RE: Yay! Microsoft leads browsers in malware, phishing defense

[Webb, Brian (Corp)]

Hey ME, where do you see this?
 
-Brian

 



From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] 
Sent: Friday, August 14, 2009 3:32 PM
To: NT System Admin Issues
Subject: Yay! Microsoft leads browsers in malware, phishing defense



"Everyone thinks Microsoft stinks at security," he said. "They
need to get some credit for some of the good stuff they've done.
Microsoft has been a big target for attacks for a long time, and that's
actually a benefit to them. They've learned how they can turn that
around and protect themselves better."

 
...
 

In catching and stopping socially engineered malware, a
significant drop-off occurred after the Microsoft browser. Firefox
  3 was next in line,
blocking 27 percent. Apple's Safari
  4 thwarted 21 percent,
followed by Google Chrome 
(seven percent) and Opera 
10 (one percent).

The browsers, as a group, performed relatively better in
offering phishing protection. Firefox deterred 80 percent of suspected
fraud sites, Opera caught 54 percent, followed by Chrome (26 percent)
and Safari (two percent).

"It's pretty shocking how bad some of the vendors are doing,"
Moy said. "Everyone should challenge their assumptions and look at some
real data when they're making decisions [on which browser to use]."


It doesnt change my mind about why I use Firefox, but this is some great
news for Microsoft and IE. Its good too see these security initiatives
coming to fruition.

--
ME2


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Copiers

[Webb, Brian (Corp)]

We have the Canons and they work pretty well.  If you are talking about
1 or 2 of them then the management of the printer/scanner functions is
ok, but we have over 100 of them and managing them is a royal pain.
There isn't any way to script the configuration or make changes to more
than one at a time.  Each time we change the password on the account
used to scan to a network share, we have to open a web page on each
copier and change the password for each scan location individually.
When you have 2-10 scan locations configured on each copier you have a
many hour task to change the password.  The other problems we have are
things like the copier techs resetting the configuration (we always do
that!) or locking us out by changing the password.  There are a couple
of things you have to be at the copier to configure - the web interface
is also not very intuitive.
 
-Brian

 



From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com] 
Sent: Thursday, August 13, 2009 9:32 AM
To: NT System Admin Issues
Subject: Copiers



We are in the process of looking at a few different copiers. 
Anyone have any good/bad/ugly on these? 

Kyocera TASKalfa 820 
Kyocera KM-5050 

Canon   ImageRunner 5075 
Canon   ImageRunner 5055 

Xerox   Workcentre 5675PT 
Xerox   Workcentre 5655P 


Spec-wise, they all look very similar.  Even the pricing and cost per
page are right on. 
I've never dealt w/ Kyocera - so I am a little hesitant going with
them... 

Thanks. 

 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: New device

[Webb, Brian (Corp)]

Looks like something in this category:

http://gadgets.boingboing.net/2009/01/08/handson-with-oqo-2-u.html

-Brian

-Original Message-
From: Terry Dickson [mailto:te...@treasurer.state.ks.us]
Sent: Wednesday, August 12, 2009 3:17 PM
To: NT System Admin Issues
Subject: RE: New device

This Link Should work for you to see what Joe is talking about.

http://webobjects.cdw.com/webobjects/media/pdf/mobile-defense-measures.p
df

-Original Message-
From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com]
Sent: Wednesday, August 12, 2009 2:01 PM
To: NT System Admin Issues
Subject: RE: New device

can you post a pic?



From: Joe Heaton [mailto:jhea...@etp.ca.gov]
Sent: Wednesday, August 12, 2009 2:45 PM
To: NT System Admin Issues
Subject: New device



This is a longshot, but I figure if anyone is going to know it will be
you
guys.

 

I just received a new CDW-G catalog, dated August 2009, with the main
title
on the cover of Mobile Defense Measures.  On the cover, and in the title
article, there is a picture of a woman, holding a device.  It's silver,
with
rounded edges on the side, and a small screen that slides up to uncover
the
keyboard.  There appears to be a fingerprint reader on the top edge of
the
screen, which is black.  Anyone know what this device is?  It is really
cool
looking and I'd like to find out more about it.

 

Thanks,

 

Joe Heaton

AISA

Employment Training Panel

1100 J Street, 4th Floor

Sacramento, CA  95814

(916) 327-5276

jhea...@etp.ca.gov

 

 

 

 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


No virus found in this incoming message.
Checked by AVG - www.avg.com 
Version: 8.5.409 / Virus Database: 270.13.52/2298 - Release Date:
08/12/09
06:09:00

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: AOL

[Webb, Brian (Corp)]

No kidding!  This was (of course) a small company that didn't have
anyone dedicated to IT.  I was learning on the job as this was my first
gig where I had a "real" network.  I left in '94 with them still running
10Base2, but it was getting harder to get the NICs...
 
-Brian

 



From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Monday, August 10, 2009 3:54 PM
To: NT System Admin Issues
Subject: RE: AOL


What ever happened to the 5-4-3 rule 
 

Erik Goldoff


IT  Consultant

Systems, Networks, & Security 

 

________

From: Webb, Brian (Corp) [mailto:brian.w...@teldta.com] 
Sent: Monday, August 10, 2009 4:30 PM
To: NT System Admin Issues
Subject: RE: AOL


I inherited a network many years ago that was 10Base2 in the walls and
all one giant loop.  The guy who was "managing" the network added 2 port
repeaters randomly in the network when things got flakey (after he added
another user for example).  One day I found a big pile of cable up in
the ceiling that was all part of the network - it was about 200 feet in
20-30 foot chunks all connected by T connectors that were sitting there
not connected to anything.  It took a long time to get that stabilized -
I ended up taking out all the 2 port repeaters and putting in one 8 port
unit so I had reasonable numbers of machines on each run.
 
-Brian

 



From: Len Hammond [mailto:lenhammo...@gmail.com] 
Sent: Monday, August 10, 2009 2:21 PM
To: NT System Admin Issues
Subject: Re: AOL


I had a whole building full of co-ax. With no way to test any of it when
I got started, I ended up with a leg over 800feet in length. It was
"flakey" to say the least. Once I got a tester and found the length and
shortened it it became much more reliable. Most of my users were so
afraid of the things they never moved anything - I had to do it. 

Len Hammond
CSI:Hartland
lenhamm...@gmail.com



On Fri, Aug 7, 2009 at 4:40 PM, Ben Scott  wrote:


On Fri, Aug 7, 2009 at 3:30 PM, Free, Bob wrote:
> Bingo. Most of the 5250 cards had TwinAx connections so the
> cabling/terminations were one more variable in getting to damn
things to
> work.


 How about BNC 10BASE2?  Nothing like having the entire LAN go
down
because some luser decided to unplug their computer to move it
to the
other side of their desk...

-- Ben


~ Finally, powerful endpoint security that ISN'T a resource hog!
~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~



 

 

 

 

 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: AOL

[Webb, Brian (Corp)]

I inherited a network many years ago that was 10Base2 in the walls and
all one giant loop.  The guy who was "managing" the network added 2 port
repeaters randomly in the network when things got flakey (after he added
another user for example).  One day I found a big pile of cable up in
the ceiling that was all part of the network - it was about 200 feet in
20-30 foot chunks all connected by T connectors that were sitting there
not connected to anything.  It took a long time to get that stabilized -
I ended up taking out all the 2 port repeaters and putting in one 8 port
unit so I had reasonable numbers of machines on each run.
 
-Brian

 



From: Len Hammond [mailto:lenhammo...@gmail.com] 
Sent: Monday, August 10, 2009 2:21 PM
To: NT System Admin Issues
Subject: Re: AOL


I had a whole building full of co-ax. With no way to test any of it when
I got started, I ended up with a leg over 800feet in length. It was
"flakey" to say the least. Once I got a tester and found the length and
shortened it it became much more reliable. Most of my users were so
afraid of the things they never moved anything - I had to do it. 

Len Hammond
CSI:Hartland
lenhamm...@gmail.com



On Fri, Aug 7, 2009 at 4:40 PM, Ben Scott  wrote:


On Fri, Aug 7, 2009 at 3:30 PM, Free, Bob wrote:
> Bingo. Most of the 5250 cards had TwinAx connections so the
> cabling/terminations were one more variable in getting to damn
things to
> work.


 How about BNC 10BASE2?  Nothing like having the entire LAN go
down
because some luser decided to unplug their computer to move it
to the
other side of their desk...

-- Ben


~ Finally, powerful endpoint security that ISN'T a resource hog!
~
~   ~



 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: clarification on sp level and patching

[Webb, Brian (Corp)]

The other question is a matter of ongoing support - SP1 just went off of
support.
 
http://support.microsoft.com/lifecycle/Default.aspx#ServicePackSupport
 
-Brian

 



From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] 
Sent: Monday, August 10, 2009 10:01 AM
To: NT System Admin Issues
Subject: RE: clarification on sp level and patching



It is fully patched, but it isn't as protected as it could/should be. I
think he is sticking to the strict meaning of 'fully patched' and he is
correct. I think you are saying is it 'fully protected' and it isn't and
are also correct.

 

 

 

From: Christopher Bodnar [mailto:christopher_bod...@glic.com] 
Sent: Monday, August 10, 2009 10:51 AM
To: NT System Admin Issues
Subject: clarification on sp level and patching

 

Got a question, 

 

If a machine is not at the latest SP level, say for example a server is
at W2K3 SP1, but it has all the critical updates for SP1 applied, is
that machine considered "patched" for critical updates? It has always
been my impression that it is not. My reasoning is that it's missing all
the critical patches that are included in the latest SP ( SP2 in this
case) and all the post SP updates. My colleague disagrees and says that
as long as it has the latest updates for its SP level it's fully
patched.

 

Can someone clarify this for me? 

 

Thank you,

 

 

Chris Bodnar, MCSE
Sr. Systems Engineer
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003

 

 

 



This message, and any attachments to it, may contain information that is
privileged, confidential, and exempt from disclosure under applicable
law. If the reader of this message is not the intended recipient, you
are notified that any use, dissemination, distribution, copying, or
communication of this message is strictly prohibited. If you have
received this message in error, please notify the sender immediately by
return e-mail and delete the message and any attachments. Thank you. 

 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

VLAN tagging in Windows 2003 x64

[Webb, Brian (Corp)]

Anyone seen any issues with VLAN tagging on a Windows 2003 x64 machine?
 
We are trying to move a NetBackup server from an x86 machine to an x64
machine and are having problems getting the multiple VLANs on a single
NIC to work.  We have had our network people check the Cisco trunking
config 3 different times and they say it is right.  Ping works to all
VLANs.  Tracert works to all VLANs and shows only the one hop as
expected when going to a machine a VLAN that is tagged.  RDP fails when
connecting to a host on a tagged VLAN, but works when the target is on
the default VLAN (or VLAN that can be reached by route on the default
VLAN).
 
Any ideas?
 
We are using the most recent HP teaming NIC drivers with the 2 built in
HP NICs teamed in a fault tolerant with preference config and the tagged
VLANs are listed in the HP network configuration.
 
 
Brian Webb

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Server hw inventory software...FREE!

[Webb, Brian (Corp)]

You can always roll your own using WMI.  You can use VBScript or even a
CMD shell script using WMIC and a FOR loop.
 
 
-Brian
608-664-6124
 


From: MarvinC [mailto:marv...@gmail.com] 
Sent: Monday, July 13, 2009 2:49 PM
To: NT System Admin Issues
Subject: Server hw inventory software...FREE!


Anyone have an app, script, or tool that'll perform a "surface level"
hardware scan of your servers, regardless of brand, and present the info
in spreadsheet format? I'm talking about memory, hard drive, and
processor info for less than 200 physical Compaq and Dell servers. 
Any responses appreciated.

 

 

 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Slow DFS connections for windows xp users (and windows 2003)

[Webb, Brian (Corp)]

Sorry Steph, all you have described is a small set of symptoms.  The
symptoms you describe could have a very large set of possible causes.
Several people have given you suggestions as to things you might want to
look at for a cause and you have done nothing but yell at them.  Not a
good way to get help.  I expect there are a few spam filters being set
to reject your messages as I type.

I do have one suggestion that your network traces might be helpful in
looking at, and that is to check the packet size on the packets being
sent back an forth.  Vista and 2008 ramp up the packet sizes pretty
quickly while XP and 2003 take a while.  How big are the files you are
trying to access?


-Brian


-Original Message-
From: Steph Balog [mailto:validemai...@gmail.com] 
Sent: Thursday, July 09, 2009 12:47 PM
To: NT System Admin Issues
Subject: Re: Slow DFS connections for windows xp users (and windows
2003)

Sorry, one is not helpful when the person you are asking help from has o
deem you "worthy" first. I asked if anyone else has experience this
issue. I know what the root cause is. As I said, there is something
going on with the xp and 2003 clients.

It WORKS FINE on vista and windows 7. 

What part of "the issue is consistent only on xp and 2003 clients" is
not sinking in?
~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Dying XP workstations - what are my virtualization options

[Webb, Brian (Corp)]

Since these are XP machines you will not be able to have multiple
instances of single machine running at once - the section highlighted
below is not correct.

-Brian


-Original Message-
From: aci [mailto:tkcont...@yahoo.com]
Sent: Wednesday, June 17, 2009 3:59 PM
To: NT System Admin Issues
Subject: Re: Dying XP workstations - what are my virtualization options

The server that I have to dedicate to it is a very robust dual quad
core, 16 GB RAM, 85 GB Raid1 OS drive & 350 GB raid-5 data drive system
with a nice 200 GB internal tape drive thrown in and DRAC, too if I am
not mistaken...was about 12 grand when Dell donated it to our
organization almost two years ago... probably only worth about 3grand
now... but its free, and free for me to use. There is no OS on it now,
but I was thinking that it would also make a nice SUS box, or test
domain upon which I can move and test out future virtualization projects

At the moment the most pressing system I need to virtualize is a dual
video card (one really old PCI ATI/TV card and one AGP card. One of
these two is failing and the PC itself only has 350 MB of RAM. Once the
PC is virtualized, I can take it down and will not need to power up the
original system ever again. I would like the person accountable for the
accounting and graphics editing software (I know, what a combo) programs
on the old system to be able to access a virtual copy of this system
from his new computer which will take its place.

So, let me get this straight. with the freeware VM offerings from most
of these vendors I can host mutiple virtualized PC's (all old hardware
will be removed from the network) and these systems, once virtualized
can be accessed simultaneously and on multiple clients via multiple
instances of the original workstation? Kind of like RDP, which offers
multiple sessions, but is VM session are not linked to the currently
logged in user??? Damn that would be the answer I am looking for...

No cost for the P2V software? How is that possible? Ultimately any
workstation I virtualize is licensed, probably Dell OEM's in most cases,
along with all of the MS office installations on each.

Now I understand the difference between client VM and server VM to the
extent that I will not be running multiple server instances at this
point. But two questions...

1. If I have 10 XP client licenses & 10 MS office licenses is there a
way to offer 10 virtualized XP-Office "seats" out to other host PC's
running either plain XP or Vista?

2. If I wanted to add a virtual exchange or wsus server into a test
environment (separate domain) can I run those off the same server as the
virtualized XP workstation I originally mentioned? If yes... is that
also with the free server VM software? Really???


Aci
~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

HP SPAQ issues (was msn problems)

[Webb, Brian (Corp)]

We have seen some of the same problems - what version have you found to
be stable?  Are you running 64 bit or 32 bit?
 
 
-Brian

 



From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Wednesday, June 17, 2009 5:57 AM
To: NT System Admin Issues
Subject: RE: www.msn.com just brought my citrix servers to a screeching
hault! Possible Solution



Wanna do my patching of 698 servers in two weeks off hours in a 24x7
Hospital environment? I will trade you your shortcut paste hell
anyday...

 

Z

 

PS: For all HP Server users with DL 380 G5 models, SPAQ 8.15 and greater
are EVIL, they do some bad bad things with TEAMING COnfig and the
drivers for the NIC that you need to do like 2 upgrades after the SPAQ
just to get back into the Team Utility again, and yesterday the 8.25
SPAQ killed my Teaming on an existing Windows 2003 R2 SP2 server, and I
had to upgrade drivers, break the teaming, reteam, upgrade the drivers
again just to get things working correctly. 

 

 

 

Edward Ziots

Network Engineer

Lifespan Organization

MCSE,MCSA,MCP+I, ME, CCA, Security +, Network +

ezi...@lifespan.org

Phone:401-639-3505




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Tripp-Lite PDUs

[Webb, Brian (Corp)]

We have a "static switch" in our datacenter that does what you are
talking about.  We plug single corded devices into it and the static
switch connects to 2 different UPSs so the single cord devices don't
lose power.
 
We had what Liebert is calling an "impossible reality" here over the
weekend:  one of our UPSs lost 6 batteries - one in each bank - and went
down hard.  It took too long to fail over to utility power and we had a
whole bunch of servers go down hard.  Since then we have been running on
generator power in parallel with commercial power so we still have our
full redundancy.  They say we are burning $7000 worth of diesel a day...
We are scheduled to switch back over to UPS power tonight.  Boy am I
glad it wasn't my turn to be on call.
 
-Brian

 



From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] 
Sent: Tuesday, June 16, 2009 12:05 PM
To: NT System Admin Issues
Subject: OT: Tripp-Lite PDUs



Greetings! 

I have a power supply situation that has me rather frightened... 

All our data and VoIP go through a single, non-redundant stack of Cisco
Catalyst 3750 network switches (which also supply power to the phones
via POE).  These switches have only a single power supply.  They are all
plugged into a single UPS.  Consequently, we have so many points of
failure I'm afraid to count them! 

Apparently Tripp-Lite has some PDUs (Power Distribution Units) that
feature "dual-input" with "Auto Transfer Switching" ("ATS").  They're
not cheap, but it _appears_ that ATS will allow one to plug the PDU into
two separate UPS units.  This way, if a UPS crapped-out royally and
would not allow even available line current to pass (we've had this
happen on some old UPS units), the company does not instantly blink out
of existance. 

Is this in fact what "ATS" with dual-input does? 

Any experience, etc as to how well these things work? 

Thanks! 

(Oh yeah, any other positive suggestions for dealing with this
situation?  I checked, and our particular Cisco switches do NOT allow a
second power supply to be added.  Top level stuff, huh?)
-- 
Richard D. McClary 
Systems Administrator, Information Technology Group 
  
ASPCA(r) 
1717 S. Philo Rd, Ste 36 
Urbana, IL  61802 
  
richardmccl...@aspca.org 
  
P: 217-337-9761 
C: 217-417-1182 
F: 217-337-9761 
www.aspca.org   
  

The information contained in this e-mail, and any attachments hereto, is
from The American Society for the Prevention of Cruelty to Animals(r)
(ASPCA(r)) and is intended only for use by the addressee(s) named herein
and may contain legally privileged and/or confidential information. If
you are not the intended recipient of this e-mail, you are hereby
notified that any dissemination, distribution, copying or use of the
contents of this e-mail, and any attachments hereto, is strictly
prohibited. If you have received this e-mail in error, please
immediately notify me by reply email and permanently delete the original
and any copy of this e-mail and any printout thereof. 
  

 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: GPO changes.

[Webb, Brian (Corp)]

We have Active Administrator from ScriptLogic that can track changes to
group policy and other stuff in AD in a central way. 
 
-Brian

 



From: Brumbaugh, Luke [mailto:luke.brumba...@butlerahs.com] 
Sent: Friday, June 05, 2009 3:02 PM
To: NT System Admin Issues
Cc: Leedy, Andy
Subject: GPO changes.



Long story short, the default domain policy got enforced and over wrote
an exchange server audit rights.

Which busted the mail server. My question, is there a setting or
software package that could tell me when an admin changes a policy and
what setting got changed.

I had this happen before and of course, nobody admits to doing it or
might have done it accidentally.

 

Any help would be appreciated.

 

 

Luke L. Brumbaugh

Network Engineer

Butler Animal Health Supply

Ph:(614) 659-1736

 

**

CONFIDENTIALITY NOTICE: The information transmitted in this message is
intended only for the person or entity to which it is addressed and may
contain confidential and/or privileged material. Any review,
retransmission, dissemination or other use of this information by
persons or entities other than the intended recipient is prohibited. If
you received this in error, please contact the sender and destroy all
copies of this document. Thank you. 

Butler Animal Health Supply

**

 

 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Account Unknown profiles

[Webb, Brian (Corp)]

Install the User Profile Hive Cleanup Service.  It will remove all those
pesky locks and allow you to clean up nicely.
 
http://www.microsoft.com/downloadS/details.aspx?FamilyID=1b286e6d-8912-4
e18-b570-42470e2f3582&displaylang=en
 
-Brian

 



From: Joe Heaton [mailto:jhea...@etp.ca.gov] 
Sent: Tuesday, May 26, 2009 11:36 AM
To: NT System Admin Issues
Subject: Account Unknown profiles



Server 2k3

 

I've got a couple profiles on my server that are listed as Account
Unknown.  The delete button is greyed out for them.  I'd like to delete
them, but can't figure out how.  When I look under C:\Documents and
Settings, I see two folders there for personnel that have not been with
the organization for a couple of years now.  I'm assuming that these
profile folders are the ones showing up as Account Unknown, since they
are not listed otherwise under the Profile list.  I tried to manually
delete the folders themselves, but get an error saying the NTUSER.DAT is
being used by another user or program.

