RE: Looking for affordable load balancing solution

[Simon Butler]

I have deployed on two sites Zen Load Balancer. http://www.zenloadbalancer.org/ 
- they have been in place about three months with no problems reported.
It is open source, and took me less than an hour to implement. I put them in to 
VMWARE so the biggest headache was getting the VMWARE tools installed as I am 
not a Linux person by any means. As with many open source projects, you can get 
commercial support if you wish.
It isn't as feature rich as Kemp's etc, but it is doing the job for those two 
sites where I had no budget to work with and didn't want to use WNLB.
Blog posting on that is being written at the moment.

If you want something more substantial, then I will echo the other posts and 
look at the Kemp. I have their virtual load balancers deployed in a number of 
locations and they just sit there and do the job.

Simon.


--
Simon Butler
MVP: Exchange, MCSE
Sembee Ltd.

e: si...@sembee.co.uk
w: http://www.sembee.co.uk/
w: http://exchange.sembee.info/
w: http://blog.sembee.co.uk/

Need cheap certificates for Exchange, compatible with the iPhone?
http://CertificatesForExchange.com/<http://certificatesforexchange.com/> for 
certificates from just $29.99.
Need a domain for your certificate? 
http://DomainsForExchange.net/<http://domainsforexchange.net/>

Exchange Resources: http://exbpa.com/



From: Walker, Michael [mailto:mwal...@mail.cvhp.org]
Sent: 11 January 2013 21:34
To: NT System Admin Issues
Subject: RE: Looking for affordable load balancing solution

Revised:

We were cheap (No Budget) and bought two Kemp LM-2200 with 7x24 support for 
around $4K.  They were very easy to set up and have been solid for the last 18 
months.

Michael Walker
Senior Network Engineer
Citrus Valley Health Partners
140 W. College Street, Covina, CA  91723
Phone/Fax/Pager: (888) 299-6882
mwal...@mail.cvhp.org<mailto:mwal...@mail.cvhp.org>

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Friday, January 11, 2013 12:54 PM
To: NT System Admin Issues
Subject: RE: Looking for affordable load balancing solution

If you have NetScalers, then use them.

If you are looking for a nice low-cost but good function solution, take a look 
at Coyote Point and at Kemp Technologies.

From: Tom Miller [mailto:tmil...@sfgtrust.com]
Sent: Friday, January 11, 2013 3:50 PM
To: NT System Admin Issues
Subject: Looking for affordable load balancing solution

We currently use Windows Network Load Balancing for our Exchange 2010 
environment.  It's okay, but not great.  There was a hiccup yesterday in NLB 
and it caused our system to disconnect all users at once.  Looking to avoid 
this in the future, anyone have any suggestions for alternatives?  Appliance or 
software solution - either is fine.  I've used Citrix Netscalers in the past 
for XenApp, but I know they can also do load balancing.

Thanks,
Tom


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Weird SSL issues on existing IIS6 WSS 3 site

[Simon Butler]

Sounds like a corrupt SSL certificate.
Happens quite often, it appears to work correctly, but the secure session 
cannot be established.
Get Verisign to reissue the certificate.

Even if the intermediate certificate was missing, the page would load, just 
with an SSL warning about trust. This is a failure of the secure session to 
establish.

Simon.

From: Graeme Carstairs [mailto:loonyto...@gmail.com]
Sent: 29 June 2012 12:02
To: NT System Admin Issues
Subject: Re: Weird SSL issues on existing IIS6 WSS 3 site

The intermediate Certs are there.

Its strange and googling hasnt helpe.


Graeme

On 29 June 2012 11:49, Paul Hutchings 
mailto:paul.hutchi...@mira.co.uk>> wrote:
Missing intermediate cert would be my first guess.

From: Graeme Carstairs 
[mailto:loonyto...@gmail.com]
Sent: 29 June 2012 11:45
To: NT System Admin Issues
Subject: Weird SSL issues on existing IIS6 WSS 3 site

Hi There,

One of our customers had a public facing WSS 3 site secured witha go daddy SSL.

they were bought over by another company and since then the wSS has no longer 
been public facing but is still entirely SSL.

The SSL has been expired for 2 months now as we are going through parent 
company process of getting a new SSL issued.

They initially issued us with on of the Enterprise CA, then a $150 verisign one 
and we have noe been issues a $600 verisign one.

The problem is

Import the certificate VIA Cerificates MMC, it checks out and can be viewed as 
a valid cert. and assign to the website in ISS.


Immediately the site stops working,

IE shows a Could not display the page rror (no muber) Chrome gives a 107 SSL 
protocol Error.

Using fiddler to monitor the traffic flow, and its a 107 error it shows as the 
only response.

Replace the new cert with the old expired one and straight away the sites 
working (with cert expired error) but still working.

Any one got any suggestions as to what may be casuing this.

Thanks

graeme



--
Good news everyone, you have just received an e-mail from me!

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
Registered in England and Wales No. 402570
VAT Registration  GB 100 1464 84

The contents of this e-mail are confidential and are solely for the use of the 
intended recipient.  If you receive this e-mail in error, please delete it and 
notify us either by e-mail, telephone or fax.  You should not copy, forward or 
otherwise disclose the content of the e-mail as this is prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



--
Good news everyone, you have just received an e-mail from me!

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Exchange 2003 -> 2010, disable inbound

[Simon Butler]

If the appliance is also the default gateway, then take the default gateway off 
the network connection. That should force the email to queue. 
Obviously if it isn't the default gateway then something else is amiss. 

Personally though this isn't something I worry about. During the move mailbox 
phase, the email comes in to the mailboxes that are not being moved and queue 
for the rest. Then when their move has completed, the mail gets delivered to 
the mailbox. 

Simon.

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: 25 May 2012 19:59
To: NT System Admin Issues
Subject: Re: Exchange 2003 -> 2010, disable inbound

On Fri, May 25, 2012 at 11:02 AM, David Lum  wrote:
> If I unplug that cable they have no Internet. I don't control the
> firewall anymore ...

  Then talk to the guy who does.

> I also don't have access to the Barracuda either :-(

  Ibid.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Outlook multi-accounts

[Simon Butler]

To be picky, this is an Outlook registry change, not Exchange 2010.

The other option (no registry hack required) is to simply add the additional 
mailboxes as additional ACCOUNTS.
This is a new feature of Outlook 2010.

Add the account through the new account wizard.
By using the new account wizard, it is easy to select which account the email 
is sent from, no need to populate the From field, they have a drop down list to 
select from.

I don't think I have used the Additional Mailbox method on Outlook 2010 since 
its release, because it simply doesn't meet most end user requirements.

Simon.


--
Simon Butler
MVP: Exchange, MCSE
Sembee Ltd.

e: si...@sembee.co.uk
w: http://www.sembee.co.uk/
w: http://exchange.sembee.info/
w: http://blog.sembee.co.uk/

Need cheap certificates for Exchange, compatible with the iPhone?
http://CertificatesForExchange.com/<http://certificatesforexchange.com/> for 
certificates from just $26.99.
Need a domain for your certificate? 
http://DomainsForExchange.net/<http://domainsforexchange.net/>

Exchange Resources: http://exbpa.com/





From: Maglinger, Paul [mailto:pmaglin...@scvl.com]
Sent: 22 May 2012 22:25
To: NT System Admin Issues
Subject: RE: Outlook multi-accounts

Thanks Scott!  Very nice.

From: Crawford, Scott 
[mailto:crawfo...@evangel.edu]<mailto:[mailto:crawfo...@evangel.edu]>
Sent: Tuesday, May 22, 2012 3:27 PM
To: NT System Admin Issues
Subject: RE: Outlook multi-accounts

This is now configurable with a reg tweak in exchange 2010

http://www.windowsitpro.com/content1/topic/shared-mailboxes-office-365-142386/catpath/office-365/page/2


From: Robert Peterson 
[mailto:robert.peter...@prin.edu]<mailto:[mailto:robert.peter...@prin.edu]>
Sent: Tuesday, May 22, 2012 2:33 PM
To: NT System Admin Issues
Subject: RE: Outlook multi-accounts

Wait till they complain after correctly changing/using a different FROM: 
account, that the sent email ends up in UserA's "Sent Items" folder no matter 
the FROM account.  I love trying to sell that one.

From: Rankin, James R 
[mailto:kz2...@googlemail.com]<mailto:[mailto:kz2...@googlemail.com]>
Sent: Tuesday, May 22, 2012 2:16 PM
To: NT System Admin Issues
Subject: Re: Outlook multi-accounts

We do. Its called Google. :-)
---Blackberried

From: Daniel Chenault 
mailto:dchena...@lgnetworksinc.com>>
Date: Tue, 22 May 2012 19:05:14 +
To: NT System Admin 
Issuesmailto:ntsysadmin@lyris.sunbelt-software.com>>
ReplyTo: "NT System Admin Issues" 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Subject: RE: Outlook multi-accounts

Oh, I understand. Some users are of the opinion that IT has a magic wand that 
can make all software do what the user intends regardless of how it was written.

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Tuesday, May 22, 2012 9:55 AM
To: NT System Admin Issues
Subject: Re: Outlook multi-accounts

Well, that's how it works, so they can either do it to obtain their desired 
result, or not do it and get some other result.

The power is in their hands.
ASB

http://XeeMe.com/AndrewBaker

Harnessing the Advantages of Technology for the SMB market...


On Tue, May 22, 2012 at 9:35 AM, Daniel Chenault 
mailto:dchena...@lgnetworksinc.com>> wrote:
User is whining complaining that this is too much trouble, that the system 
should do this for her automatically.

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Andrew S. Baker [mailto:asbz...@gmail.com<mailto:asbz...@gmail.com>]
Sent: Thursday, May 17, 2012 9:50 PM

To: NT System Admin Issues
Subject: Re: Outlook multi-accounts

Enable viewing of the FROM message header, and see what is listed when replies 
are made.

You should be able to select the desired account at that point, too.
ASB

http://XeeMe.com/AndrewBaker

Harnessing the Advantages of Technology for the SMB market...


On Thu, May 17, 2012 at 11:56 AM, Daniel Chenault 
mailto:dchena...@lgnetworksinc.com>> wrote:
Have a user with four accounts open on her Outlook 2010 (UserA, UserB, UserC, 
UserD); UserA is her native account, the other three were opened via 
File:Open:Other User's Folder. Her default SMTP address on the Exchange 2010 
server is userA.

She is reporting that when mail comes into one of the other accounts that when 
she replies it goes out as being from UserA. Expected behavior is replies will 
go out with the SMTP from: address for the given account to which the mail was 
sent (mail TO:UserB when replied to should be FROM:UserB). That is my 
expectation too. Obviously expectations do not align with reality here; any 
insight?




~ Finally, powerful endpoint security that ISN'T a

RE: A new side job - and a few questions...

[Simon Butler]

If they are using Google Apps, then the behaviour you have had reported to you 
is to be expected.
Google will change the header to match the authenticated user account. 
Therefore to send email you have two options. 
1. Use an SMTP relay, either from the ISP or purchase the service.
2. If they can get a static IP address, set the PTR etc with a host name that 
resolves to the IP address. That would usually be remote.example.com to keep 
SBS happy.

SPF isn't such a huge issue that everyone says it is, and can cause more 
problems than it resolves. 

On the server in general, run the SBS BPA against the system and ensure it 
comes up clean. If it is SBS 2003 R2 then it may have the older version of WSUS 
on it, which should be installed. Although I would run it against Microsoft 
Update to ensure it has everything - although you will need to do Exchange 
service pack manually if it isn't installation. 

Simon.


--
Simon Butler
MVP: Exchange, MCSE
Sembee Ltd.

e: si...@sembee.co.uk
w: http://www.sembee.co.uk/
w: http://exchange.sembee.info/
w: http://blog.sembee.co.uk/

Need cheap certificates for Exchange, compatible with the iPhone?
http://CertificatesForExchange.com/ for certificates from just $26.99.
Need a domain for your certificate? http://DomainsForExchange.net/ 

Exchange Resources: http://exbpa.com/ 



-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: 08 May 2012 06:03
To: NT System Admin Issues
Subject: Re: A new side job - and a few questions...

On Mon, May 7, 2012 at 5:10 PM, Andrew S. Baker  wrote:
>
> Why will you get them down to one provider?
>
> How are the providers being used?

Trust ASB to ask interesting questions :)

The owner is trying to transition away from a Frontier DSL connection
that is too slow, over to an Integra connection that is faster. They
both have fixed IP addresses.

On the Integra connection they have a machine that's dedicated to a
specific function that might (or might not, I haven't had a chance to
look yet) need that fixed address.

They are currently using Google to host their domain, and their
inbound email is forwarded through Google to their SBS server. For
some as yet unknown reason, the owner doesn't want to have email
inbound direct to their SBS server - he's a bit phobic on the matter.
Outbound email is sent over the Frontier link to Frontier's SMTP
infrastructure. The owner isn't happy with Frontier anyway, so he
wants out. Unfortunately, Google (according to the owner) won't relay
- it will only accept outbound for a single user account. I need to
verify this. It seems reasonable to me that it should accept TLS relay
connections for the domain outbound, and not try to make them all
appear to come from one account, but I've seen more stupid things than
that, so...

So, I have to set up their DNS with proper DNS entries (including SPF)
so that the SBS server can send direct, rather than relaying through
as ISP. Not a big deal - it just has to be done.

Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: DNS-y

[Simon Butler]

Name servers (NS) would be your domain controllers as normal.

Simon.

From: David Lum [mailto:david@nwea.org]
Sent: 22 February 2012 21:08
To: NT System Admin Issues
Subject: RE: DNS-y

Thanks guys.

Do I need to do anything with the NS entry in these zones I created, or just 
leave as default?

Dave

From: Simon Butler 
[mailto:si...@sembee.co.uk]<mailto:[mailto:si...@sembee.co.uk]>
Sent: Wednesday, February 22, 2012 11:11 AM
To: NT System Admin Issues
Subject: RE: DNS-y

You want to do a single host name split DNS.
Create a zone for each host name in your DNS.
Then create a blank "A record" in each zone that points to the IP address. 
Doesn't affect the rest of the remote domain for DNS.
http://exchange.sembee.info/network/split-dns.asp

Simon.


--
Simon Butler
MVP: Exchange, MCSE
Sembee Ltd.

e: si...@sembee.co.uk<mailto:si...@sembee.co.uk>
w: http://www.sembee.co.uk/
w: http://exchange.sembee.info/
w: http://blog.sembee.co.uk/

Need cheap certificates for Exchange, compatible with the iPhone?
http://CertificatesForExchange.com/<http://certificatesforexchange.com/> for 
certificates from just $26.99.
Need a domain for your certificate? 
http://DomainsForExchange.net/<http://domainsforexchange.net/>

Exchange Resources: http://exbpa.com/




From: ed ziots [mailto:ezi...@hotmail.com]<mailto:[mailto:ezi...@hotmail.com]>
Sent: 22 February 2012 18:33
To: NT System Admin Issues
Subject: RE: DNS-y

Split-brain DNS is not always a bad idea, ( what is internal should be internal 
and what is DMZ/External should be external)

You probably can do one of two things for this.

I am assuming that you don't own the DNS Server that is authoriative for the 
zone ( thisclient.com). I agree you could set up a thisclient.com dns zone on a 
dns server you own within your site ( as long as the client is using that dns 
server for resolving) if not then you are going to have to access the DNS 
server that is authoritative for the zone, and make the A records there.

I doubt you will have luck allowing a zone transfer from the master across the 
VPN pipe if the primary DNS server is on the other side of the VPN tunnel ( 
especially if you have the tunnel locked down, which you should)

Z

Edward E. Ziots
Security Engineer
CISSP,Security +,Network+


> From: mailvor...@gmail.com<mailto:mailvor...@gmail.com>
> Date: Wed, 22 Feb 2012 12:18:05 -0500
> Subject: Re: DNS-y
> To: 
> ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysadmin@lyris.sunbelt-software.com>
>
> On Wed, Feb 22, 2012 at 10:43 AM, David Lum 
> mailto:david@nwea.org>> wrote:
> > We have a VPN tunnel to a client, and we've been asked to make some DNS
> > entries for Thisclient.com addresses and frankly, I don't know how to do it
> > or even how to Google for it. They gave us a list of IP's that need to have
> > entries.
>
> You can tell your DNS server to claim authority for whatever you
> want, and as long as your DNS clients are using that DNS server for
> all lookups, you'll get what you told it to say. So claim authority
> for new zones, named , ,
> etc., and put in the A records at the origin level. Any time their IP
> addresses change, they'll have to tell you.
>
> > I could do DNS forwarding but that would disable us being able to get to
> > thisclient.com's external websites, wouldn't it?
>
> Yup.
>
> (Aside: This is yet another example of why split DNS is a bad idea.
> Too bad for you, your client doesn't know that.)
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to 
> listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
> with the body: unsubscribe ntsysadmin
>
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIP

RE: DNS-y

[Simon Butler]

You want to do a single host name split DNS.
Create a zone for each host name in your DNS.
Then create a blank "A record" in each zone that points to the IP address. 
Doesn't affect the rest of the remote domain for DNS.
http://exchange.sembee.info/network/split-dns.asp

Simon.


--
Simon Butler
MVP: Exchange, MCSE
Sembee Ltd.

e: si...@sembee.co.uk
w: http://www.sembee.co.uk/
w: http://exchange.sembee.info/
w: http://blog.sembee.co.uk/

Need cheap certificates for Exchange, compatible with the iPhone?
http://CertificatesForExchange.com/<http://certificatesforexchange.com/> for 
certificates from just $26.99.
Need a domain for your certificate? 
http://DomainsForExchange.net/<http://domainsforexchange.net/>

Exchange Resources: http://exbpa.com/




From: ed ziots [mailto:ezi...@hotmail.com]
Sent: 22 February 2012 18:33
To: NT System Admin Issues
Subject: RE: DNS-y

Split-brain DNS is not always a bad idea, ( what is internal should be internal 
and what is DMZ/External should be external)

You probably can do one of two things for this.

I am assuming that you don't own the DNS Server that is authoriative for the 
zone ( thisclient.com). I agree you could set up a thisclient.com dns zone on a 
dns server you own within your site ( as long as the client is using that dns 
server for resolving) if not then you are going to have to access the DNS 
server that is authoritative for the zone, and make the A records there.

I doubt you will have luck allowing a zone transfer from the master across the 
VPN pipe if the primary DNS server is on the other side of the VPN tunnel ( 
especially if you have the tunnel locked down, which you should)

Z

Edward E. Ziots
Security Engineer
CISSP,Security +,Network+


> From: mailvor...@gmail.com<mailto:mailvor...@gmail.com>
> Date: Wed, 22 Feb 2012 12:18:05 -0500
> Subject: Re: DNS-y
> To: 
> ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysadmin@lyris.sunbelt-software.com>
>
> On Wed, Feb 22, 2012 at 10:43 AM, David Lum 
> mailto:david@nwea.org>> wrote:
> > We have a VPN tunnel to a client, and we've been asked to make some DNS
> > entries for Thisclient.com addresses and frankly, I don't know how to do it
> > or even how to Google for it. They gave us a list of IP's that need to have
> > entries.
>
> You can tell your DNS server to claim authority for whatever you
> want, and as long as your DNS clients are using that DNS server for
> all lookups, you'll get what you told it to say. So claim authority
> for new zones, named , ,
> etc., and put in the A records at the origin level. Any time their IP
> addresses change, they'll have to tell you.
>
> > I could do DNS forwarding but that would disable us being able to get to
> > thisclient.com's external websites, wouldn't it?
>
> Yup.
>
> (Aside: This is yet another example of why split DNS is a bad idea.
> Too bad for you, your client doesn't know that.)
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to 
> listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
> with the body: unsubscribe ntsysadmin
>
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Blackberry issues again?

[Simon Butler]

Both BES and BIS are working for me right now, going by the number of emails I 
am getting this morning from one correspondent.
My BES Blackberry is fine, and her BIS Blackberry is fine.

