1 DC2. How to I tell this server to sync with that? From: Michael B. Smith [mailto:mich...@theessentialexchange.com] Sent: Tuesday, March 03, 2009 7:24 AM To: NT System Admin Issues Subject: RE: Bizarro-world: fixed! (mostly) Time comes from the PDCe. Which one holds that? From: David Lum [mailto:david@nwea.org] Sent: Tuesday, March 03, 2009 10:15 AM To: NT System Admin Issues Subject: RE: Bizarro-world: fixed! (mostly) The 12 minute time offset was the issue! Changed the time, forced replication...presto! However the DC in question still shows NtpClient has no source of accurate time in the event log. The registry has the following entries in HKLM\System\CurrentControlSet\Service\W32Time\Parameters Ntpserver: time.windows.com,0x1 Type: NTP (plus entries for ServiceDLL and ServiceMain likely not relevant). It's possible port 123 isn't open from this server to the Internet, but I'd just as soon have this DC get it's time from the DC's in my office anyhow. I found this article: http://support.microsoft.com/kb/216734, but do I need to do something special since it's a DC? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Monday, March 02, 2009 3:54 PM To: NT System Admin Issues Subject: Re: Bizarro-world On Mon, Mar 2, 2009 at 11:17 AM, David Lum david@nwea.org wrote: 2) Rename Server1 to Server1-old, change IP address I'm confused why it'd work at their site but not ours? Just a guess, but: When you did the renames, did you make sure you also renamed the NetBIOS (Pre-Windows 2000 or whatever) name as well? -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Bizarro-world: fixed! (mostly)
From the command line, I've never seen NT5DS as an option. Only have seen it in GPO's As such, in all environments I've worked on, as part of initial DC creation, I set the DC's to use the domain hierarchy, and configure the DC holding the PDCe role to sync to external NTP servers. In helping others, I have them run the same commands on all their DC's to make sure they all are synch'd to the PDCe first. Then have them configure the PDCe to synch to an outside source, usually over a weekend if the time difference is 5 minutes. Follow the above with using GPOs to use NT5DS for a time source on servers workstations. To date *knock on wood*, I've not had an AD environment get out of synch (time wise). An additional side benefit is end user perception, in that their cell phones computers now match, and aren't off by X minutes. As far as Phone systems, well if the phone system can be configured to synch to an NTP/SNTP server, I point them to the PDCe (or closest DC), but in the few phone systems I've worked on, it's hit or miss if it will actually synch time correctly. I tell users that the computer has the correct time, and it's synch'd from the atomic clocks. To verify, go to www.time.gov verify that the NTP time is +/- 3seconds of what the computer shows. Scott Kaufman Lead Network Analyst ITT ESI, Inc. From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Tuesday, March 03, 2009 12:12 PM To: NT System Admin Issues Subject: RE: Bizarro-world: fixed! (mostly) I would change the Type to NT5DS and let the PDCE set it's time using the domain hierarchy. Just curious, are all your DC's or servers set to this? Chris Bodnar, MCSE Sr. Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 From: Scott Kaufman at HQ [mailto:skauf...@ittesi.com] Sent: Tuesday, March 03, 2009 11:50 AM To: NT System Admin Issues Subject: RE: Bizarro-world: fixed! (mostly) On the remote DC, open a command prompt type: W32tm /config /syncfromflags:DOMHIER /update Net stop w32time net start w32time On the PDCe server, I configure it to synch from external sources with the following command: w32tm /config /manualpeerlist:pool.ntp.org nist.netservicesgroup.com time-a.timefreq.bldrdoc.gov time-b.timefreq.bldrdoc.gov time-c.timefreq.bldrdoc.gov time.nist.gov nist1-ny.witime.net time-a.nist.govtime-b.nist.gov nist1-dc.witime.net nist1.aol-va.symmetricom.com /reliable:yes /syncfromflags:MANUAL /update Scott Kaufman Lead Network Analyst ITT ESI, Inc. From: David Lum [mailto:david@nwea.org] Sent: Tuesday, March 03, 2009 11:34 AM To: NT System Admin Issues Subject: RE: Bizarro-world: fixed! (mostly) Site1 DC2. How to I tell this server to sync with that? From: Michael B. Smith [mailto:mich...@theessentialexchange.com] Sent: Tuesday, March 03, 2009 7:24 AM To: NT System Admin Issues Subject: RE: Bizarro-world: fixed! (mostly) Time comes from the PDCe. Which one holds that? From: David Lum [mailto:david@nwea.org] Sent: Tuesday, March 03, 2009 10:15 AM To: NT System Admin Issues Subject: RE: Bizarro-world: fixed! (mostly) The 12 minute time offset was the issue! Changed the time, forced replication...presto! However the DC in question still shows NtpClient has no source of accurate time in the event log. The registry has the following entries in HKLM\System\CurrentControlSet\Service\W32Time\Parameters Ntpserver: time.windows.com,0x1 Type: NTP (plus entries for ServiceDLL and ServiceMain likely not relevant). It's possible port 123 isn't open from this server to the Internet, but I'd just as soon have this DC get it's time from the DC's in my office anyhow. I found this article: http://support.microsoft.com/kb/216734, but do I need to do something special since it's a DC? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Monday, March 02, 2009 3:54 PM To: NT System Admin Issues Subject: Re: Bizarro-world On Mon, Mar 2, 2009 at 11:17 AM, David Lum david@nwea.org wrote: 2) Rename Server1 to Server1-old, change IP address I'm confused why it'd work at their site but not ours? Just a guess, but: When you did the renames, did you make sure you also renamed the NetBIOS (Pre-Windows 2000 or whatever) name as well? -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable
RE: Compare i386 directories?