 

Any ideas on how I can get rid of these?

 

Thanks,

 

Joe Heaton

AISA

Employment Training Panel

1100 J Street, 4th Floor

Sacramento, CA  95814

(916) 327-5276

jhea...@etp.ca.gov

 

 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Annoying MS Access Error

[Webb, Brian (Corp)]

We have run into the same problem - I don't think it is related to any
of the recent patches.  You can add the server name to the trusted sites
in IE or you can add the extension to the Inclusion list for low file
types.  We haven't been successful with the low file type method adding
more than 1 extension so we are working on the trusted sites route now.
The only time we see it is if another user already has the database
already open.
 
-Brian

 



From: Eric Woodford [mailto:ericwoodf...@gmail.com] 
Sent: Thursday, May 07, 2009 10:59 AM
To: NT System Admin Issues
Subject: Re: Annoying MS Access Error


I've had the same issue with VBScripts running across network shares.
Had to start running them locally. Agreed I do believe it's an IE
security setting, but haven't researched it enough to actually remove
the issue. 


On Thu, May 7, 2009 at 8:30 AM, Tom Miller  wrote:


Hi Folks,
 
MS Access Office XP on Windows XP SP3.  Some users are now
reporting the get an access denied error when attempting to open an
access database on one of our shared folders (Netware drive, actually).
I can't tell but I think one of the recent MS patches may have caused
it.  Here's the error:
 
**
 
Microsoft Access cannot open this file.
 
The file is located outside your intranet or on an untrusted
site.  Microsoft Access will not open the file due to potential security
problems. 
 

 
If the user copies the file to his/her desktop, it opens fine.
I've seen this before, but none of the suggestions via Google really fix
the problem.  Thinking it's related to IE, I reset the settings, but
that has not changed.   I don't have the error, and I think it's profile
related (I can log onto the user's destop and open the file), but I hate
to blow away a profile 
 
Suggestions?  
 
 
 
 
Tom Miller
Engineer, Information Technology
Hampton-Newport News Community Services Board
757-788-0528 


Confidentiality Notice: This e-mail message, including
attachments, is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. Any unauthorized
review, use, disclosure, or distribution is prohibited. If you are not
the intended recipient, please contact the sender by reply e-mail and
destroy all copies of the original message. 

 


 






 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: 2003 R2

[Webb, Brian (Corp)]

You can always use WMIC with a FOR loop from the CMD prompt...
 
for /f %i in (serverlist.txt) do wmic /node:"%i" os get csname,name >>
output.txt
 
Will do a wmi query against every machine listed in serverlist.txt for
the machine name and full OS name with install partition and dump it to
a text file called output.txt.
 
i.e.:
 
SERVERNAME  Microsoft Windows Server 2003 R2 Standard
Edition|C:\WINDOWS|\Device\Harddisk0\Partition1
SERVERNAME2  Microsoft Windows Server 2003 R2 Standard
Edition|C:\WINDOWS|\Device\Harddisk0\Partition1
 
-Brian

 



From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Thursday, April 30, 2009 10:05 AM
To: NT System Admin Issues
Subject: RE: 2003 R2



Script it with psinfo and a batch file of your servers. 

psinfo \\servername | findstr /I "R2"

 

Should be easy to do a call statement with parameter and put it in the
psinfo command. 

 

You will get the following out; 

Kernel version:Microsoft Windows Server 2003 R2,
Multiprocessor Free

 

Z

 

 

Edward Ziots

Network Engineer

Lifespan Organization

MCSE,MCSA,MCP+I, ME, CCA, Security +, Network +

ezi...@lifespan.org

Phone:401-639-3505



From: John Cook [mailto:john.c...@pfsf.org] 
Sent: Thursday, April 30, 2009 10:25 AM
To: NT System Admin Issues
Subject: RE: 2003 R2

 

Maybe this if you know the computer names??
http://www.microsoft.com/technet/scriptcenter/resources/scriptshop/shop0
305a.mspx 

 

John W. Cook

Systems Administrator

Partnership For Strong Families

315 SE 2nd Ave

Gainesville, Fl 32601

Office (352) 393-2741 x320

Cell (352) 215-6944

Fax (352) 393-2746

MCSE, MCTS, MCP+I,CompTIA A+, N+

 

From: Rob Bonfiglio [mailto:robbonfig...@gmail.com] 
Sent: Thursday, April 30, 2009 10:20 AM
To: NT System Admin Issues
Subject: Re: 2003 R2

 

I don't have any 2003 R2 servers on my network, but I would imagine the
operatingSystem and/or the operatingSystemVersion attributes on the
computer account in AD would be different for 2003 R2 machines.

On Thu, Apr 30, 2009 at 10:09 AM, KenM  wrote:

I need to find all 2003 R2 servers in my domain. Is there any easy way
of doing this. I am comparing the attributes on a base 2003 and 2003 R2
and do not see any difference.

 

 

Thanks

 

 

 

 

 

 

 

 



CONFIDENTIALITY STATEMENT: The information transmitted, or contained or
attached to or with this Notice is intended only for the person or
entity to which it is addressed and may contain Protected Health
Information (PHI), confidential and/or privileged material. Any review,
transmission, dissemination, or other use of, and taking any action in
reliance upon this information by persons or entities other than the
intended recipient without the express written consent of the sender are
prohibited. This information may be protected by the Health Insurance
Portability and Accountability Act of 1996 (HIPAA), and other Federal
and Florida laws. Improper or unauthorized use or disclosure of this
information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you
really need to.

 

 

 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Windows 2008 64 Bit and Windows 32 bit drivers

[Webb, Brian (Corp)]

>From my response last week:

-Original Message-
From: Webb, Brian (Corp) 
Sent: Wednesday, April 15, 2009 8:59 AM
To: 'NT System Admin Issues'
Subject: RE: 64bit Print Server

 
I've been doing something similar recently and it is a pain.  The trick
is to install the print driver on the server from a client.  You don't
need the print management snap-in. You have to do is connect to the
printer from a 32-bit client - when it complains that the server doesn't
have a driver for you, tell it you will find a driver and then install
the driver from your driver.cab.  Once you do that, you should be able
to add the driver from the client by browsing to \\server\printers and
opening the Server Properties from the File menu.  Go to the Drivers tab
and Add the x86 driver.

Hopefully that is close enough that you can figure it out...

-Brian 




-Original Message-
From: Terri Esham [mailto:terri.es...@noaa.gov] 
Sent: Wednesday, April 22, 2009 2:19 PM
To: NT System Admin Issues
Subject: Re: Windows 2008 64 Bit and Windows 32 bit drivers

Yes.  I am using the 2008 Print Management Console.  I'm sorry if it was
already covered.  I didn't see the response.

Thanks, Terri

Terry Dickson said the following on 4/22/2009 2:49 PM:
> I believe this was just covered in the last couple of weeks.  However
are you using the 2008 Print Management console from the administrative
tools menu?
>
> -Original Message-
> From: Terri Esham [mailto:terri.es...@noaa.gov]
> Sent: Wednesday, April 22, 2009 1:24 PM
> To: NT System Admin Issues
> Subject: Windows 2008 64 Bit and Windows 32 bit drivers
>
> I have setup a Windows 2008 Server 64-bit as a print server.  I'm 
> trying to install 32 bit drivers so my Windows XP boxes can get the 
> appropriate drivers from the print server.  However, I have been 
> unsuccessful at getting the 32 bit drivers installed for a Xerox 
> printer.  Everytime I try to add an additional driver, I get the error
message that the driver
> isn't a 64 bit driver.  Which of course, I realize.I didn't have
any
> trouble with the HP printers because I used their universal print 
> driver.  Any help would be greatly appreciated.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Active Directory Responsibility question

[Webb, Brian (Corp)]

Bottom part of the Fortune 500 here:
 
We have a Windows Server Admin group that is responsible for the server
hardware, OS, deployment, and AD.  We have a separate security group
that sets policy and audits to ensure compliance with separate groups
for application software.  A weird fact - our AD forest is actually
controlled by a subsidiary so we can only manage AD at the Domain level.
 
Interestingly, we are getting VMWare in our group - I guess it roughly
corresponds to "hardware".
 
-Brian

 



From: Barsodi.John [mailto:john.bars...@igt.com] 
Sent: Friday, April 17, 2009 6:32 PM
To: NT System Admin Issues
Subject: Active Directory Responsibility question



Question for you guysand this is geared to the people who work in a
bit larger IT/IS Organizations.  
What team within your IT/IS org has responsibility of your active
directory environment?

 

I think it's typically in the System Administration realm, but if it's
in another group/team i.e. Security - why?

 

Thanks.

 

- John Barsodi

 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: server duplication

[Webb, Brian (Corp)]

I don't know if Dell has something similar, but we've used HP's P2P -
Physical to Proliant - product to upgrade an old server to new hardware
and it works really well.  Less than $200 and it will save you many
hours when trying to transfer a server from an old box to a new one.
 
-Brian

 



From: chipsh...@comcast.net [mailto:chipsh...@comcast.net] 
Sent: Monday, April 20, 2009 8:22 AM
To: NT System Admin Issues
Subject: server duplication



I have an older Dell 2400 in a remote office that is on it's last legs.
Running Standard server 2003 SP1. This is a DC, DHCP, DNS and VPN
server. I've got a new Dell server coming that is marked to replace it.
I could be hallucinating but is there a program/tool that will duplicate
all server settings, configs, etc from the old to the new server.
Thanks.

Steve


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: 64bit Print Server

[Webb, Brian (Corp)]

We just lost one and are down to 5 plus a supervisor.  We have other
admin type people though who handle application software, Exchange, AV,
etc.  We are responsible for the hardware, OS, AD, Group Policy, some
other infrastructure, VMWare, and other stuff "as assigned".  We have a
total of between 600 and 700 Windows servers depending on how many of
the test/dev systems you count.  Plenty to do most of the time...


-Brian


-Original Message-
From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] 
Sent: Wednesday, April 15, 2009 10:23 AM
To: NT System Admin Issues
Subject: RE: 64bit Print Server

130? How mamny admins in your org?

____
From: Webb, Brian (Corp) [brian.w...@teldta.com]
Sent: Wednesday, April 15, 2009 9:11 AM
To: NT System Admin Issues
Subject: RE: 64bit Print Server

You're welcome - now, if I can just figure out a way to automate adding
the 64-bit drivers to all the printers on all 130+ 32-bit print servers
in our environment I'll be in good shape...


-Brian


-Original Message-
From: Andy Ognenoff [mailto:andyognen...@gmail.com]
Sent: Wednesday, April 15, 2009 9:40 AM
To: NT System Admin Issues
Subject: RE: 64bit Print Server

When I connected to the printer it didn't complain about the x64 driver
(and yes, I'm on 32bit WinXP) but your suggestion about going to File >
Server Properties > Drivers did allow me to add the 32bit driver from
there and now it shows up in Print Management too.  Awesome!  Thanks for
your help.

 - Andy O.

>-Original Message-
>From: Webb, Brian (Corp) [mailto:brian.w...@teldta.com]
>Sent: Wednesday, April 15, 2009 7:59 AM
>To: NT System Admin Issues
>Subject: RE: 64bit Print Server
>
>
>I've been doing something similar recently and it is a pain.  The trick

>is to install the print driver on the server from a client.  You don't 
>need the print management snap-in. You have to do is connect to the 
>printer from a 32-bit client - when it complains that the server 
>doesn't have a driver for you, tell it you will find a driver and then 
>install the driver from your driver.cab.  Once you do that, you should 
>be able to add the driver from the client by browsing to 
>\\server\printers and opening the Server Properties from the File menu.

>Go to the Drivers tab and Add the x86 driver.
>
>Hopefully that is close enough that you can figure it out...
>
>-Brian


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~ ~
Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: When did a PC last communicate with AD?

[Webb, Brian (Corp)]

Add the Advanced Features option form the View menu in ADUC and look at
the extra tab.  It has something about the last time the computer
password was reset.  Or, just use oldcmp from joeware.
 
-Brian

 



From: cs [mailto:chr...@gmail.com] 
Sent: Wednesday, April 15, 2009 9:42 AM
To: NT System Admin Issues
Subject: When did a PC last communicate with AD?


Is there a way to tell when a PC last communicated with AD using native
tools? I was always under the impression the modified field on the
Properties tab could be used to determine this information???


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: 64bit Print Server

[Webb, Brian (Corp)]

You're welcome - now, if I can just figure out a way to automate adding
the 64-bit drivers to all the printers on all 130+ 32-bit print servers
in our environment I'll be in good shape...


-Brian


-Original Message-
From: Andy Ognenoff [mailto:andyognen...@gmail.com] 
Sent: Wednesday, April 15, 2009 9:40 AM
To: NT System Admin Issues
Subject: RE: 64bit Print Server

When I connected to the printer it didn't complain about the x64 driver
(and yes, I'm on 32bit WinXP) but your suggestion about going to File >
Server Properties > Drivers did allow me to add the 32bit driver from
there and now it shows up in Print Management too.  Awesome!  Thanks for
your help.

 - Andy O.

>-Original Message-
>From: Webb, Brian (Corp) [mailto:brian.w...@teldta.com]
>Sent: Wednesday, April 15, 2009 7:59 AM
>To: NT System Admin Issues
>Subject: RE: 64bit Print Server
>
>
>I've been doing something similar recently and it is a pain.  The trick

>is to install the print driver on the server from a client.  You don't 
>need the print management snap-in. You have to do is connect to the 
>printer from a 32-bit client - when it complains that the server 
>doesn't have a driver for you, tell it you will find a driver and then 
>install the driver from your driver.cab.  Once you do that, you should 
>be able to add the driver from the client by browsing to 
>\\server\printers and opening the Server Properties from the File menu.

>Go to the Drivers tab and Add the x86 driver.
>
>Hopefully that is close enough that you can figure it out...
>
>-Brian


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: 64bit Print Server

[Webb, Brian (Corp)]

 
I've been doing something similar recently and it is a pain.  The trick
is to install the print driver on the server from a client.  You don't
need the print management snap-in. You have to do is connect to the
printer from a 32-bit client - when it complains that the server doesn't
have a driver for you, tell it you will find a driver and then install
the driver from your driver.cab.  Once you do that, you should be able
to add the driver from the client by browsing to \\server\printers and
opening the Server Properties from the File menu.  Go to the Drivers tab
and Add the x86 driver.

Hopefully that is close enough that you can figure it out...

-Brian


-Original Message-
From: Andy Ognenoff [mailto:andyognen...@gmail.com] 
Sent: Tuesday, April 14, 2009 3:58 PM
To: NT System Admin Issues
Subject: 64bit Print Server

I'm sure this is a no brainer for most but I'm new to Windows print
management (finally migrating from Netware 6 - woohoo!)

I have a new Windows 2003 R2 64bit print server and I'm trying to add
32bit drivers for a generic text only printer (dot matrix) using the
built in Windows drivers.  It works fine to add the 64bit version since
that's what is on the print server but the 32bit ones need a location of
the driver files, as expected.

Understanding that I probably need to load those from a 32bit machine, I
installed the print management snap-in on my WinXP box and I can connect
to the print server and see all the printers, ports and installed
drivers but I don't get the options for adding new drivers.  I logged in
as a domain admin and still nothing.  Is there a setting I need to
configure to allow full remote printer administration or what am I
missing?

TIA,

 - Andy O.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: MS Hotfix download-any-hotfix page

[Webb, Brian (Corp)]

WOW! That is quite the hotfix!

I'm passing that on to the team that is working on our Office 2007
deployment!

Thanks!

-Brian

-Original Message-
From: Free, Bob [mailto:r...@pge.com] 
Sent: Friday, March 27, 2009 4:33 PM
To: NT System Admin Issues
Subject: RE: MS Hotfix download-any-hotfix page

The one I just used it for is http://support.microsoft.com/kb/961752/
which has made me like Outlook2007 a lot better on all my machines I
installed it on. YMMV



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Userenv errors

[Webb, Brian (Corp)]

Thanks from here too!

We have been seeing some weird stuff in Group Policy on and off for a
while including some userenv errors so I decided to run GPOTool in our
environment.  Found some GPOs with mismatches between the DS and SYSVOL.
I haven't tried to fix them yet (Change Control and all that), but at
least we have an idea of where some of these random errors might be
coming from.

According to our TAM (he happened to be here working on another issue)
we should be able to make a minor change to the affected GPO and let it
replicate which should overwrite the DS copy.


-Brian


-Original Message-
From: Craig Gauss [mailto:gau...@rhahealthcare.org] 
Sent: Thursday, March 12, 2009 2:01 PM
To: NT System Admin Issues
Subject: RE: Userenv errors

Thanks for the GPOtool pointer.  Found an issue with one of our DCs.   


Craig Gauss,  Technical Supervisor/Security Officer Riverview Hospital
Association
Phone: 715-423-6060 ext. 8572



-Original Message-
From: Free, Bob [mailto:r...@pge.com]
Sent: Thursday, March 12, 2009 12:23 PM
To: NT System Admin Issues
Subject: RE: Userenv errors

Fair chance you have inconsistent permissions on your sysvol or worse.
That error will show up if the computer accounts don't have proper
permissions.

Run GPOtool to check the GPOs in that domain, it will identify a lot of
problems right there without a lot of manual checking. There are a lot
of other things to check but start there.

Gpresult from an affected client can also be illuminating

-Original Message-
From: Craig Gauss [mailto:gau...@rhahealthcare.org]
Sent: Thursday, March 12, 2009 5:45 AM
To: NT System Admin Issues
Subject: Userenv errors

I have been searching Google for the past few days and havent really
found a good solution.  Wondering if anyone on the list has ever had
issues like this.  We have a large amount of workstations with the
following error:
 
Windows cannot access the file gpt.ini for GPO The file must be present
at the location <>. (). Group Policy processing aborted.

Any ideas?


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: barcode Printer and Scanner gun

[Webb, Brian (Corp)]

We use Symbol scanners and just print the labels on standard Avery type
labels on our normal printers using Wasp label printing software.  We
put the device name (in text and bar code) on the label as well as the
serial number.  The labels get refreshed every time the name of the
device changes.
 
-Brian

 



From: Garcia-Moran, Carlos [mailto:cgarciamo...@spragueenergy.com] 
Sent: Wednesday, March 11, 2009 10:52 AM
To: NT System Admin Issues
Subject: barcode Printer and Scanner gun



Hey all;

 

We've been tasked with creating some sort of Tag inventory system for
all our hardware assets PC, Printers , Monitors etc... I've been looking
at some solution at it seems there's quite a few out there. Anyone have
any suggestion for a decent barcode printer and scanning gun? I can
create the DB itself unless there's a decent one out there. We use
LanSweeper here for inventory but the bosses here would like to get a
physical count with stickers that we can gun later on to get counts.

 

Thx!

 

Carlos Garcia-Moran

Server / Storage Engineer

Sprague Energy

www.spragueenergy.com  

P: 603-430-5355

C: 857-234-0343

F: 603-430-7219

 

_
This e-mail, including attachments, contains information that is
confidential and may be protected by attorney/client or other
privileges.
This e-mail, including attachments, constitutes non-public information
intended to be conveyed only to the designated recipient(s). If you are
not
an intended recipient, you are hereby notified that any unauthorized
use,
dissemination, distribution or reproduction of this e-mail, including
attachments, is strictly prohibited and may be unlawful. If you have
received this e-mail in error, please notify me by e-mail reply and
delete
the original message and any attachments from your system.
_



 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Using System Center for Management of about 700 Windows File Servers Your thoughts?

[Webb, Brian (Corp)]

We have been using SCOM 2007 for over a year now and have mixed results.  Some 
things it does really well, other stuff is really frustrating.  We have a 
separate team that manages it (along with other management tools).  We feed 
data from SCOM into NetCool to allow aggregation across platforms and other 
tools.  I'm not on the team that manages SCOM, but here is some of what I see 
as a user of SCOM and hear from the guys who manage it.
 
The good:
Collects tons of information from all servers
It automatically sets up new machines once the agent is installed.
 
The bad:
A fire hose of information...
The management packs are horribly inconsistent - even between ones from MS
The interface is incredibly slow even on high-end hardware
Reporting is horrible
Customized monitoring for special case servers is a pain
We can't make monitoring a server dependent on the gateway to that server being 
available
Separating out alerts of one type to go to one pager while different types go 
to another pager is difficult
 
We have had MS in for ton of consulting to try and find solutions to the 
problems and they are promising that R2 will fix a lot.  We even had lead 
developers in to hear some of our complaints.  It feels very much like a 
version 1.0 product.
 
-Brian

 



From: Brian Desmond [mailto:br...@briandesmond.com] 
Sent: Friday, March 06, 2009 2:47 PM
To: NT System Admin Issues
Subject: RE: Using System Center for Management of about 700 Windows File 
Servers Your thoughts?



That's SMS/SCCM + SCOM. 

 

Expect to need a good amount of practice/specialized training to manage either 
of them if you haven't before - they're both very complex applications. There 
are a limited number of people out there who really know either of them so it's 
a worthwhile set of skills to develop IMO. I have not seen many customers who 
do either of these apps remotely "right". 

 

Thanks,

Brian Desmond

br...@briandesmond.com

 

c - 312.731.3132

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Friday, March 06, 2009 2:26 PM
To: NT System Admin Issues
Subject: RE: Using System Center for Management of about 700 Windows File 
Servers Your thoughts?