Simon.

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: 17 November 2011 10:17
To: NT System Admin Issues
Subject: Blackberry issues again?

I may be going mad but has anyone else noticed whether BB email appears to be 
down again (at least here in the UK)?

Haven't had a message since 7am this morning on the BB which is unusual, if it 
is another outage and not just a problem with my handset, I may change to one 
of those fancy new Nokia Windows phones.

Cheers,



JRR

--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

* IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is addressed. If 
you have received this message it was obviously addressed to you and therefore 
you can read it, even it we didn't mean to send it to you. However, if the 
contents of this email make no sense whatsoever then you probably were not the 
intended recipient, or, alternatively, you are a mindless cretin; either way, 
you should immediately kill yourself and destroy your computer (not necessarily 
in that order). Once you have taken this action, please contact us.. no, sorry, 
you can't use your computer, because you just destroyed it, and possibly also 
committed suicide afterwards, but I am starting to digress..

The originator of this email is not liable for the transmission of the 
information contained in this communication. Or are they? Either way it's a 
pretty dull legal query and frankly one I'm not going to dwell on. But should 
you have nothing better to do, please feel free to ruminate on it, and please 
pass on any concrete conclusions should you find them. However, if you pass 
them on via email, be sure to include a disclaimer regarding liability for 
transmission.

In the event that the originator did not send this email to you, then please 
return it to us and attach a scanned-in picture of your mother's brother's wife 
wearing nothing but a kangaroo suit, and we will immediately refund you exactly 
half of what you paid for the can of Whiskas you bought when you went to Pets 
At Home yesterday.

We take no responsibility for non-receipt of this email because we are running 
Exchange 5.5 and everyone knows how glitchy that can be. In the event that you 
do get this message then please note that we take no responsibility for that 
either. Nor will we accept any liability, tacit or implied, for any damage you 
may or may not incur as a result of receiving, or not, as the case may be, from 
time to time, notwithstanding all liabilities implied or otherwise, ummm, hell, 
where was I...umm, no matter what happens, it is NOT, and NEVER WILL BE, OUR 
FAULT!

The comments and opinions expressed herein are my own and NOT those of my 
employer, who, if he knew I was sending emails and surfing the seamier side of 
the Internet, would cut off my manhood and feed it to me for afternoon tea.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: OT: Gadgets

[Simon Butler]

Why don't you pick up a Squeezebox Classic from eBay and then hook it up to a 
cheap stereo? That is what I did. The old stereo I had as teenager got a new 
lease of life because it had phono ports. The CD and tape deck became redundant 
years ago.
Just make sure you get the wireless and not the wired one. Logitech still 
provide software support for the older devices, so you will be able to use the 
latest version of their software on whatever the host machine is.

If you can find the older version of the Squeeze center software then you can 
even control the device using your Blackberry over the wireless network!

Simon.

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: 15 November 2011 13:41
To: NT System Admin Issues
Subject: Re: OT: Gadgets

That's a cool idea, although my experience on the Blackberry isn't a great 
sound (although I did say the quality didn't matter, I know!). It probably 
means more charging of my phone battery though, which was why I was thinking 
around an AC-powered device of some type. I'm betting the Amazon cloud player 
app probably isn't available for the BB as well (although that's just me being 
cynical, I haven't checked). Still food for thought though, cheers

On 15 November 2011 13:27, Al Lilianstrom 
mailto:lilst...@fnal.gov>> wrote:
Smart phone with wireless capability, Amazon cloud player app, and your music 
in the Amazon cloud. Your music is everywhere you have wireless access and no 
hit on your data plan. Works great. I also use it over my 4G connection when 
I'm out walking or when we're doing something like bowling where we want music 
at our lane.

al

--
Al Lilianstrom
CD/LSC/SOS/ES
lilst...@fnal.gov

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Tuesday, November 15, 2011 7:12 AM
To: NT System Admin Issues
Subject: Re: OT: Gadgets

Yeah, could do that, it is overkill though because I'd then have to fire it up 
and access the playlists etc.

Been Googling about for an mp3-capable wireless home stereo of some sort, but 
I'm not having much luck :-(
On 15 November 2011 13:07, Erik Goldoff 
mailto:egold...@gmail.com>> wrote:
I suppose your other alternative is to bring a wireless laptop to your workout 
dungeon to access your main storage, but that seems overkill to me ( not to 
mention potential risk to the laptop in that workout environment )

On Tue, Nov 15, 2011 at 8:01 AM, James Rankin 
mailto:kz2...@googlemail.com>> wrote:
Sounds fairly decent and straightforward. I have the unfortunate tendency to 
change my favourite tunes very often, though, which was why I was looking for 
some external wireless capability (that really means I am too lazy to reload 
the mp3 player with different tunes) :-)
On 15 November 2011 12:56, Erik Goldoff 
mailto:egold...@gmail.com>> wrote:
would it not be easier/simpler/less expensive to just copy music to an MP3 
player and hook to inexpensive external speakers and be done with it ?  Maybe 
not the most elegant high tech solution, but seems to me it would meet your 
requirements.

On Tue, Nov 15, 2011 at 7:51 AM, James Rankin 
mailto:kz2...@googlemail.com>> wrote:
Just moved to a much bigger house and I am trying to revamp all my electronic 
kit. I have a lot of gym equipment in my garage, but I was fancying putting 
some sort of music-playing device into the garage that could connect up to my 
TeraStation and play a selection of music directly from there. Buying a stereo 
and burning a load of mp3s onto a CD/DVD seems s dated now...can anyone 
recommend any devices that might be able to achieve this for me?

I've already got a streaming box linked to the TV that fires 
movies/music/pictures onto the TV which works great, but I doubt I could run a 
cable all the way from the streaming box to the garage (it is a much bigger 
house). Would I need a device to output the music in the garage as well as 
another streaming device? I've been Googling about (probably not very cleverly) 
and I've found plenty stuff that can stream music across to a stereo, but a) I 
don't have a stereo - I used to play all music through my TV, and b) kit like 
SqueezeBox seems fairly expensive. I'm not wanting to spend a great deal of 
money here, quality isn't that important, just need some music in the 
background while I pound the punchbags!

All suggestions gratefully welcomed.


TIA,



JRR


--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

* IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is addressed. If 
you have received this message it was obviously addressed to you and therefore 
you can read it, even it we didn't mean to send it to you. However, if the 
contents of this email make no sense whatsoever th

RE: playing video on TV from external storage device

[Simon Butler]

WDTV Live. I have one of those and it works great.

http://www.amazon.co.uk/Western-Digital-Live-Media-Player/dp/B002LZUHMI

Simon.



From: James Rankin [mailto:kz2...@googlemail.com]
Sent: 12 September 2011 14:24
To: NT System Admin Issues
Subject: OT: playing video on TV from external storage device

Looking for a few recommendations here.

I have a load of episodes of children's TV (Fireman Sam and the like) stored on 
my external hard drive and also on my home NAS device. I'd like a quick and 
easy way to be able to play these on my TV. The solution I have at the moment 
is simply to connect my laptop to the TV and run the videos from the computer 
to the VGA output on the TV, but this is a) dangerous, as my seven cats 
regularly scuttle past the laptop and could bring it crashing to the floor, and 
b) far too technical a setup for my wife to put together for the kids herself 
when I am out of the house.

Is there some sort of device I could purchase that could have a USB device 
plugged into it, and would then be able to deliver the content to my TV, or can 
you just get (for example) DVD players that accept USB drives or the like now? 
(I'm way out of touch with home tech, please forgive me). Or is there any other 
quick and dirty way I could deliver these videos so that it's easy for my other 
half (she is a complete technophobe)?

All ideas and sharing of own configurations welcome, thanks!


JR

--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

* IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is addressed. If 
you have received this message it was obviously addressed to you and therefore 
you can read it, even it we didn't mean to send it to you. However, if the 
contents of this email make no sense whatsoever then you probably were not the 
intended recipient, or, alternatively, you are a mindless cretin; either way, 
you should immediately kill yourself and destroy your computer (not necessarily 
in that order). Once you have taken this action, please contact us.. no, sorry, 
you can't use your computer, because you just destroyed it, and possibly also 
committed suicide afterwards, but I am starting to digress..

The originator of this email is not liable for the transmission of the 
information contained in this communication. Or are they? Either way it's a 
pretty dull legal query and frankly one I'm not going to dwell on. But should 
you have nothing better to do, please feel free to ruminate on it, and please 
pass on any concrete conclusions should you find them. However, if you pass 
them on via email, be sure to include a disclaimer regarding liability for 
transmission.

In the event that the originator did not send this email to you, then please 
return it to us and attach a scanned-in picture of your mother's brother's wife 
wearing nothing but a kangaroo suit, and we will immediately refund you exactly 
half of what you paid for the can of Whiskas you bought when you went to Pets 
At Home yesterday.

We take no responsibility for non-receipt of this email because we are running 
Exchange 5.5 and everyone knows how glitchy that can be. In the event that you 
do get this message then please note that we take no responsibility for that 
either. Nor will we accept any liability, tacit or implied, for any damage you 
may or may not incur as a result of receiving, or not, as the case may be, from 
time to time, notwithstanding all liabilities implied or otherwise, ummm, hell, 
where was I...umm, no matter what happens, it is NOT, and NEVER WILL BE, OUR 
FAULT!

The comments and opinions expressed herein are my own and NOT those of my 
employer, who, if he knew I was sending emails and surfing the seamier side of 
the Internet, would cut off my manhood and feed it to me for afternoon tea.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Knock me down a notch (aka some days, I am too proud of myself)

[Simon Butler]

If the PST files are the same name as the alias on the mailboxes, then yes, it 
is a lot of work. You could just do this:

Dir C:\PSTFiles\*.pst | Import-Mailbox

That’s it. 

It takes the list, and imports them in to the matching mailbox. 

Simon.


--
Simon Butler
MVP: Exchange, MCSE
Sembee Ltd.

e: si...@sembee.co.uk
w: http://www.sembee.co.uk/
w: http://www.amset.info/
w: http://blog.sembee.co.uk/

Need cheap certificates for Exchange, compatible with the iPhone?
http://CertificatesForExchange.com/ for certificates from just $26.99.
Need a domain for your certificate? http://DomainsForExchange.net/ 

Exchange Resources: http://exbpa.com/ 



-Original Message-
From: David Lum [mailto:david@nwea.org] 
Sent: 06 February 2011 00:14
To: NT System Admin Issues
Subject: Knock me down a notch (aka some days, I am too proud of myself)

So today I am rolling back an abortive outsourcing Exchange attempt. Long story 
but here's what gives me one of those "maybe I am Dr. Evil" moments.

I have 600+ .PST files I need to import into Exchange 2007. The PST file names 
match the mailbox names.

Michael and other PS guru's probably have a better solution than mine so I am 
game to here it, but here's my dorkatude:

1. In the directory with the PST's (about 100pst's per folder), I do DIR > 
GROUPx.TXT
2. Open said TXT file in Excel, setting columns to separate out file names from 
other garbage (delete all columns except file names)
3. Now having just the list of files, I add a columns to the left and right
 3a Column A is part of a powershell command dir D:\ExchangeImport\Groupx\
 3b Column B is the list of PST file names
 3c Column C is | import-mailbox -Confirm:$false
 3d Column D is =A1&B1&C1 and concatenates each line into a tidy PS command 
like dir D:\ExchangeImport\Group4\bob.johnson.pst | import-mailbox 
-Confirm:$false
4. Take column D and paste into Notepad and save as .PS1 file
5. Run PS1 file

Start to finish it's *maybe* 5 mins per group of PST's to make a .PS1 file.

I laugh that overall it's command prompt, Excel, cut and paste to Notepad, and 
PowerShell. In my particular case Excel isn't on the target box so I am 
actually pasting to my local notepad and saving it before opening in Excel. 
Also having 7 groups means I open 7 PowerShell sessions and let 'em rip

So...am I actually clever, or is this really a long way around?

Dave "2hs sleep might impair my judgement" Lum


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Late night thoughts - can't turn the brain off...

[Simon Butler]

If you are going to host everything under subdomains, then you just need a 
wildcard certificate. 
This will be in the format of *.example.com, and will protect 
anythingyoulike.example.com. 
Almost all providers will sell you those, including GoDaddy, Verisign, Digicert 
etc. 

Although if you are doing ecommerce on one of the sites, then I would probably 
have a specific named certificate for that one site, possibly an EV 
certificate, simply to give the increased satisfaction to the customer. 

Simon.

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: 28 January 2011 06:02
To: NT System Admin Issues
Subject: Late night thoughts - can't turn the brain off...

After a bit more than half a bottle of wine and some really wonderful
leftovers for dinner, my brain still won't stop running through work
scenarios...

We have three offices, each on a different continent.

Each has an Exchange server and an SSL VPN appliance.

We'll soon be needing some secured web sites for partners/contractors/customers.

All these are, or will need to be, secured with certs.

I can certainly spend the money on individual certs for each
application, but I'm wondering if there's a better way of handling all
of this.

I am pretty sure I don't need a full PKI infrastructure, and it
probably wouldn't be applicable to our external applications anyway.

Is there a way I can arrange things that might simplify all of this -
perhaps a master cert that I can generate sub certs for various
applications? I'm not up on the intricacies of SSL certs in larger
environments, so I throw the question out to you folks who have some
experience with this.

I've been looking at the Verisign and Godaddy sites, but don't see
what I think should be there - I'm sure I'm missing something
though...

Thoughts?

Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: APC Mgmt Card

[Simon Butler]

I have lots of them in the field as well. Pick them up cheap off ebay. Never 
noticed a problem.

Do ensure that you have the latest version of the firmware - you can download 
it from APCs web site.

Simon.


--
Simon Butler
MVP: Exchange, MCSE
Sembee Ltd.

e: si...@sembee.co.uk
w: http://www.sembee.co.uk/
w: http://www.amset.info/
w: http://blog.sembee.co.uk/

Need cheap certificates for Exchange, compatible with the iPhone?
http://CertificatesForExchange.com/<http://certificatesforexchange.com/> for 
certificates from just $26.99.
Need a domain for your certificate? 
http://DomainsForExchange.net/<http://domainsforexchange.net/>

Exchange Resources: http://exbpa.com/



From: Jim Holmgren [mailto:jholmg...@xlhealth.com]
Sent: 19 January 2011 15:17
To: NT System Admin Issues
Subject: RE: APC Mgmt Card

+1 - never had any issue with them and I've had dozens.

I do seem to recall that some of the earlier APC management cards were 10 Mbit 
link speed and did not auto-negotiate well, but nailing the switch port at the 
proper speed resolved the issue.


Jim Holmgren
Senior Manager, Infrastructure Services
XLHealth Corporation
The Warehouse at Camden Yards
351 West Camden Street, Suite 100
Baltimore, MD 21201
410.625.2200 (main)
443.524.8573 (direct)
443-506.2400 (cell)
www.xlhealth.com<http://www.xlhealth.com>



From: N Parr [mailto:npar...@mortonind.com]
Sent: Wednesday, January 19, 2011 10:11 AM
To: NT System Admin Issues
Subject: RE: APC Mgmt Card

Maybe you have a lemon, have you tried another card?  We have quite a few 
9619's and 9630's and have never noticed that behavior.


From: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
Sent: Wednesday, January 19, 2011 9:05 AM
To: NT System Admin Issues
Subject: APC Mgmt Card
I have a 3000 rmxl with an AP9619 mgmt card that always was a POS and is not 
dying.
Anything not apc, or at least better I can use for snmp mgmt. of this device? 
Maybe something that hooks up to the serial port?
The interface was always dog slow and I shudder to buy another...

Thanks!
jlc

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use 
of the intended recipient(s) and may contain confidential and/or protected 
health information. Under the Federal Law (HIPAA), the intended recipient is 
obligated to keep this information secure and confidential. Any disclosure to 
third parties without authorization from the member of as permitted by law is 
prohibited and punishable under Federal Law. If you are not the intended 
recipient, please contact the sender by reply e-mail and destroy all copies of 
the original message.

NOTA DE CONFIDENCIALIDAD: Este mensaje incluyendo cualquier anejo es para uso 
exclusivo del (los) destinatario (s) y puede incluir informaci?n confidencial 
y/o informaci?n de salud protegida. La Ley Federal (HIPAA) establece que el 
destinatario est? obligado a mantener la informaci?n confidencial y sequra. 
HIPAA proh?be y castiga cualquier divulgaci?n a terceras personas sin 
autorizaci?n del afiliado o permitido por ley. Si usted no es el destinatario, 
redirija esta mensaje al remitente, y destruye cualquier copia existente del 
mensaje original.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: LSI SATA RAID issue

[Simon Butler]

If it is an LSI, then download their MegaRaid Storage Manager utility. That 
should allow you to see the status of the drives. 
The latest version works with the older cards - I am using it with an old Perc 
5i (which is LSI) on Windows 2008 R2, although it detects it as Windows Vista. 

Simon.


--
Simon Butler
MVP: Exchange, MCSE
Sembee Ltd.

e: si...@sembee.co.uk
w: http://www.sembee.co.uk/
w: http://www.amset.info/
w: http://blog.sembee.co.uk/

Need cheap certificates for Exchange, compatible with the iPhone?
http://CertificatesForExchange.com/ for certificates from just $26.99.
Need a domain for your certificate? http://DomainsForExchange.net/ 

Exchange Resources: http://exbpa.com/ 



-Original Message-
From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] 
Sent: 15 December 2010 20:55
To: NT System Admin Issues
Subject: RE: LSI SATA RAID issue

Like John said, if you have the smartpack installed, it will likely include the 
hpadu/acu (diagnostic/config utility) and you can query this info from it.
If not, you can fetch it online, not sure if it needs a reboot, I doubt it.
jlc

-Original Message-
From: Bill Humphries [mailto:nt...@hedgedigger.com] 
Sent: Wednesday, December 15, 2010 1:48 PM
To: NT System Admin Issues
Subject: Re: LSI SATA RAID issue

Heh.  This thing is way out of warranty.  The SATA drives are atleast 4 years 
old...so that adds tp my concern regarding array status.  They want to make it 
through this next tax season with this server.

VIPCS wrote:
> Can you call HP Support and ask them the question?
>
> Sincerely,
>  
> Jeffrey and Mary Jane Harris
> VIPCS
>  
> -Original Message-
> From: Bill Humphries [mailto:nt...@hedgedigger.com]
> Sent: Wednesday, December 15, 2010 3:20 PM
> To: NT System Admin Issues
> Subject: LSI SATA RAID issue
>
> SO I have a client with HP ML310 with SATA drives running SBS 2003. 
> The machine has been slow and disks show severe fragmentation. They 
> had a power issue yesterday and when I was onsite and booted the 
> machine I noticed that the pre-windows load screen mentioned that the 
> LSI array was failed or degraded.
> It booted into windows before I had time to hit the function key and I 
> couldn't take it down any longer during business hours. Itmight have 
> just been degraded due to power failure...or maybe something else.
>
> I can't seem to find any way to see RAID status on this server while 
> in windows. I don't think the standard HP array manager software 
> supports the LSI onboard controller. Mt google-fu is failing. any way 
> to see status of the array without taking the machine down? Thanks for 
> any input.
>
> Bill
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>   


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: BES 5.0 not syncing Calendars

[Simon Butler]

It can't be permissions because that would stop anything from working.
Have you run the IEMSTEST tool from the Utility directory on the server? You 
will need to be logged in to the server as BESADMIN. That can flag if there are 
issues with accessing the mailbox.

Simon.

From: Jim Majorowicz [mailto:jmajorow...@gmail.com]
Sent: 06 December 2010 22:44
To: NT System Admin Issues
Subject: Re: BES 5.0 not syncing Calendars

Simon,

I'm not sure re-registering the CDO is working, although I'm getting mixed 
signals from my client.  I'll dig a little bit more, but do you know anything 
else it might be?
On Thu, Dec 2, 2010 at 11:02 AM, Simon Butler 
mailto:si...@sembee.co.uk>> wrote:
If everything else is working correctly, the permissions are almost certainly 
correct. If permissions were wrong, then nothing would sync.
The times I have seen this happen before it has been down to the cdo.dll not 
being registered, or the wrong was registered.