Short of looking at the IIS binaries/dll's on the host comparing them to the SP2 versions, I don't believe there is an easy way. You're best option is to re-apply SP2 and all Post SP2 hotfixes up to the level you were already at. In the future, put a copy of the entire Win2k3 CD (with the SP integrated) onto each machine, and change the registry to use the local copy. The registry keys are: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup SourcePath: REG_SZ: ServicePackSource: REG_SZ: If you create a folder called C:\OS_Source copy the entire CD to this folder (+ integrate the SP here), then set the registry key to: C:\OS_Source HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ SourcePath: REG_SZ Use the path above, but append \I386 à C:\OS_Source\I386 Reboot, and any time you make a change, the OS will auto-magically use this folder for the source files. *** This also works for R2, just copy the R2 CD to the same folder, and now both CD's are in one place The downside to this approach, is if you have lots of servers, then you have to integrate the SP on each server, or do one, then copy it to all other servers. Management headache. A more elegant solution, is to create a read-only file share for the CD's on a server, and change the registry key on each server to use the UNC path. Assuming you can apply SP's to all servers with this configuration in a short time frame, integrate the SP into the folder, then apply the SP to each server. Depending on your servers, you might end up with multiple source folders, W2k3 RTM, W2k3 +SP1, W2k3 +SP2, etc... *** This also works for client PC's as well, just put the XP source files in a new folder on the same shared location, and change their registry keys. Single point of update. All of this works up to a point, and depending on your environment, may not be the best. But it has worked effectively in the mom/pop to SMB space I've implemented it. With Vista W2k8 caching the source files locally, this is no longer needed though. Cheers. Scott Kaufman Lead Network Analyst ITT ESI, Inc. From: Bryan Garmon [mailto:bryan.gar...@gmail.com] Sent: Thursday, February 26, 2009 11:54 AM To: NT System Admin Issues Subject: Compare i386 directories? I'm troubleshooting a scenario where I think a Server was built using Server 2003 SP1, then had SP2 installed, then had IIS installed, but pointed IIS to the SP1 i386 directory for the source files. Anyone have any ideas for a quick way to figure out if this is the case? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Brocade
Large Fiber Channel switch vendor. Think SANs. We only use them for SAN fabric switches.. didn't think they were in the Ethernet switch business. Scott Kaufman Lead Network Analyst ITT ESI, Inc. -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Friday, February 27, 2009 11:13 AM To: NT System Admin Issues Subject: Brocade Anyone know anything about a company called Brocade? I received a cold call from them this morning. They are supposed to be some sort of networking company and I have never heard of them. That being said, I probably haven't heard of a lot of them. :-) I would appreciate any comments, good or bad, about them. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Brocade
Had to go look on their site. I had forgotten that Brocade acquired Foundry Networks last year. That���s where Brocade got all their Ethernet/wireless stuff. I d�t have any experience with Foundry Networks Ethernet/wireless equipment, so cannot provide input on that front. Scott Kaufman Lead Network Analyst ITT ESI, Inc. From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Friday, February 27, 2009 11:20 AM To: NT System Admin Issues Subject: RE: Brocade Thanks... We're looking at a site-to-site wireless link. They want to come do a site-survey, and before I started talking to them, I wanted to make sure they were a known, reliable organization. -Original Message- From: Scott Kaufman at HQ [mailto:skauf...@ittesi.com] Sent: Friday, February 27, 2009 11:18 AM To: NT System Admin Issues Subject: RE: Brocade Large Fiber Channel switch vendor. Think SANs. We only use them for SAN fabric switches.. didn't think they were in the Ethernet switch business. Scott Kaufman Lead Network Analyst ITT ESI, Inc. -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Friday, February 27, 2009 11:13 AM To: NT System Admin Issues Subject: Brocade Anyone know anything about a company called Brocade? I received a cold call from them this morning. They are supposed to be some sort of networking company and I have never heard of them. That being said, I probably haven't heard of a lot of them. :-) I would appreciate any comments, good or bad, about them. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.0.237 / Virus Database: 270.11.3/1975 - Release Date: 02/27/09 07:05:00 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ image001.jpgimage002.jpg