 

Three main problems, 

 

Configuration Management ( ability to set configuration settings, jobs, etc etc 
and let them apply to the entire farm from one central console across 5 
datacenters)

Systems Performance Monitoring ( Instead of me having 6-10 Perfmon mmc's open 
looking at systems, I set the performance monitor baselines I want to see on 
the servers and when they go outside the parameters, I am alerted via central 
console)

Eventlog Management and Reporting.  ( Need to be able to parse the eventlogs 
and achive and store them for compliance and security efforts across the farm)

 

Compliance measuring would be a added benefit. 

 

HTH
Z

 

Edward Ziots

Network Engineer

Lifespan Organization

MCSE,MCSA,MCP+I, ME, CCA, Security +, Network +

ezi...@lifespan.org

Phone:401-639-3505



From: Brian Desmond [mailto:br...@briandesmond.com] 
Sent: Friday, March 06, 2009 3:14 PM
To: NT System Admin Issues
Subject: RE: Using System Center for Management of about 700 Windows File 
Servers Your thoughts?

 

Well the question I'd ask you is what problem(s) are you trying to solve with 
this product?

 

Thanks,

Brian Desmond

br...@briandesmond.com

 

c - 312.731.3132

 

Active Directory, 4th Ed - http://www.briandesmond.com/ad4/ 
 

Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian 
 

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Friday, March 06, 2009 1:52 PM
To: NT System Admin Issues
Subject: Using System Center for Management of about 700 Windows File Servers 
Your thoughts?
Importance: High

 

We are having Microsoft coming in to talk with us about Systems Center for 
Management of our ever-growing server farm, for those using it, please feel 
free to give me your pro's con's and tales from the trenches on what this 
platform said it will do, and what it really does when the rubber hits the 
road. 

 

My Mix of servers are ½ physical ½ virtual, SQL (2000/2005), IIS (5&6), File 
and Print (2000-2008), DC's (2003), Application servers ( 3rd party) (2000/2003)

 

TVK, I especially want to hear your thoughts on this subject, since this is 
your MVP realm and you tend to know the most about the features and 
functionality. 

 

TIA in advance, 

Z

 

Edward Ziots

Network Engineer

Lifespan Organization

MCSE,MCSA,MCP+I, ME, CCA, Security +, Network +

ezi...@lifespan.org

Phone:401-639-3505



 

 

 

 

 

 

 

 

 


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Support techs remote access rights to user PCs

[Webb, Brian (Corp)]

Is the issue that you don't trust your desktop and application support
techs?  If so, you need to get some different techs.
 
If the issue is that your users are putting stuff on their local hard
drives that is sensitive, you need to re-train your users to put that
data in secure areas.
 
We generally don't care about techs (and even some users) having local
admin rights as long as they are assigned to a different account that
they aren't using as their primary login.  Our techs do not surf the web
or read e-mail when they are logged in with admin rights.  They use
RunAs or MakeMeAdmin to access their admin rights when needed.  We also
have an "admin terminal server" that you can log into with your admin
account to run tasks that need admin rights.
 
-Brian

 



From: Malcolm Reitz [mailto:malcolm.re...@live.com] 
Sent: Wednesday, March 04, 2009 11:44 AM
To: NT System Admin Issues
Subject: Support techs remote access rights to user PCs



We are having an internal discussion on how to handle computer access
rights for our application support and desktop support techs. Right now,
certain techs are in an AD group which is in the local Administrators
group on some PCs. This lets them resolve end-user issues by accessing
the user PCs with Remote Desktop, Remote Registry, or simple connections
to a share. However, it also means they can get to anything on the
users' PCs and there is no auditable access tracking.

 

So, we'd like to remove this access privilege and have the techs use
other support methodologies, such as Remote Assistance, which requires
the users to be aware of what's going on. There are cases, though, where
the app support guys say they have to make batch updates to groups of
PCs (such as to point them to a new license server) and they're balking
at giving up their local admin rights. I've already thought of some ways
to handle these issues, but I'd like to hear what some of you have done.
We're running XP SP2/SP3 desktops on 2008 AD domains. The PCs are
managed with SCCM 2007 SP1.

 

Thanks,

-Malcolm


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Head check - two domains, one subnet

[Webb, Brian (Corp)]

Depending on your need to access the machines from outside the subnet
and domain, DNS can be interesting - especially reverse lookups.
 
-Brian

 



From: Michael B. Smith [mailto:mich...@theessentialexchange.com] 
Sent: Friday, February 27, 2009 10:55 AM
To: NT System Admin Issues
Subject: RE: Head check - two domains, one subnet



And as long as they aren't SBS.

 

From: David Lum [mailto:david@nwea.org] 
Sent: Friday, February 27, 2009 11:50 AM
To: NT System Admin Issues
Subject: Head check - two domains, one subnet

 

There should be no issue with having two different and non-trusting
forests/domains on the same subnet right? As long as each domains'
systems IP's are configured correctly?

David Lum // SYSTEMS ENGINEER 
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764

 

 

 

 


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Backups Over WAN

[Webb, Brian (Corp)]

I don't have the numbers in front of me, but it is almost nothing.  The
sites we are doing this with don't have a huge amount of data and it
isn't changing a ton.  You need to look at how much your data changes.
How big is a daily incremental backup?  The incremental will give you an
upper bound for the amount of data that would need to be replicated in a
day. 
 
-Brian

 



From: Roger Wright [mailto:rwri...@evatone.com] 
Sent: Tuesday, February 24, 2009 2:07 PM
To: NT System Admin Issues
Subject: RE: Backups Over WAN



How much data is traversing the WAN for the continuous replication?

 

   

 

Roger Wright

Network Administrator

Evatone, Inc.

727.572.7076  x388

_____  

 

From: Webb, Brian (Corp) [mailto:brian.w...@teldta.com] 
Sent: Tuesday, February 24, 2009 3:03 PM
To: NT System Admin Issues
Subject: RE: Backups Over WAN

 

At the moment, we have some sites that we are backing up over the WAN by
using DFS R2 to replicate the data (one way) to a central server and
then backing up that server.  It works well and take very minimal
bandwidth to keep the remote site synced to the central server.  The
initial replication took a while for some sites (we throttled to
minimize the impact to users) and with 5 TB you might consider
prestaging it.

 

-Brian

 

 



From: Roger Wright [mailto:rwri...@evatone.com] 
Sent: Tuesday, February 24, 2009 1:22 PM
To: NT System Admin Issues
Subject: Backups Over WAN

For those of you who are backing up over the WAN: 

 

Wwhat types of hardware and software are required for this to work
efficiently?  

 

Does it only work well with deduplication?

 

Would I have to rethink my nightly/weekly/monthly backup strategies?

 

I'm currently working with BE 12 soon to be 12.5 and would like to stick
with that if possible.  And we have about 5 TB total data stored right
now.

 

 

Roger Wright

Network Administrator

Evatone, Inc.

727.572.7076  x388

  

 

_

 

 

"Competition is a painful thing, but it produces great results." - Jerry
Flint, in Forbes 

 

 

 

 

 

 


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~<>

RE: Backups Over WAN

[Webb, Brian (Corp)]

At the moment, we have some sites that we are backing up over the WAN by
using DFS R2 to replicate the data (one way) to a central server and
then backing up that server.  It works well and take very minimal
bandwidth to keep the remote site synced to the central server.  The
initial replication took a while for some sites (we throttled to
minimize the impact to users) and with 5 TB you might consider
prestaging it.
 
-Brian

 



From: Roger Wright [mailto:rwri...@evatone.com] 
Sent: Tuesday, February 24, 2009 1:22 PM
To: NT System Admin Issues
Subject: Backups Over WAN



For those of you who are backing up over the WAN: 

 

Wwhat types of hardware and software are required for this to work
efficiently?  

 

Does it only work well with deduplication?

 

Would I have to rethink my nightly/weekly/monthly backup strategies?

 

I'm currently working with BE 12 soon to be 12.5 and would like to stick
with that if possible.  And we have about 5 TB total data stored right
now.

 

 

Roger Wright

Network Administrator

Evatone, Inc.

727.572.7076  x388

  

 

_

 

 

"Competition is a painful thing, but it produces great results." - Jerry
Flint, in Forbes 


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<>

RE: SECURING WIFI ROUTER

[Webb, Brian (Corp)]

 
I've seen the same message as well with an HP laptop going to a D-Link WIFI 
using WPA.  The message seems to indicate that you are connected to unsecured 
network, but I've always been connected to my secured network when I've checked.

-Brian


-Original Message-
From: Andy Ognenoff [mailto:andyognen...@gmail.com] 
Sent: Thursday, February 19, 2009 1:57 PM
To: NT System Admin Issues
Subject: RE: SECURING WIFI ROUTER

I've seen that happen too, with the plain old Windows wireless client.  WPA2 in 
my instance, as well.  I never did figure out what the problem was but I 
stopped using WIFI a year ago and just wired my house with CAT5e. At the time 
it was a Linksys WRT54GL with DD-WRT and an Intel integrated wlan card in a 
ThinkPad T60.

 - Andy O. 

From: Sam Cayze [mailto:sam.ca...@rollouts.com]
Sent: Thursday, February 19, 2009 1:40 PM
To: NT System Admin Issues
Subject: RE: SECURING WIFI ROUTER

Mmm... this doesn't sound like a popup that I am familiar with Windows being 
capable of generating.  It won't even pop up that message with a Wide Open 
wireless connection (No password needed).
 
Could it be the security center letting you know that the firewall is off, 
windows update is off, or that virus defs are old?
 
If not that, I suspect it's your AV telling you something, or spyware.


From: Murray Freeman [mailto:mfree...@alanet.org]
Sent: Thursday, February 19, 2009 1:33 PM
To: NT System Admin Issues
Subject: SECURING WIFI ROUTER
I hope this is on topic. I have a Dell 700m laptop and a Netgear rangemax mimo 
"G" router. I'm using WPA2, but from time to time, a baloon pops up from the 
icon in the systray stating that my connection is unsecure. If I right click 
and select "view wireless networks" it indicates that my network is in fact 
secured with WPA2. Any ideas why I get the baloon, and is there another way to 
insure that I am WPA2 secured in fact? I've noticed this for months now.
 
Murray
 

 
 

 
 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: PRINT SERVER spooler

[Webb, Brian (Corp)]

We have had problems with some of our UNIX based print jobs killing the
print spoolers on some of our remote servers for years - we have a
scheduled task on all remote servers to restart the printer service
every night.  Crude, but effective.
 
-Brian

 



From: Chinnery, Paul [mailto:pa...@mmcwm.com] 
Sent: Wednesday, February 11, 2009 10:06 AM
To: NT System Admin Issues
Subject: RE: PRINT SERVER spooler


Me, too.   
 
Our HCIS requires background (application) servers.  These servers, as
part of their function, print various reports to printers throughout the
hospital.  
 
Yesterday and today, at about the same time, we got reports that users
weren't getting their printouts. Open up the print folder on a server
and no printers listed or "unable to connect."   Tried stopping the
spooler on the server but that didn't help until I stopped/restarted the
spooler on the print server.  Then, stop/restart spoolers on the
background servers and problem solved.
 
So, I'm trying to figure out the underlying cause so I can prevent it
from happening again. (Especially since I'm on call this weekend.)
 

Paul Chinnery 
Network Administrator 
Memorial Medical Center 
231-845-2319 

 



From: Brian Desmond [mailto:br...@briandesmond.com] 
Sent: Wednesday, February 11, 2009 10:14 AM
To: NT System Admin Issues
Subject: RE: PRINT SERVER spooler



So the spooler is crashing on your print server or the spooler is
crashing on your clients? I'm confused.

 

Thanks,

Brian Desmond

br...@briandesmond.com

 

c - 312.731.3132

 

From: Chinnery, Paul [mailto:pa...@mmcwm.com] 
Sent: Wednesday, February 11, 2009 9:10 AM
To: NT System Admin Issues
Subject: PRINT SERVER spooler

 

In the last 2 days at the same time in the morning, our print server's
spooler seems to be causing problems.  People report that they can't
print.  When we checked a couple of application servers, we found the
spooler service had stopped running.  Restarting it did not help UNTIL
we stopped/restarted the spooler on the print server.

I am at a loss trying to figure out what is causing this.  I have
eliminated anti-virus programs and backup program as neither is
impacting the print server at the time the system fails.

If anybody has any ideas, my thanks in advance. 

Paul Chinnery 
Network Administrator 
Memorial Medical Center 
231-845-2319 

 

 

 


 

 


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: UPS recommendations

[Webb, Brian (Corp)]

A related part of this is what you have the UPS monitoring software
configured to do - when the battery runs out do you send a graceful
shutdown to the server?  If so, do you know if the other UPS (connected
to the other power supply) is still working or not?


-Brian


-Original Message-
From: Jim McAtee [mailto:jmca...@mediaodyssey.com] 
Sent: Tuesday, February 10, 2009 11:40 AM
To: NT System Admin Issues
Subject: Re: UPS recommendations

IMO, with this approach you may just be creating more opportunities for
the whole system to fail rather than providing redundancy, as your
recent experience might prove.

The redundant power supplies in enterprise servers are there first a
foremost to protect against power supply failures.  After hard drives,
and perhaps cooling fans, these have been the most common component
failures that we've experienced.  Note that many manufacturers, such as
Dell, provide a choice of Y power cable for redundant PSUs.  These are
meant to reduce cable clutter when you have a single power feed, but
still provide PSU redundancy.

If you were in a first-class colocation facility, where you were
receiving two hightly reliable power feeds, I could see running each
supply off of a separate feed.

But in your installation it means spec'ing each UPS to be able to
operate every server attached to it simultaneously for the desired run
time.  So you purchase two of the same UPS, maintain them as best you
can, then the day comes when you lose power and _one_ of them fails,
what are the chances that the other will hold up all of your servers?
This is exactly what you just went through.  Battery failures are the
most common problem. 
If the batteries in the first UPS are borderline, and unable to run 1/2
of your equipment, those servers will then load the second UPS, which is
likely to be in a similar state of health and even more likely to fail
under the increased load.



- Original Message -
From: "Ben Scott" 
To: "NT System Admin Issues" 
Sent: Monday, February 09, 2009 9:57 PM
Subject: UPS recommendations


> Hi all,
>
>  We had a power outage today.  I looked over at the server rack just
> in time to see one of the UPSes light up like a Christmas tree, shriek
> like an injured parakeet, and then kill itself.  (Admitted it was old,
> but a graceful failure this was not.)  The servers with redundant
> supplies failed over to the other UPS, which promptly went into
> over-current alarm and dropped the load.  Either said UPS's management
> software has been grossly misreporting its load, or two UPSes at 40%
> load doesn't include enough margin during transfer.  Any which way you
> slice it, it's time to buy some new UPSes.  I'm going to ask for two
> entirely new 1400 or 2200 VA units (existing were 1000 VA), although
> budget may be an issue.
>
>  What do people like for UPSes, *and why*?  I don't see much
> variation across manufactures in a given price band.  At a given
> dollar amount, it seems I get roughly the same capacity, features,
> etc.  I'm thinking differences in management software and quality of
> support don't show up in a spec sheet.  Comments on that front are
> especially welcomed.
>
>  In particular, I'm interested in how to manage a multiple-server,
> multiple-UPS scenario.  Our two biggest servers have redundant
> supplies.  I'd like to plug each supply into a different UPS.  So each
> UPS will be powering multiple servers, and each server will be drawing
> power from multiple UPSes.  I imagine that makes the management
> software configuration a bit trickier, specially since a lot of
> management packages used to assume one-UPS-per-server.
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~ 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: UPS recommendations

[Webb, Brian (Corp)]

We have APC units at our remote sites (about 140 separate locations)
powering 1 server each.  We have the central APC Management appliance
which collects all the data from the remote UPSs.  It works, but we
aren't big fans of APC warranty support.  When we have had problems with
a UPS we call for warranty service and are told they want us in front of
the UPS - even though we have all the remote tools.  One reason we have
the remote monitoring tools is that these things are often in buildings
where we don't have people very often and it can take a few days before
we can arrange a time where a tech can be at the site for more than 10
minutes.  

APC doesn't keep track of stuff by serial number and you can't pull the
model number or the serial number from the remote management tools
(unless you manually put it in).  They don't track the ChargeUPS (new
battery and warranty extension) properly so we always have to prove all
over again that we have a warranty on the unit.  

Some of the support problems have been resolved (at least for us)
because our VAR screamed at APC until they gave us direct numbers of
people in the support organization who were able to help us.

We haven't found a better solution for our remote sites, but thought I'd
share some of our experiences.

-Brian


-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Monday, February 09, 2009 10:57 PM
To: NT System Admin Issues
Subject: UPS recommendations

Hi all,

  We had a power outage today.  I looked over at the server rack just in
time to see one of the UPSes light up like a Christmas tree, shriek like
an injured parakeet, and then kill itself.  (Admitted it was old, but a
graceful failure this was not.)  The servers with redundant supplies
failed over to the other UPS, which promptly went into over-current
alarm and dropped the load.  Either said UPS's management software has
been grossly misreporting its load, or two UPSes at 40% load doesn't
include enough margin during transfer.  Any which way you slice it, it's
time to buy some new UPSes.  I'm going to ask for two entirely new 1400
or 2200 VA units (existing were 1000 VA), although budget may be an
issue.

  What do people like for UPSes, *and why*?  I don't see much variation
across manufactures in a given price band.  At a given dollar amount, it
seems I get roughly the same capacity, features, etc.  I'm thinking
differences in management software and quality of support don't show up
in a spec sheet.  Comments on that front are especially welcomed.

  In particular, I'm interested in how to manage a multiple-server,
multiple-UPS scenario.  Our two biggest servers have redundant supplies.
I'd like to plug each supply into a different UPS.  So each UPS will be
powering multiple servers, and each server will be drawing power from
multiple UPSes.  I imagine that makes the management software
configuration a bit trickier, specially since a lot of management
packages used to assume one-UPS-per-server.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Weird DNS issue

[Webb, Brian (Corp)]

What kind of DNS?  (BIND, Windows, AD integrated?)
 
Does NSlookup return anything by FQDN?
 
Do all DNS servers lose the record or just some?
 
 
-Brian

 



From: Sauvigne, Craig M [mailto:sauvig...@winthrop.edu] 
Sent: Thursday, January 29, 2009 4:00 PM
To: NT System Admin Issues
Subject: Weird DNS issue



Okay. I have something odd going on that I can't seem to nail down.

 

I work for a University and we have a home-grown system that monitors
all the lab computers around campus to see if someone is logged on
(headcount tracking). Every few weeks, that system will suddenly show
labs as empty that are not. In troubleshooting, we have found that those
empty seats result from those machines having lost their record in DNS.
The machines can't be pinged by hostname since there is no DNS entry
anymore. The machines are still online (ping by IP works, remote
management by IP works, computer is still usable). It just drops out of
DNS. Today this happened in the middle of the day. The machines worked
fine until around 1pm or 2pm. I don't show anything in logs on the DNS
servers that look relevant.

 

Does anyone have any ideas on what I can look for? It is an odd one
because it is random when it happens and random as to which machines are
affected. It usually happens to a full lab of computers but other
machines in that building are unaffected.

 

Any help will be greatly appreciated!

 

Thanks.

 



Craig M. Sauvigne

System Administrator

Winthrop University

Rock Hill, SC 29733

sauvig...@winthrop.edu

SC143

 


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: TS server recommendations

[Webb, Brian (Corp)]

We actually have a NLB cluster of 2003 TSs that is running on HP ML370
G3 boxes supporting up to 50 users each - it gets a bit slow after 40
each, but is still usable up to 50.  Those servers are only dual
processor 3 GHz P4 class with 4GB of ram and a 4 drive SCSI RAID 0+1.
They run out of memory long before they run out of CPU with users
running a mix of Office applications, IE to access internal web sites,
along with Remedy and a few other miscellaneous apps.
 
In my experience, the biggest bottleneck on a TS is memory.  If you can
run 64 bit I would as this will allow you to access more memory.
 
-Brian

 



From: Neil Standley [mailto:n...@net-venture.com] 
Sent: Tuesday, January 27, 2009 12:42 PM
To: NT System Admin Issues
Subject: RE: TS server recommendations



Hi Cameron,

 

I have to believe those are not concurrent users, are they?  What kind
of drives and raid controller are you using?

 

 

 

Neil

 

From: Cameron Cooper [mailto:ccoo...@aurico.com] 
Sent: Tuesday, January 27, 2009 10:19 AM
To: NT System Admin Issues
Subject: RE: TS server recommendations

 

Neil,

 

That will be more than enough.  We have a TS server here that has a
1.6GHz Xeon, with 4GB and RAID 0 and have about 50 users that can access
it at any given point.  Would recommend making sure that the HD size is
big enough for all of the user files that get created.

 

---___

Cameron Cooper

IT Director - CompTIA A+ Certified

Aurico Reports, Inc

Phone: 847-890-4021Fax: 847-255-1896

ccoo...@aurico.com

 

From: Neil Standley [mailto:n...@net-venture.com] 
Sent: Tuesday, January 27, 2009 12:15 PM
To: NT System Admin Issues
Subject: TS server recommendations

 

Hello

 

I've been tasked with putting a quote together for a customer and need
some assistance.  