Re-register the cdo.dll that is un C:\Program Files(86)\ExchangeMapi.
Then stop the Blackberry services in the following order:

"Blackberry Controller"
"Blackberry Dispatcher"
"Blackberry Router"
"Blackberry MDS Connection Service"
"Blackberry Attachment Service"
"Blackberry Alert"
"BAS-NCC"
"BAS-AS"

Restart them in the following order:

"Blackberry Router"
"Blackberry Dispatcher"
"Blackberry Controller"
"Blackberry MDS Connection Service"
"Blackberry Attachment Service"
"Blackberry Alert"
"BAS-AS"

Simon.


--
Simon Butler
MVP: Exchange, MCSE
Sembee Ltd.

e: si...@sembee.co.uk<mailto:si...@sembee.co.uk>
w: http://www.sembee.co.uk/
w: http://www.amset.info/
w: http://blog.sembee.co.uk/

Need cheap certificates for Exchange, compatible with the iPhone?
http://CertificatesForExchange.com/<http://certificatesforexchange.com/> for 
certificates from just $26.99.
Need a domain for your certificate? 
http://DomainsForExchange.net/<http://domainsforexchange.net/>

Exchange Resources: http://exbpa.com/





From: Jim Majorowicz 
[mailto:jmajorow...@gmail.com<mailto:jmajorow...@gmail.com>]
Sent: 02 December 2010 17:38
To: NT System Admin Issues
Subject: BES 5.0 not syncing Calendars

I've got a client that uses BESX 5.0.2 with SBS 2008 that isn't syncing 
calendars after the Swing Migration to SBS 2008.  Googling has me looking at 
the permissions of the BESAdmin account, but I can't tell if this is correct:

[PS] C:\Windows\System32>get-mailboxserver ALLIANT01 | get-ADpermission -user BE
SAdmin | Format-List


User: AS2K3\BESAdmin
Identity: ALLIANT01
Deny: False
AccessRights: {Self, WriteProperty, GenericRead}
ExtendedRights  :
IsInherited : False
Properties  :
ChildObjectTypes:
InheritedObjectType :
InheritanceType : All

User: AS2K3\BESAdmin
Identity: ALLIANT01
Deny: False
AccessRights: {ExtendedRight}
ExtendedRights  : {ms-Exch-Store-Admin}
IsInherited : False
Properties  :
ChildObjectTypes:
InheritedObjectType :
InheritanceType : All

User: AS2K3\BESAdmin
Identity: ALLIANT01
Deny: False
AccessRights: {ExtendedRight}
ExtendedRights  : {Send-As}
IsInherited : False
Properties  :
ChildObjectTypes:
InheritedObjectType :
InheritanceType : All

Everything else is working correctly, so I'm thinking this isn't it, but I 
really can't tell.  Are the permissions correct for this user?  The other thing 
I'm noticing is that there is NO information about the Calendar listed anywhere 
in the BESX 5.0 Synchronization Component.  This is my only 5.0 server at the 
moment, so I'm not sure if I'm missing anything or not, but I see:
Component information

[Description: Image removed by sender. Description: Image removed by sender.]




Component name:

Synchronization

Component description:

The Sync component.

Component category:

Synchronization






[Description: Image removed by sender. Description: Image removed by sender.]

[Description: Image removed by sender. Description: Image removed by sender.]


error message info message

[Description: Image removed by sender. Description: Image removed by sender.]

Address book

[Description: Image removed by sender. Description: Image removed by sender.]


Synchronization turned on:

Yes

Synchronization type:

Bidirectional

Conflict resolution:

Server wins


[Description: Image removed by sender. Description: Image removed by sender.]

[Description: Image removed by sender. Description: Image removed by sender.]


[Description: Image removed by sender. Description: Image removed by sender.]

Tasks

[Description: Image removed by sender. Description: Ima

RE: BES 5.0 not syncing Calendars

[Simon Butler]

If everything else is working correctly, the permissions are almost certainly 
correct. If permissions were wrong, then nothing would sync.
The times I have seen this happen before it has been down to the cdo.dll not 
being registered, or the wrong was registered.

Re-register the cdo.dll that is un C:\Program Files(86)\ExchangeMapi.
Then stop the Blackberry services in the following order:

"Blackberry Controller"
"Blackberry Dispatcher"
"Blackberry Router"
"Blackberry MDS Connection Service"
"Blackberry Attachment Service"
"Blackberry Alert"
"BAS-NCC"
"BAS-AS"

Restart them in the following order:

"Blackberry Router"
"Blackberry Dispatcher"
"Blackberry Controller"
"Blackberry MDS Connection Service"
"Blackberry Attachment Service"
"Blackberry Alert"
"BAS-AS"

Simon.


--
Simon Butler
MVP: Exchange, MCSE
Sembee Ltd.

e: si...@sembee.co.uk
w: http://www.sembee.co.uk/
w: http://www.amset.info/
w: http://blog.sembee.co.uk/

Need cheap certificates for Exchange, compatible with the iPhone?
http://CertificatesForExchange.com/<http://certificatesforexchange.com/> for 
certificates from just $26.99.
Need a domain for your certificate? 
http://DomainsForExchange.net/<http://domainsforexchange.net/>

Exchange Resources: http://exbpa.com/





From: Jim Majorowicz [mailto:jmajorow...@gmail.com]
Sent: 02 December 2010 17:38
To: NT System Admin Issues
Subject: BES 5.0 not syncing Calendars

I've got a client that uses BESX 5.0.2 with SBS 2008 that isn't syncing 
calendars after the Swing Migration to SBS 2008.  Googling has me looking at 
the permissions of the BESAdmin account, but I can't tell if this is correct:

[PS] C:\Windows\System32>get-mailboxserver ALLIANT01 | get-ADpermission -user BE
SAdmin | Format-List


User: AS2K3\BESAdmin
Identity: ALLIANT01
Deny: False
AccessRights: {Self, WriteProperty, GenericRead}
ExtendedRights  :
IsInherited : False
Properties  :
ChildObjectTypes:
InheritedObjectType :
InheritanceType : All

User: AS2K3\BESAdmin
Identity: ALLIANT01
Deny: False
AccessRights: {ExtendedRight}
ExtendedRights  : {ms-Exch-Store-Admin}
IsInherited : False
Properties  :
ChildObjectTypes:
InheritedObjectType :
InheritanceType : All

User: AS2K3\BESAdmin
Identity: ALLIANT01
Deny: False
AccessRights: {ExtendedRight}
ExtendedRights  : {Send-As}
IsInherited : False
Properties  :
ChildObjectTypes:
InheritedObjectType :
InheritanceType : All

Everything else is working correctly, so I'm thinking this isn't it, but I 
really can't tell.  Are the permissions correct for this user?  The other thing 
I'm noticing is that there is NO information about the Calendar listed anywhere 
in the BESX 5.0 Synchronization Component.  This is my only 5.0 server at the 
moment, so I'm not sure if I'm missing anything or not, but I see:
Component information

[Description: Image removed by sender.]



Component name:

Synchronization

Component description:

The Sync component.

Component category:

Synchronization






[Description: Image removed by sender.]

[Description: Image removed by sender.]


error message info message

[Description: Image removed by sender.]

Address book

[Description: Image removed by sender.]


Synchronization turned on:

Yes

Synchronization type:

Bidirectional

Conflict resolution:

Server wins


[Description: Image removed by sender.]

[Description: Image removed by sender.]


[Description: Image removed by sender.]

Tasks

[Description: Image removed by sender.]


Synchronization turned on:

Yes

Synchronization type:

Bidirectional

Conflict resolution:

Server wins


[Description: Image removed by sender.]

[Description: Image removed by sender.]


[Description: Image removed by sender.]

Memos

[Description: Image removed by sender.]


Synchronization turned on:

Yes

Synchronization type:

Bidirectional

Conflict resolution:

Server wins


[Description: Image removed by sender.]

[Description: Image removed by sender.]


[Description: Image removed by sender.]

Message filters

[Description: Image removed by sender.]


Synchronization turned on:

Yes

Synchronization type:

Bidirectional

Conflict resolution:

Server wins


[Description: Image removed by sender.]

[Description: Image removed by sender.]


[Description: Image removed by sender.]

Message settings

[Description: Image removed by sender.]


Synchronization turned on:

Yes

Synchronization type:

Bidirectional

Conflict resolution:

Server wins


[Description: Image removed by sender.]

[Description: Image removed by sender.]


[Description: Image removed by sender.]

Certi

RE: 17 updates.... Weee!!!

[Simon Butler]

I find that number can often be reduced by declining all of the Itanium updates 
(just search for Itanium then decline the lot) Unless you happen to be the 
one of the small numbers of shops with Itanium version of Windows installed.

Simon.


--
Simon Butler
MVP: Exchange, MCSE
Sembee Ltd.

e: si...@sembee.co.uk
w: http://www.sembee.co.uk/
w: http://www.amset.info/
w: http://blog.sembee.co.uk/

Need cheap certificates for Exchange, compatible with the iPhone?
http://CertificatesForExchange.com/<http://certificatesforexchange.com/> for 
certificates from just $23.99.
Need a domain for your certificate? 
http://DomainsForExchange.net/<http://domainsforexchange.net/>

Exchange Resources: http://exbpa.com/



From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu]
Sent: 12 October 2010 22:12
To: NT System Admin Issues
Subject: RE: 17 updates Weee!!!

My WSUS server is downloading over 4GB...


From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
Sent: Tuesday, October 12, 2010 12:32 PM
To: NT System Admin Issues
Subject: Re: 17 updates Weee!!!

17 here for me.

--
ME2
On Tue, Oct 12, 2010 at 12:22 PM, Rod Trent 
mailto:rodtr...@myitforum.com>> wrote:
17?  Only 16 have been reported.

From: Sean Rector 
[mailto:sean.rec...@vaopera.org<mailto:sean.rec...@vaopera.org>]
Sent: Tuesday, October 12, 2010 3:19 PM

To: NT System Admin Issues
Subject: RE: 17 updates Weee!!!

Thanks for the reminder.

Ugh!

Sean Rector, MCSE

From: Micheal Espinola Jr 
[mailto:michealespin...@gmail.com<mailto:michealespin...@gmail.com>]
Sent: Tuesday, October 12, 2010 3:06 PM
To: NT System Admin Issues
Subject: 17 updates Weee!!!



--
ME2

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin
Information Technology Manager
Virginia Opera Association

E-Mail: sean.rec...@vaopera.org<mailto:sean.rec...@vaopera.org>
Phone:(757) 213-4548 (direct line)
{+}

Subscriptions and tickets are on sale now!
Rigoletto   |   Così Fan Tutte   |   The Valkyrie   |   Madama Butterfly

Visit us online at www.VaOpera.org<http://www.vaopera.org/> or call 
1-866-OPERA-VA

The vision of Virginia Opera is to enrich lives through the powerful 
integration of music, voice and human drama.



This e-mail and any attached files are confidential and intended solely for the 
intended recipient(s). Unless otherwise specified, persons unnamed as 
recipients may not read, distribute, copy or alter this e-mail. Any views or 
opinions expressed in this e-mail belong to the author and may not necessarily 
represent those of Virginia Opera. Although precautions have been taken to 
ensure no viruses are present, Virginia Opera cannot accept responsibility for 
any loss or damage that may arise from the use of this e-mail or attachments.

{*}

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: BES 4.0 - 5.0

[Simon Butler]

You can't have two Blackberry servers running with the same SRP. I think they 
will lock the SRP out and block both servers from connecting.
Get a trial of BES, that will give you an SRP that is good for 60 days. Then 
move everything across. Once done, you can change the SRP back to your live one.

Simon.


--
Simon Butler
MVP: Exchange, MCSE
Sembee Ltd.

e: si...@sembee.co.uk
w: http://www.sembee.co.uk/
w: http://www.amset.info/
w: http://blog.sembee.co.uk/

Need cheap certificates for Exchange, compatible with the iPhone?
http://CertificatesForExchange.com/<http://certificatesforexchange.com/> for 
certificates from just $23.99.
Need a domain for your certificate? 
http://DomainsForExchange.net/<http://domainsforexchange.net/>

Exchange Resources: http://exbpa.com/



From: Jim Majorowicz [mailto:jmajorow...@gmail.com]
Sent: 12 October 2010 22:12
To: NT System Admin Issues
Subject: Re: BES 4.0 - 5.0

The Transporter assumes you're moving users from one SRP ID to another, not 
sure it works when it's the same SRP.
On Mon, Oct 11, 2010 at 8:55 PM, Level Five - List 
mailto:li...@levelfive.us>> wrote:
Thanks Greg, I thought about that and dug into it, the former admin had deleted 
all the shortcuts but I went in and found the connections manager and he had 
all set to disabled, once I enabled this I was good to go for connecting. Also 
I re-went through the setup as per Martin and found they did have this besadmin 
as a domain admin, this domain was previously win2k so I fixed that up and 
testing now ...

Appreciate all the help everyone

From: greg.swe...@actsconsulting.net<mailto:greg.swe...@actsconsulting.net> 
[mailto:greg.swe...@actsconsulting.net<mailto:greg.swe...@actsconsulting.net>]
Sent: Monday, October 11, 2010 1:50 PM

To: NT System Admin Issues
Subject: RE: BES 4.0 - 5.0

You should still be able to connect to an MSDE box.  Its 
Servername/instancename, if its your default instance, its just servername

From: Lists - Level 5 [mailto:li...@levelfive.us<mailto:li...@levelfive.us>]
Sent: Monday, October 11, 2010 9:38 AM
To: NT System Admin Issues
Subject: RE: BES 4.0 - 5.0

I did download this and ran it, but it wants to connect to an SQL box, and the 
bes 4.0 is running MSDE, which is why I was under the impression it wouldn't 
work. We have a few tickets available with RIM and I will contact them to see 
if Im just doing it incorrectly.



From: Martin Blackstone 
[mailto:mblackst...@gmail.com<mailto:mblackst...@gmail.com>]
Sent: Monday, October 11, 2010 8:59 AM
To: NT System Admin Issues
Subject: RE: BES 4.0 - 5.0

+1
That's how we did it.
http://www.blackberryforums.com.au/forums/general-bes-discussion/1390-blackberry-enterprise-server-migration-kit.html


From: Garcia-Moran, Carlos 
[mailto:cgarciamo...@spragueenergy.com<mailto:cgarciamo...@spragueenergy.com>]
Sent: Monday, October 11, 2010 5:46 AM
To: NT System Admin Issues
Subject: RE: BES 4.0 - 5.0

Called Rim and get a Transporter Kit, it's free, I migrated from 4 to 5 about 6 
months ago and did it with Zero downtime and only a couple of BB that didn't 
work out of 200 users. You install the new server as a stand alone BES 5.0 and 
then there's the software you run on it to transfer users on a batch run. RIM 
gives you a new SRP to run for 60 days which once you are done becomes your new 
one.

From: Level Five - List [mailto:li...@levelfive.us<mailto:li...@levelfive.us>]
Sent: Monday, October 11, 2010 7:34 AM
To: NT System Admin Issues
Subject: RE: BES 4.0 - 5.0

Thanks Greg, we are using the same bes acct on the 4.0 and 5.0 . the bes acct 
still seems to be working because we brought a mail archiving system online and 
have been using that account to extact mail from mailboxes successfully. I will 
still triple check it.

I was wondering if the bes is registering 2 times with the same domain (bes4 
and bes5) if this was causing an issue on the blackberry network side about how 
to route, the confusing part was seeing the 'invalid' ids come in with an 
un-wiped phone, and then a wiped phone nothing seems to make its way.

From: greg.swe...@actsconsulting.net<mailto:greg.swe...@actsconsulting.net> 
[mailto:greg.swe...@actsconsulting.net<mailto:greg.swe...@actsconsulting.net>]
Sent: Sunday, October 10, 2010 9:34 PM
To: NT System Admin Issues
Subject: RE: BES 4.0 - 5.0


Pretty sure though you cant have the same codes on 4 and 5, so that's most 
likely not it.  If you are getting ERP messages than you are communicating with 
RIM but the BES user account most likely doesn't have permissions to access the 
boxes.  Double check your permissions, and then recheck.  Dumb question...the 
bes account is not a domain admin is it?  It was common in 4 to prevent the sd 
admin process from overwriting permissions for the account used.  If you are 
using the same account in the domain its possible the perms on the account ar

RE: BES install question

[Simon Butler]

If all the users are in the OU "User Accounts" and the domain is domain.local 
then the command will be this:

Add-ADPermission -InheritedObjectType User -InheritanceType Descendents 
-ExtendedRights Send-As -User "BESAdmin" -Identity "OU=User 
Accounts,DC=domain,DC=local"

If you have your users in various OUs, then you will need to repeat the command 
for each OU. 

If your domain is three levels, such as domain.co.uk then you would do 
DC=domain,DC=co,DC=UK

If you have your users in the default "Users" container, then the command will 
be

Add-ADPermission -InheritedObjectType User -InheritanceType Descendents 
-ExtendedRights Send-As -User "BESAdmin" -Identity "CN=Users,DC=domain,DC=local"

If you are confident enough to use adsiedit, then you can see the full path in 
there, and copy it out.

The permissions are now configured at this level because of the changes to the 
security settings in Exchange 2010. With older versions you set it at a per 
server or per database level - of course the databases no longer belong to a 
specific server, so the permissions have to be configured in a different way. 


Simon. 


--
Simon Butler
MVP: Exchange, MCSE
Sembee Ltd.

e: si...@sembee.co.uk
w: http://www.sembee.co.uk/
w: http://www.amset.info/
w: http://blog.sembee.co.uk/

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/ for certificates from just $23.99.
Need a domain for your certificate? http://DomainsForExchange.net/ 

Exchange Resources: http://exbpa.com/ 



-Original Message-
From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] 
Sent: 15 September 2010 21:35
To: NT System Admin Issues
Subject: BES install question

Doing pre-installation tasks for BES and Exchange 2010.

I've created the BESAdmin mailbox, and I'm now configuring the Exchange 2010 
permissions.  It's asking me to type one of the following commands within the 
Exchange Management Shell.  I'm not sure what exactly the commands are trying 
to do, so I'm not sure how to fill in the blanks.  Can someone take a look and 
help me?

Do one of the following:

a)  To set the permissions at the organizational unit level, type 
Add-ADPermission -InheritedObjectType User - InheritanceType Descendents 
-ExtendedRights Send-As -User "BESAdmin" -Indentity "OU=,DC=,DC=,DC="  where ,, 
and  form the name of the domain.

b) To set the permissions at the common name level, type Add-ADPermission 
-InheritedObjectType User - InheritanceType Descendents -ExtendedRights Send-As 
-User "BESAdmin" -Indentity 
"CN=,DC=,DC=,DC=" where 
,, and  form the name of the domain.



If I'm correct, these commands setup who can Send As the BESAdmin account, 
correct?  The documentation doesn't explain it, and I need to know exactly, so 
I know what to put in as  or .


Thanks,

Joe Heaton



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: DNS Provider

[Simon Butler]

I have all of my domains with nettica.com http://www.nettica.com/
Custom name server addresses have been setup as well, so everything runs 
through my own domains on their servers. Doesn’t matter who the domain is 
registered with, I just change the name servers to them.

Simon.