RE: Disable services (was: Mystery Domains)
For servers(Non-DCs), GPOs disable: Audio Service, Messenger, Computer Browser, Distributed Link Tracking Client, wireless configuration GPOs enable: DNS client, windows time, snmp service For clients GPOs disable: computer browser, messenger, Distributed Link Tracking Client GPOs enable: dns client, dhcp client, windows time Scott Kaufman Lead Network Analyst ITT ESI, Inc. -Original Message- From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com] Sent: Thursday, February 26, 2009 8:48 AM To: NT System Admin Issues Subject: Disable services (was: Mystery Domains) This brings up a good point - what other services do you typically disable? -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Wednesday, February 25, 2009 5:00 PM To: NT System Admin Issues Subject: RE: Mystery Domains Now, this is something I have done for a long time via GPO! Dave -Original Message- From: Free, Bob [mailto:r...@pge.com] Sent: Wednesday, February 25, 2009 1:50 PM To: NT System Admin Issues Subject: RE: Mystery Domains Disable the computer browser service on your workstationswe did it years ago and never looked back. At the very least disable the ability of your workstations to maintain a browse list. His computer has probably become a browse master (or backup) for the network it is on, is picking up all the workgroups/domains his fellow travelers are broadcasting on whatever adapter he has connected at the hotel and barfing them over the VPN adapter into your network. From: Steven Calvanese [mailto:scalvan...@membersolutions.com] Sent: Wednesday, February 25, 2009 10:50 AM To: NT System Admin Issues Subject: Mystery Domains I just noticed all of these extra domains in my Microsoft Windows Network list. I have a user vpning to us from a hotel right now. I think that is where these could be coming from. Does anyone know how to stop this and how to flush this list? CONFIDENTIALITY NOTE: This email and any attachments are confidential and intended for the sole use of the persons named in the email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Disable services (was: Mystery Domains)
Yes. Done that. I agree with joe -- it's caused issues over the years :( Scott Kaufman Lead Network Analyst ITT ESI, Inc. -Original Message- From: Free, Bob [mailto:r...@pge.com] Sent: Thursday, February 26, 2009 1:52 PM To: NT System Admin Issues Subject: RE: Disable services (was: Mystery Domains) And hopefully, if you are disabling DLT, you have disabled Distributed Link Tracking Server service on your DC's long ago[1] and considered cleaning up the droppings in AD that were left behind before you disabled it if you ever had it running. Distributed Link Tracking on Windows-based domain controllers http://support.microsoft.com/kb/312403 [1]That service is off by default in Windows Server 2003 AD. It is a stupid service, not sure why it made it to production. joe Richards -Original Message- From: Scott Kaufman at HQ [mailto:skauf...@ittesi.com] Sent: Thursday, February 26, 2009 6:06 AM To: NT System Admin Issues Subject: RE: Disable services (was: Mystery Domains) For servers(Non-DCs), GPOs disable: Audio Service, Messenger, Computer Browser, Distributed Link Tracking Client, wireless configuration GPOs enable: DNS client, windows time, snmp service For clients GPOs disable: computer browser, messenger, Distributed Link Tracking Client GPOs enable: dns client, dhcp client, windows time Scott Kaufman Lead Network Analyst ITT ESI, Inc. -Original Message- From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com] Sent: Thursday, February 26, 2009 8:48 AM To: NT System Admin Issues Subject: Disable services (was: Mystery Domains) This brings up a good point - what other services do you typically disable? -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Wednesday, February 25, 2009 5:00 PM To: NT System Admin Issues Subject: RE: Mystery Domains Now, this is something I have done for a long time via GPO! Dave -Original Message- From: Free, Bob [mailto:r...@pge.com] Sent: Wednesday, February 25, 2009 1:50 PM To: NT System Admin Issues Subject: RE: Mystery Domains Disable the computer browser service on your workstationswe did it years ago and never looked back. At the very least disable the ability of your workstations to maintain a browse list. His computer has probably become a browse master (or backup) for the network it is on, is picking up all the workgroups/domains his fellow travelers are broadcasting on whatever adapter he has connected at the hotel and barfing them over the VPN adapter into your network. From: Steven Calvanese [mailto:scalvan...@membersolutions.com] Sent: Wednesday, February 25, 2009 10:50 AM To: NT System Admin Issues Subject: Mystery Domains I just noticed all of these extra domains in my Microsoft Windows Network list. I have a user vpning to us from a hotel right now. I think that is where these could be coming from. Does anyone know how to stop this and how to flush this list? CONFIDENTIALITY NOTE: This email and any attachments are confidential and intended for the sole use of the persons named in the email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Web Based File Server Proxy
I'm going to assume that you're asking about doing this over the Internet. Off the top of my head relatively low cost that I've setup for a few users in the past: Office Live for sharing Office documents Google Apps Hosted Microsoft SharePoint/office by Microsoft or a third party vendor SharePoint Services w/ ISA Server 2006 MOSS 2007 ISA 2006 if you're willing to buy the hardware licenses - (my personal favorite at the moment) There's always WebDAV access to an existing file server, but it's a pain to manage, and have never done it with ISA. Scott Kaufman Lead Network Analyst ITT ESI, Inc. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Thursday, February 19, 2009 7:49 PM To: NT System Admin Issues Subject: Web Based File Server Proxy Can anyone recommend some COTS web based file server proxy? I'm looking for solutions to deliver access to Windows file shares over HTTP. OWA isn't an option. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Web Based File Server Proxy
In our MOSS Rollout, I've had two Microsoft SharePoint MVP's tell me that it's possible to have MOSS both index serve up UNC file servers within MOSS, but the company did not want to go that far yet. So I have not investigated how to do that. I don't have any further options to recommend Scott Kaufman Lead Network Analyst ITT ESI, Inc. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Thursday, February 19, 2009 8:19 PM To: NT System Admin Issues Subject: RE: Web Based File Server Proxy I'm really looking for a package I'd install on a server or series thereof. Think 20K seat customer looking to provide this service to its' end users. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Thursday, February 19, 2009 7:16 PM To: NT System Admin Issues Subject: Re: Web Based File Server Proxy Have you looked at the Microsoft Azure beta? I think you can do that. I saw a demo of it today. It looked interesting. Jon On Thu, Feb 19, 2009 at 8:10 PM, Scott Kaufman at HQ skauf...@ittesi.com wrote: I'm going to assume that you're asking about doing this over the Internet. Off the top of my head relatively low cost that I've setup for a few users in the past: Office Live for sharing Office documents Google Apps Hosted Microsoft SharePoint/office by Microsoft or a third party vendor SharePoint Services w/ ISA Server 2006 MOSS 2007 ISA 2006 if you're willing to buy the hardware licenses - (my personal favorite at the moment) There's always WebDAV access to an existing file server, but it's a pain to manage, and have never done it with ISA. Scott Kaufman Lead Network Analyst ITT ESI, Inc. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Thursday, February 19, 2009 7:49 PM To: NT System Admin Issues Subject: Web Based File Server Proxy Can anyone recommend some COTS web based file server proxy? I'm looking for solutions to deliver access to Windows file shares over HTTP. OWA isn't an option. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Web Based File Server Proxy
That was one of my questions, among a bunch of others, that I never got answers to because the idea was nixed pretty early in the project. Brian, if you do find something, I'd like to hear about the experience. Scott Kaufman Lead Network Analyst ITT ESI, Inc. From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Thursday, February 19, 2009 8:45 PM To: NT System Admin Issues Subject: RE: Web Based File Server Proxy There is a Sharepoint indexing provider for UNC shares. But I don't know whether the links created link to the UNC share, or Sharepoint proxies the request on your behalf Cheers Ken From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Friday, 20 February 2009 12:30 PM To: NT System Admin Issues Subject: RE: Web Based File Server Proxy OK I didn't know that - I will investigate. Thanks, Scott. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 From: Scott Kaufman at HQ [mailto:skauf...@ittesi.com] Sent: Thursday, February 19, 2009 7:30 PM To: NT System Admin Issues Subject: RE: Web Based File Server Proxy In our MOSS Rollout, I've had two Microsoft SharePoint MVP's tell me that it's possible to have MOSS both index serve up UNC file servers within MOSS, but the company did not want to go that far yet. So I have not investigated how to do that. I don't have any further options to recommend Scott Kaufman Lead Network Analyst ITT ESI, Inc. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Thursday, February 19, 2009 8:19 PM To: NT System Admin Issues Subject: RE: Web Based File Server Proxy I'm really looking for a package I'd install on a server or series thereof. Think 20K seat customer looking to provide this service to its' end users. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: SYNC files
In Windows XP with mostly offline users, the Offline Files has issues with sync'ing and staying up to date. In Vista it appears to be much improved, however, it has flaked out once in awhile. If all you're looking for is to backup their personal files to their home folder, I have resorted to just creating two scheduled tasks, one that runs at user logon one that runs on idle. It calls a .CMD file with the following: @echo off xcopy /s /e /v /c /d /i /g /h /y path to local documents*.* \\unc path of network share/home folder If you're trying to keep a shared network drive in sync for several users, I haven't quit figured that one out. Doing this over a VPN, will probably take a long time depending on how many files the sizes, the xcopy may never finish. Scott From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Wednesday, February 11, 2009 10:30 AM To: NT System Admin Issues Subject: Re: SYNC files A couple of ideas for consideration. First Sync works better in Vista. Second in Vista you can backups to run. I normally have my Desktops being backed up at night but I have done full backups during work hours with little impact on the users. YMMV but that is what I have. Jon On Wed, Feb 11, 2009 at 10:21 AM, Nigel Parker nigel.par...@ultraframe.co.uk wrote: Dear all Our laptop users do not copy or save files on the network, one has now killed his hard disk and all the files are lost unless we pay for emergency recovery (the disk isnt recognised and will not spin up) we run in mixed mode with nt4 2000 and 2003 servers the files are mainly stored on 2000 machines the laptops all run windows xp sp3 with all current updates Laptops use VPN to access the network and occasionally are actually in the office I tried the synchronise files options but some machine went strange preferring not to sync and use local copies older than the network ones, is this just an isolated occurrence has anyone else had these problems (i had to re create the users profiles to fix the problem) Is this the best way or would it be more advisable to just get the users to save files and copy them manually onto the network (although they will need to remember to do this) Any help would be most welcome because if the sales managers machine goes then it could be I am looking fo another job :-( Nigel Parker Systems Engineer Ultraframe (UK) Ltd Tel: 01200 452329 Fax: 01200 452201 Web: www.ultraframe.com http://www.ultraframe.com/ Email: mailto:nigel.par...@ultraframe.co.uk Please consider the environment before printing this e-mail Ultraframe design and manufacture innovative and quality conservatory solutions to suit all styles, all applications, all consumers and every price point. By demonstrating our company values of innovation, integrity, total quality, premium service and customer first, we will to continue to build our position as UK market leader. For more information visit our website: www.ultraframe.co.uk http://www.ultraframe.co.uk/ The statements and opinions expressed in this email are my own and may not represent those of Ultraframe (UK) Ltd. This email is subject to copyright and the information contained in it is confidential and may be legally privileged. It is intended only for the named recipient(s). Access to this email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Windows 2003 wont boot up help!!!
Since you say it freezes and doesn't blue screen or complain about not being able to find the harddrive, it's not a harddrive or controller problem. When booting into Safe Mode, Video driver initialization comes next after you see the acpitabl.dat entry. Generally if it's freezing at that part, the OS can't switch to GUI mode for setup or OS, which generally indicates bad/corrupted video drivers, or a bad video card. Have you tried booting into Safe Mode Command Prompt? Does that work? Ocassionally, it's a memory chip issue and rarely is it a motherboard problem. However, the 2600's have onboard video, so it might be a motherboard problem Try the memory mix/match game see if you can get it to boot. Probably not likely, but for the sake of thoroughness And all else, run the Dell Diagnostic's CD for your model. That will pretty much tell you where the problem lies... providing you can get it to run. Scott From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Wed 2/11/2009 8:21 PM To: NT System Admin Issues Subject: Re: Windows 2003 wont boot up help!!! On Wed, Feb 11, 2009 at 4:29 PM, Dennis Rogov dennis_rogov2...@yahoo.com wrote: If i try to load a windows 2003 CD it freezes once it says loading windows at the bottom Hardware fault of some kind. Others have suggested the disk subsystem, but if it was the disk subsystem I would not expect the CD to puke at that stage. It's not really looking at the disk yet, except maybe to get the partition table. If the partition table was poison, Windows wouldn't even get to the point where it could complain about a particular file. (Disk subsystem = IDE/SATA/SCSI/RAID controller, physical disks, cables, disk backplane if any.) Faulty CPU, RAM, or motherboard can cause just about any kind of symptom in the world. You say it's a Dell. Download Dell's diagnostics and run the full suite. ... dies when it tries to load acpitabl.dat file... That *may* indicate a problem with the motherboard. That file name must be short for ACPI table, and ACPI is how the OS talks to the motherboard and main BIOS services. However, I'm reasoning on really weak evidence here, so I wouldn't put much stock in it. It could easily be something else, and the file name is just a coincidence. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Force group membership
You could look at Identify Integration Feature Pack (IIFP). It's a free download. Would take some configuration setup time, and probably some programming to make it work. But you can apply some business logic to putting people into AD groups. Short of that, write a vbscript or powershell script that runs as a scheduled task to put users into the group(s) you need. Scott From: James Rankin [mailto:kz2...@googlemail.com] Sent: Thursday, February 05, 2009 9:13 AM To: NT System Admin Issues Subject: Re: Force group membership I like to be able to view people's settings by looking at their group memberships - that's why we have groups for drive mappings, printers, application delivery, etc. Plus applying it to Domain Users would probably impact those who have less restrictive memberships in WebSense - although I must confess I am unsure whether WebSense applies most restrictive or least restrictive to its calculations 2009/2/5 Sherry Abercrombie saber...@gmail.com Why not just have Websense use something like Domain User? On Thu, Feb 5, 2009 at 7:58 AM, James Rankin kz2...@googlemail.com wrote: Is there any way I can force all user accounts to be a member of a certain AD group? I have several levels of WebSense groups and I want to make sure that all user accounts always belong to at least one of them. Can this be done through Group Policy? -- Sherry Abercrombie Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Vmware Disk Ideas
Here's an abbreviated version of notes I've collected over the years on RAID write penalties, raw spindle IOPS how to calculate minimum # of spindles. This has worked well for internal storage shared storage (low to middle tier): RAID0 = write penalty of 0 RAID1 or 10 = write penalty of 2 RAID5 = write penalty of 4 RAID6 = write penalty of 6 or 8 (recently added depends on the manufacturer) A single 15K SAS drive generally has a raw max IOPS of 180. SATA 10k drives are 160. Fiber channel 15k drives are 190. To calculate minimum number of spindles based on a given IOPS load: (read ratio + (write ratio * write penalty)) / raw spindle IOPS = # of minimum spindles [1] The total IOPS load, the read/write ratio, the size of the I/O's, the amount of caching memory on the raid controller what RAID level you're using will all play into how much IOPS you can get out of a storage system. Having setup a few ESX systems with internal storage shared storage using 146GB SAS 15k drives, RAID 5 works extremely well with these disk configurations [2]. Unless you upgrade the drives to 500GB or higher, I wouldn't use RAID 6 for a VMFS partition. Use RAID 6 when the individual disks gets over 500GB in size, because the rebuild rate might be so long, that the likelihood of another disk failure during rebuild starts to grow. YMMV, and definitely test the storage system to make sure it will give the performance you need before you start adding VMs. Scott [1] an Example: you determine that 1000 IOPS is needed to handle the VM load. Using 180 as the maximum number of IOPS per SAS spindle, and assume there's a 70/30 read to write ratio, the minimum number of spindles for a RAID5 partition is: (700+(300*4))/180 = 10.5 spindles needed to handle 1000 IOPS raw. You can drop a few spindles if you have lots of controller cache dedicated to writes. [2] That is until you get a VM that is doing 80%+ writes to the disk like SQL or Exchange, or an undersized VM with a poorly written program that is thrashing the pagefile. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Tuesday, February 03, 2009 11:41 AM To: NT System Admin Issues Subject: RE: Vmware Disk Ideas 6 drives is a lot of IOPS. I'd be inclined to say you'll be just fine given the workload of a typical SBS instance. Just a thought but why not go with HyperV? It's a lot more painless to manage especially when discussing the skillset of a typical SBS shop. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 From: gswe...@actsconsulting.net [mailto:gswe...@actsconsulting.net] Sent: Tuesday, February 03, 2009 10:30 AM To: NT System Admin Issues Subject: RE: Vmware Disk Ideas Thanks Ben and Don, Just wanted to make sure that the performance would be acceptable with 6 drives for Raid6. I was trying to get 8 drives but they wouldn't go for it. Thanks again Greg From: Don Ely [mailto:don@gmail.com] Sent: Tuesday, February 03, 2009 11:21 AM To: NT System Admin Issues Subject: Re: Vmware Disk Ideas +1 On Tue, Feb 3, 2009 at 5:12 AM, Benjamin Zachary - Lists li...@levelfive.us wrote: Hi Greg, I think running that high performance with that limited users probably won't make any real difference as far as the client would be able to see. Maybe if there is heavy SQL or something on there you could look at RAID10 for the i/o increase. However, in your description below I would look at RAID5/6. ESXi runs about 90% through ram so you don't really see a lot of disk i/o from that per se. From: gswe...@actsconsulting.net [mailto:gswe...@actsconsulting.net] Sent: Monday, February 02, 2009 10:47 PM To: NT System Admin Issues Subject: Vmware Disk Ideas Just wondering what everyone's idea would be on a VMWARE ESXi that will run 2 VM's, SBS 2003 and SBS 2008 for some time to migrate. 6 x 146 GIG SAS 15K drives running either Raid 6 or Raid 10. Assuming the storage loss was fine to Raid 10, how much performance are we going to see with Raid 10 vs going with Raid 6 and getting the two drive failure protection and the write hit. Small office about 20 users, Peachtree, SMB size email. Nothing insane (Larger mailboxes 1.5GB to 2.5GB) and then just the normal SBS Exchange and SQL servers for Sharepoint services, about 100+ gig in files now going to grow at least another 75 to 100 gig over 2 years. I think either way will work well, but I just don't have that much experience with Raid 6 other than Netapp and was curious? Thanks Greg ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: www.msn.com eating up memory
Vista Enterprise SP1 x86. IE 7 (fully patched system) Process Explorer shows that the Flash is driving a lot of I/O Private Bytes history looks like a saw tooth wave over time (10 minutes or so) Fiddler shows a relatively small amount of actual data being downloaded. But seeing the same thing for memory consumption. Grows to around 400M, then drops down to around 120M.. rinse repeat. Yahoo just flatlines on Private Bytes at 134meg From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com] Sent: Tuesday, January 27, 2009 4:27 PM To: NT System Admin Issues Subject: RE: www.msn.com eating up memory Yahoo! Thank you very much for verifying! From: Jake Gardner [mailto:jgard...@ttcdas.com] Sent: Tuesday, January 27, 2009 4:21 PM To: NT System Admin Issues Subject: RE: www.msn.com eating up memory +1 Thanks, Jake Gardner TTC Network Administrator Ext. 246 From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com] Sent: Tuesday, January 27, 2009 4:18 PM To: NT System Admin Issues Subject: www.msn.com eating up memory If I goto www.msn.com file:///\\www.msn.com , my memory usage grows and grows and goes through the roof. Process: iexplorer.exe Mem Usage: 275,000 K Peak mem uage: 400,000 K Page Faults: 4,000,000 PF Delta: 800 VM Size: 500,000 K If I navigate to another website, mem usage drops to 40,000 K - 60,000 K So far, I can re-create this behavior on 5 different PCs. Anyone else seeing this? ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged. If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies. Thank you. *** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Wiki's
I've not looked at all the other wiki options on the market, but I know that SharePoint Services or Office SharePoint Server 2007 has a wiki template. The learning curve might be steep if you've never run SharePoint. If you intend to make this available over the Internet, the licensing cost might be steep. However it does SSO with AD wonderfully. Scott From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Friday, January 23, 2009 10:05 AM To: NT System Admin Issues Subject: Wiki's After encountering some ldap bugs in dokuwiki (my preferred wiki), I am looking for a new wiki so I figured a windows based wiki that *easily* facilitates SSO would be an option. I see screwturn has some AD plugins, does anyone here use anything they can vouch for that works seamlessly with AD groups and has SSO? Thanks! jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Sharepoint list
Correct. Sharepoint Services is included free with Server 2003 R2 (2nd disc), or as a download From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Friday, January 23, 2009 11:15 AM To: NT System Admin Issues Subject: Re: Sharepoint list Please either correct me or confirm for me but MOSS2007 is the paid version of SharePoint correct? thanks a lot, Jon On Fri, Jan 23, 2009 at 11:02 AM, Tim Vander Kooi tvanderk...@expl.com wrote: I'm running MOSS 2007. Still in the process of getting the document retention part configured and used, but as a whole we love it. TVK From: David Lum [mailto:david@nwea.org] Sent: Friday, January 23, 2009 9:56 AM To: NT System Admin Issues Subject: RE: Sharepoint list I haven't found any SharePoint resources that are anywhere close to the equivalent of this list. Are there many on THIS list that use SharePoint? We do here and are in the process of moving from SharePoint 2.0 to MOSS2K7. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 From: Kevin Lundy [mailto:klu...@gmail.com] Sent: Friday, January 23, 2009 6:10 AM To: NT System Admin Issues Subject: Re: Sharepoint list There are 2 on Yahoo. Not high volume. http://tech.groups.yahoo.com/group/sharepointdiscussions/ http://tech.groups.yahoo.com/group/sharepoint/ Only ones I know of. On Fri, Jan 23, 2009 at 5:28 AM, Oliver Marshall oliver.marsh...@g2support.com wrote: Anyone know of a good Sharepoint list at all ? Olly -- G2 Support Online Backups Email: oliver.marsh...@g2support.com Web:http://www.g2support.com http://www.g2support.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Sharepoint list
I wouldn't necessarily say things are fixed in MOSS vs WSS 3. Enhanced definitely. Additional functionally, yes. Just idle curiosity as to what things you perceive as being 'fixed' in MOSS vs. WSS 3? Scott From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Friday, January 23, 2009 11:55 AM To: NT System Admin Issues Subject: Re: Sharepoint list Yes but MOSS is much better in areas I need which is why I coached my statement the way I did. I had 3 up and running but due to the way somethings are done in 3 that are 'fixed in MOSS makes 3 un-usable in my environment but would make MOSS very usable. Jon On Fri, Jan 23, 2009 at 11:38 AM, Michael B. Smith mich...@theessentialexchange.com wrote: MOSS is just WSS 3 on steroids. WSS does LOTS of stuff. You might be surprised... Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Friday, January 23, 2009 11:23 AM To: NT System Admin Issues Subject: Re: Sharepoint list My thanks to both of you. I thought I was correct. I am waiting on the version 4 for WSS to come out to see if it is worth the pain of setting it up and testing let alone getting it adopted. MOSS 2007 would have been worth the pain WSS 3.0 is not, at least for me it was not. Jon On Fri, Jan 23, 2009 at 11:17 AM, Tim Vander Kooi tvanderk...@expl.com wrote: Correct, it is the paid version that is tied very tightly to Office 2007. Although it is very functional without it. TVK From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Friday, January 23, 2009 10:15 AM To: NT System Admin Issues Subject: Re: Sharepoint list Please either correct me or confirm for me but MOSS2007 is the paid version of SharePoint correct? thanks a lot, Jon On Fri, Jan 23, 2009 at 11:02 AM, Tim Vander Kooi tvanderk...@expl.com wrote: I'm running MOSS 2007. Still in the process of getting the document retention part configured and used, but as a whole we love it. TVK From: David Lum [mailto:david@nwea.org] Sent: Friday, January 23, 2009 9:56 AM To: NT System Admin Issues Subject: RE: Sharepoint list I haven't found any SharePoint resources that are anywhere close to the equivalent of this list. Are there many on THIS list that use SharePoint? We do here and are in the process of moving from SharePoint 2.0 to MOSS2K7. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 From: Kevin Lundy [mailto:klu...@gmail.com] Sent: Friday, January 23, 2009 6:10 AM To: NT System Admin Issues Subject: Re: Sharepoint list There are 2 on Yahoo. Not high volume. http://tech.groups.yahoo.com/group/sharepointdiscussions/ http://tech.groups.yahoo.com/group/sharepoint/ Only ones I know of. On Fri, Jan 23, 2009 at 5:28 AM, Oliver Marshall oliver.marsh...@g2support.com wrote: Anyone know of a good Sharepoint list at all ? Olly -- G2 Support Online Backups Email: oliver.marsh...@g2support.com Web:http://www.g2support.com http://www.g2support.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