 

They require a Term server that'll support 20 users with Office 2007
Small business, the customers primary need is for Word and Excel. 

 

Do you think this is sufficient to support 20 concurrent users?  I'm
trying to compete against Dell for the customer's bid so I need to keep
it as low as possible.

 

Dual Quad-core Xeons (2.33Ghz)

8GB RAM

3 disk Raid 5 (plus spare) (7200 Rpm drives) w 15 or 32MB cache +
Hardware raid controller cache has (512MB)

Win2K3

 

 

 

Thanks for your input.

Neil

 

 

 

 

 

 

 


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Canon networked printer - error 853

[Webb, Brian (Corp)]

We have found the Canons to be very sensitive to speed/duplex issues -
make sure you have the NIC set to match your switch (either have both
set to auto/auto or locked in) - the interface to set it isn't the
best...
 
-Brian

 



From: David Lum [mailto:david@nwea.org] 
Sent: Monday, January 19, 2009 9:15 AM
To: NT System Admin Issues
Subject: Canon networked printer - error 853



I have a Canon imageRunner 3025 printer/copier/blender that has been
used as a fax and recently was requested to network it. I have the IP
set and can hit the printer via both PING and web management interface,
however when I send a print job it get "NG, error 853".

 

Google-Fu has suggested a few items, I was wondering if anyone here has
seen this issue and resolved it? The Canon is question is one of their
larger do-it-all systems as you'd expect to see from Xerox, etc.

David Lum // SYSTEMS ENGINEER 
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764

 


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: DHCP

[Webb, Brian (Corp)]

Be careful re-using IP addresses on DHCP servers.  We had a problem
getting a DHCP server to *REALLY* be authorized when we re-used the
IP/name.  I don't remember the details, just that we had problems with
it - your situation sounds similar enough that you might want to try
de-authorizing the server and re-authorizing it to see if that helps.
 
-Brian

 



From: Roger Wright [mailto:rwri...@evatone.com] 
Sent: Wednesday, January 14, 2009 10:51 AM
To: NT System Admin Issues
Subject: RE: DHCP



This new DHCP server has the same IP as one that was "retired" but a
different name.  Right now it's only configured with a single scope for
a different subnet, but the clients on that subnet keep going back to
one of the two original DHCP servers.

 

Would ISA2004 require some type of entry allowing DHCP requests to go to
the new machine?

 

   

 

Roger Wright

Network Administrator

Evatone, Inc.

727.572.7076  x388

_  

 

From: Eldridge, Dave [mailto:d...@parkviewmc.com] 
Sent: Wednesday, January 14, 2009 11:47 AM
To: NT System Admin Issues
Subject: RE: DHCP

 

But are the other machines on another subnet and have you added the new
dhcp to the ip helper listing on your router/switch?

 

From: Roger Wright [mailto:rwri...@evatone.com] 
Sent: Wednesday, January 14, 2009 9:41 AM
To: NT System Admin Issues
Subject: RE: DHCP

 

Yep, and easily accessible from any machine.  Got me confused, for sure!

 

   

 

Roger Wright

Network Administrator

Evatone, Inc.

727.572.7076  x388

_  

 

From: Todd Lemmiksoo [mailto:tlemmik...@all-mode.com] 
Sent: Wednesday, January 14, 2009 11:41 AM
To: NT System Admin Issues
Subject: RE: DHCP

 

Are both authorized?

 



From: Roger Wright [mailto:rwri...@evatone.com] 
Sent: Wednesday, January 14, 2009 11:30 AM
To: NT System Admin Issues
Subject: RE: DHCP

No, both DHCP servers are on the same subnet and can be accessed by all
the machines

 

   

 

Roger Wright

Network Administrator

Evatone, Inc.

727.572.7076  x388

_  

 

From: Todd Lemmiksoo [mailto:tlemmik...@all-mode.com] 
Sent: Wednesday, January 14, 2009 9:55 AM
To: NT System Admin Issues
Subject: RE: DHCP

 

Is it on a different subnet. If yes, then the DHCP request is not being
forwarded to the DHCP server.

 



From: Roger Wright [mailto:rwri...@evatone.com] 
Sent: Wednesday, January 14, 2009 9:43 AM
To: NT System Admin Issues
Subject: DHCP

W2003 server & ISA2004

 

We've recently deployed a domain controller running as a VMWare 2.0 VM.
It's handling AD and DNS fine.  

 

It's also configured as a DHCP server with subnet scopes split about
60/40 with an existing DHCP server and can be managed via the DHCP Admin
console.  

 

However, when clients try to renew an address they never hit this new
DHCP server, even if it's the only one available.

 

How best to troubleshoot this?

 

 

 

Roger Wright

Network Administrator

Evatone, Inc.

727.572.7076  x388

  

 

_

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

This e-mail contains the thoughts and opinions of the sender and does
not represent official Parkview Medical Center policy.

This communication is intended only for the recipient(s) named above,
may be confidential and/or legally privileged: and, must be treated as
such in accordance with state and federal laws. If you are not the
intended recipient, you are hereby notified that any use of this
communication, or any of its contents, is prohibited. If you have
received this communication in error, please return to sender and delete
the message from your computer system.

 

 

 


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<>

RE: Upgrading DCs to 64 bit

[Webb, Brian (Corp)]

Thanks all.  I wasn't aware of the GPMC issues - to clarify - you just
have to run GPMC on a 32 bit server, right?  (so we can still run it on
our existing admin terminal server as we do now).
 
-Brian

 



From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu] 
Sent: Thursday, January 08, 2009 9:49 AM
To: NT System Admin Issues
Subject: RE: Upgrading DCs to 64 bit



We have two 64-bit 2003 DCs alongside our 32-bit DCs that have been
humming along happily for at least a year now.  No WS08 DCs installed
yet, but we just extended our schema for WS08 over the winter break and
that went well-still ticking along.

 

We've also had to keep a 32-bit DC for GPMC, but I'm hoping when we get
to WS08 I can get rid of that.

 

BTW, just to clarify, AFAIK, there is no direct upgrade path at the
server level-the DCs I installed as x64 had to be rebuilt.

 

-Bonnie

 

From: Tim Vander Kooi [mailto:tvanderk...@expl.com] 
Sent: Wednesday, January 07, 2009 7:44 AM
To: NT System Admin Issues
Subject: RE: Upgrading DCs to 64 bit

 

I have been running a mix of 32 and 64-bit DCs for over a year with no
ill effects at all. I prefer the performance gains I receive from
running 64-bit, but not all MS management tools (GPMC in particular)
would run on 64-bit prior to Server 2008's release, so I had to keep at
least 1 32-bit server around for that purpose.

TVK

 

 

From: Webb, Brian (Corp) [mailto:brian.w...@teldta.com] 
Sent: Wednesday, January 07, 2009 9:37 AM
To: NT System Admin Issues
Subject: Upgrading DCs to 64 bit

 

Has anyone upgraded their 2003 domain from 32 bit DCs to 64 bit DCs?
Our security team wants to move to 64 bit to take advantage of the
larger event logs - anyone done it?  Were there any issues running some
DCs 32 bit and some 64 bit?  Anyone run a mixed environment long term?
I'm planning on doing some testing, but wanted some advance scouting if
available.

 

Brian Webb - MCSE
TDS Corporate IS, Windows Server Platform Team
Senior Systems Administrator

"When stuck on a problem as often can be, try to remember G.B.T.T.D. (Go
Back To The Definition)". - Dave Seybold

 

 

 

 

 

 

 


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Upgrading DCs to 64 bit

[Webb, Brian (Corp)]

Has anyone upgraded their 2003 domain from 32 bit DCs to 64 bit DCs?
Our security team wants to move to 64 bit to take advantage of the
larger event logs - anyone done it?  Were there any issues running some
DCs 32 bit and some 64 bit?  Anyone run a mixed environment long term?
I'm planning on doing some testing, but wanted some advance scouting if
available.
 
Brian Webb - MCSE
TDS Corporate IS, Windows Server Platform Team
Senior Systems Administrator

"When stuck on a problem as often can be, try to remember G.B.T.T.D. (Go
Back To The Definition)". - Dave Seybold

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Virtualization Questions - More Q's

[Webb, Brian (Corp)]

There were several sessions on security at VMWorld this past year and
the people leading those sessions would definitely say there are
security issues that come about from using virtualization.  In some ways
the security picture gets better, in some ways worse.  There are some
new security appliances coming out that can run as a VM and watch over
the other VMs.  VMWare has created some special hooks into the
hypervisor to allow this.  Keep an eye on the issue.
 
At the very least there are additional privileges that must be tracked -
it is never a good idea to have only one person who has the "keys to the
kingdom" 
 
-Brian

 



From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Tuesday, December 30, 2008 5:33 AM
To: NT System Admin Issues
Subject: RE: Virtualization Questions - More Q's



Most people have said "no" to question #2.

 

I would say that there is a definite impact. Your virtualisation team
are pretty much now an additional "god" in the organisation. For smaller
shops this isn't an issue. For bigger shops, or where
compliance/auditing/change control are important, then this is another
layer of people who have significant  privileges, who must be worked
into your change control process.

 

Cheers

Ken

 

From: Andy Shook [mailto:andy.sh...@peak10.com] 
Sent: Tuesday, 30 December 2008 2:57 AM
To: NT System Admin Issues
Subject: RE: Virtualization Questions - More Q's

 

1.   As long as the resources are available for the VM, then
transparent.  I know in the past that processors had to be in the same
family as well as the same brand for Vmotion but I heard that this has
changed with (ESX) update 3.  I don't know the details yet, so someone
please chime in here for clarification. 

2.   No

3.   Most environments will have both.  Shared for the lightweight
servers and dedicated for VMotion\HA\DRS and the heavy hitting servers.

4.   An OS license is an OS license is an OS license.  Doubtful but
check with the vendors in question.  

 

Shook

 

From: Roger Wright [mailto:rwri...@evatone.com] 
Sent: Monday, December 29, 2008 10:32 AM
To: NT System Admin Issues
Subject: RE: Virtualization Questions - More Q's

 

Great responses so far!  You've all given me even more to think about.

 

A few other questions:

 

1.   From a DR perspective, or perhaps just for rebalancing the load
on a host machine, how does moving from one host to another with
different HW impact the VM, or is it transparent?  

 

2.   Does Virtualization impact your domain security requirements in
any way?  

 

3.   NIC Utilization - Shared NICs or separate for each VM?

 

4.   OS & App licensing - can we expect any reduction in licensing
requirements?

 

 

Thanks!

 


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Fujitsu 300GB/10K RPM Fiber Channel Drives - Firmware Issues (1904)

[Webb, Brian (Corp)]

Don't have the Dell drives, but when we have had similar problems with
HP drives, we have usually upgraded our spare drives and then used the
spares to swap out the bad drives one by one in each array.  You have a
slight risk of failure while the array is rebuilding, but no downtime if
things go right. 
 
-Brian

 



From: Sean Martin [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, December 10, 2008 2:21 PM
To: NT System Admin Issues
Subject: Fujitsu 300GB/10K RPM Fiber Channel Drives - Firmware Issues
(1904)


I was just notified late last week that a batch of drives we received
from Dell back in December of 2007 and February 2008 have been
identified as having a firmware problem which could lead to data
corruption/loss. The affected drives are Fujitsu 300GB/10K RPM Fiber
Channel with Firmware Revision 1904. 
 
We have a total of 38 of these drives across 3 DAEs attached to one of
our CX700s. I was wondering if anyone else out there is affected by this
and would be willing to discuss their plans for resolving the issue. I
don't have all of the details as of yet, but the project manager that
contacted me is under the impression that the entire array will need to
be taken offline for the firmware to be upgraded on the affected drives.
This is not acceptable in our environment as it would involve the outage
of almost 50 servers. 
 
I'm just curious to see how other medium to large organizations are
handling this issue.
 
- Sean

 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Can't get SQL to connect

[Webb, Brian (Corp)]

We had a SQL server recently turn on the Windows Firewall - not sure if
it was patch related or not yet, but it happened in the middle of last
week (a couple days after the last round of patches).


-Brian

-Original Message-
From: John Cook [mailto:[EMAIL PROTECTED] 
Sent: Monday, November 24, 2008 3:33 PM
To: NT System Admin Issues
Subject: Can't get SQL to connect

Anyone had any recent issues with SQL 2000 andwindows updates? Ours just
crapped out of the blue. I tried the DBCC SHRINKFILE to make some space
but no change.
John W. Cook
Systems Administrator
Partnership For Strong Families
Painfully sent to you from my Blackberry

CONFIDENTIALITY STATEMENT: The information transmitted, or contained or
attached to or with this Notice is intended only for the person or
entity to which it is addressed and may contain Protected Health
Information (PHI), confidential and/or privileged material. Any review,
transmission, dissemination, or other use of, and taking any action in
reliance upon this information by persons or entities other than the
intended recipient without the express written consent of the sender are
prohibited. This information may be protected by the Health Insurance
Portability and Accountability Act of 1996 (HIPAA), and other Federal
and Florida laws. Improper or unauthorized use or disclosure of this
information could result in civil and/or criminal penalties.
 Consider the environment. Please don't print this e-mail unless you
really need to.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Why would you set a NIC to 100/full or Auto?

[Webb, Brian (Corp)]

In my experience, autonegotiation works great for speed, but for duplex
it depends on what the other device is set to.  
 
If both devices are set to AUTO then it works
 
If both devices are set to a fixed duplex then it works
 
If one device is set to a fixed speed/duplex and the other is set to
AUTO then the speed is negotiated properly, but the duplex is negotiated
to half and if the fixed end is set to FULL then you have problems.
 
-Brian

 



From: Brumbaugh, Luke [mailto:[EMAIL PROTECTED] 
Sent: Friday, November 21, 2008 8:37 AM
To: NT System Admin Issues
Subject: Why would you set a NIC to 100/full or Auto?



I heard 2 arguments and both seem valid.   I find it a pain to have to
go back in and set NIC speed on the switch and server/PC.   Over wire
builds suck (WDS) for speed etc.

 

1.   Was that in old days the NIC chips had hard time negotiating
and it is no longer needed, except that it would be good practice for
servers which rarely change.

2.   The other was that the auto-negotiate packets are 30% of the
broadcast packets and by removing all doubt, they lessen the traffic.

 

What exactly is the real story?I never had to set this before on the
pc side of the LAN.

 

TIA

 

Luke L. Brumbaugh

Network Engineer

Butler Animal Health Supply

Ph:(614) 659-1736

 

**

CONFIDENTIALITY NOTICE: The information transmitted in this message is
intended only for the person or entity to which it is addressed and may
contain confidential and/or privileged material. Any review,
retransmission, dissemination or other use of this information by
persons or entities other than the intended recipient is prohibited. If
you received this in error, please contact the sender and destroy all
copies of this document. Thank you. 

Butler Animal Health Supply

**

 


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Windows 3.1 themes

[Webb, Brian (Corp)]

We used to use it to make sure nobody had hard coded a color to a window
element...

Anyone know why MS stopped including any alternative color themes with
current versions of Windows?  After Windows 98 they broke most of the
alternative color schemes. 


-Brian


-Original Message-
From: John Cook [mailto:[EMAIL PROTECTED] 
Sent: Friday, November 21, 2008 9:54 AM
To: NT System Admin Issues
Subject: Re: Windows 3.1 themes

+1 it kept me awake.
John W. Cook
Systems Administrator
Partnership For Strong Families
Painfully sent to you from my Blackberry

- Original Message -
From: Kurt Buff <[EMAIL PROTECTED]>
To: NT System Admin Issues 
Sent: Fri Nov 21 10:48:28 2008
Subject: Re: Windows 3.1 themes

Hey - that was a great color scheme.

I used it all the time.

Heh.

On Fri, Nov 21, 2008 at 6:28 AM, Sherry Abercrombie <[EMAIL PROTECTED]>
wrote:
> +1
>
> Oww, my eyes, make it go away please.  I actually had users that used 
> that color scheme..
>
> On Fri, Nov 21, 2008 at 8:24 AM, Erik Goldoff <[EMAIL PROTECTED]>
wrote:
>>
>> more than 10 years later and that color theme  STILL hurts my eyes !

>> 
>>
>>
>> Erik Goldoff
>>
>> IT  Consultant
>>
>> Systems, Networks, & Security
>>
>>
>> 
>> From: James Rankin [mailto:[EMAIL PROTECTED]
>> Sent: Friday, November 21, 2008 9:19 AM
>> To: NT System Admin Issues
>> Subject: OT: Windows 3.1 themes
>>
>> Just stumbled across this tribute to one of the old Windows 3.1 
>> themes
>>
>> http://www.codinghorror.com/blog/archives/000341.html
>>
>> I think it should be released as one of the themes for the new Gmail 
>> :-)
>>
>>
>>
>>
>>
>> No virus found in this incoming message.
>> Checked by AVG - http://www.avg.com
>> Version: 8.0.175 / Virus Database: 270.9.4/1789 - Release Date: 
>> 11/21/2008
>> 9:37 AM
>>
>>
>>
>>
>
>
> --
> Sherry Abercrombie
>
> "Any sufficiently advanced technology is indistinguishable from
magic."
> Arthur C. Clarke
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

CONFIDENTIALITY STATEMENT: The information transmitted, or contained or
attached to or with this Notice is intended only for the person or
entity to which it is addressed and may contain Protected Health
Information (PHI), confidential and/or privileged material. Any review,
transmission, dissemination, or other use of, and taking any action in
reliance upon this information by persons or entities other than the
intended recipient without the express written consent of the sender are
prohibited. This information may be protected by the Health Insurance
Portability and Accountability Act of 1996 (HIPAA), and other Federal
and Florida laws. Improper or unauthorized use or disclosure of this
information could result in civil and/or criminal penalties.
 Consider the environment. Please don't print this e-mail unless you
really need to.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Still having login issues

[Webb, Brian (Corp)]

We had a problem recently where one DC was not replicating the SYSVOL
properly.  Compare the SYSVOL on your DCs and see if they are different.
We found a problem where policies were not getting replicated.  There is
a reg key you can change to tell it to clear the sysvol and re-replicate
the data.  I don't have time to look it up right now, but it might give
you a place to look.
 
-Brian
608-664-6124
 



From: Joe Heaton [mailto:[EMAIL PROTECTED] 
Sent: Monday, November 17, 2008 1:52 PM
To: NT System Admin Issues
Subject: RE: Still having login issues



Don't answer that Michael, I figured it out.  The client I looked at,
with the issue, is hitting my secondary DC for auth.  Possibly an issue
with the two DCs talking?

 

Joe Heaton

Employment Training Panel

 

From: Joe Heaton [mailto:[EMAIL PROTECTED] 
Sent: Monday, November 17, 2008 11:45 AM
To: NT System Admin Issues
Subject: RE: Still having login issues

 

Is that a lower case L, or an upper case I (eye)?

 

Joe Heaton

Employment Training Panel

 

From: Michael B. Smith [mailto:[EMAIL PROTECTED] 
Sent: Monday, November 17, 2008 11:40 AM
To: NT System Admin Issues
Subject: RE: Still having login issues

 

If you look at the event logs on the desktop after a mapping failed, are
there any warnings or errors?

 

What about the login DC? ("set l" from a cmd.exe session to find that
out)

 

Regards,

 

Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP

My blog: http://TheEssentialExchange.com/blogs/michael

Link with me at: http://www.linkedin.com/in/theessentialexchange

 

From: Joe Heaton [mailto:[EMAIL PROTECTED] 
Sent: Monday, November 17, 2008 2:32 PM
To: NT System Admin Issues
Subject: Still having login issues

 

I have users that get their home directory through a mapping, which was
setup under their user account in ADUC.  Randomly, they are telling me
that this drive is not showing up under their Network Drives under My
Computer.  I have had recent issues with login scripts not mapping
correctly, and I did enable the GP setting for "Always wait for network"
or whatever that was.  Anyone have any other ideas that I could look
into?  Background info again:

 

Recently replaced all desktops with new equipment.  This new equipment
is running XP Pro, with 2GB of RAM, and Gig NICs.  However, not all
network connections are Gig, as most of the cards in the switch are
10/100.

 

 

Joe Heaton

AISA

Employment Training Panel

1100 J Street, 4th Floor

Sacramento, CA  95814

(916) 327-5276

[EMAIL PROTECTED]

 

 

 

 

 

 

 

 

 

 


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Thin clients

[Webb, Brian (Corp)]

We have been running a pilot with Sun thin clients for a work at home
project and have had problems with the client dropping the connection
1-2 times a day.  Sun was not able to track down the problem even given
a couple of months to do so and knowing that this was a deal breaker
problem.  We only saw it in connections across a DSL line - WiMax
connections were fine.  Connections from XP clients didn't drop on
either DSL or WiMax so it was something related to the Sun thin clients.
 
We are looking at Wyse now.
 
-Brian

 



From: Glen Johnson [mailto:[EMAIL PROTECTED] 
Sent: Friday, November 14, 2008 10:27 AM
To: NT System Admin Issues
Subject: Thin clients



We have been asked to investigate using thin clients for some stations.
Initially, maybe 10 or so but if it goes well, who knows, maybe 100 or
more.

Any reading or other resources that anyone care to point me to?

Also, any suggestions as to what vendors/technology to look at and to
avoid.