--
Simon Butler
MVP: Exchange, MCSE
Sembee Ltd.

e: si...@sembee.co.uk
w: http://www.sembee.co.uk/
w: http://www.amset.info/
w: http://blog.sembee.co.uk/

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/<http://certificatesforexchange.com/> for 
certificates from just $23.99.
Need a domain for your certificate? 
http://DomainsForExchange.net/<http://domainsforexchange.net/>

Exchange Resources: http://exbpa.com/



From: Jay Dale [mailto:jd...@emlogis.com]
Sent: 18 August 2010 16:27
To: NT System Admin Issues
Subject: DNS Provider

Hey all,

We currently have our domain hosted through 1and1.  We use EC2 and Rightscale 
to administer cloud servers that run our application and as such rely on using 
subdomains for customers to access the web-based application.  However, 1and1 
as everyone knows is horrible when it comes to stuff like this, so we would 
like to move to a more Enterprise-friendly DNS Provider/Host.  Anyone have any 
recommendations?

Jay





[Description: Description: http://www.emlogis.com/images/image3.jpg]

Jay Dale Senior Systems Administrator
P 713.785.0960 Ext 290 | F 713.785.0986 | C 832.373.7883
jd...@emlogis.com<mailto:jd...@emlogis.com> | 
www.emlogis.com<http://www.emlogis.com/>
Service Desk C 877.523.5896 | E supp...@emlogis.com<mailto:supp...@emlogis.com>
[Description: Description: http://www.emlogis.com/images/imageEmail3.jpg]
This Email is covered by the Electronic Communications Privacy Act, 18 U.S.C. 
งง 2510-2521 and is legally privileged. The information contained in this Email 
is intended only for use of the individual or entity named above. If the reader 
of this message is not the intended recipient, or the employee or agent 
responsible to deliver it to the intended recipient, you are hereby notified 
that any dissemination, distribution or copying of this communication is 
strictly prohibited. If you have received this communication in error, please 
immediately notify us by telephone (toll-free) at 877-523-5896, and destroy the 
original message.











~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~<><>

RE: Open letter to Adobe

[Simon Butler]

It isn't just Adobe's installer that has this problem. I have seen it with 
others, particularly on Vista and Windows 7.
The easy fix is to right click on Command Prompt and choose Run as 
Administrator. Then type net use h: \\server\share 
(using the same letter that you are getting the error for). The installer will 
then complete successfully.
Of course that isn't easy for a scripted installation, but on a one off it 
works well.

Simon.



--
Simon Butler
MVP: Exchange, MCSE
Sembee Ltd.

e: si...@sembee.co.uk
w: http://www.sembee.co.uk/
w: http://www.amset.info/
w: http://blog.sembee.co.uk/

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/<http://certificatesforexchange.com/> for 
certificates from just $23.99.
Need a domain for your certificate? 
http://DomainsForExchange.net/<http://domainsforexchange.net/>

Exchange Resources: http://exbpa.com/




From: Steven M. Caesare [mailto:scaes...@caesare.com]
Sent: 25 July 2010 18:26
To: NT System Admin Issues
Subject: Open letter to Adobe

Dear Adobe-

You suck.

Allow me to expand: Your software installer is broken. It has been for years. 
It's broken across many of the packages in your product line. It's documented 
in your knowledge base. Confirmation on the brokenness of your installer is 
only a Google search away. It's a known issue that's been known for a LOOONG 
time. Yet you have done nothing about it.

Given the abundance of the fine print, and the considerable length of your 
EULA, I have to assume that the art of reading has been mastered somewhere 
there at Adobe, and I must assume that occasionally somebody cracks your own KB 
and is aware of this?

On Windows machines with a Documents & Settings folder redirected to a network 
drive, your installer erroneously complains that the network drive letter is 
"invalid". I know... it just happened to me while trying to update Read (and 
please don't' get me started on your software update virus that manages to 
reinstall itself to run at startup no matter how many times I try to squash it.

. "Invalid Drive H:", you say installer? That's funny, I'm browsing the 
contents of that directory right now.  Now I'm not the sharpest tool in the 
shed, but I do have a pretty good handle on the alphabet... so when I see the 
output of a "dir /s h:" pouring past me in a CMD window at the same time your 
installer is telling me there is no drive H:, I have to assume somebody's lying 
to me... and I have a pretty good idea who.

Now, your KB has all sorts of suggestions like editing the registry, modifying 
directory permissions, etc... but quite frankly, it's much easier to just 
temporarily unmap the network drive, plug in a thumb drive, and temporarily 
change the drive letter to H:, so that way your installer can go on its merry 
way. However, that's the kicker: YOUR INSTALLER DOESN'T EVEN NOTICE THAT THE 
SETTINGS DIRECTORY ISN'T ON DRIVE H: AND IN FACT WRITES NOTHING THERE AT ALL! 
Yup... that's right, your installer complains about a network drive existing 
where it wants a physical drive for... NO REASON WHATSOEVER. Awesome.

Now, you will say that you license the installer from another company. OK. You 
will also say that  there are software packages form other companies that also 
suffer from that same 3rd-party licensed installer bug. To which I say: "Yeah, 
you're right... they suck too.". Here's the response to all of that: there's a 
buttload of software packages out there that DON'T suffer from that bug... so 
it can be done. Take somebody off the team that is in charge of confusing us 
with the different packages of Acrobat, Reader, Professional, that deal with 
PDF's, and have them look at this for a couple of days.

So in summary: PLEASE FIX YOUR FRIGGIN' INSTALLER. You guys can write some 
great software. The new CS5 suite rocks... particularly the Mercury engine in 
Premiere Pro So I know you guys can do it. And while you're at it think 
about 64 bit flash... it's only been what... 5+ years we've had 64bit windows 
now?

Sincerely-

-Steven Caesare






~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Exchange Blocking Question

[Simon Butler]

This question would be better on the Exchange list... 

Blocking the domain doesn't resolve the underlying issue.
Why are those messages there? 

Either you aren't doing recipient filtering, so they are bounces for unknown 
users, or your server is being abused. 
Therefore rather than trying to deal with the symptom, deal with the underlying 
cause. 

Recipient filtering should be enabled, which will mean your server drops 
messages for non-valid recipients at the point of delivery. 
http://www.amset.info/exchange/filter-unknown.asp 

If you have recipient filtering enabled, then check that your server hasn't 
been compromised and is being used for authenticated relaying or an open relay.

Simon. 


--
Simon Butler
MVP: Exchange, MCSE
Sembee Ltd.

e: si...@sembee.co.uk
w: http://www.sembee.co.uk/
w: http://www.amset.info/
w: http://blog.sembee.co.uk/

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/ for certificates from just $23.99.
Need a domain for your certificate? http://DomainsForExchange.net/ 

Exchange Resources: http://exbpa.com/ 






-Original Message-
From: Chyka, Robert [mailto:bch...@medaille.edu] 
Sent: 07 July 2010 00:22
To: NT System Admin Issues
Subject: Exchange Blocking Question

Scenario:
 
Exchange 2003 fully Patched.  We are getting alot of .RU domains stuck in our 
queue as i look at it from the Exchaqnge System Manager.  We have recipient and 
sender filtering enabled but is there a way I can specifically block the .RU 
sites from the Exchange System manager?
 
Thanks for your help.
 
Bob

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Windows 7 not running logon script?

[Simon Butler]

UAC being enabled shouldn't stop the login scripts from running. I have never 
touched UAC on any of the networks I look after and the scripts run fine.
However WSUS setup should really be done with group policy, and if you are 
doing registry entries and things like that, then those can be problematic. 
Straight drive and printer mappings should work fine.

Two things to check.


1.   Does the script run manually from the netlogon share.

2.   It could be that the workstation is starting too quickly for the 
network. Check the logon server variable by typing set in a command prompt. If 
it is the local machine then Windows is logging in using cached credentials 
rather than live.
This is one of those times where I like my dual login script method.
In the domain I have login.cmd listed. All this does is call login2.cmd, but it 
is also dumps a log file in to the user profile. Therefore when it comes to 
troubleshooting, I can see what happened.
http://loginscripts.info/recording.asp

Another option would be set yourself with a separate login script and strip it 
down. See whether there is something in the script that is causing the problem.

Simon.


--
Simon Butler
MVP: Exchange, MCSE
Sembee Ltd.

e: si...@sembee.co.uk
w: http://www.sembee.co.uk/
w: http://www.amset.info/
w: http://blog.sembee.co.uk/

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/<http://certificatesforexchange.com/> for 
certificates from just $23.99.
Need a domain for your certificate? 
http://DomainsForExchange.net/<http://domainsforexchange.net/>

Exchange Resources: http://exbpa.com/



From: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
Sent: 04 July 2010 15:49
To: NT System Admin Issues
Subject: RE: Windows 7 not running logon script?

UAC enabled?

From: Evan Brastow [mailto:ebras...@automatedemblem.com]
Sent: Sunday, July 04, 2010 7:40 AM
To: NT System Admin Issues
Subject: Windows 7 not running logon script?

After another frustrating experience with Dell, I just purchased a Falcon 
Northwest Talon system to replace my two year old Dell XPS 730 system that 
needed a new motherboard that apparently Dell didn't stock and didn't care to.

So, this is my first system at work with Windows 7. And I'm having an issue 
already... my logon script doesn't seem to be running. Drives aren't mapped, 
WSUS isn't setup, etc...

The domain is a Windows Server 2003 domain... the scripts are batch files that 
are called from the user accounts (in other words, I'm still doing this "the 
old way" without AD really being involved in the login scripts.)

Any thoughts on why Win7 won't run the login script?

Thanks, and Happy 4th :)

Evan









~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Low-budget SBS 2003 Exchange spam-filter?

[Simon Butler]

You can't really compare Vamsoft ORF to something like McAfee/GFI etc, because 
it works in a different way. 

Vamsoft works almost exclusively at the host level. It is looking to see where 
the email is coming from and blocks the messages at the point of delivery. It 
doesn't look at the content of the message at all by default. 
What this does mean is that there is no need to pay the renewal fees, because 
there are no definition files etc to install. 
For it to function correctly, it does require the email to be delivered direct 
to the server, so POP3 connector sites are unsuitable, as are sites where the 
email comes in from another host (like an ISP). If the MX records are pointing 
at the Exchange server then it works fine. 

I have been using it for some time both personally and with clients and have 
seen some superb results with it. 
http://blog.sembee.co.uk/post/Truly-Spectacular-Results-from-Vamsoft-ORF.aspx 
http://blog.sembee.co.uk/post/Real-Time-Blacklisting.aspx 

However as with all antispam product selection, you need to test them to see 
what would be blocked, because a solution that works for one company may not 
work for another. 

I presume that you have enabled IMF in SBS 2003 and found that doesn't block 
enough (or too much) ?

Simon. 



--
Simon Butler
MVP: Exchange, MCSE
Sembee Ltd.

e: si...@sembee.co.uk
w: http://www.sembee.co.uk/
w: http://www.amset.info/
w: http://blog.sembee.co.uk/

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/ for certificates from just $23.99.
Need a domain for your certificate? http://DomainsForExchange.net/ 

Exchange Resources: http://exbpa.com/ 







-Original Message-
From: Angus Scott-Fleming [mailto:angu...@geoapps.com] 
Sent: 25 June 2010 08:43
To: NT System Admin Issues
Subject: Re: Low-budget SBS 2003 Exchange spam-filter?

On 25 Jun 2010 at 0:56, Andrew S. Baker  wrote:

> Consider:http://www.vamsoft.com/

Have you used it?  How does it compare to Sunbelt's offering.  The price of 
$239/server + $99/year renewal is very good compared to either McAfee or GFI 
Mail Essentials, although for the client which prompted this inquiry a 5-user, 
3-year VIPRE Email Security system would be less (5 * $59=$295).


--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
Security Blog: http://geoapps.com/





~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: DR Plan

[Simon Butler]

DR plans is something I hear about a lot, but I am of the opinion that IT are 
the wrong people to drive this.
DR should be part of the business, and the business needs to tell IT what they 
need.
IT cannot make the decision on what is and is not important. Do you know how 
much downtime you can tolerate as a business?

However the starting point I always make is the same. It is a DR plan of sorts, 
one that is already in place and that most staff will know at least the basics 
of. It is something that many overlook.

Simply, what do you do in the event of a power failure?

That will give you a good grounding as to what sort of things have to be 
considered. If the business has justified the outlay for a UPS that requires 
its own room and a generator the size of a small van in the car park, then you 
may have an idea of the kind of business continuity that may well be required.

You then look at the location. What I would have in a plan for a company in the 
centre of London is very different to what I would have in the Scottish 
mountains.

Although the fact that many people in IT don't know where to start is a good 
thing, because that means their business haven't made the decisions and it 
needs to be pushed back to them. For some reason it is thought that DR is just 
about IT, but it isn't. IT is just the facilitator.  In effect, the business is 
their client and as such their business needs to make the decisions. Only then 
can IT turn round and say "we can do that, but it will cost you X", and it is 
seen as part of the overall business continuity, which will need to involve 
telephones, buildings, access etc.

Although the best DR plan I have ever seen was summed up in two words - Go Home.
They were located in central London, inside the former terrorist road block 
area. As such their entire IT environment was configured so that the business 
continuity plan didn't have to be activated, it was already in progress. Staff 
simply had to relocate. As long as they had the internet, they could operate - 
all Citrix based with the servers outside of London in a secure Data Centre 
called The Bunker. The company would only lose printers, but even that was 
managed, with everything going through an interim system for printing, so if 
the printers were not available the jobs queued indefinitely for printing later.

Simon.


--
Simon Butler
MVP: Exchange, MCSE
Sembee Ltd.

e: si...@sembee.co.uk
w: http://www.sembee.co.uk/
w: http://www.amset.info/
w: http://blog.sembee.co.uk/

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/<http://certificatesforexchange.com/> for 
certificates from just $23.99.
Need a domain for your certificate? 
http://DomainsForExchange.net/<http://domainsforexchange.net/>

Exchange Resources: http://exbpa.com/



From: John Aldrich [mailto:jaldr...@blueridgecarpet.com]
Sent: 24 June 2010 19:01
To: NT System Admin Issues
Subject: RE: DR Plan

Let me know what you find. We have a D/R plan, of sorts, but I think it's 
woefully inadequate, but like you, I don't really know where to start.

[cid:image001.jpg@01CB13DA.997A52C0][cid:image002@01cb13da.997a52c0]

From: Jay Dale [mailto:jay.d...@3-gig.com]
Sent: Thursday, June 24, 2010 11:23 AM
To: NT System Admin Issues
Subject: DR Plan

Hey all,

I've been assigned to create a DR plan for our company, but I've never actually 
had to come up with one before.  Does anyone have any ideas, templates, 
examples, or sites that can help me with this?  Basically it needs to cover our 
current infrastructure, if we purchase a SAN in the future, and if we change 
our existing backup strategy from a local backup to an offsite replication 
backup.

Thanks!

Jay Dale
I.T. Manager, 3GiG
Mobile: 713.299.2541
Email: jay.d...@3-gig.com<mailto:jay.d...@3-gig.com>

Confidentiality Notice: This e-mail, including any attached files, may contain 
confidential and/or privileged information for the sole use of the intended 
recipient. If you are not the intended recipient, you are hereby notified that 
any review, dissemination or copying of this e-mail and attachments, if any, or 
the information contained herein, is strictly prohibited. If you are not the 
intended recipient (or authorized to receive information for the intended 
recipient), please contact the sender by reply e-mail and delete all copies of 
this message.











~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~<><>

RE: NTBackup scripting

[Simon Butler]

Are you including JET in front when you are specifying the store?

The format should be something along the lines of:

"JET SERVERNAME\Microsoft Information Store\First Storage Group\"

Replacing SERVERNAME with the name of the server that you are backing up, and 
First Storage Group with the name of the Storage Group.  

I haven't got access to the system where this is setup, so it is from memory.

Simon. 



--
Simon Butler
MVP: Exchange, MCSE
Sembee Ltd.

e: si...@sembee.co.uk
w: http://www.sembee.co.uk/
w: http://www.amset.info/
w: http://blog.sembee.co.uk/

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/ for certificates from just $23.99.
Need a domain for your certificate? http://DomainsForExchange.net/ 

Exchange Resources: http://exbpa.com/ 



-Original Message-
From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] 
Sent: 17 June 2010 19:34
To: NT System Admin Issues
Subject: RE: NTBackup scripting

>The Petri IT KBase has some Exchange/NTBackup script articles.  Here's 
>one to
>start:
>
>Backing up Exchange 2000/2003 with NTBACKUP
>http://www.petri.co.il/backup_exchange_2000_2003_with_ntbackup.htm

I have no problems doing it, the issue specifically is as stated, I am 
programmatically generating the cmd to backup it up from the shell and was 
hoping to specify what to backup by not using a bks file, like you can when 
backing up the root of a drive, or a single file/dir.

Specifying the store, even quoted like it is in the bks file doesn't work...

Thanks!
jlc

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: [SPAM] Re: What the heck?

[Simon Butler]

Reminded me of this that I received over the weekend.
Looks like they are going after those who have heard all the reports about the 
problems with adobe PDF.

I have modified the URLs to make sure they aren't clickable.

Simon.




From: Adobe PDF Reader [mailto:supp...@adobe-pdf-solutions.org]
Sent: 29 May 2010 19:31
To: Simon Butler
Subject: Update New Adobe PDF Reader For Windows

Dear valued customers,

We are pleased to announce new release of Adobe PDF 2010 which will give you 
more options to view, create, edit, print and share PDF documents. You will not 
have to look around for help anymore !

+ 50% of your daily office works requires document handling.
+ 70% of your documents requires extra processing.
+ 15-20% of your documents requires exchanging with your peers, customers or 
partners.
+ 30% of such documents are in PDF format, and you need to view, edit, print 
and share them.

To learn more about new features and install Adobe PDF 2010, please:
+ Go to: http:// www.adobe-pdf-solutions. org/
+ Choose your options, download and start to improve your works.
A full version of Office suite is also available for your download.
DOWNLOAD TODAY: http:// www.adobe-pdf-solutions. org/
Best regards,
Adobe PDF 2010
--
Copy rights PDF Pro 2010 (c) All rights reserved
124 Denver St., Bluepoint, CA 91732, USA
Website: http://www.adobe-pdf-solutions.org/

From: Sean Martin [mailto:seanmarti...@gmail.com]
Sent: 01 June 2010 20:16
To: NT System Admin Issues
Subject: [SPAM] Re: What the heck?

We've been seeing this today also.

- Sean
On Tue, Jun 1, 2010 at 9:34 AM, David McSpadden 
mailto:dav...@imcu.com>> wrote:
Ok so my users are getting this right now.  I have blocked the ip with Ironport 
and sent the email saying not to open it but to delete it.
Anyone else getting this crap today?






If you already received this information before and action has been taken, then 
please ignore.

This important information about a security vulnerability requires your 
immediate attention!

All systems detected using Adobe products have been sent out this e-mail and 
are all requested to update their systems urgently.
Kindly follow the instructions in the e-mail as forwarded below.

Failure to comply will result in all financial and non financial loss to be a 
liability of the receiver.

Please treat this e-mail as a matter of urgency. No further follow up warning 
will be sent.

**This e-mail is a computer generated e-mail from 
ad...@imcu.com<mailto:ad...@imcu.com> and does not require a reply**


--- On Fri, 5/28/10, Richard Barnett 
mailto:rbarn...@adobe.com>> wrote: ---
From: Richard Barnett mailto:rbarn...@adobe.com>>
To: Administrator mailto:ad...@imcu.com>>
Subject: Adobe Security Update
Date: Friday, May 28, 2010, 11:24 AM

Broadcast message:
Adobe has issued a directive which states that all systems running their 
software should be patched for the latest security glitch.
The CVE-2010-0193 Denial of Service Vulnerability has recently been discovered 
on several systems running the previously released version of the software, 
which has been further documented on security sites such as 
http://www.securityfocus.com/bid/39524
It is strongly advised that all systems running the Adobe software is updated 
with the latest security patch to avoid further situations hampering the 
security and integrity of the system. Failure to follow the directive would 
mean that any loss which occurs due to the negligence will be a liability of 
the company and not Adobe. The link to update the system with the latest patch 
and instructions are provided below:

Download the instructions here: http://190.144.101.204/adobe/update.pdf 
(requires Adobe Acrobat Reader).
To update your system, download the installation file here: 
http://190.144.101.204/adobe/adbp932b.exe (adbp932b.exe).
(Read first the instructions before updating the system)


Your urgent attention is most appreciated,

Richard Barnett
Adobe Risk Management
345 Park Avenue
San Jose, CA 95110-2704
Tel: 408-587-3932
rbarn...@adobe.com<mailto:rbarn...@adobe.com>

---
Disclaimer:
This e-mail message and information contained in or attached to this message is 
privileged, confidential, and protected from disclosure and is intended only 
for the person or entity to which it is addressed. Any review, re-transmission, 
dissemination, printing or other use of, or taking of any action in reliance 
upon this information by persons or entities other than the intended recipient 
is prohibited.