Thanks.

Glen.


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Problems using alias for server?

[Webb, Brian (Corp)]

To use a CNAME to connect to a share you must disable strict name
checking - do a search and find the MS KB article to find the registry
hack.

-Brian


-Original Message-
From: Kennedy, Jim [mailto:[EMAIL PROTECTED] 
Sent: Friday, November 14, 2008 9:12 AM
To: NT System Admin Issues
Subject: RE: Problems using alias for server?

Currently fighting the same issue, with no luck. Thankfully this is just
a server we host installation packages on. OldServer and NewServer.

I have static dns and wins entries for OldServer pointing to the IP
address of NewServer.  \\OldServer from start run on any desktop usually
brings up 'You were not connected because a duplicate name exists on the
network. If joining a domain, go to system in control pane to
change.' other times it won't connect.

Very odd and what you describe and what I have done should work. I
suggest testing it as much as you can before you pull the trigger. And
tell me how it goes :)


> -Original Message-
> From: John Hornbuckle [mailto:[EMAIL PROTECTED]
> Sent: Friday, November 14, 2008 10:07 AM
> To: NT System Admin Issues
> Subject: Problems using alias for server?
>
> We're using a combination of folder redirection and roaming profiles, 
> with users' data stored somewhere like \\oldserver\sharename. That 
> server has an external PowerVault RAID system attached to it, and 
> that's where "sharename" is located.
>
> "Oldserver" is at the end of its lifecycle and needs to be 
> decommissioned. This means I need to move the PV to the new server, 
> which means that \\oldserver\sharename won't work anymore--it'll need 
> to be something like \\newserver\sharename.
>
> So here's what I was thinking of doing... I'd like to create a DNS 
> record for a new, generic server name--maybe "profiles"--and point it 
> to the IP address of oldserver. Then I'd reconfigure users' accounts /

> AD settings to point to \\profiles\sharename. After giving that some 
> time to make sure it works and everyone's account is looking for that 
> new, generic server name and their profiles and redirected folders are

> working fine on the old server, I would move the PV over to the new 
> server and change the DNS entry for "profiles" to point to the IP 
> address of the new server. The idea is that the move would be 
> transparent to the users and their computers. And a few years from now

> when I need to once again relocate their stuff, I would again just 
> change the DNS entry to keep the change transparent.
>
> Is there any reason this shouldn't work? Or that it's just not a good 
> way of accomplishing what I want?
>
>
>
> John Hornbuckle
> MIS Department
> Taylor County School District
> 318 North Clark Street
> Perry, FL 32347
>
> www.taylor.k12.fl.us
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: I found this amusing...

[Webb, Brian (Corp)]

It went up on the outside of my cube the day it was posted.


-Brian


-Original Message-
From: Angus Scott-Fleming [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, November 12, 2008 7:47 PM
To: NT System Admin Issues
Subject: Re: I found this amusing...

On 10 Nov 2008 at 19:03, Kurt Buff  wrote:

> But then, I was always a fan of the classics...
> 
> http://xkcd.com/501/

Yep, that one was a 'keeper' ...

--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
+---+




~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: How to track static DNS records

[Webb, Brian (Corp)]

Thanks Troy, that gave me a start.

Actually, one part I'm interested in is what CNAMEs we haven't copied
over to the new domain and manipulating the output from dnscmd got me a
good list to look at.  I'm still not sure what to do about tracking new
ones going forward - another item to add to my CMDB wish list.


-Brian

-Original Message-
From: Troy Meyer [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, November 12, 2008 1:54 PM
To: NT System Admin Issues
Subject: RE: How to track static DNS records

I don't think there is an easy way, the best you could do is to see
which machines were not responding to pings.  I would probably pipe all
DNS entries for that domain to a file

Dnscmd servername /zoneprint olddomain.com > bigtextfile.txt

Then script the pinging of all A and CNAME records, probably using
powershell and the System.Net.NetworkInformation.Ping object. I am lazy
and would clean up that file manually in excel and create a csv file
with all my cname and a records.  Then run this powershell script.


$inputlist = get-content file.csv
$ping = new-object System.Net.NetworkInformation.Ping

Foreach ($thing in $inputlist){
$reply = $ping.send($thing)
If ($reply.status -eq "Success"){}
Else { echo $thing >> outputfile.txt } }


Untested and your warranty just expired.  Good luck.

-troy


-Original Message-
From: Webb, Brian (Corp) [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 12, 2008 11:38 AM
To: NT System Admin Issues
Subject: How to track static DNS records

OK, you have a bunch of CNames and static A records you have added to
DNS and now you are wondering what the heck they are for and if they are
still used.  How do you track such things?  We have some DNS servers we
will be shutting down and need to make sure we don't break anything
because we didn't move a CName.  We also need to track new changes going
forward.

Thoughts?

Brian Webb
TDS Corporate IS, Windows Server Platform Team Senior Systems
Administrator

"When stuck on a problem as often can be, try to remember G.B.T.T.D. (Go
Back To The Definition)". - Dave Seybold









~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

How to track static DNS records

[Webb, Brian (Corp)]

OK, you have a bunch of CNames and static A records you have added to
DNS and now you are wondering what the heck they are for and if they are
still used.  How do you track such things?  We have some DNS servers we
will be shutting down and need to make sure we don't break anything
because we didn't move a CName.  We also need to track new changes going
forward.
 
Thoughts?
 
Brian Webb 
TDS Corporate IS, Windows Server Platform Team
Senior Systems Administrator

"When stuck on a problem as often can be, try to remember G.B.T.T.D. (Go
Back To The Definition)". - Dave Seybold

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: IT Departmental Meetings

[Webb, Brian (Corp)]

We have a weekly team meeting with the Windows Server admins and our
supervisor - scheduled for an hour, but often we either skip the meeting
entirely or cut it short.  We try to make sure we get any updates from
management and know what each other is doing.  Any problems, new
processes, etc are brought up here.  We also have a every other week
on-call meeting where we go over all the pages from the last 2 weeks and
transition the on-call phone.  This is scheduled for 30 minutes - it
usually takes 15 to go through the pages.
 
-Brian

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Decommission a domain

[Webb, Brian (Corp)]

I'll reply to my own post since no one else did...
 
I found one major issue that I didn't think to address until a co-worker
pointed it out: make sure nothing is pointing to the DNS server on the
DCs you are about to decommission.  We suddenly realized there are a
bunch of non-windows and non-domain devices pointing to the DNS servers
in the domain we are trying to decomm.  That would have been bad...
 
-Brian

 

____

From: Webb, Brian (Corp) 
Sent: Wednesday, October 29, 2008 5:06 PM
To: 'NT System Admin Issues'
Subject: Decommission a domain


Anyone have a checklist for shutting down a Windows 2003 domain?  We are
about to remove the last non-domain controller servers from a domain and
will be shutting it down soon.  I'm planning on running DCPROMO and
removing any DNS entries for the domain from our other DNS servers.
I'll also need to remove the trust links from a trusted domain.
Anything else that I should look at?
 
Brian Webb - MCSE
TDS Corporate IS, Windows Server Platform Team
Senior Systems Administrator

"When stuck on a problem as often can be, try to remember G.B.T.T.D. (Go
Back To The Definition)". - Dave Seybold

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Decommission a domain

[Webb, Brian (Corp)]

Anyone have a checklist for shutting down a Windows 2003 domain?  We are
about to remove the last non-domain controller servers from a domain and
will be shutting it down soon.  I'm planning on running DCPROMO and
removing any DNS entries for the domain from our other DNS servers.
I'll also need to remove the trust links from a trusted domain.
Anything else that I should look at?
 
Brian Webb - MCSE
TDS Corporate IS, Windows Server Platform Team
Senior Systems Administrator

"When stuck on a problem as often can be, try to remember G.B.T.T.D. (Go
Back To The Definition)". - Dave Seybold

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Canon ir8070 drivers

[Webb, Brian (Corp)]

On another model of Canon we were told to avoid the S1 variant.
 
-Brian

 



From: Joseph L. Casale [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, October 22, 2008 12:35 PM
To: NT System Admin Issues
Subject: Canon ir8070 drivers



Anyone know the difference between an iR-8070, iR-8070-M3 and
iR-8070-S1?

 

I can't find any mention in the docs?

 

Thanks!
jlc


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Domain Migration tools

[Webb, Brian (Corp)]

We are using Quest Migration Manager.  It has a few quirks, but moving
users and machines is easy and reliable once set up.  We had a few
thousand users and workstations to move between domains and that went
very smoothly.  We are still moving servers as anything that has
dependencies can cause havoc when moved.  Finding all the FQDNs and
references to IP addresses (we are renumbering too!) is a royal pain.
The good part is that we have been able to decomm 33 servers by moving
their functions to other machines or simply find the server was no
longer in use.
 
-Brian

 



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] 
Sent: Wednesday, October 22, 2008 11:31 AM
To: NT System Admin Issues
Subject: RE: Domain Migration tools



The source domain is relatively small. Single Windows 2003 domain with a
few DC's and 250 users.  Target is pretty big, but only a few domains. 

 

 

Chris Bodnar 
Sr. Windows Systems Engineer 
Swiftwater, PA 
570-957-3522 



From: Andy Shook [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, October 22, 2008 11:46 AM
To: NT System Admin Issues
Subject: RE: Domain Migration tools

 

How big is the environment?  What flavor of Windows?

 

Shook

 

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] 
Sent: Wednesday, October 22, 2008 11:43 AM
To: NT System Admin Issues
Subject: Domain Migration tools

 

Does anyone know of a review that compared these 3 tools:

Microsoft - Active Directory Migration Tool

NetIQ Corp.'s Domain Migration Administrator (DMA).

Quest - Migration Manager for Active Directory

I've been looking online but so far no luck.

Thank you,

Chris Bodnar

Sr. Windows Systems Engineer

Swiftwater, PA

570-957-3522

This communication, including any attachments, is intended solely for
the use of the addressee and may contain information which is
privileged, confidential, exempt from disclosure under applicable law or
subject to copyright. If you are not an intended recipient, any use,
disclosure, distribution, reproduction, review or copying is
unauthorized and may be unlawful. If you have received this transmission
in error, please notify the sender immediately. Thank you.

Cette communication,y compris les pieces jointes, est reservee a l'usage
exclusif du destinataire et peut contenir des informations privilegiees,
confidentielles, exemptees de divulgation selon la loi ou protegees par
les droits de publication. Si vous n'etes pas un destinataire, toute
utilisation, divulgation, distribution, reproduction, examen ou copie
est non-autorisee et peut etre illegale. Si vous avez recu cette
communication par erreur, veuillez aviser l'expediteur immediatement.
Merci. 

 

 

 

 

 

 

This communication, including any attachments, is intended solely for
the use of the addressee and may contain information which is
privileged, confidential, exempt from disclosure under applicable law or
subject to copyright. If you are not an intended recipient, any use,
disclosure, distribution, reproduction, review or copying is
unauthorized and may be unlawful. If you have received this transmission
in error, please notify the sender immediately. Thank you.

Cette communication,y compris les pieces jointes, est reservee a l'usage
exclusif du destinataire et peut contenir des informations privilegiees,
confidentielles, exemptees de divulgation selon la loi ou protegees par
les droits de publication. Si vous n'etes pas un destinataire, toute
utilisation, divulgation, distribution, reproduction, examen ou copie
est non-autorisee et peut etre illegale. Si vous avez recu cette
communication par erreur, veuillez aviser l'expediteur immediatement.
Merci. 


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Export Global Address List?

[Webb, Brian (Corp)]

You could create an ADAM instance and load the GAL data in it - then
point Windows Address Book (or some other LDAP client) at the ADAM
instance.
 
-Brian

 



From: Eric Brouwer [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, October 21, 2008 3:15 PM
To: NT System Admin Issues
Subject: RE: Export Global Address List?



Ok, I figured out how to export the GAL entries I want.

 

Now I need to find a way to make a shared copy of all these contacts
available to everyone.  We're using a mixed bag of Outlook and Apple
Mail clients.  Any way to create "global address book" outside of
Exchange to be used by multiple clients?


Thanks again!

 



From: Eric Brouwer [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, October 21, 2008 4:08 PM
To: NT System Admin Issues
Subject: Export Global Address List?

 

Good afternoon everyone,

 

We are migrating from an Exchange 5.5 server (yes, it's still running)
to a hosted IMAP solution.  Is there any way to export the GAL to
populate contacts for all employees in their new contact folders?  Does
that make sense?  Is this possible?

 

Thanks,


Eric

 

 

 


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: DNS Reverse lookup question

[Webb, Brian (Corp)]

The problem is the subnet already exists in both domains...
 
-Brian

 



From: Michael B. Smith [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, October 21, 2008 11:49 AM
To: NT System Admin Issues
Subject: RE: DNS Reverse lookup question



You can use a stub domain or a forwarding domain.

 

Regards,

 

Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP

My blog: http://TheEssentialExchange.com/blogs/michael

Link with me at: http://www.linkedin.com/in/theessentialexchange

 

From: Webb, Brian (Corp) [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, October 21, 2008 12:47 PM
To: NT System Admin Issues
Subject: DNS Reverse lookup question

 

Here is the situation:

1 IP range has servers from 2 different domains 

 

DNS servers (AD integrated) for each domain have entries for the servers
in that domain

 

If I do a reverse lookup from a machine that is pointed to the "right"
DNS server it works, otherwise I get a non-existent domain.  Hw do you
solve this?  Do you manually put in PTR records for all the servers in
the opposite domain?

 

Example:

Server1.corp.local is at 10.1.1.10

 

Server2.division.local is at 10.1.1.20

 

Client1.corp.local is at 10.100.100.100 with DNS server pointed to
DNSserver.corp.local

Client2.division.local is at 10.200.200.200 with DNS server pointed to
DNSserver.division.local

 

nslookup from client1 for 10.1.1.10 returns Server1

nslookup from client1 for 10.1.1.20 returns non-existent domain

 

nslookup from Client2 for 10.1.1.10 returns non-existent domain

nslookup from Client2 for 10.1.1.20 returns Server2

 

nslookup by name (forward lookup) works everywhere.

 

Brian Webb - MCSE
TDS Corporate IS, Windows Server Platform Team
Senior Systems Administrator

"When stuck on a problem as often can be, try to remember G.B.T.T.D. (Go
Back To The Definition)". - Dave Seybold

 

 

 

 


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

DNS Reverse lookup question

[Webb, Brian (Corp)]

Here is the situation:
1 IP range has servers from 2 different domains 
 
DNS servers (AD integrated) for each domain have entries for the servers
in that domain
 
If I do a reverse lookup from a machine that is pointed to the "right"
DNS server it works, otherwise I get a non-existent domain.  Hw do you
solve this?  Do you manually put in PTR records for all the servers in
the opposite domain?
 
Example:
Server1.corp.local is at 10.1.1.10
 
Server2.division.local is at 10.1.1.20
 
Client1.corp.local is at 10.100.100.100 with DNS server pointed to
DNSserver.corp.local
Client2.division.local is at 10.200.200.200 with DNS server pointed to
DNSserver.division.local
 
nslookup from client1 for 10.1.1.10 returns Server1
nslookup from client1 for 10.1.1.20 returns non-existent domain
 
nslookup from Client2 for 10.1.1.10 returns non-existent domain
nslookup from Client2 for 10.1.1.20 returns Server2
 
nslookup by name (forward lookup) works everywhere.
 
Brian Webb - MCSE
TDS Corporate IS, Windows Server Platform Team
Senior Systems Administrator

"When stuck on a problem as often can be, try to remember G.B.T.T.D. (Go
Back To The Definition)". - Dave Seybold

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: LDAP authentication failures / logging

[Webb, Brian (Corp)]

If you want to do an LDAP query you can use ldp.exe (installs with
ADAM).  Do the query and see what kind of error you get - ldp is great
at showing you all the behind the scenes stuff.
 
-Brian

 



From: Michael B. Smith [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, October 07, 2008 4:12 PM
To: NT System Admin Issues
Subject: RE: LDAP authentication failures / logging



No, it's not a DC level error, it's an application level error. The
application should log the error, not the DC.

 

You can use netmon or wireshark to monitor ldap traffic.

 

I think you can turn up LDAP debugging to such a ridiculous level that
those get logged, but you'll flood your DCs.

 

And yes, use adfind (www.joeware.net) or dsquery (already on your
windows 2003 servers).

 

Regards,

 

Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP

My blog: http://TheEssentialExchange.com/blogs/michael

Link with me at: http://www.linkedin.com/in/theessentialexchange

 

From: David Lum [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, October 07, 2008 5:07 PM
To: NT System Admin Issues
Subject: LDAP authentication failures / logging

 

If an application is using LDAP to talk to AD and it tries to reference
an OU that doesn't exist, will a DC log an error?

 

Example: We have an application that will remain nameless but rhymes
with HP Quality Center. LDAP import settings points to our "Portland
Users" OU. If U rename the OU - which will break the LDAP config - will
the DC log any attempt to talk to "Portland Users"?

 

Additionally, does anyone have (or know of) a simple app that I can
throw in my test environment to test such activity? I can't test the
production stuff and have no dev environment for this particular
scenario...

David Lum // SYSTEMS ENGINEER 
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764

 

 

 

 


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Virtual Center query

[Webb, Brian (Corp)]

We saw this on 3.5 U1 - since we updated to U2 we haven't seen this
issue.  VPXA was the problem in our case as well.
 
-Brian

 



From: James Rankin [mailto:[EMAIL PROTECTED] 
Sent: Friday, October 03, 2008 6:46 AM
To: NT System Admin Issues
Subject: Re: Virtual Center query


Bingo! VPXA appears to be the issue.

Thanks very much guys


2008/10/3 NTSysAdmin <[EMAIL PROTECTED]>


Try:

1.  Log in to the ESX Server service console as root.  
2.  Type service vmware-vpxa stop and press Enter. 
3.  Type /opt/vmware/vpxa/vpx/init_vpxa.sh and press Enter 

S

 

From: James Rankin [mailto:[EMAIL PROTECTED] 
Sent: Friday, October 03, 2008 8:16 AM
To: NT System Admin Issues
Subject: Re: Virtual Center query

 

ESX 3.5. Tried service mgmt-vmware restart and made no
difference.

2008/10/3 NTSysAdmin <[EMAIL PROTECTED]>

What version of ESX..

 

Quick fix is to  restart the management service on the esx
server.

 

S

 

From: James Rankin [mailto:[EMAIL PROTECTED] 
Sent: Friday, October 03, 2008 6:39 AM
To: NT System Admin Issues
Subject: Virtual Center query

 

Does anybody have any idea why sometimes some of my ESX servers
show as not responding in VirtualCenter, and the guests running on it
show as disconnected? The guests themselves are still up and running
fine, but they won't respond to VirtualCenter commands (all the options
are greyed out). The only way to get around this seems to be shut down
all the guests on the affected server, and then restart the ESX server -
not really an option when my Exchange, Excalibur and SQL servers are
running on this particular ESX box. If ESX was Windows, I guess I'd be
looking for a failed service or something, but being a bit of a Unix/ESX
amateur I'm not sure where to start troubleshooting

TIA,



JRR

 

 

 

 

 

 

 

 


 



 


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: rack design software

[Webb, Brian (Corp)]

HP has (had?) a rack builder tool that I seem to remember going to an
insane level of detail on all the stuff you needed to rack everything
out.  It has been a long time since I used it though.
 
-Brian

 



From: James Kerr [mailto:[EMAIL PROTECTED] 
Sent: Thursday, October 02, 2008 1:18 PM
To: NT System Admin Issues
Subject: Re: rack design software


Oh thanks, I'll go ahead and give those a try then.

- Original Message - 
From: Jason Morris   
To: NT System Admin Issues
  
Sent: Thursday, October 02, 2008 2:14 PM
Subject: RE: rack design software


Yep, you can go to APCC.com and Dell.com and get their visio
shapes to plug into your own visio diagram. YMMV because some of them
aren't standardly (I love that word) sized.

 

From: James Kerr [mailto:[EMAIL PROTECTED] 
Sent: Thursday, October 02, 2008 1:13 PM
To: NT System Admin Issues
Subject: rack design software

 

Any software out there that can help visualize a rack so I can
get an idea how many whatchamacallits and thingamajigies I need to order
to build it. Maybe a Visio of rack building perhaps?

 

Thanks,

 

James

 

 

 


 


 





--
The pages accompanying this email transmission contain
information from MJMC, Inc., which
is confidential and/or privileged. The information is to be for
the use of the individual
or entity named on this cover sheet. If you are not the intended
recipient, you are
hereby notified that any disclosure, dissemination,
distribution, or copying of this
communication is strictly prohibited. If you received this
transmission in error, please
immediately notify us by telephone so that we can arrange for
the retrieval of the original
document.


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: 2000 Terminal Server in 2003 domain not allowing logon local

[Webb, Brian (Corp)]

Sounds like you have another problem to look into before you can address
before getting non-admin users access.  You sure the machine account
hasn't gotten whacked?
 
-Brian

 



From: Erik Goldoff [mailto:[EMAIL PROTECTED] 
Sent: Friday, September 26, 2008 2:21 PM
To: NT System Admin Issues
Subject: RE: 2000 Terminal Server in 2003 domain not allowing logon
local


ok, now crap !  tried running rsop after logging in to domain controller
as administrator, and after selecting computer and clicking next, I get
an ACCESS DENIED ( you do not have permission) error



From: Webb, Brian (Corp) [mailto:[EMAIL PROTECTED] 
Sent: Friday, September 26, 2008 2:53 PM
To: NT System Admin Issues
Subject: RE: 2000 Terminal Server in 2003 domain not allowing logon
local


Use RSOP from GPMC and see what is really applying.  I'm guessing you
have a policy applying that you don't know about.
 
-Brian

 



From: Erik Goldoff [mailto:[EMAIL PROTECTED] 
Sent: Friday, September 26, 2008 1:43 PM
To: NT System Admin Issues
Subject: RE: 2000 Terminal Server in 2003 domain not allowing logon
local


nope, tried gpresult but that has to be with the user *after* they're
logged in... 

____

From: Webb, Brian (Corp) [mailto:[EMAIL PROTECTED] 
Sent: Friday, September 26, 2008 2:29 PM
To: NT System Admin Issues
Subject: RE: 2000 Terminal Server in 2003 domain not allowing logon
local


Did you run a RSOP against the machine with the user want to be able to
log in?
 
-Brian

 



From: Erik Goldoff [mailto:[EMAIL PROTECTED] 
Sent: Friday, September 26, 2008 1:21 PM
To: NT System Admin Issues
Subject: 2000 Terminal Server in 2003 domain not allowing logon local


Weird situation at a client site, they're running 2003 AD, and have a
few terminal servers, one of which is still a Windows 2000 sp4 server.
Looks like the local security policy of 'log on locally' is being over
ridden by a global policy but I don't see it.  The effective setting is
greyed out empty for non-administrator users, even though the local
setting is checked.
 
Anyone run into this before ?  The global deny log on local is not
defined, so that's not it...
 
Thanks


 

 


 

 

No virus found in this incoming message.
Checked by AVG - http://www.avg.com
Version: 8.0.169 / Virus Database: 270.7.2/1690 - Release Date:
9/26/2008 7:35 AM



 

 


 

 

No virus found in this incoming message.
Checked by AVG - http://www.avg.com
Version: 8.0.169 / Virus Database: 270.7.2/1690 - Release Date:
9/26/2008 7:35 AM



 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: 2000 Terminal Server in 2003 domain not allowing logon local

[Webb, Brian (Corp)]

Use RSOP from GPMC and see what is really applying.  I'm guessing you
have a policy applying that you don't know about.
 
-Brian

 



From: Erik Goldoff [mailto:[EMAIL PROTECTED] 
Sent: Friday, September 26, 2008 1:43 PM
To: NT System Admin Issues
Subject: RE: 2000 Terminal Server in 2003 domain not allowing logon
local


nope, tried gpresult but that has to be with the user *after* they're
logged in... 

____

From: Webb, Brian (Corp) [mailto:[EMAIL PROTECTED] 
Sent: Friday, September 26, 2008 2:29 PM
To: NT System Admin Issues
Subject: RE: 2000 Terminal Server in 2003 domain not allowing logon
local


Did you run a RSOP against the machine with the user want to be able to
log in?
 
-Brian

 



From: Erik Goldoff [mailto:[EMAIL PROTECTED] 
Sent: Friday, September 26, 2008 1:21 PM
To: NT System Admin Issues
Subject: 2000 Terminal Server in 2003 domain not allowing logon local


Weird situation at a client site, they're running 2003 AD, and have a
few terminal servers, one of which is still a Windows 2000 sp4 server.
Looks like the local security policy of 'log on locally' is being over
ridden by a global policy but I don't see it.  The effective setting is
greyed out empty for non-administrator users, even though the local
setting is checked.
 
Anyone run into this before ?  The global deny log on local is not
defined, so that's not it...
 
Thanks


 

 


 

 

No virus found in this incoming message.
Checked by AVG - http://www.avg.com
Version: 8.0.169 / Virus Database: 270.7.2/1690 - Release Date:
9/26/2008 7:35 AM



 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: 2000 Terminal Server in 2003 domain not allowing logon local

[Webb, Brian (Corp)]

Did you run a RSOP against the machine with the user want to be able to
log in?
 
-Brian

 



From: Erik Goldoff [mailto:[EMAIL PROTECTED] 
Sent: Friday, September 26, 2008 1:21 PM
To: NT System Admin Issues
Subject: 2000 Terminal Server in 2003 domain not allowing logon local


Weird situation at a client site, they're running 2003 AD, and have a
few terminal servers, one of which is still a Windows 2000 sp4 server.
Looks like the local security policy of 'log on locally' is being over
ridden by a global policy but I don't see it.  The effective setting is
greyed out empty for non-administrator users, even though the local
setting is checked.
 
Anyone run into this before ?  The global deny log on local is not
defined, so that's not it...
 
Thanks


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: External RAID HDD Enclosure Recomendations

[Webb, Brian (Corp)]

I long ago went to permanently deleting messages from the list and if I
get too far behind I just delete everything but the last day or so and
start from there.
 
-Brian

 



From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Friday, September 26, 2008 7:32 AM
To: NT System Admin Issues
Subject: RE: External RAID HDD Enclosure Recomendations



"Webb, Brian (Corp)" <[EMAIL PROTECTED]> wrote on 09/25/2008
04:20:43 PM:

> I think I joined the list in late '98 or early '99 - but I may not
count
> as a regular since I don't spend more than a few minutes a day on
it... 

I probably signed up originally around 2000 or so ... and there are a
lot of days I just can't get to look at the list. At the moment, I have
something like 15K unread messages in my list folder  

> 
> 
> -Brian
> 
> 
> -Original Message-
> From: Free, Bob [mailto:[EMAIL PROTECTED] 
> Sent: Thursday, September 25, 2008 12:06 PM
> To: NT System Admin Issues
> Subject: RE: External RAID HDD Enclosure Recomendations
> 
> I think I first joined in 98. Micheal E & Kurt were here then, don't
see
> too many other regulars from that time frame.
> 
> I was 39 for the 5th time then :-) 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: External RAID HDD Enclosure Recomendations

[Webb, Brian (Corp)]

I think I joined the list in late '98 or early '99 - but I may not count
as a regular since I don't spend more than a few minutes a day on it...


-Brian


-Original Message-
From: Free, Bob [mailto:[EMAIL PROTECTED] 
Sent: Thursday, September 25, 2008 12:06 PM
To: NT System Admin Issues
Subject: RE: External RAID HDD Enclosure Recomendations

I think I first joined in 98. Micheal E & Kurt were here then, don't see
too many other regulars from that time frame.

I was 39 for the 5th time then :-) 

-Original Message-
From: Michael B. Smith [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 25, 2008 9:52 AM
To: NT System Admin Issues
Subject: RE: External RAID HDD Enclosure Recomendations

I'm pretty sure that you were here when I first joined the list, in uh
1999-ish?

Regards,

Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog:
http://TheEssentialExchange.com/blogs/michael
Link with me at: http://www.linkedin.com/in/theessentialexchange


-Original Message-
From: Free, Bob [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 25, 2008 12:18 PM
To: NT System Admin Issues
Subject: RE: External RAID HDD Enclosure Recomendations

You talking seniority on the list or the planet? :-p

-Original Message-
From: Michael B. Smith [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 24, 2008 4:12 AM
To: NT System Admin Issues
Subject: RE: External RAID HDD Enclosure Recomendations

Hey, there are a few people on this mailing list older than I am...I'm
not the most senior by far.

Right, Bob and Kurt?  :-)

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 23, 2008 11:47 PM
To: NT System Admin Issues
Subject: RE: External RAID HDD Enclosure Recomendations

You know that dude was 182 yrs old when Noah was born... That was like
prime of life since he lives to 777 years old.  Man that must make you
like 6200 yrs old.  How does it feel MBS to be the most senior member of
AARP?

-Original Message-
From: Michael B. Smith [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 23, 2008 10:22 PM
To: NT System Admin Issues
Subject: RE: External RAID HDD Enclosure Recomendations

Well, it is true that my driver's license starts with 0. Beyond that,
this deponent sayeth not.

It was actually Lamech that signed my yearbook. Noah was not yet a
glimmer in his father's eye.

Regards,

Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog:
http://TheEssentialExchange.com/blogs/michael
Link with me at: http://www.linkedin.com/in/theessentialexchange

-Original Message-
From: Andy Shook [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 23, 2008 9:23 PM
To: NT System Admin Issues
Subject: RE: External RAID HDD Enclosure Recomendations

That doesn't matter to MBS, he's so old his driver's license number is
000--007 and Noah signed his year-book. :)

This non-technical humor injection brought to you by Shook...


From: Phil Brutsche [EMAIL PROTECTED]
Sent: Tuesday, September 23, 2008 6:18 PM
To: NT System Admin Issues
Subject: Re: External RAID HDD Enclosure Recomendations

Old, very old.

We used them before there was such a thing as Newegg.

Michael B. Smith wrote:
> Why have I never heard of mwave.com? Are they new?

--

Phil Brutsche
[EMAIL PROTECTED]

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~ ~
Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Cleanup script / safe to delete stuff

[Webb, Brian (Corp)]

I've deleted all the stuff in the $hf_mig$ directory on dozens
(hundreds?) of servers and never had an issue. 

If you looking to keep the OS footprint down another place to check is
your Event Logs.  Our security team made a requirement a few years ago
that we make the Security logs 500MB on every server.  MS says don't
make the total of all Event logs more than 300MB - there is a reason!
The log files get loaded entirely in memory so big files mean big memory
utilization.  All kinds of weird issues when the event logs get too big.
Anyway, if you enable the backup event logs you will have 2 copies of
all your logs on the server and that will kill your disk if you have big
log files.

-Brian

-Original Message-
From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] 
Sent: Friday, August 29, 2008 12:50 PM
To: NT System Admin Issues
Subject: Re: Cleanup script / safe to delete stuff

Crazyness.  It always seemed silly to me, but I never touched because of
FUD.  This will be added to the script for sure.

Thanks!

On Fri, Aug 29, 2008 at 1:25 PM, Michael B. Smith
<[EMAIL PROTECTED]> wrote:
> Huh.
>
> I've deleted it dozens of times on dozens of servers.
>
> Regards,
>
> Michael B. Smith
> MCITP:SA,EMA/MCSE/Exchange MVP
> http://TheEssentialExchange.com
>
>
> -Original Message-
> From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED]
> Sent: Friday, August 29, 2008 1:22 PM
> To: NT System Admin Issues
> Subject: Re: Cleanup script / safe to delete stuff
>
> I've never seen a clear answer as to exactly why not.  But I've 
> repeatedly seen it said to absolutely not touch.  Never anything 
> contrary to that, while at the same time stating that the $Nt***$ 
> directories were safe to remove if you were certain of no need to 
> un-install the coinciding patch.
>
> I've searched on this stuff many times, and thats always be the
answer.
>
>
> On Fri, Aug 29, 2008 at 1:16 PM, Michael B. Smith 
> <[EMAIL PROTECTED]> wrote:
>> Why not?
>>
>> Regards,
>>
>> Michael B. Smith
>> MCITP:SA,EMA/MCSE/Exchange MVP
>> http://TheEssentialExchange.com
>>
>>
>> -Original Message-
>> From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED]
>> Sent: Friday, August 29, 2008 1:10 PM
>> To: NT System Admin Issues
>> Subject: Re: Cleanup script / safe to delete stuff
>>
>> Really?  I've read repeatedly by MS staffers that you shouldn't touch

>> that dir.
>>
>> On Fri, Aug 29, 2008 at 12:50 PM, Tim Evans <[EMAIL PROTECTED]>
wrote:
>>> I've deleted the KB* directories in it without any apparent
problems.
>>>
>>> ...Tim
>>>
 -Original Message-
 From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED]
 Sent: Friday, August 29, 2008 9:39 AM
 To: NT System Admin Issues
 Subject: Re: Cleanup script / safe to delete stuff

 $hf_mig$ is *not* safe to delete, but it looks like I have 
 everything else covered.


 On Fri, Aug 29, 2008 at 11:19 AM, Tim Evans <[EMAIL PROTECTED]>
 wrote:
 > All of mine have a %windir%\$hf_mig$ directory with a bunch of
 KB## directories in it. Also a bunch of %windir%\KB##.log 
 files.
 >
 > ...Tim

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: ADAM in the DMZ

[Webb, Brian (Corp)]

Thanks for the reply Troy, I've figured out that my problem is that I'm
not able to properly authenticate from a remote machine.  If I allow
anonymous access I can establish a connection and bind to the ADAM
server and I can read stuff I have access to as anonymous.  I'm having
trouble getting ADAM to allow me to change the password on an ADAM
account.  I've followed the instructions in the ADAM Step-by-step Guide,
and I got it work once, but can't get it to work again.


-Brian


-Original Message-
From: Troy Meyer [mailto:[EMAIL PROTECTED] 
Sent: Thursday, August 21, 2008 4:59 PM
To: NT System Admin Issues
Subject: RE: ADAM in the DMZ

Hey Brian,

First make sure you have adam sp1

Then try binding to "\\localhost:5\dc=synctarget,dc=com" .

We use ADAM for some off the beaten path stuff, but have never used
adamsync to our enterprise AD, so my bind may look different.


-troy

-----Original Message-
From: Webb, Brian (Corp) [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 21, 2008 2:43 PM
To: NT System Admin Issues
Subject: ADAM in the DMZ

Anyone use ADAM?

The end goal is to set up an ADAM instance in the DMZ - doing a
unidirectional sync from our AD using ADAMsync so we don't have to let
our e-mail validation appliance poke through the firewall to read e-mail
addresses from AD.

Right now I'm just trying to get ADAMsync to work from a DC to my ADAM
instance on a workgroup based server (no firewalls).  I'm running Server
2003 R2 SP2 on both machines and I've set up the ADAM instance and used
ADschemaAnalyzer to get the schema on ADAM to match our production AD.
Here are the results from my ADAMsync run:

C:\WINDOWS\ADAM>adamsync /fs localhost:5 "dc=synctargetdc"
Ldap error occured. ldap_bind_s: Invalid Credentials.
Extended Info: 8009030C: LdapErr: DSID-0C09043E, comment:
AcceptSecurityContext error, data 0, vece.

I then tried putting in the /creds option like so (putting in my real
credentials):

C:\WINDOWS\ADAM>adamsync /fs localhost:5 "dc=synctargetdc" /creds
domain user password The system cannot find the file specified.

Anyone know what I'm doing wrong?

Brian Webb - MCSE
TDS Corporate IS, Windows Server Platform Team Senior Systems
Administrator

"When stuck on a problem as often can be, try to remember G.B.T.T.D. (Go
Back To The Definition)". - Dave Seybold









~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

ADAM in the DMZ

[Webb, Brian (Corp)]

Anyone use ADAM?
 
The end goal is to set up an ADAM instance in the DMZ - doing a
unidirectional sync from our AD using ADAMsync so we don't have to let
our e-mail validation appliance poke through the firewall to read e-mail
addresses from AD.
 
Right now I'm just trying to get ADAMsync to work from a DC to my ADAM
instance on a workgroup based server (no firewalls).  I'm running Server
2003 R2 SP2 on both machines and I've set up the ADAM instance and used
ADschemaAnalyzer to get the schema on ADAM to match our production AD.
Here are the results from my ADAMsync run:
 
C:\WINDOWS\ADAM>adamsync /fs localhost:5 "dc=synctargetdc"
Ldap error occured. ldap_bind_s: Invalid Credentials.
Extended Info: 8009030C: LdapErr: DSID-0C09043E, comment:
AcceptSecurityContext error, data 0, vece.
 
I then tried putting in the /creds option like so (putting in my real
credentials):
 
C:\WINDOWS\ADAM>adamsync /fs localhost:5 "dc=synctargetdc" /creds
domain user password
The system cannot find the file specified.

Anyone know what I'm doing wrong?
 
Brian Webb - MCSE
TDS Corporate IS, Windows Server Platform Team
Senior Systems Administrator

"When stuck on a problem as often can be, try to remember G.B.T.T.D. (Go
Back To The Definition)". - Dave Seybold

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: After-hours work

[Webb, Brian (Corp)]

IT staffer here - we get #5 for any after hours work - they are pretty
good about it.  
 
We also get comp time for being on-call.  We get 4 hours of time off for
every week we are on-call.  We have a very generous vacation allocation
- especially after you have been here 5+ or 10+ years so the time off
isn't as valuable as it might be.  We have people who are struggling to
take enough time off so they don't lose hours at the end of the year.
 
-Brian

 



From: Durf [mailto:[EMAIL PROTECTED] 
Sent: Saturday, August 16, 2008 10:07 AM
To: NT System Admin Issues
Subject: After-hours work


Hey all,

Taking a little informal poll about compensation for after hours /
weekend works.  This is mostly geared at consultants, so if you're an
onsite IT guy, please indicate.


If you work after-hours on-call, or are expected to carry the beeper,
how are you compensated?

1. None, just man up and be an IT cowboy and glad you have a job.
2. Flat fee for being on-call.
3. Overtime or time-and-a-half bonus for hours actually worked.
4. Straight hourly at my normal rate
5. Flex time - no extra compentation, but I come in late the next day /
take a day off later in the week. 

Thanks all.   Yes, I'm on the beeper this weekend (OK, there's no actual
beeper) so it's on my mind. :) 

-- Durf

-- 
--
Give a man a fish, and he'll eat for a day. 
Give a fish a man, and he'll eat for weeks!


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Impression on AVAMAR from EMC

[Webb, Brian (Corp)]

We just had them in for a 2 week eval and our storage guys were not
impressed.  The basic message I got was they didn't see any real
advantages over DFS R2.  One big negative for us was the fact they
couldn't throttle the traffic.
 
-Brian

 



From: Eisenberg, Wayne [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, July 01, 2008 8:52 AM
To: NT System Admin Issues
Subject: RE: Impression on AVAMAR from EMC


We implemented Avamar last year and I have to say that I have been
favorably impressed with it so far. We have 20+ remote sites that feed
into it and although most sites do not have as much data as yours, it is
still quick, easy to use, and does not flood our sometimes small WAN
pipes. The initial data load can be a bear, but there are ways to deal
with it. The console is not difficult to use and for the few issues we
have had, the tech support has been good. We have already had a version
upgrade, and they (EMC) did it all remotely through ssh, in less than a
day. We have not had to do much with the user self restore, since we use
the Volume Shadow Copy feature of Win2003 to keep a few copies of the
file systems locally. If users need a file from yesterday, we can almost
always get it back from that, rather than have to go back to Avamar for
it. It is not an issue of the Avamar feature not working - we just have
small WAN pipes in places and the file restore speed is obviously much
faster coming from a local shadow copy than across the WAN from Avamar.
I have had a few users who have used the self-service feature and they
were happy with it. I have been very happy not having to manage remote
office tapes anymore, and the ability to scale up if needed, and out
when our DR planning will have a copy of our Avamar system at our DR
site. You definitely need to go to the training. It will make it all
make a lot more sense. Your EMC reseller should be quoting it, anyway.
 
I have not tested system recovery yet, so I can't speak to that aspect.
I don't know how Lotus databases will be, but I know that the SQL db's
that we backup "de-duplicate" just as well as the file systems. Which
makes sense, since this is byte/block-level, not file-level backing up.
(I totally blew the grammar on that last sentence.)
 
Good luck in your evaluations,

-- 
Wayne Eisenberg 
Server and PC Support Manager
Pepsi Bottling Ventures, LLC 

 



From: Andrew Leong [mailto:[EMAIL PROTECTED] 
Sent: Monday, June 30, 2008 9:51 PM
To: NT System Admin Issues
Subject: Impression on AVAMAR from EMC


Hi all,

We are considering Avamar form EMC to provide backup and recovery
support for our branches. Our branches have only a single file server
with 100-200 G of user files and some have lotus notes servers with
30-50G of data. 

I realize the "gotcha" with respect to system recovery at a branch. What
we like to know is your experience/opinion with respect to
functionality, administrative, ease of use .. from a system admin point
of view. lastly is the user self file restore feature useable, as
advertised.

Thanks.

Andrew





~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: How to modify DFS target

[Webb, Brian (Corp)]

Yes.  What you are seeing is the behavior I've always seen.  You have to
create a new target and delete the old.
 
-Brian

 



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] 
Sent: Tuesday, June 24, 2008 1:55 PM
To: NT System Admin Issues
Subject: How to modify DFS target



I don't see a way to modify the target path of a DFS link. I have
recently migrated 2 stand alone file servers into a MS cluster. I have
aliased the names so users weren't affected. What I would like to do, is
clean up the DFS paths. They still reference the old server names, which
the cluster is responding to. I thought I could script this but I see no
way to do this with the DFS WMI providers or DFSCMD.  The only way I can
see to do this manually is add a 2nd target for the existing link, then
delete the first target. 

Has anyone run into this before? 



Thanks,

Chris Bodnar

Sr. Windows Systems Engineer

Swiftwater, PA

X3522

This communication, including any attachments, is intended solely for
the use of the addressee and may contain information which is
privileged, confidential, exempt from disclosure under applicable law or
subject to copyright. If you are not an intended recipient, any use,
disclosure, distribution, reproduction, review or copying is
unauthorized and may be unlawful. If you have received this transmission
in error, please notify the sender immediately. Thank you.