~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Unblocked Blackberry from Verizon not working for data

[Simon Butler]

You can't just take a Blackberry, put a SIM in it and expect it to work with 
all functionality. 
While it will work for voice, you need to get your line enabled for Blackberry 
data by your phone service provider. The provider will probably want the PIN of 
the device as well, and can then toggle it from BES to BIS for you. 

If you don't want to involve your service provider then you are out of luck. 
Blackberry devices only work for data with the cooperation of the service 
provider (unlike a Windows Mobile device, Nokia etc), and the payment of an 
additional fee in most cases. 

Simon. 


--
Simon Butler
MVP: Exchange, MCSE
Sembee Ltd.

e: si...@sembee.co.uk
w: http://www.sembee.co.uk/
w: http://www.amset.info/
w: http://blog.sembee.co.uk/

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/ for certificates from just $23.99.
Need a domain for your certificate? http://DomainsForExchange.net/ 

Exchange Resources: http://exbpa.com/ 



-Original Message-
From: Juma, Lumumba [mailto:lcj...@icipe.org] 
Sent: 28 April 2010 13:51
To: NT System Admin Issues
Subject: Unblocked Blackberry from Verizon not working for data

Hi All,

A colleague bought me a BB 9530 in the US, unblocked. I am able to use voice 
but not data. The set is set for BES while I need to activate it for BIS. 
Anybody's experienced this before and found a way out? I am in Kenya.

Thanks,

Juma.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Exchange brick level backup software Options / soultion?

[Simon Butler]

The advice that I give to clients is quite simple.
When it comes to backup of Exchange, an Exchange aware backup should always 
take priority. This should be the first thing that is done. Any other options, 
such as brick level or GRT should be secondary and if the backup window or 
space becomes too small to do them all, then they are dropped.
With an Exchange aware backup (NTBACKUP or another backup product with Exchange 
agent) you can restore the entire database, that is all settings, data, 
permissions etc.

Brick level backups are slow, inefficient, and close to useless in a disaster 
recovery scenario.
BLBs are data only, and are only useful when Exchange is functioning. If you 
lose Exchange, then they are worthless. Bit like having all of the bricks from 
your house, but no plans.

I also have recollection that the Symantec Backup Exec GRT method is not 
supported by Microsoft. This may simply be a stronger line than their 
recommendation against doing brick level backups - which has never been part of 
the product as supplied by Microsoft, it is always third parties doing it.
The fact that Symantec have dropped brick level backup in favour of GRT should 
be an indication of the numerous problems that it causes.

Simon.



--
Simon Butler
MVP: Exchange, MCSE
Sembee Ltd.

e: si...@sembee.co.uk
w: http://www.sembee.co.uk/
w: http://www.amset.info/
w: http://blog.sembee.co.uk/

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/<http://certificatesforexchange.com/> for 
certificates from just $23.99.
Need a domain for your certificate? 
http://DomainsForExchange.net/<http://domainsforexchange.net/>

Exchange Resources: http://exbpa.com/



From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: 08 March 2010 14:38
To: NT System Admin Issues
Subject: RE: Exchange brick level backup software Options / soultion?

That registry setting is not required in Outlook 2007 or above. (And in fact, 
its meaning has changed over the years, but that's a topic for an entire 
article, not a mailing list post.)

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: paul d [mailto:pdw1...@hotmail.com]
Sent: Monday, March 08, 2010 9:35 AM
To: NT System Admin Issues
Subject: RE: Exchange brick level backup software Options / soultion?

If you have the reg hack "dumpster always on," you can still recover those 
emails that were 'hard-deleted.'

From: john.hornbuc...@taylor.k12.fl.us
To: ntsysadmin@lyris.sunbelt-software.com
Date: Mon, 8 Mar 2010 09:16:00 -0500
Subject: RE: Exchange brick level backup software Options / soultion?
Talk to me about item 5... I'm using Exchange 12.5. In my backup job, I have an 
option I can check to enable "Granular Recovery Technology." GRT lets me 
restore individual messages and mailboxes. You're saying that when I check that 
option, I'm no longer doing a "normal IS backup" and need, in essence, to 
create a second backup job in which GRT isn't enabled?

We can live with item 1. Our Exchange backups take a few hours, but in our 
environment that's acceptable (we're not an overnight operation here, so long 
backups at night are fine). But you've piqued my curiosity; I may disable GRT 
and see how big a difference that makes in the time.

On item 2, can't users permanently delete items from their Deleted Items 
folder, even it retention is enabled? I thought retention forced those items to 
be permanently deleted after a period of time, but I didn't know if also forced 
them to NOT be permanently deleted for that same period.

But I'm not an Exchange wiz by any means; I'm a generalist, not a specialist.

:-)


John



From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Monday, March 08, 2010 8:48 AM
To: NT System Admin Issues
Subject: RE: Exchange brick level backup software Options / soultion?

1] it takes a long time - typically 2 or 3 times longer than a full Information 
Store backup
2] if you have properly configured and know how to use deleted item retention 
and deleted mailbox retention, BLB provides you with no added benefits
3] it makes mailbox auditing worthless
4] you lose visibility to "last accessed by" for the mailbox
5] if you are doing a BLB INSTEAD OF a normal IS backup (usually happens 
because of item [1]), it will give you a false sense of security - a BLB does 
NOT replace a full IS backup

That being said - there are times and places and environments where it makes 
sense. Very few and far between. But they exist.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Monday, March 08, 2010 8:39 AM
To: NT System Admin Issues
Subject: RE: Exchange brick level backup software Options / soultion?

Is ther

RE: Migration of SBS 2003 Premium to SBS 200 Premium

[Simon Butler]

The service pack that is required by the migration is the same for premium and 
standard.
The reason you have to order the service pack details for premium edition is 
because it contains a completely new version of ISA server - taking the server 
from 2000 to 2004. Everything else is the same.
Therefore I would download SBS Service pack 1 and install that.
Then run the SBS Best practises tool and ensure that nothing else has been 
missed that it might require.

Simon.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: 19 February 2010 16:23
To: NT System Admin Issues
Subject: RE: Migration of SBS 2003 Premium to SBS 200 Premium

There were SBS specific pieces that were a portion of SP1. Just installing the 
component patches doesn't get everything "up to snuff".

Did you try installing the standard sbs sp1? I don't remember this as an issue, 
but the last 2003->2008 upgrade I did was close to 2 years ago.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Gary Sanderson [mailto:gary.sander...@gmail.com]
Sent: Friday, February 19, 2010 11:11 AM
To: NT System Admin Issues
Subject: Migration of SBS 2003 Premium to SBS 200 Premium

We have new server hardware and are migrating from SBS 2003 Premium to SBS 2008 
Premium.  In preparation for the migration I am going through the SBS Migration 
Check List and it is asking to verify that SBS 2003 SP1 is installed.  Well as 
I investigate I find that SBS 2003 SP 1 has not been installed but, it appears 
that all the component pieces that make up SBS 2003 have the updates that were 
rolled into SP1.  How can I be sure that this is the case?  And if there is 
still a need for SBS SP1, how can I get that for SBS 2003 Premium since it has 
not been available from MS since 2007?  There is a download for SP 1 for 
standard but for premium the CD set is required and the link to order that CD 
set (https://www.microsoft.upgrade.com/sbs/) requires the software key, once it 
is entered and the submit button is clicked, it comes back with a page saying 
that it is no longer available.



Ahhh the fun of migration!

--
Gary Sanderson
Sound Volunteer
Southmont Baptist Church
Denton, TX

"Good stewardship is less about how much money is saved
than it is about how much money is wasted."  -  Anthony Coppedge









~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Anyone running Blackberry Enterprise Srv Express

[Simon Butler]

Rim do not support any variant of BES at the moment installed on the same 
machine as Exchange, except SBS. So if you are using the full version then you 
will need to use a separate machine.
BES runs great in a VM, which is how I have deployed it for the last couple of 
years for clients.

Simon.


--
Simon Butler
MVP: Exchange, MCSE
Sembee Ltd.

e: si...@sembee.co.uk
w: http://www.sembee.co.uk/
w: http://www.amset.info/
w: http://blog.sembee.co.uk/

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/<http://certificatesforexchange.com/> for 
certificates from just $23.99.
Need a domain for your certificate? 
http://DomainsForExchange.net/<http://domainsforexchange.net/>



From: Todd Lemmiksoo [mailto:tlemmik...@all-mode.com]
Sent: 19 February 2010 16:44
To: NT System Admin Issues
Subject: Anyone running Blackberry Enterprise Srv Express


I have been asked to look into moving our Blackberry service from Nextel to 
in-house. We currently have 6 Blackberry users, 5 sales & 1 VP. I would be 
installing the Blackberry Enterprise Server Express on my Exchange 2003 box. It 
has a single 2.8 processor with 4 gig of memory, serving 65 mailboxes. I 
believe this would be enough horse power to also run the Blackberry ESE 
applications. I'm not sure what to do about the SQL 2005 requirement. Use SQL 
2005 Express, on the Exchange box, or our SQL 2005 SP3 box that houses our MS 
Great Plains Dynamics application.

Any suggestions are welcome.

Todd Lemmiksoo
Network Administrator

All-Mode Communications, Inc.
1725 Dryden Road
Freeville, New York  13068
(607) 347-4164 x6440
1-877-ALLMODE  (toll free)
http://www.all-mode.com





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: SBS 2008 Multi Domain Certificate Install

[Simon Butler]

With SBS 2008, there are two ways to do the SSL certificate installation - 
through the wizard, or the regular Exchange 2007 EMS method.
The wizard method presumes that you are using SRV record method for 
Autodiscover, so that the certificate is remote.example.com - a single name SSL 
certificate. However most external DNS providers do not support SRV records. 
(If you choose to use the DNS providers Microsoft has in their list, then they 
do - go figure).
Therefore you need to use the regular method then you can. However you need to 
ensure that the external name that you chose in the wizard for the SBS Server - 
usually remote.example.com - is the common name on the SSL certificate.

Thus you would have

Remote.example.com
Autodiscover.example.com
Server.example.local (server internal FQDN)
Server (server NETBIOS name)

What I usually do then is change the MX records for SMTP delivery direct to 
remote.example.com which then means the SSL certificate also provides TLS where 
the remote sending server supports it.

Finally, after installing the certificate manually, you will have to run the 
fix my network wizard, because SBS changes the bindings of the SSL site and 
some of the sites refuse to work after Exchange has done its thing with the 
certificates.

There are articles on the SSL certificate configuration for SBS 2008 on the SBS 
Team blog at Microsoft.

In short - it does work, but you have to be careful and use the wizards to 
"fix" things afterwards.
The SBS Best practises tool for SBS 2008 will also flag if the certificate has 
screwed up the SSL bindings, so you could run that after getting the 
certificate installed and then follow the links to correct it.

Simon.



--
Simon Butler
MVP: Exchange, MCSE
Sembee Ltd.

e: si...@sembee.co.uk
w: http://www.sembee.co.uk/
w: http://www.amset.info/
w: http://blog.sembee.co.uk/

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/<http://certificatesforexchange.com/> for 
certificates from just $23.99.
Need a domain for your certificate? 
http://DomainsForExchange.net/<http://domainsforexchange.net/>

Exchange Resources: http://exbpa.com/



From: Matt Plahtinsky [mailto:cbusitl...@gmail.com]
Sent: 01 February 2010 15:24
To: NT System Admin Issues
Subject: SBS 2008 Multi Domin Certificate Install

Ok I need some advise here.  (SBS 2008)

This is my first SBS install in about 8 or 9 years.  I need some advise on on 
what's the best way to install a certificate.  Normally when I need to install 
a certificate with Exchange 2007 I do it the manual way through powershell.  
However with a SBS system there quite a few websites being hosted on the same 
IIS Server.  There is an SSL Install wizard but from the looks of it it only 
works with one domain (or does it)?  I need to install a multi domain cert for 
Exchange 2007.  Can I do this from the wizard or do I need to do this manually. 
 If I do it manually will it screw up the other built in IIS sites.

Sorry just trying to wrap my brain around how I'm going to do this and my 
google-fu is weak this morning.

Thanks

Matt





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Outlook Web Access on SBS 2003 works in Basic mode but not Premium

[Simon Butler]

I have just posted this on the Exchange list as well, for those who haven't 
seen it there...

Server needs patching. 
There was an update for OWA because Microsoft lost a patent case. 

http://support.microsoft.com/kb/911829

Run the SBS Best Practises tool against the system - it will flag that missing 
update and others. 
There is a link to the SBS Best Practises tool on my Exchange resources site: 
http://exbpa.com/ 

Just to add - this is not an SMIME issue, I have never had to download the 
SMIME control unless it has been downloaded in the past. If it has, it should 
be listed in add/remove programs and can be removed. 

Simon. 



--
Simon Butler
MVP: Exchange, MCSE
Sembee Ltd.

e: si...@sembee.co.uk
w: http://www.sembee.co.uk/
w: http://www.amset.info/
w: http://blog.sembee.co.uk/

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/ for certificates from just $23.99.
Need a domain for your certificate? http://DomainsForExchange.net/ 

Exchange Resources: http://exbpa.com/

-Original Message-
From: Charlie Kaiser [mailto:charl...@golden-eagle.org] 
Sent: 22 January 2010 20:12
To: NT System Admin Issues
Subject: RE: Outlook Web Access on SBS 2003 works in Basic mode but not Premium

There's an S/mime issue that can cause this. Here's what I used...
1. In OWA, click on the "options" in the left Task Pane.
2. Under "E-mail Security" and Click Install or Upgrade the S/MIME Control.
This will download a new add-on.
3. Click "RUN" when asked about the Microsoft Outlook Web Access S/MIME install 
and security warning.

***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
***  

> -Original Message-
> From: Don Kuhlman [mailto:drkuhl...@yahoo.com]
> Sent: Friday, January 22, 2010 12:54 PM
> To: NT System Admin Issues
> Subject: Outlook Web Access on SBS 2003 works in Basic mode but not 
> Premium
> 
> HI folks. Happy Friday!
> 
> Having an issue where you run Microsoft Outlook Web Access and if you 
> choose basic mode, you can create and type body text into a new 
> message.
> However, if you choose Premium mode, you can put in To:, CC:, Subject, 
> etc. but the frame where you would type your message body is not 
> accessible - the web frame has the "X" in the corner and you can't 
> type anything.
> Anyone seen this or know about it?
> 
> Server is SBS 2003 (not R2)
> Clients can be XP Pro, VIsta, or Win 7.
> 
> Thanks
> 
> Don K
> 
> 
>   
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Exchange list?

[Simon Butler]

>From a look through the forum, the bulk of the traffic appears to be a feed 
>from the Microsoft newsgroups. I see very few "original" questions or 
>postings. Most of them are posted by "Name" then Guest and looking at the 
>formatting it looks like newsgroups. Some of the posters even state 
>"microsoft.public.exchange" as the poster!

I guess that is one way of getting posts in to a forum. 

Whether it feeds back, I cannot tell yet. I have posted a couple of things to 
track. One thing to watch if you put an email address in to your signature. 

Simon. 


--
Simon Butler
MVP: Exchange, MCSE
Sembee Ltd.

e: si...@sembee.co.uk
w: http://www.sembee.co.uk/
w: http://www.amset.info/
w: http://blog.sembee.co.uk/

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/ for certificates from just $23.99.
Need a domain for your certificate? http://DomainsForExchange.net/ 

Exchange Resources: http://exbpa.com/ 




-Original Message-
From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: 15 January 2010 21:46
To: NT System Admin Issues
Subject: RE: Exchange list?

When did THAT happen? Hmph. No-one told me.

From: Greg Olson [mailto:gol...@markettools.com]
Sent: Friday, January 15, 2010 4:43 PM
To: NT System Admin Issues
Subject: RE: Exchange list?

David,
I think the list your thinking about which shut down around that time has moved 
to a forum style here:
http://forums.slipstick.com/index.php

At least that's we're a lot of the guys moved over to. The Sunbelt one and the 
Yahoo Exchange 2003 group are good resources as well. 



From: Stu Sjouwerman [mailto:s...@sunbelt-software.com]
Sent: Friday, January 15, 2010 1:02 PM
To: NT System Admin Issues
Subject: RE: Exchange list?

Nope, still there !!


From: David Lum [mailto:david@nwea.org]
Sent: Friday, January 15, 2010 12:43 PM
To: NT System Admin Issues
Subject: Exchange list?
Is there a Exchange list/ I swear I was subscribed to one and it used to be as 
busy as that one, but that last post I see from 11/24. Did it move to a forum 
or something?

I have some Outlook / Exchange issue that are a high priority (my exec's are 
involved, time for me to pay attention..) David Lum // SYSTEMS ENGINEER 
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764

 
 
... 
 
 
 
 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Adobe Reader 9.3

[Simon Butler]

I always just go in to C:\Docs and Settings\username\Local Settings\Application 
Data\Adobe\ to get the setup files. 

No reboots required to install it on any of the systems I have tested on, 
neither do today's automatic updates from Microsoft require a reboot (yet). 

Simon. 


--
Simon Butler
MVP: Exchange, MCSE
Sembee Ltd.

e: si...@sembee.co.uk
w: http://www.sembee.co.uk/
w: http://www.amset.info/
w: http://blog.sembee.co.uk/

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/ for certificates from just $23.99.
Need a domain for your certificate? http://DomainsForExchange.net/ 

Exchange Resources: http://exbpa.com/ 



-Original Message-
From: Mike Gill [mailto:lis...@canbyfoursquare.com] 
Sent: 12 January 2010 20:24
To: NT System Admin Issues
Subject: RE: Adobe Reader 9.3

And once you download the installer, remember to:

  AdbeRdr930_en_US.exe -nos_o"Reader93" -nos_ne

This will extract the MSI and installer files to the folder "Reader93" in the 
current working directory. Then use the Adobe Customization Wizard 9 to create 
the transform and remove unwanted components so you can deploy using group 
policy.

--
Mike Gill

-Original Message-
From: Sam Cayze [mailto:sam.ca...@rollouts.com]
Sent: Tuesday, January 12, 2010 11:19 AM
To: NT System Admin Issues
Subject: RE: Adobe Reader 9.3

And that link is ftp://ftp.adobe.com/pub/adobe/reader/win/

I saved the link from a poster on this group.  Actually Andy, I think it was 
you :)

-Sam

 

-Original Message-
From: Andy Ognenoff [mailto:andyognen...@gmail.com]
Sent: Tuesday, January 12, 2010 12:44 PM
To: NT System Admin Issues
Subject: Adobe Reader 9.3

FYI, the Adobe Reader update to 9.3 is available on their public FTP site.

- Andy O.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Client info secure storage recommendations

[Simon Butler]

I am using Secret Server
http://www.thycotic.com/products_secretserver_overview.html

The main reason I chose that was it has native support for PDAs. Therefore I 
can access it through my Blackberry on the BES when out and about, without 
exposing the database in any shape or form to the internet.

Its under active development - I have had in place about two months and there 
have been a steady stream of updates, and the updating system is completely 
through the browser. It is a very nice product.  

Simon. 