Cette communication,y compris les pieces jointes, est reservee a l'usage
exclusif du destinataire et peut contenir des informations privilegiees,
confidentielles, exemptees de divulgation selon la loi ou protegees par
les droits de publication. Si vous n'etes pas un destinataire, toute
utilisation, divulgation, distribution, reproduction, examen ou copie
est non-autorisee et peut etre illegale. Si vous avez recu cette
communication par erreur, veuillez aviser l'expediteur immediatement.
Merci. 




~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Five Things....

[Webb, Brian (Corp)]

That's really too bad to hear.  Successful projects are definitely
celebrated here.  The project team generally will have a nice lunch or
dinner depending on how big the project is and IT projects often win
company awards with names like "Inspiring Excellence" and "GEM" and
such.  My boss and his boss are both good about recognizing people - I
got movie tickets a couple months ago when they appreciated some work I
did.   Sounds like a lack of leadership to me...
 
-Brian

 



From: Tom Miller [mailto:[EMAIL PROTECTED] 
Sent: Friday, June 20, 2008 8:51 AM
To: NT System Admin Issues
Subject: Re: Five Things


Amen to that.  I've build a new network, phone system, e-mail system and
moved all of our users to new offices over the last few years.  What do
users do:  complain.  Admin/Executives are the worst complainers.  I
have yet to see anyone from IT here to be "employee of the quarter".
Won't ever happen probably.
 
You get a raise?  I thought we PAID to work here...

>>> "James Kerr" <[EMAIL PROTECTED]> 6/20/2008 9:42 AM >>>

I like the 5 things you SHOULD say to your boss, specially mentioning
your successes. That's one thing I dislike about IT because it seems
like the best you can do is maintain the status quo. Even if you
complete a huge project, there is never a thank you for working all
weekend or into the night to get that project done even if it has a
great outcome for the company. Its been like that at every job I've
worked at. Every year the company I work for has a picnic for the
employees and during that picnic they recognize staff for different
things, never once have they mentioned anything about IT in the 7 years
I've been going. 
 
Whatever, as long as I get my raise, I'm happy. What really counts is me
and my family at home. ;-)
 
James

- Original Message - 
From: Tom Strader - NCBPAC Systems Administrator
  
To: NT System Admin Issues
  
Sent: Friday, June 20, 2008 8:42 AM
Subject: OT: Five Things



Five things you should never tell your boss 
http://cwflyris.computerworld.com/t/3301042/4753902/121207/2/
  



Thanks, 
Tom Strader 
NC Blumenthal Performing Arts Center 
Server/Network Systems Administrator 
130 N. Tryon St. 
Charlotte, NC 28202 
O: 704.379.1285 | F:704.444.2098 
[EMAIL PROTECTED]   

"Action without intelligence is ignorance". But, Intelligence
without appropriate action is the highest form of stupidity known to
man"







Confidentiality Notice: This e-mail message, including attachments, is
for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure, or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message. 




~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Browsing DFS space

[Webb, Brian (Corp)]

We have a \\domain\dfs root that has links to all the dfs roots.  In our
standard image we place a shortcut to \\domain\dfs on all users desktop.
Simple and effective with one extra step each time we create a DFS root.

-Brian


-Original Message-
From: Jim Dandy [mailto:[EMAIL PROTECTED] 
Sent: Friday, June 06, 2008 10:39 AM
To: NT System Admin Issues
Subject: Browsing DFS space

I'm wondering if there is an easy way for users to browse DFS space.  I
created a DFS share called ANSCIShare.  The only way I've found of
getting to it is to click Start | Run and type //domainname/ANSCIShare.
It doesn't show up in "Network Neighborhood" with the list of all the
computers.  If I do Start | Run and type //domainname all I see is
NETLOGON and SYSVOL.  Perhaps I haven't got it set up properly?  Perhaps
there is some other way that is easier for end users to get to go it
than the Start | Run technique?  Thanks for your help.

Curt

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: home computer backup

[Webb, Brian (Corp)]

I've been playing with HP Upline which is a lot like Mozy except the
client has an option to do a local backup as well.  The local backup can
be a different set of files so I have a small subset of files going to
the free Upline storage and I have the local backup going to my NAS.  
 
Upline had some problems a few days after it went live, but has been
working fine since it came back up.
 
-Brian

 



From: Sam Cayze [mailto:[EMAIL PROTECTED] 
Sent: Friday, May 30, 2008 3:53 PM
To: NT System Admin Issues
Subject: RE: home computer backup



Agreed.  I use Mozy for Important files like tax/finance/email/etc.   I
used Syncback for Music, DVDs, Pictures, etc.   Stuff I don't really
want to jam over my Pipe, and stuff that I CAN live without in case of
fire/theft.And, doing so keeps me under the 2GB cap on the Mozy Free
service.

 

From: Roger Wright [mailto:[EMAIL PROTECTED] 
Sent: Friday, May 30, 2008 3:47 PM
To: NT System Admin Issues
Subject: RE: home computer backup

 

I don't "need" it, but I like having a local backup as well as my
off-site backup.

 

Roger

 

From: Liu, David [mailto:[EMAIL PROTECTED] 
Sent: Friday, May 30, 2008 4:44 PM
To: NT System Admin Issues
Subject: RE: home computer backup

 

Why do you need syncback when Mozy backs up open files? 

 

From: Roger Wright [mailto:[EMAIL PROTECTED] 
Sent: Friday, May 30, 2008 4:04 PM
To: NT System Admin Issues
Subject: RE: home computer backup

 

Then take a look at Syncback with an external hard drive.  I use this in
addition to Mozy.  

 

Roger

 

From: Ara Avvali [mailto:[EMAIL PROTECTED] 
Sent: Friday, May 30, 2008 3:45 PM
To: NT System Admin Issues
Subject: RE: home computer backup

 

Wow that looks like a nice set except my home bandwidth is ***

 

From: Roger Wright [mailto:[EMAIL PROTECTED] 
Sent: May 30, 2008 3:37 PM
To: NT System Admin Issues
Subject: RE: home computer backup

 

I like Mozy myself.  Well worth the $50/year for an off-site backup of
my personal files.

 

 

Roger Wright

 

From: Ara Avvali [mailto:[EMAIL PROTECTED] 
Sent: Friday, May 30, 2008 3:34 PM
To: NT System Admin Issues
Subject: home computer backup

 

Hi

 

I was wondering what you guys use to backup your home computer (Laptop) 

Anyone had any success with Apple time capsule and vista built in
backup?

Thanks 

 

 

 

 

 

 

 

 

 

 

 

 






~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Free Salary Survey

[Webb, Brian (Corp)]

Since the topic comes up every couple of months anyway - I just came
across this and thought I'd share:
 
U.S. Department of Labor
Bureau of Labor Statistics
May 2007 Metropolitan and Nonmetropolitan Area Occupational Employment
and Wage Estimates
 
http://www.bls.gov/oes/current/oessrcma.htm
 
 
Brian Webb - MCSE
TDS Corporate IS, Windows Server Platform Team
Senior Systems Administrator

"When stuck on a problem as often can be, try to remember G.B.T.T.D. (Go
Back To The Definition)". - Dave Seybold

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Good info for merging two companies AD and exchange services?

[Webb, Brian (Corp)]

Quest can keep user objects synchronized between 2 forests if that is what you 
are trying to do.  I didn't set that part up so I can't give you a step by 
step, but it can do it.  

The machines have to live one place or the other - they can't exist in both 
domains at the same time so you have to move the machine accounts.  You can 
move them back if you need to, but as soon as you start to use the machine in 
the new domain it will have changed and the account in the old domain would no 
longer match up.

-Brian


-Original Message-
From: HELP_PC [mailto:[EMAIL PROTECTED] 
Sent: Friday, May 02, 2008 12:28 PM
To: NT System Admin Issues
Subject: R: Good info for merging two companies AD and exchange services?

I setup trusts and I have accounts of admin on both domains but still I am 
confused. I was asked to rename machines and users for corporate purposes, but 
I would like to copy those objects , not to move them to the other forest 


GuidoElia
HELPPC

-Messaggio originale-
Da: Webb, Brian (Corp) [mailto:[EMAIL PROTECTED]
Inviato: venerdì 2 maggio 2008 16.47
A: NT System Admin Issues
Oggetto: RE: Good info for merging two companies AD and exchange services?

Shouldn't be a big deal.  You need to set up trusts between your forests and 
then you need an account that has local admin on each machine.  We moved about 
3000 users in 3 different domains to new domains in another forest.  The really 
sad part about our situation is that we had the opportunity to create one 
forest back in 2001 when we migrated from NT to 2000 and the powers that be 
couldn't figure out how to share governance of the forest...

-Brian


-Original Message-
From: HELP_PC [mailto:[EMAIL PROTECTED]
Sent: Friday, May 02, 2008 8:21 AM
To: NT System Admin Issues
Subject: R: Good info for merging two companies AD and exchange services?

I am going to use Quest for a much more simple task, but it looks anyway 
painful. I have to migrate to a corporate forest 45 users and computers (avoid 
fortunately servers) but I don't know where to start from (I didn't finish to 
read the 500 pages of manual) . The problem is, and I don't know if it is 
possible , tha I want to have both domains operational 


GuidoElia
HELPPC

-Messaggio originale-
Da: Webb, Brian (Corp) [mailto:[EMAIL PROTECTED]
Inviato: venerdì 2 maggio 2008 15.06
A: NT System Admin Issues
Oggetto: RE: Good info for merging two companies AD and exchange services?

We are using Quest right now to migrate from one forest to another.  It is a 
long and painful process.  Moving the users and workstations isn't too bad, but 
we are moving about 600 servers as well.  The file/print/infrastructure type 
servers weren't bad either.  It is the application servers that are the real 
pain.  Finding all the dependencies and scheduling the migrations for down time 
when the owner isn't known...

We hope to finish by the end of the year. 


-Brian


-Original Message-
From: Jeremy Phillips [mailto:[EMAIL PROTECTED]
Sent: Friday, May 02, 2008 2:50 AM
To: NT System Admin Issues
Subject: RE: Good info for merging two companies AD and exchange services?

Quest Migration Manager for Exchange & AD


From: Greg Olson [EMAIL PROTECTED]
Sent: Thursday, May 01, 2008 11:27 PM
To: NT System Admin Issues
Subject: Good info for merging two companies AD and exchange services?

Anyone have any good info on merging two separate companies AD and Exchange 
services into one forest? it will start off with Company A and Company B 
needing to have their two Exchange gals and calendars
(free\busy) in sync, and with some file server access to share info.
Eventually Company B will be pulled fully into company A's AD and exchange 
structure, but that will happen over time.
So if any of you have any advice on how to accomplish both with the least 
amount of re-do, I'd really appreciate it.
Thanks in advance!
-Greg


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: Good info for merging two companies AD and exchange services?

[Webb, Brian (Corp)]

Shouldn't be a big deal.  You need to set up trusts between your forests and 
then you need an account that has local admin on each machine.  We moved about 
3000 users in 3 different domains to new domains in another forest.  The really 
sad part about our situation is that we had the opportunity to create one 
forest back in 2001 when we migrated from NT to 2000 and the powers that be 
couldn't figure out how to share governance of the forest...

-Brian


-Original Message-
From: HELP_PC [mailto:[EMAIL PROTECTED] 
Sent: Friday, May 02, 2008 8:21 AM
To: NT System Admin Issues
Subject: R: Good info for merging two companies AD and exchange services?

I am going to use Quest for a much more simple task, but it looks anyway 
painful. I have to migrate to a corporate forest 45 users and computers (avoid 
fortunately servers) but I don't know where to start from (I didn't finish to 
read the 500 pages of manual) . The problem is, and I don't know if it is 
possible , tha I want to have both domains operational 


GuidoElia
HELPPC

-Messaggio originale-----
Da: Webb, Brian (Corp) [mailto:[EMAIL PROTECTED]
Inviato: venerdì 2 maggio 2008 15.06
A: NT System Admin Issues
Oggetto: RE: Good info for merging two companies AD and exchange services?

We are using Quest right now to migrate from one forest to another.  It is a 
long and painful process.  Moving the users and workstations isn't too bad, but 
we are moving about 600 servers as well.  The file/print/infrastructure type 
servers weren't bad either.  It is the application servers that are the real 
pain.  Finding all the dependencies and scheduling the migrations for down time 
when the owner isn't known...

We hope to finish by the end of the year. 


-Brian


-Original Message-
From: Jeremy Phillips [mailto:[EMAIL PROTECTED]
Sent: Friday, May 02, 2008 2:50 AM
To: NT System Admin Issues
Subject: RE: Good info for merging two companies AD and exchange services?

Quest Migration Manager for Exchange & AD


From: Greg Olson [EMAIL PROTECTED]
Sent: Thursday, May 01, 2008 11:27 PM
To: NT System Admin Issues
Subject: Good info for merging two companies AD and exchange services?

Anyone have any good info on merging two separate companies AD and Exchange 
services into one forest? it will start off with Company A and Company B 
needing to have their two Exchange gals and calendars
(free\busy) in sync, and with some file server access to share info.
Eventually Company B will be pulled fully into company A's AD and exchange 
structure, but that will happen over time.
So if any of you have any advice on how to accomplish both with the least 
amount of re-do, I'd really appreciate it.
Thanks in advance!
-Greg


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: Good info for merging two companies AD and exchange services?

[Webb, Brian (Corp)]

We are using Quest right now to migrate from one forest to another.  It
is a long and painful process.  Moving the users and workstations isn't
too bad, but we are moving about 600 servers as well.  The
file/print/infrastructure type servers weren't bad either.  It is the
application servers that are the real pain.  Finding all the
dependencies and scheduling the migrations for down time when the owner
isn't known...

We hope to finish by the end of the year. 


-Brian


-Original Message-
From: Jeremy Phillips [mailto:[EMAIL PROTECTED] 
Sent: Friday, May 02, 2008 2:50 AM
To: NT System Admin Issues
Subject: RE: Good info for merging two companies AD and exchange
services?

Quest Migration Manager for Exchange & AD


From: Greg Olson [EMAIL PROTECTED]
Sent: Thursday, May 01, 2008 11:27 PM
To: NT System Admin Issues
Subject: Good info for merging two companies AD and exchange services?

Anyone have any good info on merging two separate companies AD and
Exchange services into one forest? it will start off with Company A and
Company B needing to have their two Exchange gals and calendars
(free\busy) in sync, and with some file server access to share info.
Eventually Company B will be pulled fully into company A's AD and
exchange structure, but that will happen over time.
So if any of you have any advice on how to accomplish both with the
least amount of re-do, I'd really appreciate it.
Thanks in advance!
-Greg


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: best options for file server replication / mirroring

[Webb, Brian (Corp)]

DFS R2 is really good.  We have moved several remote sites where the
tapes drive has failed to a system where DFS R2 is copying the data back
to a central server across the WAN.  We have it syncing data stores of
30+ GB with no problem whatsoever.  After the initial copy, the traffic
isn't even noticeable on the network.  We found out that an old
distribution directory was on 2 of the remote servers when the 2nd one
replicated and the total data transferred was way less than the amount
of data on the server because it already existed on the target server.
 
-Brian

 



From: Matt McComas [mailto:[EMAIL PROTECTED] 
Sent: Thursday, April 24, 2008 9:44 AM
To: NT System Admin Issues
Subject: best options for file server replication / mirroring


I was curious what you guys thought are the best options for the
following scenario:
 
You have two file servers we'll call A and B.  You want A to replicate
it's data to B, and prefer only changes replicated, and you'd like to
centrally manage these replication processes.
 
Possible solutions I've thought of:
1. DFS shares
2. Robocopy
 
Are there any other native Windows Server 2003 R2 components that will
help this?  How about good third party products to manage this process?
Ideally, you'd want to manage the process or jobs from a central
location, but only have the data replicated and copied between the hosts
in question (not traveling through the job or management server).
 
thoughts, ideas?
 
Thanks,
MM


 


-- 

This e-mail message, including any files and attachments, is intended
only for the recipient(s) to whom it is addressed and may contain
confidential, proprietary and/or personal information. Individual
recipients of this e-mail message are expected to honor the internal and
confidential nature of the e-mail and not forward it via the Internet or
by any other means to persons who are not listed as addressees without
proper authorization. If you are not an intended recipient of this
email, do not save, disclose, print, forward or copy this email, and
delete it immediately. Any dissemination or use of this information by a
person other than the intended recipient is unauthorized and may be a
violation of federal and/or state law and regulations. 

 

If you receive this information in error, please immediately notify
Dallas Baptist University via telephone at 214-333-5500 or via email at
[EMAIL PROTECTED] Dallas Baptist University hereby claims all applicable
privileges related to this information. 


-- 




~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

ScriptLogic ActiveAdmin?

[Webb, Brian (Corp)]

We have ScriptLogic's ActiveAdmin product right now - it does some nice
stuff with backing up AD objects so you can restore that user ID that
someone accidentally deleted and does some good stuff with Group Policy
(offline editing).  We also use it for auditing AD changes.  
 
Does anyone else use something similar that they like?  ActiveAdmin is
OK, but the license is up for renewal and we want to look at the
options.  It isn't cheap...
 
Brian Webb - MCSE
TDS Corporate IS, Windows Server Platform Team
Senior Systems Administrator

"When stuck on a problem as often can be, try to remember G.B.T.T.D. (Go
Back To The Definition)". - Dave Seybold

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: for old timers

[Webb, Brian (Corp)]

My 1st was a C64.  My first PC was a Zenith Z-171 sewing machine style
portable.  I went right for the top and bought 640KB of RAM to start
along with the dual 5 1/4 inch 360 K floppies and internal 2400 Baud
modem.  It weighed 15 pounds without the battery - I never bought a
battery as I just hauled it to where I needed it and then plugged it in.
The grey scale LCD was pretty bad in terms of contrast.  It was about
$1900 at the time (1986 I think).  I bought an Epson FX-85 for $400 or
$500 to go with it

I remember I tried to buy 1 MB of RAM, but the motherboard would only
recognize 640KB.


-Brian


-Original Message-
From: Angus Scott-Fleming [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, April 09, 2008 2:45 AM
To: NT System Admin Issues
Subject: RE: for old timers

On 8 Apr 2008 at 23:52, Benjamin Zachary  wrote:  

> You know I was right on that page and flipped through it real quick 
> and went on to look up the original ibm pc and a bunch of other
things.

FWIW I still have an IBM XT on the shelf, monochrome monitor, IBM
keyboard, and all.  One of these days I'll have to see if it still boots
--before I put it up for sale on eBay ;-)

My first personally-owned PC was a Zenith Z-152, 4.77 MHz, 320k of RAM
and dual 360k floppies (320k/360k ? memory fades with time).  It cost me
over $3,000, with Microsoft Word 1.0 for DOS and an Okidata MicroLine
9-pin dot-matrix printer (which I still have).  My
brother-the-computer-scientist was jealous -- he worked at the local
university and "only" had 64k of workspace on the CDC mainframe.  

On Dec. 31 one year (don't you love the income tax?) I upgraded the
Z-152 to 640k RAM and a 7-MHz NEC V20 chip and added a $399 20-megabyte
full-height hard drive.  Ended up giving it to my kid's pre-school
loaded with reading and other 
teaching programs, all pre-Windows, of course.

When I upgraded my 1200-baud modem to 2400-baud I had to find an
off-line Compuserve-forum-saving/reading program (OzCIS -- for the "old
timers" -- did anyone else here use it?) -- at 1200-baud I could read
the forums as they scrolled by, but at 2400-baud I could no longer keep
up.  Egad, I still remember my Compuserve ID: 75500,3223 and there's
even one Google "hit" on my CIS ID still remaining "out there":

http://www.google.com/search?q=%2275500%2C3223%22

Anybody here remember TeamB for dBASE?

Angus

P.S. Yes, I have a (partially) grey beard -- not quite Sid Dabster but
"one of these days" I'll get there ;-)


--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
+---+




~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: expanding RAID array and logical drive IN the array

[Webb, Brian (Corp)]

I've done what you are asking about many times.  Just extend the logical
drive in the ACU - should be an on-line event.  I did this last month on
a 370 G3 so I would expect it work on a 350 G3.  Which array controller
do you have? 
 
-Brian

 



From: Jesse Rink [mailto:[EMAIL PROTECTED] 
Sent: Thursday, April 03, 2008 8:58 PM
To: NT System Admin Issues
Subject: expanding RAID array and logical drive IN the array



I have an ML350 G3 server with 5 internal drives (array #1 is (2) drives
with RAID1, array #2 is (3) drives with RAID5).   I have just added a
6th drive to the server and gone into the HP ACU to extend array #2 from
3 physical drives to 4 physical drives.  The array #2 was extended,
however, it didn't extend the logical drive IN the array.  Instead, it
just shows the old logical drive (144GB), and (72GB) of free space in
the array.  I want to take that 72GB of free space in the array and
extend the current (144GB) logical drive in that array to 216GB.

 

Can this be done?  Or do I have to just delete the 144GB logical drive
in the array and recreate a new one that uses the maximum space (216GB)?
I would think there's a way to extend the logical drive IN the array.

 

JR

 






~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Apple & Wintel environment

[Webb, Brian (Corp)]

We have seen issues using files created using Mac OS 9.x on a Windows
server, but not with the 10.x Mac OS.
 