--
Simon Butler
MVP: Exchange, MCSE
Sembee Ltd.

e: si...@sembee.co.uk
w: http://www.sembee.co.uk/
w: http://www.amset.info/
w: http://blog.sembee.co.uk/

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/ for certificates from just $23.99.
Need a domain for your certificate? http://DomainsForExchange.net/ 




-Original Message-
From: Charlie Kaiser [mailto:charl...@golden-eagle.org] 
Sent: 21 July 2009 19:09
To: NT System Admin Issues
Subject: Client info secure storage recommendations

I'm part of a consulting firm that has a variety of SMB clients. I'm looking
for something that will allow us to store client info such as router logins,
admin pws, connectivity info, RDP addresses, client contact info, that sort
of thing. It needs to be granular on a couple of levels. 
One, certain employees should only be able to see info for certain clients;
so admin A would see clients 1 and 2, and admin B would see clients 3 and 4.

Two, certain employees should only be able to see specific info for clients.
So the junior admin might see the backup exec login, but not the domain
admin account or router login.

Further criteria; free/opensource or low cost with an available trial;
possibly a sharepoint type of thing. We currently use PFs on our exch server
to store some of this and we don't like it.

Anyone seen anything that will fit that bill? I'm not even sure what type of
software I'd call it.

I'd think we could set up something like this in sharepoint, but not being a
sharepoint guru, I'm not sure which way to go with it..

TIA...


***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
*** 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: SMS Messaging

[Simon Butler]

Years ago I did it with a old Nokia phone plugged in to a charger, connected to 
an old laptop running a Psion Gold card and a third party tool. Things have 
moved on since then. 

You can get text machines, which is what most of the radio stations will be 
using. These are basically a form of mobile phone with a SIM inside them. 
However that will not give you the best rates because you will be using the 
mobile phone network's service and are best suited to inbound texts.

Your best option is to look at SMS gateway APIs and run it over the internet. 
Tons of those around. Google SMS Gateway with the UK switch turned on and every 
link including the adverts will take you to something suitable. It all depends 
on what you can do with the service. Some offer Outlook plugins, or an Exchange 
plugin, as well as dedicated applications. 

It is one area where Europe leads the USA in software development, most of the 
good stuff is coming out of the UK and Germany. 

Simon. 

-Original Message-
From: Robert Jackson [mailto:r...@walkermartyn.co.uk] 
Sent: 19 March 2009 14:48
To: NT System Admin Issues
Subject: RE: SMS Messaging

Hi Simon,

Many thanks. All SMS messages will be to UK numbers and as you have 
suggested, I've seen the average price to be about 4 to 4.5p per
message.

Can you provide details of the hardware/software options you talk about
or
point me in the general direction thereof?

TIA,
Robert.

-Original Message-----
From: Simon Butler [mailto:si...@amset.co.uk] 
Sent: Thursday March 2009 14:36
To: NT System Admin Issues
Subject: RE: SMS Messaging

Has your client looked at the costs of doing this?
I have been asked before to do it and every time it has been dropped
because of the costs. 
Here in the UK there are no free options, and unless you limit it
heavily, the staff will abuse it. 
You will need to sign up with one of the bulk suppliers, but you will be
looking at between 2.5 and 7p a message, depending on the volume. On
bulk messaging 10,000 messages is not a lot, add another two zeros to
get the best rates. At 10,000 pcm expect to pay around 4 or 5p a message
- UK numbers only. Double it for international in most cases. 

As for how to do it, there are two ways. Hardware, where you have a SIM
on a device connected to your network and software, where the message is
sent to a service provider, usually using an API. 

The market is very competitive so have a good look round. If you can do
it with hardware and your own systems then you can move between
providers easily. 

Simon. 


--
Simon Butler
MVP: Exchange, MCSE
Amset IT Solutions Ltd.

e: si...@amset.co.uk
w: www.amset.co.uk
w: www.amset.info

Need cheap certificates for Exchange, compatible with Windows Mobile
5.0?
http://CertificatesForExchange.com/ for certificates from just $23.99. 
Need a domain for your certificate? http://DomainsForExchange.net/ 





-Original Message-
From: Robert Jackson [mailto:r...@walkermartyn.co.uk] 
Sent: 19 March 2009 13:29
To: NT System Admin Issues
Subject: SMS Messaging

We've had a requirement from one of our customers to provide a facility
for SMS text messaging.

Does anyone have a feeling as to whether we should do this ourselves by
getting one or more SMS modems or using one of the many SMS services
out there?

Our application (to a backend database) has 2 methods of access:-
a web interface used by call centres and various levels of stakeholders
or a
Terminal Services logon to access the client runtime (this method allows
more
functionality than the web interface).

We're talking about sending/receiving roughly 10,000 SMS texts/month.
Texts
will be sent mainly from our web interface, but this facility could be
opened up
to Terminal Server users accessing the system/database.

Does anyone have any recommendations?


TIA.



The information in this internet E-mail is confidential and is intended
solely for the addressee. Access, copying or re-use of information in it
by anyone else is unauthorised. Any views or opinions presented are
solely those of the author and do not necessarily represent those of
Walker Martyn Ltd or any of its affiliates. If you are not the
intended recipient please contact  administra...@walkermartyn.co.uk

Walker Martyn Ltd, company number SC197533. Company is 
registered in Scotland and has its registered office at 1 Park
Circus Place, Glasgow G3 6AH, UK.





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally,

RE: SMS Messaging

[Simon Butler]

Has your client looked at the costs of doing this?
I have been asked before to do it and every time it has been dropped because of 
the costs. 
Here in the UK there are no free options, and unless you limit it heavily, the 
staff will abuse it. 
You will need to sign up with one of the bulk suppliers, but you will be 
looking at between 2.5 and 7p a message, depending on the volume. On bulk 
messaging 10,000 messages is not a lot, add another two zeros to get the best 
rates. At 10,000 pcm expect to pay around 4 or 5p a message - UK numbers only. 
Double it for international in most cases. 

As for how to do it, there are two ways. Hardware, where you have a SIM on a 
device connected to your network and software, where the message is sent to a 
service provider, usually using an API. 

The market is very competitive so have a good look round. If you can do it with 
hardware and your own systems then you can move between providers easily. 

Simon. 


--
Simon Butler
MVP: Exchange, MCSE
Amset IT Solutions Ltd.

e: si...@amset.co.uk
w: www.amset.co.uk
w: www.amset.info

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/ for certificates from just $23.99. 
Need a domain for your certificate? http://DomainsForExchange.net/ 





-Original Message-
From: Robert Jackson [mailto:r...@walkermartyn.co.uk] 
Sent: 19 March 2009 13:29
To: NT System Admin Issues
Subject: SMS Messaging

We've had a requirement from one of our customers to provide a facility
for SMS text messaging.

Does anyone have a feeling as to whether we should do this ourselves by
getting one or more SMS modems or using one of the many SMS services
out there?

Our application (to a backend database) has 2 methods of access:-
a web interface used by call centres and various levels of stakeholders
or a
Terminal Services logon to access the client runtime (this method allows
more
functionality than the web interface).

We're talking about sending/receiving roughly 10,000 SMS texts/month.
Texts
will be sent mainly from our web interface, but this facility could be
opened up
to Terminal Server users accessing the system/database.

Does anyone have any recommendations?


TIA.



The information in this internet E-mail is confidential and is intended
solely for the addressee. Access, copying or re-use of information in it
by anyone else is unauthorised. Any views or opinions presented are
solely those of the author and do not necessarily represent those of
Walker Martyn Ltd or any of its affiliates. If you are not the
intended recipient please contact  administra...@walkermartyn.co.uk

Walker Martyn Ltd, company number SC197533. Company is 
registered in Scotland and has its registered office at 1 Park
Circus Place, Glasgow G3 6AH, UK.





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Foxit PDF Reader Flaws

[Simon Butler]

I always get it from the Adobe FTP site. 
There is a 9.1 build there:
ftp://ftp.adobe.com/pub/adobe/reader/win/9.x/9.1/enu/

Go up a level for other languages. 

Simon. 


--
Simon Butler
MVP: Exchange, MCSE
Amset IT Solutions Ltd.

e: si...@amset.co.uk
w: www.amset.co.uk
w: www.amset.info

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/ for certificates from just $23.99. 
Need a domain for your certificate? http://DomainsForExchange.net/ 




-Original Message-
From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: 11 March 2009 22:19
To: NT System Admin Issues
Subject: RE: Foxit PDF Reader Flaws

And in turn by me posting that link I probably just broke their license 
agreement.  Oops.



-Original Message-
From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Wednesday, March 11, 2009 5:17 PM
To: NT System Admin Issues
Subject: RE: Foxit PDF Reader Flaws

Not familiar with what's on their FTP site,

But the link they are giving out in the "Adobe Reader Distribution Request" 
email is to this 9.0 file:
http://ardownload.adobe.com/pub/adobe/reader/win/9.x/9.0/enu/AdbeRdr90_en_US_Std.exe

-Sam





-Original Message-
From: Andy Ognenoff [mailto:andyognen...@gmail.com]
Sent: Wednesday, March 11, 2009 5:08 PM
To: NT System Admin Issues
Subject: RE: Foxit PDF Reader Flaws

It's the same file that they put on the FTP site.

 - Andy O. 

From: Sam Cayze [mailto:sam.ca...@rollouts.com]
Sent: Wednesday, March 11, 2009 3:56 PM
To: NT System Admin Issues
Subject: RE: Foxit PDF Reader Flaws

That's the method I am talking about that is still distributing 9.0, and not 
9.1.   So it's worthless to us right now :( -Sam


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Changing Account Settings en Masse

[Simon Butler]

If anyone has links to admodify.net and is pointing to http://admodify.net you 
should probably correct them as MS let the domain go and it is now parked.

The URL to download it is http://www.codeplex.com/admodify although if you 
search for admodify.net the top hit is the parked domain unfortunately.

Simon.


--
Simon Butler
MVP: Exchange, MCSE
Amset IT Solutions Ltd.

e: si...@amset.co.uk
w: www.amset.co.uk
w: www.amset.info

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/ for certificates from just $23.99.
Need a domain for your certificate? http://DomainsForExchange.net/





From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: 04 March 2009 13:46
To: NT System Admin Issues
Subject: RE: Changing Account Settings en Masse

Hello... We may have a new winner! I <3 GUIs...




From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Tuesday, March 03, 2009 6:51 PM
To: NT System Admin Issues
Subject: RE: Changing Account Settings en Masse

ADModify.Net

Carl

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Tuesday, March 03, 2009 6:43 PM
To: NT System Admin Issues
Subject: Changing Account Settings en Masse

We've previously not allowed users to change their own passwords; we've handled 
that for them, and in Active Directory have their accounts configured to 
prevent them from doing it.

We're implementing some new policies now, and in the near future users will 
need to be able to change their own passwords.

I feel sure there's a way for me to enable this capability without having to 
launch ADUC and bring up each user's account individually.

Could one of you command line commandos give me a point in the right direction?



John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us<http://www.taylor.k12.fl.us>

















~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: SMB question..

[Simon Butler]

I tried a comparison last summer. 
I used a VMWARE system and built the systems twice. Once with full products and 
once with SBS. This was SBS 2003 R2 and Exchange 2003 SP2/Windows 2003 R2. 

There were three things that I took away from the exercise:

1. Time. I had the SBS running in less than two hours as I installed from ISOs. 
Even allowing patching it was done in just over three hours. Took me most of 
the day to do the full product - including all configuration, group policy etc. 
Yes I had the core system built in about 90 minutes (again from ISOs), but 
there was a lot of other things to do in the background. I had the SBS system 
running next to it to try and replicate the configuration as much as possible, 
but if I didn't then I would have struggled to match it. 
I think I got to about 90% matching functionality and configuration, the 
missing 10% will be the SBS exclusive features (see next point) and the SBS 
templates etc.  

2. Features. There are some things in SBS that are missed in the full product - 
RWW being the main one, and some of the built in reporting functionality. Just 
see how many people ask if RWW can be ported across. It is only with TS Gateway 
on Windows 2008 that the full product comes close - and you still don't get the 
web frontend for it. 

3. The connect computer wizard. This has been mentioned before, but if you are 
coming off a workgroup environment it is a real time saver. It brings 
everything in to the domain environment - imports the PST files, adjusts the 
permissions on My Documents, moves the favourites, pretty much the entire 
profile. Now I know I could do this by hand, but the wizard just does it for 
me. Using it for real, I was able to add 20 machines to an SBS site in an 
afternoon by using the wizard, if I had been doing it by hand I would have been 
a day, maybe two. 

As for performance, the SBS box did seem a little snappier in how it worked, 
its start up time etc. Even taking in to account the performance hit running it 
on VMWARE, there were some subtle differences. Could all be perception though, 
so that has to be taken in to account. 

However the way I look at it, if it is just a matter of putting the products 
together with a fancy management console, why does it take so long for the SBS 
version to be released? Windows 2008 was the best part of 12 months prior to 
SBS release (and you aren't telling me they started on SBS only after RTM), 
Exchange 2007 almost two years. It doesn't take that long to design a frontend 
- particularly when it is based on the frontend from Windows Home Server!

Simon.



--
Simon Butler
MVP: Exchange, MCSE
Amset IT Solutions Ltd.

e: si...@amset.co.uk
w: www.amset.co.uk
w: www.amset.info

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/ for certificates from just $23.99. 
Need a domain for your certificate? http://DomainsForExchange.net/ 





-Original Message-
From: Michael B. Smith [mailto:mich...@theessentialexchange.com] 
Sent: 27 January 2009 13:14
To: NT System Admin Issues
Subject: RE: SMB question..

I've not used SBS 2008.

But insofar as SBS 2003 - it does a number of configuration things
(application of KB 817379 comes to mind, along with the junk that has to be
done to get OWA and WSS to run on the same server) up front; but does
nothing that a reasonable admin wouldn't or couldn't do herself.

Regards,

Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
My blog: http://TheEssentialExchange.com/blogs/michael
I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php


-Original Message-
From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Tuesday, January 27, 2009 1:37 AM
To: NT System Admin Issues
Subject: RE: SMB question..

No one is arguing the benefit of the time saving of the wizards.

But we want to know how the products installed on an SBS 2003 server are
different to the separate products installed on the same box. Having run SBS
2003 before, I can't really see any real difference.

Cheers
Ken

-Original Message-
From: Jeremy Anderson [mailto:jer...@mapiadmin.net] 
Sent: Tuesday, 27 January 2009 5:24 PM
To: NT System Admin Issues
Subject: RE: SMB question..


> I'm really ambivalent about those things.  Their purpose is largely to let
people who have >no business mucking around as administrator think they know
what's going on.  IT management >is not something you want an untrained
person doing, even for a small business.  Just like >you don't want a small
business doing their own plumbing or electrical
>wiring.  And yes, many do all of that themselves.Doesn't make it a
>good idea.  I'm aware of the cost arguments; I argue that the money is
better spent hiring >>an outside contractor.  IMO, YMMV, etc.  You don't
have to agree.

Being the outside contractor, I love the Wizards.  Yeah, I 

RE: [OT]

[Simon Butler]

Go to SamKnows and see what the phone exchange can handle. 
http://www.samknows.com/ 
You can only get ADSL2+ where someone has put their own kit in to the exchange 
as BT are doing what they do best - dragging their heels (if it was down to BT 
we would all be on 512k connections). 

You are basically restricted to one of three providers in most places

02 (aka BE)
Easynet
Tiscali

Tiscali, well they want out of the UK, but can't find anyone to buy their 
service. Be careful, as a lot of ISPs will be using Tiscali's service. I am 
currently on Eclipse, but their backbone is Tiscali and I will be dropping them 
shortly. 

Easynet are owned by Sky. Their business side is pretty good. They also go 
under the name of UK Online.

02 Business seems pretty good. I have two clients with their service and things 
seem to tick along quite well. 

Another one to look at it NTL Business, if cable is in the area. 

Orange don't have a business service I remember correctly. 

You may also want to look at the thinkbroadband site to see what people have to 
say, but do note that in many cases it can be down to where they are. I know a 
lot of people kick Virgin Media, but they have been fine for me as my backup 
connection, but in another location with a friend of mine they are nothing but 
hassle. 

Its going to be one of those, pick one and see what it is like. If you then 
have to change, look to see who is running the backbone, as I have heard of 
people saying they are dropping one ISP and going to another, where they don't 
know that the service will be the same because both are using the same core 
supplier. 

Most American's on the list now have no idea what we are on about!

Simon. 



--
Simon Butler
MVP: Exchange, MCSE
Amset IT Solutions Ltd.

e: si...@amset.co.uk
w: www.amset.co.uk
w: www.amset.info

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/ for certificates from just $23.99. 
Need a domain for your certificate? http://DomainsForExchange.net/ 


-Original Message-
From: Oliver Marshall [mailto:oliver.marsh...@g2support.com] 
Sent: 23 January 2009 12:17
To: NT System Admin Issues
Subject: RE: [OT]

Yeah, we looked at them, but they are extraordinarily expensive for a standard 
small office.

-Original Message-
From: Fergal O'Connell [mailto:foconn...@curamsoftware.com] 
Sent: 23 January 2009 11:56
To: NT System Admin Issues
Subject: RE: [OT]

We use KeConnect for a small office and never had any problems..

http://www.keconnect.co.uk/products/business/broadband/adsl2/



-Original Message-
From: Oliver Marshall [mailto:oliver.marsh...@g2support.com] 
Sent: 23 January 2009 10:36
To: NT System Admin Issues
Subject: [OT]

Hi chaps,

Can anyone recommend an ADSL2+ provider in Manchester, England? I know it's a 
long shot but I'm struggling to source a recommendable provider in the area (we 
are 400 miles away ourselves).

Olly

--
G2 Support
Online Backups 

Email:  oliver.marsh...@g2support.com
Web:    http://www.g2support.com





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. If you are not the intended recipient, any disclosure,
copying, distribution or any action taken or omitted to be taken in reliance
on it, is prohibited and may be unlawful. If you are not the intended
addressee please contact the sender and dispose of this e-mail. Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Aaaiiiyyyeeeeee!!! OOO notices! (OT)

[Simon Butler]

I have just posted to the Exchange list and received 31 OOTO messages, and 30 
minutes later they are still coming in. 

Simon.


--
Simon Butler
MVP: Exchange, MCSE
Amset IT Solutions Ltd.

e: si...@amset.co.uk
w: www.amset.co.uk
w: www.amset.info

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/ for certificates from just $23.99. 
Need a domain for your certificate? http://DomainsForExchange.net/ 
 

-Original Message-
From: John Cook [mailto:john.c...@pfsf.org] 
Sent: 29 December 2008 18:20
To: NT System Admin Issues
Subject: RE: Aaaiiiyyyee!!! OOO notices! (OT)

Did you get an OOO from me last week? I'm on E2007 and Olk2007 and specifically 
said no OOF outside of my domain.

John W. Cook
Systems Administrator
Partnership For Strong Families
315 SE 2nd Ave
Gainesville, Fl 32601
Office (352) 393-2741 x320
Cell (352) 215-6944
Fax (352) 393-2746
MCSE, MCTS, MCP+I,CompTIA A+, N+

-Original Message-
From: Martin Blackstone [mailto:mblackst...@gmail.com]
Sent: Monday, December 29, 2008 1:20 PM
To: NT System Admin Issues
Subject: RE: Aaaiiiyyyee!!! OOO notices! (OT)

You must be new around here. :)


-Original Message-
From: Edward B. DREGER [mailto:eddy+public+s...@noc.everquick.net]
Sent: Monday, December 29, 2008 10:03 AM
To: NT System Admin Issues
Subject: Aaaiiiyyyee!!! OOO notices! (OT)

I normally get a few OOOs in response to a post... but _thirteen_ just
now?!

Hint:  If a message is addressed to a list (not to oneself), from a
list server, et cetera, an OOO response might not be appropriate.  And
telling random people that you'll be out of state for two months is
unwise from a security perspective.