-Brian
608-664-6124
 



From: Tom Strader [mailto:[EMAIL PROTECTED] 
Sent: Friday, March 28, 2008 1:14 PM
To: NT System Admin Issues
Subject: RE: Apple & Wintel environment


Cesare'
 
Our Marketing Department is all MAC users; 10-12 people depending on if
volunteers are involved.
We keep everything on same server, same host with no issues for either
Mac or windows users.
 
I personally do not see a need to keep the two separate but others may
tell you differently and may have more experience with MAC users than I.
 
Good Day,
Tom
 



From: Cesare' A. Ramos [mailto:[EMAIL PROTECTED] 
Sent: Friday, March 28, 2008 1:57 PM
To: NT System Admin Issues
Subject: Apple & Wintel environment



Hello to all..

 

Need some thoughts here.

 

We are speaking with a prospect who will be publishing a magazine.  They
will be 80% MAC based due to apps but will have some WINTEL systems due
to accounting and backoffice apps.

 

Questions:

 

* Should storage on the network be Apple based or WINTEL based?
Or do we keep the 2 separate?

* Should the 2 environments have their own host servers?

 

We have performed some reading and research and find that networking and
such will be ok as IP is IP.

 

What are the groups thoughts?  Has anyone come across this?

 

CAR








~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: OT: Job opening

[Webb, Brian (Corp)]

TDS has paid moving expenses in the past, I don't know if they are
willing to for this position at this time.  It may depend on how many
good applications we get.  If anyone wants to apply, if you send me a
note first, I can put in a referral.
 
-Brian

 



From: James Kerr [mailto:[EMAIL PROTECTED] 
Sent: Friday, March 07, 2008 9:31 AM
To: NT System Admin Issues
Subject: Re: OT: Job opening


Paying for moving expenses?

- Original Message - 
From: Webb, Brian (Corp) <mailto:[EMAIL PROTECTED]>  
To: NT System Admin Issues
<mailto:ntsysadmin@lyris.sunbelt-software.com>  
Sent: Thursday, March 06, 2008 10:06 AM
Subject: RE: OT: Job opening

I don't want to hear no stinkin' excuses!  I just want results!
 
Seriously, our team has been down a person for about 6 months
now, so we really do need someone soon.
 
-Brian

 



From: Jon Harris [mailto:[EMAIL PROTECTED] 
Sent: Thursday, March 06, 2008 8:59 AM
To: NT System Admin Issues
Subject: Re: OT: Job opening


If I wasn't 27 months from my pension I be there begging for the
job today.
 
Jon


On Thu, Mar 6, 2008 at 9:53 AM, Vicky Spelshaus
<[EMAIL PROTECTED]> wrote:


Indeed it does!   If it wasn't for the fact that I'd
have to give up free babysitting (Grandparents local and retired early),
I'd relocate a bit south and west in heartbeat!  Love Madison...


On Wed, Mar 5, 2008 at 4:23 PM, Steve Ens
<[EMAIL PROTECTED]> wrote:


State St rocks... 


        On Wed, Mar 5, 2008 at 4:16 PM, Webb, Brian
(Corp) <[EMAIL PROTECTED]> wrote:


We are looking for a Windows Server
Admin - located in snowy Madison, WI.  ;-)
 
If you are interested, the posting is
here: http://www.teldta.com/contact/43e_CMS1_218080.htm#P-5_0
 

Brian Webb - MCSE
TDS Corporate IS, Windows Server
Platform Team
Senior Systems Administrator

"When stuck on a problem as often can
be, try to remember G.B.T.T.D. (Go Back To The Definition)". - Dave
Seybold

 



























-- 
Organization and good planning are just crutches for
people that can't handle stress and caffeine. - unknown 























~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: OT: Job opening

[Webb, Brian (Corp)]

I don't want to hear no stinkin' excuses!  I just want results!
 
Seriously, our team has been down a person for about 6 months now, so we
really do need someone soon.
 
-Brian

 



From: Jon Harris [mailto:[EMAIL PROTECTED] 
Sent: Thursday, March 06, 2008 8:59 AM
To: NT System Admin Issues
Subject: Re: OT: Job opening


If I wasn't 27 months from my pension I be there begging for the job
today.
 
Jon


On Thu, Mar 6, 2008 at 9:53 AM, Vicky Spelshaus
<[EMAIL PROTECTED]> wrote:


Indeed it does!   If it wasn't for the fact that I'd have to
give up free babysitting (Grandparents local and retired early), I'd
relocate a bit south and west in heartbeat!  Love Madison...


On Wed, Mar 5, 2008 at 4:23 PM, Steve Ens <[EMAIL PROTECTED]>
wrote:


State St rocks... 


    On Wed, Mar 5, 2008 at 4:16 PM, Webb, Brian (Corp)
<[EMAIL PROTECTED]> wrote:


We are looking for a Windows Server Admin -
located in snowy Madison, WI.  ;-)
 
If you are interested, the posting is here:
http://www.teldta.com/contact/43e_CMS1_218080.htm#P-5_0
 

Brian Webb - MCSE
TDS Corporate IS, Windows Server Platform Team
Senior Systems Administrator

"When stuck on a problem as often can be, try to
remember G.B.T.T.D. (Go Back To The Definition)". - Dave Seybold

 



























-- 
Organization and good planning are just crutches for people that
can't handle stress and caffeine. - unknown 














~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

OT: Job opening

[Webb, Brian (Corp)]

We are looking for a Windows Server Admin - located in snowy Madison,
WI.  ;-)
 
If you are interested, the posting is here:
http://www.teldta.com/contact/43e_CMS1_218080.htm#P-5_0
 
Brian Webb - MCSE
TDS Corporate IS, Windows Server Platform Team
Senior Systems Administrator

"When stuck on a problem as often can be, try to remember G.B.T.T.D. (Go
Back To The Definition)". - Dave Seybold

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: swapping HDs in servers

[Webb, Brian (Corp)]

If the machine is set to use a static IP address then nothing changes.  

If you use DHCP, you need to update your reservation... 

Hardware standardization is a beautiful thing!

-Brian


-Original Message-
From: Joseph L. Casale [mailto:[EMAIL PROTECTED] 
Sent: Friday, February 29, 2008 3:45 PM
To: NT System Admin Issues
Subject: RE: swapping HDs in servers

Brian,
So how do you handle the Network and different macs? I guess there is no
easy way to automate this, you just manually log on and clean that up?
jlc

> -Original Message-
> From: Webb, Brian (Corp) [mailto:[EMAIL PROTECTED]
> Sent: Friday, February 29, 2008 1:57 PM
> To: NT System Admin Issues
> Subject: RE: swapping HDs in servers
>
> We do this all the time.  You can just move the drives over to the 
> other chassis without any changes or any issues.
>
> The HP RAID controllers are really smart about this - the 
> configuration is stored on both the RAID controller and the drives - 
> it checks both on startup and figures out what is right based on what 
> it sees.  If things don't all match it may prompt you to tell it which

> is right, but if all the drives match each other it will go with what 
> the drives say it should be.
>
> We take advantage of this in our strategy for handling hardware 
> failures.  We have hot spare machines sitting in the racks and if a 
> production server fails for any reason we swap the chassis with a hot 
> spare - that way we get the server back up and running in the shortest

> time possible - we can muck around with the bad chassis later.
>
>
> -Brian
>
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Friday, February 29, 2008 1:22 PM
> To: NT System Admin Issues
> Subject: swapping HDs in servers
>
>
> Been awhile since I done this... any reason this shouldn't work?
>
> I have an HP ML350 G3 server (about 3-4 years ago) that is acting up.
> I
> think it's hardware related.  I have an unused (retired) HP ML350 G3 
> server laying around.  I'd like to take the (2) physical hard drives 
> from the problematic server (configured as RAID1) and install them in 
> the unused retired server.
>
> I'm thinking the second server should recongnize a RAID1 configuration

> on the drive and boot up without a problem.
>
> Any problems with this theory?
>
> J
>
> 
> mail2web.com - Microsoft(r) Exchange solutions from a leading provider
> -
> http://link.mail2web.com/Business/Exchange
>
>
>
> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~
>
> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: swapping HDs in servers

[Webb, Brian (Corp)]

We do this all the time.  You can just move the drives over to the other
chassis without any changes or any issues.

The HP RAID controllers are really smart about this - the configuration
is stored on both the RAID controller and the drives - it checks both on
startup and figures out what is right based on what it sees.  If things
don't all match it may prompt you to tell it which is right, but if all
the drives match each other it will go with what the drives say it
should be.  

We take advantage of this in our strategy for handling hardware
failures.  We have hot spare machines sitting in the racks and if a
production server fails for any reason we swap the chassis with a hot
spare - that way we get the server back up and running in the shortest
time possible - we can muck around with the bad chassis later.


-Brian


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Friday, February 29, 2008 1:22 PM
To: NT System Admin Issues
Subject: swapping HDs in servers


Been awhile since I done this... any reason this shouldn't work?

I have an HP ML350 G3 server (about 3-4 years ago) that is acting up.  I
think it's hardware related.  I have an unused (retired) HP ML350 G3
server laying around.  I'd like to take the (2) physical hard drives
from the problematic server (configured as RAID1) and install them in
the unused retired server.  

I'm thinking the second server should recongnize a RAID1 configuration
on the drive and boot up without a problem.  

Any problems with this theory?

J


mail2web.com - Microsoft(r) Exchange solutions from a leading provider -
http://link.mail2web.com/Business/Exchange



~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: DHCP Server move -- Now Reservations are not applying?

[Webb, Brian (Corp)]

Did you remember to authorize the server in AD?
 
-Brian

 



From: Matthew W. Ross [mailto:[EMAIL PROTECTED] 
Sent: Monday, February 25, 2008 3:16 PM
To: NT System Admin Issues
Subject: DHCP Server move -- Now Reservations are not applying?


Hey List. Hoping somebody knows about this little quirk:

I just moved my DHCP from Windows 2003 to Windows 2003 server. Used the
'netsh dhcpserver' export and import commands as suggested by the
microsoft KB325473. Everything looks correct.

I have DHCP server dissabled on my old server, and running on my new
one... It's working, but nothing is picking up its old reservations.

I can see the reservations on the new server... they just are not
applying for some reason.

Any ideas? I'm off to do some more googling.

--Matt Ross




~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Multiple admins - Server database?

[Webb, Brian (Corp)]

We have a custom database that is shared by far too many groups which
makes getting changes made a very long and difficult process.
 
We are moving towards a true CMDB (Configuration Management DataBase)
solution.  One thing I can't emphasize enough is the need for automation
- automate updating the database.  When you build a new server, make
sure you can't put a machine on the network without getting basic info
in the database.  Our build process does a lookup in the database by
serial number to verify the name is there.  If the name isn't there, it
stops the build and tells you to update the database before continuing.

 
-Brian

 



From: David Lum [mailto:[EMAIL PROTECTED] 
Sent: Monday, February 25, 2008 9:10 AM
To: NT System Admin Issues
Subject: Multiple admins - Server database?



To those of you who have more than one person that builds a server and
throws it on your LAN. How do you keep track of when the server was
built, when it was placed online, what it does and who uses it? Do you
have an app that the techs use? Is there one person who is primary for
this task or does the app handle it all?

 

Dave Lum  - Systems Engineer 
[EMAIL PROTECTED] - (971)-222-1025
"When you step on the brakes your life is in your foot's hands" 

 

 






~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: How to behave on an Internet forum

[Webb, Brian (Corp)]

That doesn't look too bad Rod.  Here in the winter wonderland that is
Madison,WI, we've had over 80 inches of snow so far this year with
another 6-8 coming on Monday.  (The old record snowfall for a season was
76 inches by the way...)

-Brian


-Original Message-
From: Rod Trent [mailto:[EMAIL PROTECTED] 
Sent: Friday, February 22, 2008 12:24 PM
To: NT System Admin Issues
Subject: RE: How to behave on an Internet forum

We received plenty of snow and ice last night and still going today.

http://myitforum.com/cs2/blogs/rtrent/archive/2008/02/22/winter-storm-th
e-da
y-after.aspx 

-Original Message-
From: Oliver Marshall [mailto:[EMAIL PROTECTED]
Sent: Friday, February 22, 2008 1:16 PM
To: NT System Admin Issues
Subject: RE: How to behave on an Internet forum

Snowing??? Lucky son of a .

-Original Message-
From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED]
Sent: 22 February 2008 18:06
To: NT System Admin Issues
Subject: OT: How to behave on an Internet forum

   http://www.videojug.com/film/how-to-behave-on-an-internet-forum

Have a great weekend everyone (except Shook ;-P ). Its snowing so
I'm going home...

--
ME2

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Ghost DHCP settings

[Webb, Brian (Corp)]

Make sure no one has plugged a home router (Linksys, Netgear, etc.) into
your network that is now pumping out DHCP responses. 

-Brian


-Original Message-
From: David Florea, SysAdmin [mailto:[EMAIL PROTECTED] 
Sent: Thursday, February 21, 2008 1:05 PM
To: NT System Admin Issues
Subject: Ghost DHCP settings

 
By mistake yesterday, both of my DCs were down at the same time.  Of
course, the entire network croaked for a few minutes.  But ever since
then, several of my machines are picking up a weird DNS setting.
Instead of 192.168.1.15 and .5, they are showing 192.168.1.1 for a DNS
server, and therefore have great trouble seeing network resources.  I've
doublechecked the DHCP scope and server options, they're correct.  I
don't even have a 1.1 network address on my system.  Where the heck is
that coming from?  I've even had a couple of machines pick it up again a
couple of hours after I've done a /release and /renew.

Thanks,

David
___

The information contained in this E-mail message, including any attached
files transmitted, is confidential and may be legally privileged. It is
intended only for the sole use of the individual(s) named above. If you
are the intended recipient, be aware that your use of any confidential
or personal information may be restricted by state and federal privacy
laws. If you, the reader of this message, are not the intended
recipient, you are hereby notified that you should not further
disseminate, distribute or forward this E-mail message. If you have
received this E-mail in error, please notify the sender and delete the
material from your computer system. This message is provided for
information purposes and should not be construed as a solicitation or
offer to buy or sell any securities or related financial instruments in
any jurisdiction.




~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Issues with DL 380 G4 models and disk corruption

[Webb, Brian (Corp)]

Are these by chance 72GB drives?   HP has issued new firmware for the
RAID controller and the drives.  Get the 7.91 firmware CD from HP's web
site.  All the 72GB 3.5 inch SCSI drives are affected.  We haven't seen
the problem, but got the heads up from our VAR.


-Brian


-Original Message-
From: Ziots, Edward [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, February 20, 2008 6:41 AM
To: NT System Admin Issues
Subject: Issues with DL 380 G4 models and disk corruption

Running up against a troubling situation. 

I have about 3-4 HP DL380G4's in which I am coming up with problems
backing up, continous disk errors, although I have run chkdsk from
scheduling it when it reboots chkdsk c: /F /R and I have done it through
the recovery console chkdsk c: /P /R. I boot back into windows after it
says it fixes the disk, and run chkdsk again to verify that the
corruption is gone, but no dice it hands about 15% into checking indexes
and just stays there for hours. 

I have a suspicion I have a bad hard-drive(s) in my Raid 5 array, but
there are no alerts from the HP drivers, nor physical indications of
disk issues on the drives themselves. 

Only think I could possibly do is update the RAID controller code from
Smart Array 6i (2.58) to a new code, and look to see if there is new
hard drive ROMPAQ to update the drive code and see if this helps it out.


Anyone have any other ideas about what I might be able to try, the
corruption is already affecting one of my backups and hate to see it
cause the server to totally crash and have to be rebuilt from scratch. 

Z

Edward E. Ziots
Netwok Engineer
Lifespan Organization
MCSE,MCSA,MCP,Security+,Network+,CCA
Phone: 401-639-3505



~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: To URLscan Or Not

[Webb, Brian (Corp)]

Just that if you are planning on moving to 64 bit Windows, don't get too used 
to having URLScan available.  We had to work with our Security team for a while 
to make sure they were OK with not having URLScan on 64 bit IIS servers.
 
-Brian

 



From: Carl Houseman [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, February 19, 2008 3:23 PM
To: NT System Admin Issues
Subject: RE: To URLscan Or Not


Exchange 2003 doesn't exist for x64 versions of Windows either.  What's yr 
point?
 
Carl

____

From: Webb, Brian (Corp) [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, February 19, 2008 4:16 PM
To: NT System Admin Issues
Subject: RE: To URLscan Or Not


But, URLScan doesn't exist for x64 versions of Windows...
 
-Brian

 



From: E. Peeters [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, February 19, 2008 3:05 PM
To: NT System Admin Issues
Subject: RE: To URLscan Or Not


Tweak I shall then, thank you Sir.



From: Ziots, Edward [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, February 19, 2008 1:39 PM
To: NT System Admin Issues
Subject: RE: To URLscan Or Not
Importance: High



We did urlscan 2.5 with our Windows 2003/Exchange 2003 implementation without 
much problems, you are just going to have to tweak it a little for the FE 
OWA's. Maybe ½ day of work to get all the right settings, and then copy to your 
other IIS/FE servers and apply, run iisreset, and you all set. 

 

Z

 

Edward E. Ziots

Netwok Engineer

Lifespan Organization

MCSE,MCSA,MCP,Security+,Network+,CCA

Phone: 401-639-3505

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, February 19, 2008 2:27 PM
To: NT System Admin Issues
Subject: To URLscan Or Not

 

Quick question about URLscan. The IIS 6.0 Security Guide says it isn't really 
necessary to run URLScan since most of its features are built into IIS. The 
Exchange 2003 Security Guide says to use URLScan, so what's one to do when 
running Exchange 2003 on IIS6 (Windows 2003) ?

 

Thanks,

 

Eric

 

 







~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: To URLscan Or Not

[Webb, Brian (Corp)]

But, URLScan doesn't exist for x64 versions of Windows...
 
-Brian

 



From: E. Peeters [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, February 19, 2008 3:05 PM
To: NT System Admin Issues
Subject: RE: To URLscan Or Not


Tweak I shall then, thank you Sir.



From: Ziots, Edward [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, February 19, 2008 1:39 PM
To: NT System Admin Issues
Subject: RE: To URLscan Or Not
Importance: High



We did urlscan 2.5 with our Windows 2003/Exchange 2003 implementation without 
much problems, you are just going to have to tweak it a little for the FE 
OWA's. Maybe ½ day of work to get all the right settings, and then copy to your 
other IIS/FE servers and apply, run iisreset, and you all set. 

 

Z

 

Edward E. Ziots

Netwok Engineer

Lifespan Organization

MCSE,MCSA,MCP,Security+,Network+,CCA

Phone: 401-639-3505

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, February 19, 2008 2:27 PM
To: NT System Admin Issues
Subject: To URLscan Or Not

 

Quick question about URLscan. The IIS 6.0 Security Guide says it isn't really 
necessary to run URLScan since most of its features are built into IIS. The 
Exchange 2003 Security Guide says to use URLScan, so what's one to do when 
running Exchange 2003 on IIS6 (Windows 2003) ?

 

Thanks,

 

Eric

 

 








~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: What do you think?

[Webb, Brian (Corp)]

I've used the image software on UBCD4Windows with good success. 


-Brian

-Original Message-
From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] 
Sent: Thursday, February 14, 2008 10:15 AM
To: NT System Admin Issues
Subject: What do you think?

I need to take a quick snapshot of a hard drive for our HR department.
  We dont have ghost or imagecast here atm.   Is there any free, quick
to setup imaging software out there?  I'm about to google but  if you
guys have had some sucess with one please let me know.

Thanks

Matt

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: 175 servers

[Webb, Brian (Corp)]

I agree with 2-3 admins.
 
-Brian

 



From: Louis, Joe [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, February 12, 2008 11:24 AM
To: NT System Admin Issues
Subject: RE: 175 servers


I'd say 2-3. You have to figure in disasters, backups,
vacations/sick-days and the likes. 



From: Michael B. Smith [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, February 12, 2008 12:11 PM
To: NT System Admin Issues
Subject: RE: 175 servers



About one and a half full-timers.

 

Regards,

 

Michael B. Smith

MCSE/Exchange MVP

http://TheEssentialExchange.com

 

From: David Lum [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, February 12, 2008 11:59 AM
To: NT System Admin Issues
Subject: 175 servers

 

Here's an open-ended question, but with 175 Windows servers, how many
admins would you think it would take to maintain OS images, patches,
availability, installed program updates, as well as other maintenance
like inventory of both hardware and software, as well as troubleshooting
various performance issues? I'm talking admins who's job would be just
to handle the underlying Windows infrastructure, not the apps running on
it (except for the initial install). FWIW 95% of the servers are local.
We have SMS and WSUS to leverage some of this, but SMS is currently very
underutilized...

 

I ask because we have about 250 employees - so a fairly small company,
but we have 175+ Windows servers, plus 4 SAN's because our main product
is currently web delivered, I'm wondering if we're overstaffed or
understaffed or someone in the "normal" range.

 

I would expect that in a more typical file/print/Exchange/SharePoint
(intranet) environment that 175 servers would mean a few thousand end
users and thus perhaps a dozen IS staff.

 

Dave Lum  - Systems Engineer 
[EMAIL PROTECTED] - (971)-222-1025
"When you step on the brakes your life is in your foot's hands" 

 

 

 

 








~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~