Eddy
--
Everquick Internet - http://www.everquick.net/
A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita

DO NOT send mail to the following addresses:
dav...@brics.com -*- jfconmaa...@intc.net -*- s...@everquick.net
Sending mail to spambait addresses is a great way to get blocked.
Ditto for broken OOO autoresponders and foolish AV software backscatter.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
 Consider the environment. Please don't print this e-mail unless you really 
need to.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: WSUS3 Question

[Simon Butler]

What I have found is that if the update doesn't download properly and fails to 
install, the automatic update client will not download the update again. It 
will continue to try and install the bad download. This happens with both WSUS 
and conventional automatic updates.

The only way I have found to fix it is to stop the automatic updates service, 
then delete the contents of C:\Windows\SoftwareDistribution, then restarting 
the automatic updates process again. I have a script to do that here:
http://www.amset.info/windows/auto-updates.asp

It has to be run on the client, but works well with the psexec tool from 
sysinternals. Just last week I used the tool to correct over 200 workstations 
from the server following a bad download. Must blog on how I did that.

Simon.


--
Simon Butler
MVP: Exchange, MCSE
Amset IT Solutions Ltd.

e: si...@amset.co.uk
w: www.amset.co.uk
w: www.amset.info

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/<http://certificatesforexchange.com/> for 
certificates from just $23.99.
Need a domain for your certificate? 
http://DomainsForExchange.net/<http://domainsforexchange.net/>





From: Gavin Wilby [mailto:gavin.wi...@gmail.com]
Sent: 12 December 2008 09:48
To: NT System Admin Issues
Subject: WSUS3 Question

This might be blindingly obvious to some - but not to me unfortunatly ;)

If I have a WSUS3 server, and its pushing out updates both ones I approve and 
automatically security and critical, and then some of those updates fail to 
install.

Whats the approved methos of dealing with it - do i have to go to each machine 
and sort ot out manually, will re-approving the update force it out again? Does 
a wuauclt /detectnow force the client to retry.

I cant get a definitive answer to this,.. so does anyone know?

Gavin.





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Thin clients

[Simon Butler]

If you want to get to grips with the technology, then I would suggest picking 
up a used Thin Client from eBay. Get an HP or something like that and reflash 
its firmware as soon as you get it. Then build a TS in a virtual machine and 
try it out.

The best resource used to be thethin.net but they sold out to TechGenix and you 
can find it here: http://www.msterminalservices.org/

The most common pain point with thin clients is printers. It has got better 
with Windows 2008, but is still an issue.
To be honest, the clients are the least of your worries, the main area of 
concern is with the server/s.

Simon.


--
Simon Butler
MVP: Exchange, MCSE
Amset IT Solutions Ltd.

e: [EMAIL PROTECTED]
w: www.amset.co.uk
w: www.amset.info

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/<http://certificatesforexchange.com/> for 
certificates from just $23.99.
Need a domain for your certificate? 
http://DomainsForExchange.net/<http://domainsforexchange.net/>





From: Glen Johnson [mailto:[EMAIL PROTECTED]
Sent: 14 November 2008 16:51
To: NT System Admin Issues
Subject: RE: Thin clients

Joe.
We are looking at true thin client but at stage, we don't really know what we 
are doing.
We have hoped to save some money over the long haul but we are pretty sure we 
wont save any $$ the first year or so.
We don't have any thin clients or back end so I was hoping someone would have 
recommendations or reading info on which way to go with the back end as well as 
the clients.
I've seen previous comments about Wyse and remember they was mostly positive.  
We've also seen a lab set up with a Dell server and 50 HP thin clients.  
Unfortunately, we didn't get to play with it so we didn't really get a feel for 
the back end.  The client experience we pretty positive though.
I also I've heard about this.  Wonder if it is something to consider or avoid.  
The price looks good but I'm looking for others advice.

King of Prussia, PA, September 12, 2008 - Devon IT, Inc., an alternative 
desktop solution company and the fastest growing provider of thin client 
terminals, today announced it will debut its ultra-small TC2 thin client at 
VMworld 2008 (booth 360) at The Venetian Hotel in Las Vegas from September 
15-18.

Starting at US$189, the TC2 is VDI, Xen, and RDP-capable and designed to be the 
most efficient and cost-effective alternative to standard PCs. Standing less 
than six inches in height and five inches in length, the TC2 is the market's 
smallest generally available thin client. It consumes 8-9 watts on average, 
compared to nearly 150 watts used by PCs, and is VESA-mountable to maximize 
desktop space.

From: Joe Heaton [mailto:[EMAIL PROTECTED]
Sent: Friday, November 14, 2008 11:37 AM
To: NT System Admin Issues
Subject: RE: Thin clients

Wyse makes great thin clients, but most of the manufacturers are getting in the 
game now.  Other things to consider are:


1)   Are you going true thin clients, and pushing the desktop to the 
device, or going more of a mid-client, and pushing specific apps.

2)  Do you already have Citrix, or some other app to do the pushing?

3)  What exactly are you trying to accomplish with the thin clients?  Is 
there another way of doing it without going thin clients?

If you're going for cost savings, you're not really going to see much.  The 
typical thin client is about what you can get a decent business desktop.  You 
may save a few bucks per machine, but if you don't already have the backend 
stuff, then you won't see a real cost savings, at least not right off.

Joe Heaton
Employment Training Panel

From: Glen Johnson [mailto:[EMAIL PROTECTED]
Sent: Friday, November 14, 2008 8:27 AM
To: NT System Admin Issues
Subject: Thin clients

We have been asked to investigate using thin clients for some stations.  
Initially, maybe 10 or so but if it goes well, who knows, maybe 100 or more.
Any reading or other resources that anyone care to point me to?
Also, any suggestions as to what vendors/technology to look at and to avoid.
Thanks.
Glen.
















~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: SBS 2008 yet ?

[Simon Butler]

I have a SBS 2008 running fine in a VM with 4gb of RAM. Although the SBS 
community are stating 8gb should be the minimum.
It will not even install unless there is 60gb of hard disk space available.

I am also running E2007 at home in much less than 8gb of RAM, although things 
get a little slow if you are using UM.

Both RAM and disk space are cheap. I had to replace two disks in a SAT array 
last week. UK£45 each for two 500gb drives.

Put it in to the free Hyper-V Server then when you can get a better machine or 
a dedicated system just move it around. It is something I am seriously 
considering doing when I start my SBS 2008 deployments.

Simon



--
Simon Butler
MVP: Exchange, MCSE
Amset IT Solutions Ltd.

e: [EMAIL PROTECTED]
w: www.amset.co.uk
w: www.amset.info

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/<http://certificatesforexchange.com/> for 
certificates from just $23.99.
Need a domain for your certificate? 
http://DomainsForExchange.net/<http://domainsforexchange.net/>


From: Oliver Marshall [mailto:[EMAIL PROTECTED]
Sent: 22 October 2008 17:50
To: NT System Admin Issues
Subject: RE: SBS 2008 yet ?

8gb of ram ?

Holy cow. My 6GB virtual 'monster' that's waiting for it doesn't seem 
so...monstrous now.

From: Benjamin Zachary - Lists [mailto:[EMAIL PROTECTED]
Sent: 22 October 2008 17:37
To: NT System Admin Issues
Subject: RE: SBS 2008 yet ?

60gb and 8gb of ram minimum requirements seemed a little excessive, I need to 
virtualize my ram :)

From: Oliver Marshall [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 22, 2008 09:09
To: NT System Admin Issues
Subject: SBS 2008 yet ?

I'm bored. When will SBS2008 hit the action packs ?

Olly

--
G2 Support
Online Backups

Email:  [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>
Web:http://www.g2support.com


















~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: MS CA's and iPhones

[Simon Butler]

You can do the same thing with Windows Mobile devices using cabinet files. The 
cabinet file can contain everything but their username and password, including 
any self generated certificate. Granted it isn't well known, but I have had it 
documented for a while.
Settings: http://www.amset.info/exchange/mobile-deploy.asp
SSL Certificate: http://www.amset.info/pocketpc/certificates3.asp

With Exchange 2007 and Windows Mobile 6.1, if you are using a commercial SSL 
certificate then the users don't even need anything on their devices, just 
their email address and password.

The iPhone has just woken lots of people up to what is required, and because 
Apple have a "solution" people think that is the only way.

Simon.


--
Simon Butler
MVP: Exchange, MCSE
Amset IT Solutions Ltd.

e: [EMAIL PROTECTED]
w: www.amset.co.uk
w: www.amset.info

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/<http://certificatesforexchange.com/> for 
certificates from just $23.99.
Need a domain for your certificate? 
http://DomainsForExchange.net/<http://domainsforexchange.net/>





From: Joseph L. Casale [mailto:[EMAIL PROTECTED]
Sent: 25 August 2008 20:35
To: NT System Admin Issues
Subject: RE: MS CA's and iPhones

Ok, so The Enterprise Deployment Config:

You install an app which sets up a webserver to connect to (lame). I assume 
this is because they only developed one application and ported it to windows.

You create a config, then either email it out, or export it to be downloaded by 
safari. It can contain a minimum of an EAS profile and APN config (lame again, 
they obviously have one or how the hell does it download it via Safari?) and an 
ssl cert (if you need it). The email option is busted as it needs the nix 
binary on a nix path (Lame to include that in my windows version?).

Truth is, after adding the mime type to IIS the profile worked immediately 
after being downloaded and synced asap! If they did away with quirks  above, 
this kicks the hell out of EAS on Mobile OS for setting up my "un inclined" 
users. I am going to try to leave the username partially blank so I can make 
one profile for all users. Cool...

jlc






~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Symantec Endpoint Protection

[Simon Butler]

"But I do like that we have the one brand for both desktop AV and Exchange AV, 
and would like to keep it that way."

You like having a single point of failure for your AV software?

I am the complete opposite to you. I hate having the same brand on Exchange and 
the desktops and will avoid it where possible.

In your current scenario you have one defence system - as both the desktop and 
Exchange AV will be working on the same set of definition files. It gets past 
one it will get past the other and your machines will be infected.

I will leave the Symantec bashing out of it, but will say that I see more 
infected systems that are "protected" by Symantec than any others.

What you should be looking for is to have something different on the Exchange 
server to provide dual levels of protection. Something like GFI Mail Security, 
Microsoft Forefront or the list host's product. Something using multiple 
definition files that are not the same as what you are using now.
The idea being that if one doesn't catch, the other will.

Simon.


--
Simon Butler
MVP: Exchange, MCSE
Amset IT Solutions Ltd.

e: [EMAIL PROTECTED]
w: www.amset.co.uk
w: www.amset.info

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/<http://certificatesforexchange.com/> for 
certificates from just $23.99.
Need a domain for your certificate? 
http://DomainsForExchange.net/<http://domainsforexchange.net/>





From: Joe Heaton [mailto:[EMAIL PROTECTED]
Sent: 28 July 2008 21:44
To: NT System Admin Issues
Subject: RE: Symantec Endpoint Protection

So I guess what I'm really asking here, now that I'm not trying to bash 
Symantec, is this:

Are there enough improvements with the new version (mainly overhead, bloat, 
etc.) to recommend upgrading to it?  My users' main complaint is that their 
computer takes so long to completely boot up in the morning, and this is 
because Symantec is doing a startup scan and takes a huge portion of CPU 
cycles, which bogs down the entire system.  I personally would love to tell 
them not to upgrade, but wait until the contract ends, and dump Symantec like a 
hot potato.  But I do like that we have the one brand for both desktop AV and 
Exchange AV, and would like to keep it that way.

Joe Heaton

From: Michael Hoffman [mailto:[EMAIL PROTECTED]
Sent: Monday, July 28, 2008 11:56 AM
To: NT System Admin Issues
Subject: RE: Symantec Endpoint Protection

I liked the product, it's just that at launch it was too heavy to run on 
anything but a dedicated box. As all our clients have SBS we just renewed and 
kept them on v.10. The new version is a lot lighter, but I'm still nervous 
about older servers and we are looking at a more blended defence. I'll probably 
keep renewing my clients for one more year and then see.

Mike

From: Michael Ross [mailto:[EMAIL PROTECTED]
Sent: 28 July 2008 19:11
To: NT System Admin Issues
Subject: RE: Symantec Endpoint Protection

I have v11.. and the latest greatest rendition, MP2 MR1.. fantastic..
But for email servers, id use trend micro's scanmail. IMHO.

From: Joe Heaton [mailto:[EMAIL PROTECTED]
Sent: Monday, July 28, 2008 12:34 PM
To: NT System Admin Issues
Subject: Symantec Endpoint Protection

Anyone using this that is happy with it?  Also, is there anyone here that 
doesn't think Symantec is a big pile?  I personally hate the product, and wish 
that I made the decisions around here, but I don't, so I have to come up with 
objective reviews of SEP, and whether or not we should upgrade from v.10 to the 
Symantec Mulit-tier protection system, with SEP, SAV Mobile and Mail Security.

Joe Heaton
AISA
Employment Training Panel
1100 J Street, 4th Floor
Sacramento, CA  95814
(916) 327-5276
[EMAIL PROTECTED]















No virus found in this incoming message.
Checked by AVG - http://www.avg.com
Version: 8.0.138 / Virus Database: 270.5.6/1577 - Release Date: 7/28/2008 6:55 
AM

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: blacklists

[Simon Butler]

The important thing here is whether your queues in the Exchange server have 
lots of messages in them.
If they are clear, then it is probably not your Exchange server that is being 
abused, but a client. However if you are using a smart host of some kind to 
send email then your server could still be the source of the blacklisting.

Have you checked the blacklist's web sites? Sometimes they will have a copy of 
the message that triggered the listing. Looking at the message you might be 
able to diagnose which machine it is.

I wrote a blog posting on this exact scenario a few months ago. 
http://www.sembee.co.uk/archive/2008/03/13/73.aspx

The fact that you have Symantec on all of your workstations means nothing.
Which product do you think all of the BOT writers test their "product" against 
to see if it will infect the machines? The market leader - Symantec.

Simon.


--
Simon Butler
MVP: Exchange, MCSE
Amset IT Solutions Ltd.

e: [EMAIL PROTECTED]
w: www.amset.co.uk
w: www.amset.info

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/<http://certificatesforexchange.com/> for 
certificates from just $23.99.
Need a domain for your certificate? 
http://DomainsForExchange.net/<http://domainsforexchange.net/>






From: Paul Everett [mailto:[EMAIL PROTECTED]
Sent: 28 July 2008 23:15
To: NT System Admin Issues
Subject: RE: blacklists

Yes, with MXToolbox everything check out.


From: Roger Wright [mailto:[EMAIL PROTECTED]
Sent: Monday, July 28, 2008 6:11 PM
To: NT System Admin Issues
Subject: RE: blacklists

Have you tested for Open Relay?



Roger Wright
Network Administrator
727.572.7076  x388
_


From: Paul Everett [mailto:[EMAIL PROTECTED]
Sent: Monday, July 28, 2008 5:35 PM
To: NT System Admin Issues
Subject: blacklists

We've been finding ourself on some blacklists since last week and have 
basically shut us down.  Specifically Spamhaus and Barracuda's.
I'm not sure if I have an infected computer on my network sending spam or not.  
I've requested my ip removed from the blacklists several times, but after a day 
or two I'm back on.  I've got a window to post this question before it happens 
again.  Here's what I have.
One Domain, two locations connected via PTP T1 (Adtrans).  All Internet access 
is at one location where I have my Mail Server 2003 (Ninja) and a Watchguard 
Firewall.  All clients (about 200) running Symantec AV.
I don't have really the tools or knowledge to run any packet capture software 
(or anything else) to determine if I have an owned machine, but while I am 
working on that is there any way to close my firewall to outbound mail traffic 
while still letting my Exchange out?  Do infected computers send email thru 
port 25 like Exchange?  If so, can I block that port and change the port 
Exchange uses to send?  If so, how?
This may take me awhile, but I'd like to stay off the blacklists in the mean 
time.

One thing I've done is installed Zone Alarm on my pc to see if I can catch any 
of my local computers scanning my network.  After the install it asked if I 
wanted my Outlook to act as a Server.  The info button showed that it should be 
ok to do, but I said "no".  My email seems to be working but I keep getting 
notifications that ZA is blocking internet access to my computer from my mail 
server.  This is probably nothing.

Thanks for any suggestions.

Paul Everett
IS Dept.
Lee Mental Health Center
239-791-1551

"Lee Mental Health Center, Inc. providing services through Ruth Cooper Center 
for Behavioral Health Care and VISTA Behavioral Crisis Services.  Visit our 
website at www.leementalhealth.orghttp://www.leementalhealth.org/> to 
learn more."

Confidentiality Notice:  This e-mail message, including any attachments, is for 
the sole use of the intended recipient(s) and may contain confidential and 
privileged information.  Any unauthorized review, use, disclosure, or 
distribution is prohibited.   If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message, including attachments.














~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: PST Hell

[Simon Butler]

You are aware that PST files on a network location is not supported and the 
quickest way to corrupt those PST files?

http://support.microsoft.com/default.aspx?kbid=297019

More on the same subject:
http://blogs.technet.com/askperf/archive/2007/01/21/network-stored-pst-files-don-t-do-it.aspx
Simon.


From: Roger Wright [mailto:[EMAIL PROTECTED]
Sent: 21 July 2008 21:51
To: NT System Admin Issues
Subject: PST Hell


We're dealing with the prospect of moving approximately 200 PST files from 
several server locations to a new USERS share location.  We could do this 
manually and reset each user's Outlook accordingly, but would prefer some type 
of automated process.  Racking my brain but can't come up with a means to do 
this simply.

Suggestions from anyone whose done something similar?



Roger Wright

Network Administrator

727.572.7076  x388

_







~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: SSL cert question

[Simon Butler]

You must have made the changes to get the self generated certificate accepted 
by the clients.
Even a self generated certificate will expire one day and that will cause the 
feature to fail.
Personally speaking, I don't bother with self generated certificates for RPC 
over HTTPS. For the hassle when they expire and generally getting them to work 
for the sake of saving US$25/year it isn't worth it.

Simon.



--
Simon Butler
MVP: Exchange, MCSE
Amset IT Solutions Ltd.

e: [EMAIL PROTECTED]
w: www.amset.co.uk
w: www.amset.info

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/<http://certificatesforexchange.com/> for 
certificates from just $23.99.
Need a domain for your certificate? 
http://DomainsForExchange.net/<http://domainsforexchange.net/>


From: Gavin Wilby [mailto:[EMAIL PROTECTED]
Sent: 17 July 2008 19:19
To: NT System Admin Issues
Subject: Re: SSL cert question

"or RPC over HTTPS then those features will fail"

Are you entirly sure about that - I only ask cos I have two sbs sites that use 
RPC over HTTPS in Outlook and they have *no* registered certs at all, and the 
connection still works.

Or is it more of a case of a valid cert expiring that causes the failure.

On Wed, Jul 16, 2008 at 7:34 PM, Simon Butler <[EMAIL PROTECTED]<mailto:[EMAIL 
PROTECTED]>> wrote:
If you are using Exchange 2003 and are using Exchange ActiveSync or RPC over 
HTTPS then those features will fail completely as they cannot cope with the 
certificate prompt.
If the certificate is being used to secure SMTP/POP3/IMAP connections then 
those will also fail, particularly if it is being used to secure incoming email 
on TLS/SMTPS.

Basically anything that uses SSL transparently will stop working.

Simon.



--
Simon Butler
MVP: Exchange, MCSE
Amset IT Solutions Ltd.

e: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>
w: www.amset.co.uk<http://www.amset.co.uk/>
w: www.amset.info<http://www.amset.info/>

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/<http://certificatesforexchange.com/> for 
certificates from just $23.99.
Need a domain for your certificate? 
http://DomainsForExchange.net/<http://domainsforexchange.net/>


-Original Message-
From: Joe Heaton [mailto:[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>]
Sent: 16 July 2008 18:40
To: NT System Admin Issues
Subject: RE: SSL cert question

That's pretty much exactly my question.  We have one that expires next week, 
and since the state doesn't have a budget yet, I'm not allowed to renew it, or 
even pay $15.00 out of my own pocket to get a GoDaddy cert.  So, my boss is 
asking me if there are security concerns with users accessing through an 
expired cert, and I just want to be sure one way or the other before giving my 
"certified" answer...

Joe Heaton
-Original Message-
From: Andy Ognenoff [mailto:[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>]
Sent: Wednesday, July 16, 2008 10:33 AM
To: NT System Admin Issues
Subject: RE: SSL cert question

If you're talking about a cert for a web site, clients requesting it will be
notified that the cert is expired and warned that there could be problems
with it.  To my knowledge, if they accept the risk of accepting an expired
cert, the encryption still takes place, same as if they accept a cert from a
non-globally recognized CA.

 - Andy O.

From: Joe Heaton [mailto:[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>]
Sent: Wednesday, July 16, 2008 12:28 PM
To: NT System Admin Issues
Subject: SSL cert question

If you have an SSL cert, and it expires, what, if any, functionality is
lost?

Joe Heaton
AISA
Employment Training Panel
1100 J Street, 4th Floor
Sacramento, CA  95814
(916) 327-5276
[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>





~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

No virus found in this incoming message.
Checked by AVG - http://www.avg.com<http://www.avg.com/>
Version: 8.0.138 / Virus Database: 270.5.0/1555 - Release Date: 7/16/2008 6:43 
AM

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: SSL cert question

[Simon Butler]

If you are using Exchange 2003 and are using Exchange ActiveSync or RPC over 
HTTPS then those features will fail completely as they cannot cope with the 
certificate prompt.
If the certificate is being used to secure SMTP/POP3/IMAP connections then 
those will also fail, particularly if it is being used to secure incoming email 
on TLS/SMTPS.

Basically anything that uses SSL transparently will stop working.

Simon.



--
Simon Butler
MVP: Exchange, MCSE
Amset IT Solutions Ltd.

e: [EMAIL PROTECTED]
w: www.amset.co.uk
w: www.amset.info

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/ for certificates from just $23.99.
Need a domain for your certificate? http://DomainsForExchange.net/


-Original Message-
From: Joe Heaton [mailto:[EMAIL PROTECTED]
Sent: 16 July 2008 18:40
To: NT System Admin Issues
Subject: RE: SSL cert question

That's pretty much exactly my question.  We have one that expires next week, 
and since the state doesn't have a budget yet, I'm not allowed to renew it, or 
even pay $15.00 out of my own pocket to get a GoDaddy cert.  So, my boss is 
asking me if there are security concerns with users accessing through an 
expired cert, and I just want to be sure one way or the other before giving my 
"certified" answer...

Joe Heaton
-Original Message-
From: Andy Ognenoff [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 16, 2008 10:33 AM
To: NT System Admin Issues
Subject: RE: SSL cert question

If you're talking about a cert for a web site, clients requesting it will be
notified that the cert is expired and warned that there could be problems
with it.  To my knowledge, if they accept the risk of accepting an expired
cert, the encryption still takes place, same as if they accept a cert from a
non-globally recognized CA.

 - Andy O.

From: Joe Heaton [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 16, 2008 12:28 PM
To: NT System Admin Issues
Subject: SSL cert question

If you have an SSL cert, and it expires, what, if any, functionality is
lost?

Joe Heaton
AISA
Employment Training Panel
1100 J Street, 4th Floor
Sacramento, CA  95814
(916) 327-5276
[EMAIL PROTECTED]





~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

No virus found in this incoming message.
Checked by AVG - http://www.avg.com
Version: 8.0.138 / Virus Database: 270.5.0/1555 - Release Date: 7/16/2008 6:43 
AM

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: Certificates for Exchange question

[Simon Butler]

The certificates are supported by most Windows Mobile devices from 5.0 with 
MSFP and higher - which includes 6.0 and 6.1. I have seen the root certificate 
removed from some devices, but they are in the core that is supplied from 
Microsoft and are in the emulator images. Why some vendors remove them I do not 
know - probably so they can get their preferred music downloader/facebook/other 
time wasting, data using application on the device instead.

If you have the device you need support for then look in the root certificate 
list for Starfield Class 2, http://valicert.com/ and GoDaddy Class 2 
Certificates as those are the required roots.

Simon.


From: Oliver Marshall [mailto:[EMAIL PROTECTED]
Sent: 15 July 2008 08:55
To: NT System Admin Issues
Subject: Certificates for Exchange question

Anyone know if the certs from Certificates for Exchange are supported on 
Windows Mobile 6.0 and 6.1 ? We currently use Entrust for our SSL certs for OWA 
in order that remote users can use their pda phones. However moving to CFE 
would be tempting.

Olly









~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: AV for Exchange 2003

[Simon Butler]

This really should be on the Exchange list...

However I only deploy AV on the Exchange server now to stop users from sending 
things between themselves that they shouldn't. Most viruses/worms etc are now 
email based and as far as I am concerned spam and worms are the same thing, 
they use the same methods to send, just with a different payload. A decent anti 
spam application will stop most virus infected messages as well.

The threat from mobile phones is negligible at the moment.
The threat from OWA is also minimal at the present time as the user has to 
physically attach something to the email, it cannot be done for them easily.

Looking at the three sites I am currently connected to (its patch Tuesday 
night) none of them have caught anything virus wise for six months. It has all 
been blocked by the anti spam filter.

If you do decide to go for something on the Exchange server, use something 
different to what you have on the clients. That will provide a second level of 
protection. That pretty much rules out the major players who seem to be only 
interested in selling suites. Microsoft Forefront (aka Sybari Antigen as it 
once was) or GFI Mail Security are two standalone products that immediately 
spring to mind, plus they have multiple engines therefore increasing your 
protection level.

Simon.


--
Simon Butler
MVP: Exchange, MCSE
Amset IT Solutions Ltd.

e: [EMAIL PROTECTED]
w: www.amset.co.uk
w: www.amset.info

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/ for certificates from just $23.99.
Need a domain for your certificate? http://DomainsForExchange.net/





From: Scott Weber [mailto:[EMAIL PROTECTED]
Sent: 08 July 2008 22:48
To: NT System Admin Issues
Subject: AV for Exchange 2003

Just curious what others use for AV on exchange.
We just have one exchange server and we use Postini for spam, but we were 
thinking
about possibly adding something to the exchange server for possible threats 
from Webmail and/or Mobile Phones.

Is this a real possible threat to the exchange server?
I know there won't  be just one answer, but what are some products you all use?

Thanks

Scott






~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: Vodafone 3G-USB and SMTP servers

[Simon Butler]

Trying to send email via SMTP on your own servers cannot be guaranteed. ISPs 
will push the connection through their own servers, block the connections to 
remote servers and generally cause a lot of problems. You should avoid using 
plain SMTP for roaming users if possible, particularly if you need to keep a 
copy of the email on the server.

If you need the email to go through your own servers then you have three 
options.

- If Exchange 2003 or higher RPC over HTTPS or OWA.
- VPN
- If you aren't using Exchange then you could also look at TLS/SMTPS if your 
server supports it on another port - 465. Technically legacy, but most email 
servers and clients can be configured to use it.

Ping/nslookup means nothing other than a packet is being sent back. As a 
troubleshooting tool it is about as much use as shouting in a valley "is there 
anyone there?".
What you should be doing is seeing whether you can telnet to the port. That 
will confirm connectivity.

telnet server.domain.co.uk 25

If the cursor just sits there then the traffic is being blocked.

Simon.



--
Simon Butler
MVP: Exchange, MCSE
Amset IT Solutions Ltd.

e: [EMAIL PROTECTED]
w: www.amset.co.uk
w: www.amset.info

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
Go to http://www.certificatesforexchange.com/ for certificates for just $20 a 
year.
Now includes SAN certificates for Exchange 2007 for just $59 a year.
Need a domain for your SSL certificate? http://www.domainsforexchange.net/






-Original Message-
From: Oliver Marshall [mailto:[EMAIL PROTECTED]
Sent: 07 April 2008 15:28
To: NT System Admin Issues
Subject: RE: Vodafone 3G-USB and SMTP servers

Will do.

If Vodafone is forcing the use of their own mail servers,
well.erthat's a bugger. We'd like to make the sales chaps
use our own mail server in order to keep the archive correct.

Can anyone think of a work around ?

Olly

-Original Message-
From: Ames Matthew B [mailto:[EMAIL PROTECTED]
Sent: 07 April 2008 15:20
To: NT System Admin Issues
Subject: RE: Vodafone 3G-USB and SMTP servers

Try this server:

send.vodafone.net

-Original Message-
From: Oliver Marshall [mailto:[EMAIL PROTECTED]
Sent: 07 April 2008 15:03
To: NT System Admin Issues
Subject: Vodafone 3G-USB and SMTP servers

Lo gang,

Anyone here getting a problem with Vodafone 3G enabled laptops (either
usb adapter based machines or inbuilt 3g units) and sending mail via
smtp servers?

We've just got 3 3g cards for laptops. No matter what mail server we try
to use they all return either AUTHORISATION REQUIRED or TOO MANY
CONNECTIONS. We've tried our own mail server here, sending via our mail
filtering service, sending straight to client mail servers, our hosted
PLESK mail server etc. All the same.

Vodafone as usual are being as helpful as choco-teapots and giving us a
standard response, but the problem only happens when using the Vodafone
service. Using the T-Mobile equivalent works fine as does the wifi down
the road, our office connections, home adsl lines etc.

Pinging the mail servers comes back with the right IP, and tracerouting
to the mail servers shows it's hitting the box.

Anyone else seen the same thing?

Olly

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~
The information contained in this E-Mail and any subsequent
correspondence is private and is intended solely for the intended
recipient(s).  The information in this communication may be
confidential and/or legally privileged.  Nothing in this e-mail is
intended to conclude a contract on behalf of QinetiQ or make QinetiQ
subject to any other legally binding commitments, unless the e-mail
contains an express statement to the contrary or incorporates a formal
Purchase Order.

For those other than the recipient any disclosure, copying,
distribution, or any action taken or omitted to be taken in reliance
on such information is prohibited and may be unlawful.

Emails and other electronic communication with QinetiQ may be
monitored and recorded for business purposes including security, audit
and archival purposes.  Any response to this email indicates consent
to this.

Telephone calls to QinetiQ may be monitored or recorded for quality
control, security and other business purposes.

QinetiQ Limited
Registered in England & Wales: Company Number:3796233
Registered office: 85 Buckingham Gate, London SW1E 6PD, United Kingdom
Trading address: Cody Technology Park, Cody Building, Ively Road,
Farnborough, Hampshire, GU14 0LX, United Kingdom
http://www.QinetiQ.com/home/legal.html

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Genera

RE: Windows 2008 Install

[Simon Butler]

I am pretty sure that you can install Windows 2008 without ANY key. The install 
process will simply ask you what type of Windows it is, then you enter the key 
later on. If you can get hold of the ISO from somewhere then you can install it.

However the simple option would be to download the trial version from 
Microsoft.com.

Simon.



--
Simon Butler
MVP: Exchange, MCSE
Amset IT Solutions Ltd.

e: [EMAIL PROTECTED]
w: www.amset.co.uk
w: www.amset.info

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/<http://certificatesforexchange.com/> for 
certificates from just $23.99.






From: Keith Turgeon [mailto:[EMAIL PROTECTED]
Sent: 27 March 2008 15:04
To: NT System Admin Issues
Subject: Windows 2008 Install

Morning,

Quick question.  I need to get Windows 2008 server up and running today, we 
ordered a license thru our volume program, but the license key and media 
download access won't be available for a couple of days.   We do have a MSDN 
agreement, and have a license and media for that version.   Can I install that 
media now and then change it over to our volume license when it arrives in a 
couple of days?

Thoughts?

Thanks,
Keith








~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: Use Outlook 2003 OST file in Outlook 2007

[Simon Butler]

I don't think you can use the old OST files, however you can seed the OST in 
advance.

http://technet.microsoft.com/en-us/library/cc179067.aspx

Simon.



--
Simon Butler
MVP: Exchange, MCSE
Amset IT Solutions Ltd.

e: [EMAIL PROTECTED]
w: www.amset.co.uk
w: www.amset.info

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
Go to http://www.certificatesforexchange.com/ for certificates for just $30 a 
year.





From: Jelle Piekaerts [mailto:[EMAIL PROTECTED] On Behalf Of Jelle Piekaerts
Sent: 16 March 2008 14:41
To: NT System Admin Issues
Subject: Use Outlook 2003 OST file in Outlook 2007

Hello,

We are going to perform a new PC rollout in our company  (± 450 users, 4 
sites). Currently we are using Outlook 2003 with OST files, and we are going to 
migrate to Outlook 2007.

We are going to do an installation from scratch (new PCs). The problem we have 
is, that our Exchange servers (located at head quarters) are connnected through 
slow 2mbit WANs. So even if we only do a couple of migrations a day, per site, 
this would easily saturate the WAN connections.

Is it possible to reuse the Outlook 2003 OST file in Outlook 2007, without 
performing an in-place upgrade ?

With best regards,
Jelle







~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: SSL certificates

[Simon Butler]

No, that isn't correct.
GoDaddy's root certificate was first added to Windows Mobile 5 with the MSFP 
upgrade. As most devices have a MSFP build available they should be able to get 
one with the root certificate included.
If there is still a problem with a missing certificate, both the root and the 
intermediate certificate can be imported on to any device using the cabinet 
file method. There is no GUI or other tool to do it. It takes a few more 
minutes to setup, but as you can combine the two certificates in to a single 
cabinet file, for the few minutes it takes to create one more than makes up for 
the savings made. Instructions: http://www.amset.info/pocketpc/certificates3.asp
However almost all Windows Mobile devices on the market now support the GoDaddy 
certificate.

Simon.


From: Ken Schaefer [mailto:[EMAIL PROTECTED]
Sent: 19 January 2008 00:56
To: NT System Admin Issues
Subject: RE: SSL certificates


Yeah - WM5 devices are not capable of requesting the entire certificate chain 
if your cert (e.g. from GoDaddy) is signed by an intermediate CA not in the 
device's cert store. I believe that this was added in WM6 (but I'm not 100% 
sure)

Cheers
Ken

From: Rick Corgiat [mailto:[EMAIL PROTECTED]
Sent: Saturday, 19 January 2008 5:24 AM
To: NT System Admin Issues
Subject: RE: SSL certificates


Be sure to investigate whether or not mobile devices will work with the lesser 
know cert providers. I recently had a tough time getting an older Cingular 
phone to work with a GoDaddy cert.

Rick


From: Joe Heaton [mailto:[EMAIL PROTECTED]
Sent: Friday, January 18, 2008 9:54 AM
To: NT System Admin Issues
Subject: SSL certificates


Someone recently mentioned an SSL issuing authority that they were using 
outside of Verisign.  We have a certificate that is coming up for renewal, and 
I want to look around at other options, but don't want to get sucked into a bad 
issuing authority.

Joe Heaton






































~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: [ISN] Clarkson stung after bank prank

[Simon Butler]

As someone has already pointed out, this isn't an issue with what he did, but 
the UK banking system.
The original details was published in an article in the Sunday Times - maybe 
available online.
However the information that he supplied is available quite easily.
Here in the UK, our cheques (yes that is how we spell it) has the Account Name, 
Sort Code (routing number I think the US equivalent is) and the Account number. 
He also gave information on how to find his address, although that would be 
easily done from public information.

With JUST that information no one should be able to take money from him. The 
Direct Debit was setup frequently and therefore he will get the money back 
immediately. The UK direct debit system is well regulated and the banks are 
under an obligation to refund the money.

What is causing the noise in the UK is how easy it was for someone to set this 
up using public information.
Furthermore more his bank (Barclays, one of the largest banks in the UK and the 
world) are hiding behind some UK legislation called the Data Protection Act.
For those that don't know, Clarkson is the presenter of the most popular 
motoring show in the UK, and rants against the environmentalist lobby. it has 
been pointed out that instead of a diabetes charity, it would have been more 
amusing if it was a donation to Greenpeace or Friends of the Earth (both major 
environmental charities here in the UK).

The comments on The Register's reporting of the story will help with the real 
concerns of the story: 
http://www.theregister.co.uk/2008/01/07/clarkson_bank_prank_backfires/

Hopefully that clears up some of the background to the story.

Simon.


From: Don Ely [mailto:[EMAIL PROTECTED]
Sent: 08 January 2008 20:47
To: NT System Admin Issues
Subject: Re: [ISN] Clarkson stung after bank prank


Someone share their bank account info and routing codes with me and see if "I" 
get caught...  :P

Billionaires only need apply  None of you IT folk here qualify...

On Jan 8, 2008 12:43 PM, Micheal Espinola Jr <[EMAIL PROTECTED]> wrote:

He's a total idiot.  If I was under 18 again, *I* would have cleaned him out.


On Jan 8, 2008 3:32 PM, Don Ely <[EMAIL PROTECTED]> 
wrote:

He's an a$$h4t.  He got lucky...  If someone really wanted to, they could have 
cleaned him out...  It's absolutely stupid to provide that kind of information 
in a public forum and NOT expect to get exploited...

He's an Idiot

On Jan 8, 2008 12:28 PM, Graeme Carstairs <[EMAIL PROTECTED]> wrote:

What this proves is that the Direct Debit scheme in the UK is flawed.

You used to have to sign a form to declare you wanted the Direct Debit set up.

Now you just need bank account details.

Though he will get his money back instantly as the direct debit scheme is fully 
guaranteed and any miss or fraudulent payment is covered.

Also his claims that there is nothing the bank can do under the data protection 
act is correct the police. can investigate who setup the payment as part of a 
criminal investigation.

His details are out there as he said before he published them, and it was open 
to anyone to use.

Though he may come across as pompous and arrogant Clarkson is one of the best 
presenters on TV.

I dont think he should need to say sorry because he made a mistake, as he was 
correct, no one has stolen his money, he will get it back instantly as it was a 
fraudulent DD charge.






On Jan 8, 2008 5:57 PM, Kurt Buff <[EMAIL PROTECTED]> 
wrote:
He's a useful idiot, in this case.

He's provided his audience with proof positive that losing control of
your PII is a *bad* thing.

Heh.

On Jan 8, 2008 8:06 AM, Don Ely < [EMAIL PROTECTED]> 
wrote:
>
>  I gathered that from reading the article...  again I say; Idiot
>
>
>
>
> On Jan 8, 2008 8:00 AM, James Rankin < [EMAIL PROTECTED] PROTECTED]>> wrote:
>
> >
> > I saw that yesterday and laughed my ass off. For non-Brits unfamiliar with
> Jeremy Clarkson, he is supremely arrogant and self-assured, which makes it
> all the more funny.
> >
> > I still love watching him on Top Gear though
> >
> >
> >
> >
> >
> > On 08/01/2008, Kurt Buff < [EMAIL PROTECTED]> 
> > wrote:
> > > -- Forwarded message --
> > > From: InfoSec News < [EMAIL PROTECTED]>
> > > Date: Jan 8, 2008 12:02 AM
> > > Subject: [ISN] Clarkson stung after bank prank
> > > To: [EMAIL PROTECTED]
> > >
> > >
> > > http://news.bbc.co.uk/2/hi/entertainment/7174760.stm
> > >
> > > 7 January 2008
> > >
> > > TV presenter Jeremy Clarkson has lost money after publishing his bank
> > > details in his newspaper column.
> > >
> > > The Top Gear host revealed his account numbers after rubbishing the
> > > furore over the loss of 25 million people's personal details on two
> >

Test Whether Variable Exists

[Simon Butler]

Hi,
This should be an easy one but I cannot find the answer after hours of
searching.
I am looking for a way that I can test whether a variable exists and then
take action on the result. This is for use in a login script - not a KIX
script.
I don't want to add, change or delete the variable in anyway, just check
whether it is there or not.
Can anyone suggest a way?
Thanks,
Simon Butler.

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm