RE: OT: Firewall recommendations
I've looked at them recently, and saw a lot to like, but they don't detect plain old brute-force password guessing, and don't support Microsoft VPN clients. Do Watchguard, Juniper or any Sonicwall? I don't know. I know Cisco IPS does, in some cases, in theory, but the practice has other issues. /kenw -Original Message- From: Kurt Buff [mailto:[EMAIL PROTECTED] Sent: March-10-08 8:18 AM To: NT System Admin Issues Subject: Re: OT: Firewall recommendations So far I've really liked my Sidewinders - from Secure Computing. On 3/10/08, Jonathan Kadoo [EMAIL PROTECTED] wrote: Good day everyone, just looking for some opinions. I currently have a number of clients that are using sonicwall for their firewall appliance. Increasingly I have been having various issues that Sonicwall has not been able to help with. I am looking for a new solution for my smb clients. Juniper is one that looks promising. Anyone have any opinions re Juniper or another smb firewall? Thanks JK ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: What Is Your Trusted Source For IT Info?
There's a great difference between a sum of the world's knowledge and a sum of the world's opinions. Words to live by. /kenw From: Andy Shook [mailto:[EMAIL PROTECTED] Sent: March-03-08 10:48 AM To: NT System Admin Issues Subject: RE: What Is Your Trusted Source For IT Info? begin sarcasm And I am a better man for knowing this... /end sarcasm Shook http://www.linkedin.com/in/andyshook From: Steve Pruitt [mailto:[EMAIL PROTECTED] Sent: Monday, March 03, 2008 12:45 PM To: NT System Admin Issues Subject: Re: What Is Your Trusted Source For IT Info? None of the sources I normally use are listed, and I rarely if ever use any that are listed. Steve - Original Message - From: Stu Sjouwerman mailto:[EMAIL PROTECTED] To: NT System Admin Issues mailto:ntsysadmin@lyris.sunbelt-software.com Sent: Monday, March 03, 2008 12:18 PM Subject: What Is Your Trusted Source For IT Info? What Is Your Trusted Source For IT Info? We need your input! Can you please give us your opinions on what print pubs and online websites you use to keep informed about IT security related news and product information? This survey should not take more than 3 minutes at best. A $100 AMEX Gift Card will be drawn from the participants, but you need to leave your email address in the last question (7) to be eligible. Thank you so much! http://www.wservernews.com/080303-Trusted-IT-Source http://www.wservernews.com/080303-Trusted-IT-Source Warm regards, Stu ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: MS Virtual Server 2005 R2 SP1
I have seen the truth, and it makes no sense. -Original Message- From: Dennis Melahn [mailto:[EMAIL PROTECTED] Sent: February-29-08 2:34 PM To: NT System Admin Issues Subject: RE: MS Virtual Server 2005 R2 SP1 Argh! How did I miss that? So there's no way to VM Exchange 2007 in my lab. What are people doing to test Exch 2007? ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: Hosted anti-spam
MX Logic Exchange Defender Both have reseller arrangements available. /kenw From: Gavin Wilby [mailto:[EMAIL PROTECTED] Sent: February-27-08 3:43 AM To: NT System Admin Issues Subject: Hosted anti-spam Hi Guys, I'm looking at getting a managed hosted anti-spam solution that we can re-sell onto our client base. I know that Message Labs do such a thing, but have you any recommends of anyone else, UK based if possible? Gavin. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: Symantec Endpoint Protection Feedback
I found the management console inappropriate for small sites or virtual servers - it wanted half a CPU all by itself, continuously, even with only a half-dozen PCs to manage. And I found the client portion far too CPU-intensive as well, inappropriate for virtual machines. Haven't tried MR1. Sounds like you have a single, relatively large site where you can dedicate a single machine to the console. Not gonna happen for small businesses. /kenw From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: February-24-08 5:37 AM To: NT System Admin Issues Subject: Re: Symantec Endpoint Protection Feedback No problems on our end. would have prefered to switch to something new, but it looks like we might do that in 2009 after some more research. The server component (as was already said) is absolutely hefty. We ended up installing it on our WSUS box (PowerEdge 860) and scrapping our old SAV server (PowerEdge 2400). That was a little tricky because they both have web sites that install as default with no host headers setup. SAV's actually needs to be on 80 with the defaults (also have it as sav.domain.com, but the server console looks on localhost:80), and WSUS we have setup on 80 as well but with host headers (wsus.domain.com) with no problems. Anyway, it's been fine so far, although our one support call had a hold time of over 60 minutes. Osama Salah [EMAIL PROTECTED] 02/24/2008 05:22 AM Please respond to NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com To NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com cc Subject Symantec Endpoint Protection Feedback I am planning to have a look at SEP 11. Symantec AV doesn't get much praise here but so far it was working OK for us. No major complaints. If you have anything positive/negative to share pls let me know what to look out for. regards Osama Salah Disclaimer:This communication contains information that is confidential and may also be legally privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient,disclosure, copying, distribution or other use of, or taking of any action in reliance upon, this communication or the information in it is prohibited and may be unlawful. If you have received this communication in error please notify the sender by return email, delete it from your system and destroy any copies. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: Virtualize Terminal Server or not?
Just a reminder: with Terminal Server and Citrix, the issue is more a matter of latency (i.e., ping times) than bandwidth.You could have a fast connection at your end, but if it's a long distance (say, trans-oceanic), your ping times could still suck. Under 100 ms is ideal, over 200 is noticeable, over 500 is starting to get pretty bad. A 128K ISDN connection typically has sub-50ms ping times and can realistically handle 10 to 20 users depending on real-world activity. A T1 from Florida to Alaska could be unusable. Bandwidth needs really depend on actually user and screen update activity. Latency issues, however, will show up with a single user. Test. The place you'll see most problems is in keyboard response when typing. Terminal Server sessions don't actually send and receive a lot of data -- but there's several times more going TO the users than FROM them, so you need to look at you server's upload speed. Citrix has some optimizations that can improve both bandwidth and latency issues, but in my own non-exhaustive tests some time ago, I didn't see major benefits. I used to avoid running serious Terminal Server connections over the Internet due to quality control issues: you never know from one minute to the next exactly how it's going to be routed, and what hop might get overloaded. Tracking down causes... don't waste your time. I still prefer private circuits if I have a choice, and the latency tends to be a lot better. One other point: I definitely think you should be running more than one server, for reliability. Terminal servers are multi-user PCs. Users mess up their systems (lock them down as much as possible) . You will be fixing user problems, rebooting, etc. Being able to shut down one server while users work on the other is a very good thing compared to everything going dark at once. Especially if you have load balancing and roaming profiles. /kenw From: Phil Guevara [mailto:[EMAIL PROTECTED] Sent: February-20-08 1:36 PM To: NT System Admin Issues Subject: RE: Virtualize Terminal Server or not? Andy, Do your users access TS across the WAN? and if so, what type of bandwidth do you have? Thanks for your help. Best, Phil From: Andy Crellin [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 20, 2008 1:26 AM To: NT System Admin Issues Subject: RE: Virtualize Terminal Server or not? We are running TS virtualised on ESX with about 40 users and its running fine. They are reasonably well specified, with the 2 hosts being ProLiant DL380 64bit dual quad-core + 16Gb memory and each VM having 2Gb memory and a single core to play with. We also use 2X to load balance. I don't use the facility myself but my colleagues tell me that they and their users are happy with the response. Andy Crellin Technical Services Manager Leonard Cheshire Disability Telephone: 01904 479200 E-mail: [EMAIL PROTECTED] From: Phil Guevara [mailto:[EMAIL PROTECTED] Sent: 20 February 2008 00:34 To: NT System Admin Issues Subject: Virtualize Terminal Server or not? Anyone know if it makes sense to virtualize a core terminal server that will have about 50 concurrent users connecting to it? Or is it better to get a new server that will be dedicated for this purpose? Best Regards, Phil Internet communications are not secure and therefore Leonard Cheshire Disability does not accept any liability for the content of this message. Any views or opinions presented are solely those of the author and do not necessarily represent those of Leonard Cheshire Disability. If you have received this transmission in error, please contact the sender and delete it immediately. Leonard Cheshire Disability is a company limited by guarantee, registered in England no: 552847, and a registered charity no: 218186 (England Wales) and no: SC005117 (Scotland) VAT no: 899 3223 75. Registered office: 30 Millbank, London SW1P 4QD. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: You WILL be assimilated....
And its corollary: Any technology distinguishable from magic is insufficiently advanced. From: Sherry Abercrombie [mailto:[EMAIL PROTECTED] Sent: February-22-08 7:25 AM To: NT System Admin Issues Subject: OT: You WILL be assimilated http://www.physorg.com/news122819670.html -- Sherry Abercrombie Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: Virtualize Terminal Server or not?
With a small number of users, virtualized TS is a slam dunk. With that many, I wouldn't virtualize it unless you're running ESX. In fact, there's a good chance you'll want multiple terminal servers with fault tolerant load balancing, and nobody beats Citrix for that. On the other hand, from what I've seem, the biggest overhead with virtualization is the disk overhead. And TS doesn't tend to hit local disks hard. So you might get lucky. The idea of cloned VMs with ESX automatic failover between multiple servers... Hmmm... I don't know how you're going to simulate users in a lab, FWIW. The load depends so much on work habits and app characteristics. Some hardware tuning tips, also FWIW. Use lots of CPU cores, lots of RAM, not a lot of disk, use SCSI disks for low overhead, fast smart NICs, don't use them for anything but TS (no local SQL, etc), no user-visible shares. From: Joseph L. Casale [mailto:[EMAIL PROTECTED] Sent: February-19-08 5:51 PM To: NT System Admin Issues Subject: RE: Virtualize Terminal Server or not? Not much help but I would suggest you try it out in a lab if you can. Hard to say not knowing how good your hardware is and what apps your running. I would be a little leery though as that is a lot of users to potentially visibly effect the user experience of. How good is your virtual environment? Given all the benefits of virtualizing, if it can handle I would surely opt for it! jlc From: Phil Guevara [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 19, 2008 5:34 PM To: NT System Admin Issues Subject: Virtualize Terminal Server or not? Anyone know if it makes sense to virtualize a core terminal server that will have about 50 concurrent users connecting to it? Or is it better to get a new server that will be dedicated for this purpose? Best Regards, Phil ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: Backupexec and compression
You're absolutely right that anything over the raw capacity is a matter of luck, and that discounting marginal media. However, there are a couple of rules of thumb that I find useful: - for the average client, a net compression ratio of about 1.5:1 is fairly normal. 2:1 or higher is rare. - the compressed rating is actually a fairly good sizing indicator of tape vs disk capacity. When you allow for not running hard drives over 80% full, and reasonable expectation of compression, the upper value is about the size of the disk space you can plan to protect with it, assuming full backups. /kenw -Original Message- From: Ben Scott [mailto:[EMAIL PROTECTED] Sent: February-15-08 12:32 PM To: NT System Admin Issues Subject: Re: Backupexec and compression On Fri, Feb 15, 2008 at 1:25 PM, Joseph L. Casale [EMAIL PROTECTED] wrote: Exactly? They are 200/400 tapes. I ignore compressed capacity claims; they are a marketing gimmick and always have been. Compression rates vary tremendously. You might get no compression gain, or 1.5:1, or 3:1. So I just avoid quoting compressed capacity entirely. By 200/400 tape, I surmise you LTO-2. Those do have a nominal, native capacity of 200 GB. But in the land of disks and tapes, 200 GB means 200 billion bytes. In the land of software and operating systems, 200 GB means 200 * 2^30 bytes. This is sometimes explicitly written as 200 GiB. Compare: 200 GB = 200,000,000,000 bytes 200 GiB = 214,748,364,800 bytes 14 GiB = 14,748,364,800 bytes (difference) So right away, you're only going to get 93% of that 200 GB you thought you had. Then there is overhead for metadata. Is this a large number of small files? If so, the metadata for each file may be becoming significant. I don't know anything about BUE's on-tape format, but I would guess they are likely storing a header at the start of each file (with name, datestamps, size, NTFS ACL, etc.). Or maybe in a catalog at the start/end of the tape. Either way, it consumes tape space. You also loose some tape capacity to bad blocks. Any big tape is going to have some number of bad blocks. Nominally, the drive automatically detects and corrects for them, so the backup software (and you) are not aware it is even happening. But it can eat into the nominal capacity of the tape. Is it an old tape? Finally, yes, a bad or simplistic compression algorithm may well make the compressed data larger for already-compressed input. A smart compression implementation will detect this and just store the straight input data, but tape drives are not known for using smart implementations. So turning off hardware compression may well gain you some tape space back. But perhaps not as much as you think. -- Ben ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: Network Management Tools
Look at Paessler PRTG. Not free, but easy to set up and use, and not too expensive. I like it. /kenw -Original Message- From: Joseph L. Casale [mailto:[EMAIL PROTECTED] Sent: February-08-08 12:14 PM To: NT System Admin Issues Subject: RE: Network Management Tools Heh, I can second that. I am setting this up right now. I *was* going to go with Nagios, but I think it's snmp implementation is weak. I am just playing with OpenNMS and about to look at Hyper IQ now, neither of which look easy! jlc -Original Message- From: Kurt Buff [mailto:[EMAIL PROTECTED] Sent: Friday, February 08, 2008 10:22 AM To: NT System Admin Issues Subject: Re: Network Management Tools LOL. Cheap, fast, good. Choose any two. On Feb 8, 2008 9:13 AM, Joe Heaton [EMAIL PROTECTED] wrote: I want it to monitor everything, with no effort from me, and for free! :) Joe Heaton -Original Message- From: Kurt Buff [mailto:[EMAIL PROTECTED] Sent: Friday, February 08, 2008 9:12 AM To: NT System Admin Issues Subject: Re: Network Management Tools What does network management mean to you? What tasks are you looking to perform, with what outcomes, at what cost, and with what effort? On Feb 8, 2008 7:25 AM, lee jolley [EMAIL PROTECTED] wrote: Hi We are looking to deploy network management tools into a new environment. Does anyone have any recommendations? We were looking at SolarWinds. Thanks Lee ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.19.21/1266 - Release Date: 2/8/2008 10:06 AM ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: OT: software to monitor users login and logoff
We do a lot of logon scripting. In some cases we have the script send an email to specified addresses when certain logins occur, in addition to the log files we always record to. Sample code available on request. Logoff scripting could also be done, with the caveat that if the system shuts down abruptly (crash, etc.), the script won't run. /kenw From: Devin Meade [mailto:[EMAIL PROTECTED] Sent: February-08-08 9:32 AM To: NT System Admin Issues Subject: Re: OT: software to monitor users login and logoff Just remember it's not a secure solution. The user must be able to edit this file. On Feb 8, 2008 10:22 AM, Thomas Gonzalez [EMAIL PROTECTED] wrote: Thanks Devin, I'll take a look at that. I have quite a few things running and it has me chasing my tail like a dog J Thomas From: Devin Meade [mailto:[EMAIL PROTECTED] Sent: Friday, February 08, 2008 9:25 AM To: NT System Admin Issues Subject: Re: OT: software to monitor users login and logoff Thomas, Batch file as a user login script appending to a central file. date /t \\server\share\%username%.log time /t \\server\share\%username%.log Echo User just logged in \\server\share\%username%.log Then use that tool someone posted to tail this file in a GUI. This was posted a few days ago in this newsgroup. I think it was free. hth -Devin On Feb 7, 2008 4:27 PM, Steve Ens [EMAIL PROTECTED] wrote: Event viewer under computer management on the DC. On Thu, Feb 7, 2008 at 4:20 PM, Thomas Gonzalez [EMAIL PROTECTED] wrote: Ok, so another question comes up, as if though I don't have other items on my plate. Has anyone used an application that would perform the following task: 1.User logs into network 2.One centralized workstation records and informs you when they login and logoff, with a GUI? I'm googling and see some cool stuff, but it's not what the CIO is requesting. I appreciate your responses. TIA, Thomas Gonzalez Technology Manager Girl Scouts of Southwest Texas 210.349.2404 phone 210.403.1586 DID 210.349.2666 fax www.girlscouts-swtx.org http://www.girlscouts-swtx.org/ [EMAIL PROTECTED] -- Devin -- Devin ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: Standby server for small business?
You know, you might be better off looking at Microsoft's solution to this: clustering. I didn't realize it until recently, but one advantage of active/passive clusters is that you can actually update the software without taking the service off line. It could be a lifesaver if an update takes longer than you expect. You may think it's too expensive for them, but it probably isn't. Never out-cheap your client. /kenw -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: February-08-08 4:14 PM To: NT System Admin Issues Subject: RE: Standby server for small business? If you have an SA or Enterprise license or Open Value version of Server you are entitled to a Cold standby license without additional fees, if you do not have SA or Enterprise or OV program then you must purchase a 2nd license. http://download.microsoft.com/download/c/d/f/cdf888c4-21af-4ab3-8422- 629 b97a4a6c2/SA%20BenefitsNA.pdf Sorry for the long url's off to dinner with wife. -Original Message- From: Phil Guevara [mailto:[EMAIL PROTECTED] Sent: Friday, February 08, 2008 6:13 PM To: NT System Admin Issues Subject: RE: Standby server for small business? There may be some free tools out there to let you replicate data from one server to another. Maybe Robocopy? Im not sure though if it would work for what you need. Best, Phil -Original Message- From: Angus Scott-Fleming [mailto:[EMAIL PROTECTED] Sent: Friday, February 08, 2008 2:57 PM To: NT System Admin Issues Subject: Standby server for small business? Got a small-business client (Server 2003,20 workstations, vertical- market database based on MS SQL Server) who just can't afford to be without their server for more than a few hours at most, so I'm looking into some sort of standby server. Anyone have any experience with this product? EMC RepliStor SMB Edition replication software enables small and medium businesses to protect a critical Windows file or application server by continuously replicating data to a second Windows server. Also, refresh my mind about licensing here, does MS require two licenses for Server 2003 when you do this? -- Angus Scott-Fleming http://www.geoapps.com/ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: Objective small business security resources
That was a good response. We're already doing those things, although I'm looking hard at ways to do them better. I hesitate to mention firewalls, because people seem to get jumped on if they are perceived as thinking that's all they need. But... firewalls are Necessary But Not Sufficient, and I'm not satisfied with my current solution to that aspect of security. I need to address that. Low end firewalls don't offer near the packet inspection and other functionality I'd like to see, and the higher end ones I've used (like Cisco) tend to be too expensive in terms of both management time overhead and capital cost. I want a firewall that actually understands something of the protocols it allowa through, and can detect password guessing attempts on a number of protocols. I reeealy hate opening up ports for the bots to hammer on without good packet inspection, and I just do not have and cannot afford the time to cover all the details manually. I see a lot of talk about SonicWall (they burned me once), WatchGuard, Astaro, Untangle, ISA Server, etc. People talk a lot about what the like or don't, but hardly anyone seems to know what they actually do. From what I've seen, I haven't been all that impressed. I liked the Cisco 1841 with IOS IPS, but it was buggy and very time-consuming. If I spent that kind of time on all the contenders, I might as well switch careers. Maybe I'm a paranoid iconoclast. Probably. Do you know of anyone who can speak knowledgeably about firewall products appropriate for one-server-no-IT-staff small business? /kenw ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
Objective small business security resources
I'm looking for expert, objective sources of information on small business security. Experts like Schneier and Ranum are great for making you think. But they never address managing practical security at sites with one server and no IT staff on the payroll. (Of course, if your particular hobby horse is the Most Important Thing, budget is no problem, is it?) When I talk to the people in the trenches, it seems like everybody pushes their favourite approach which, in most cases, is the only one they really know. When I go searching on the net, it seems like everybody pushes their favourite product, which they happen to sell. So, is there anybody out there who can speak expertly and objectively on small business security? Could you point me at 'em, please? /kenw ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: Switch Purchase Question...
I use HP nearly all the time now. While Cisco gear is good, unless you're doing a fairly large implementation, the time it can take to get them configured right can be expensive. I had a situation a while ago, due to Cisco's default configuration for bridge discovery, that caused a lot of hassle. An XP box behind another switch had defaulted to bridge mode, the Cisco saw it, panicked, and disconnected the port, causing a whole section of the network to go dark. Took a few times to figure out what was happening. My complaint is that neither Cisco nor Microsoft had any documented recognition of the issue, nor any recommendation on how to deal with it, and the support wasn't much help. A caution on the HPs, though: they've brought out some new, low-cost, semi-managed switches that I've put where I can't do anything else. They're still pretty green, don't cluster, and are generally feature-poor. There's an undocumented feature wherein if you use ports 1 and 2 for a trunk, and there's a power cycle, they will reset to factory defaults. Also, I'm seeing a lot of compatibility issues with low cost gigabit PC NICs, wherein they don't negotiate speed/duplex/etc. properly, and users with gigabit cards start running at 100MB with truly crappy performance. They seem to be happy with Intel NICs, FWIW. HP's bringing new firmware out for them fairly often. /kenw -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: January-29-08 4:05 PM To: NT System Admin Issues Subject: RE: Switch Purchase Question... Price to functionality on the say 2800 series HP and equivalent Cisco you will get a better price/warranty from HP over Cisco any day. Cisco is good stuff, really good stuff.. but the cost of managing the Cisco, TAC agreement if you don't know, and the warranty as compared to HP, always = better value for our shop to go HP. I have had switches that are 6 years old have a bad port go bad and HP sends a refurb'd switch out next day. And you don't even have to buy a better warranty it comes with it. Unless you can show me a specific feature I need not available on HP, that would be my only reason for going Cisco at this time. Greg -Original Message- From: Edward B. DREGER [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 29, 2008 5:18 PM To: NT System Admin Issues Subject: Re: Switch Purchase Question... MEJ Date: Tue, 29 Jan 2008 17:03:21 -0500 MEJ From: Micheal Espinola Jr MEJ Over Cisco? Can you give an example? See earlier posts. Again, we're talking low-end switches; I've not run the bigger HPs. HP: Never a problem with hardware or firmware over the years. Cisco: IIRC was slower to offer SSHv2. Cisco: Unless the 29xx now has things like 802.1x, HP gets the nod. Cisco: Wicked problems with 5500 (yes, a while back) and redundant FEC aggregates. Cisco: Some of my bias comes from nasty experiences on their router gear not living up to spec (think: special interim IOS release because of buggy MPLS code; not reaching near advertised forwarding rates with any real routing processes and ACLs) HP isn't perfect, though. I wish the 25xx allowed baby jumbograms for non-802.3ad ethertypes, such as MPLS. Can't recall if the lower-end Ciscos do, either, for that matter. (Yes, some of these experiences date back several years.) Eddy -- Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita ___ _ DO NOT send mail to the following addresses: [EMAIL PROTECTED] -*- [EMAIL PROTECTED] -*- [EMAIL PROTECTED] Sending mail to spambait addresses is a great way to get blocked. Ditto for broken OOO autoresponders and foolish AV software backscatter. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: Do Vista Users Need Fewer Security Patches Than XP Users?
Does nobody remember Windows Bob? 100% flop, 0.001% market penetration. /kenw -Original Message- From: Mike Gill [mailto:[EMAIL PROTECTED] Sent: January-31-08 3:24 PM To: NT System Admin Issues Subject: RE: Do Vista Users Need Fewer Security Patches Than XP Users? You're the first person I've ever heard say Win98 was a flop. -- Mike Gill -Original Message- From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] Sent: Thursday, January 31, 2008 2:03 PM To: NT System Admin Issues Subject: Re: Do Vista Users Need Fewer Security Patches Than XP Users? InfoWorld is crazy. Windows98 or WindowsMe were the biggest Windows-related flops. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: Home user forgot admin password -- easy way
Actually, there may be an easier way. Most home users use those little dummy icons to log in, and frequently never set the administrator password. If so, all you need to do is hit Ctrl-Alt-Del three times in a row so it gives you a text-mode logon prompt, then enter Administrator and no password, and presto you're in. It's worked for me a few times. /kenw From: Tom Miller [mailto:[EMAIL PROTECTED] Sent: February-01-08 10:48 AM To: NT System Admin Issues Subject: Home user forgot admin password Hi Folks: One of our VIPs somehow forgot/lost his administrator password to him Windows XP Pro home PC. We don't normally support home PCs, but since this person is a VIP, I'm looking for tools he can use to reset/show him the administrator password. Suggestions? Thanks, Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
Ongoing issues installing SQL 2005 Mgmt Studio
This has been an ongoing issue for us, and I wondered if you folks had run into similar issues. Often, when we install SQL Server 2005 standard edition, the Management Studio doesn't get installed, even though it was selected to be installed. There's a bit of discussion of this on-line; the solution that seems to work best is to locate the msi file that actually installs the Studio and run in manually. It doesn't always work. Sometime you have to remove and reinstall SQL completely. There are other solutions that have varying degrees of success. It's generally a time-wasting pain in the butt. It seems to happen a lot. I'm not sure if it's related to SBS, Backup Exec, installing SQL Express before the full version, or what. So I kind have to ask: what's up with that? What are we doing wrong? /kenw ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: Bandwidth management
Which means you need a managed switch. Unmanaged==S.O.L. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: January-28-08 7:07 PM To: NT System Admin Issues Subject: RE: Bandwidth management Switches only send traffic to designated ports based on MAC address. You either need to configure the switch to a monitor port, where it basically sends a copy of all traffic so you can hook a machine to that port and see all traffic. From: Chyka, Robert [mailto:[EMAIL PROTECTED] Sent: Monday, January 28, 2008 3:22 PM To: NT System Admin Issues Subject: RE: Bandwidth management If I want to use ntop to see what machines are talking the most on the network, do I need to configure a switch port any special way? It is a small flat switchednetwork. Thanks.. From: Benjamin Zachary [mailto:[EMAIL PROTECTED] Sent: Monday, January 28, 2008 3:18 PM To: NT System Admin Issues Subject: RE: Bandwidth management Mrtg , ntop come to mind. Your vendor can normally provide some mrtg graphs to give you a general idea of usage and peak usage. From: Phil Guevara [mailto:[EMAIL PROTECTED] Sent: Monday, January 28, 2008 2:42 PM To: NT System Admin Issues Subject: Bandwidth management What are people using to manage bandwidth? We want to up our bandwidth but put something in place to make sure the bandwidth is managed properly. We will be going VOIP soon and we currently have checkpoint firewalls. Also is this a good product? Any use it? http://www.netequalizer.com/nda.htm Thanks for your input and advice. Best Regards, Phil ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: Bandwidth management
There is, actually, another solution. Since I presume you're interested in WAN bandwidth, there's really only one port you're interested in - the one that goes through your firewall. You could use a real network hub (a rare beast these days, be sure it's not a switch pretending to be a hub) to tap into the line feeding into your firewall. Watch that, if it's a dual-speed hub, your sniffer's NIC is set to the same speed as the port you're monitoring, or you still won't see the traffic because you'll be on the wrong side of the internal bridge. If you want more detail in the analysis, you could also consider WireShark (nee Ethereal) or Microsoft's new Netmon 3, which are free downloadable packet sniffers. /kenw From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: January-28-08 7:07 PM To: NT System Admin Issues Subject: RE: Bandwidth management Switches only send traffic to designated ports based on MAC address. You either need to configure the switch to a monitor port, where it basically sends a copy of all traffic so you can hook a machine to that port and see all traffic. From: Chyka, Robert [mailto:[EMAIL PROTECTED] Sent: Monday, January 28, 2008 3:22 PM To: NT System Admin Issues Subject: RE: Bandwidth management If I want to use ntop to see what machines are talking the most on the network, do I need to configure a switch port any special way? It is a small flat switchednetwork. Thanks.. From: Benjamin Zachary [mailto:[EMAIL PROTECTED] Sent: Monday, January 28, 2008 3:18 PM To: NT System Admin Issues Subject: RE: Bandwidth management Mrtg , ntop come to mind. Your vendor can normally provide some mrtg graphs to give you a general idea of usage and peak usage. From: Phil Guevara [mailto:[EMAIL PROTECTED] Sent: Monday, January 28, 2008 2:42 PM To: NT System Admin Issues Subject: Bandwidth management What are people using to manage bandwidth? We want to up our bandwidth but put something in place to make sure the bandwidth is managed properly. We will be going VOIP soon and we currently have checkpoint firewalls. Also is this a good product? Any use it? http://www.netequalizer.com/nda.htm Thanks for your input and advice. Best Regards, Phil ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: R: Nod32 v3 or 2.7?
I'm kind of puzzled about all this anti-Symantec sentiment. I'm been using their SAV Corporate Edition for several years for small businesses, and found it worked quite well, much easier to manage than McAfee, more reliable than Trend, very few conflicts. ( I've never used NOD32. ) We've had very few problems with SAV clients. I'm quite mystified about all the fuss. Having said that, I'm having major reservations re: SEP (SAV 11). Its RAM footprint may be much reduced, but RAM is cheap these days and everything else uses more too. But it really eats up the CPU - you need a dedicated server for the management console, and if you're running virtual machines, a few guests with SEP pretty well eats up the whole host. Symantec says they're working on it... FWIW, we do small business almost exclusively. /kenw From: Eric E Eskam [mailto:[EMAIL PROTECTED] Sent: January-04-08 10:03 AM To: NT System Admin Issues Subject: RE: R: Nod32 v3 or 2.7? Tim Vander Kooi [EMAIL PROTECTED] wrote on 01/04/2008 11:14:46 AM: The fact REALLY is that Symantec buys up good software and makes it bad. That may be, but it appears NOD (the current list favorite) just shot themselves in the foot too. I find that ironic and amusing at the same time. Perhaps it's just me. Now, I'm no Symantec apologist (far from it) but I think if anything, it's important to point out that there isn't any one program or vendor out there that is perfect, and that simply changing software vendors isn't always the magic bullet. I fight that battle all the time - sometimes it is better to grunt it out and make your current solution work then investing the time and resources into completely redeploying an new solution and re-training everyone. Obviously, if you only have a couple of hundred PC's it's far easier to rip and replace then when you have 70,000 - but there are still costs (at least in time and productivity) that should be considered. I have been watching the discussions of AV products over the past few months pretty closely because Symantec clients are such a pain to maintain. But it looks like with their new product, there is finally some hope after all. And their management console *is* very nice, even if maintaining the 9.x, 10.x and 11.x clients are a total PITA. So far I haven't seen enough pro's/con's from other products discussed to convince me to try to gear up for a change in my organization. I freely admit some of that is the difficulties of doing so politically vs. product capabilities - not technical reasons, but it's still part of the equation. Eric Eskam =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= The contents of this message are mine personally and do not reflect any position of the U.S. Government The human mind treats a new idea the same way the body treats a strange protein; it rejects it. - P. B. Medawar ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: Persistent Mapped Drive
Coupla thots: 1. If your web app runs in the user context, that would entail a lot of mapping overhead every time a connection launched the app. Even with UNCs, much of the overhead remains. 2. I recently ran into an issue that made me less happy with UNCs. If you need move data to another server, UNC references have to be changed at the client. Script-based drive mappings are much simpler to manager. (Does anyone remember VMS Logical Names?) I've started using UNCs with DFS-based shares so I can relocate data invisibly to the client. /kenw -Original Message- From: Roger Wright [mailto:[EMAIL PROTECTED] Sent: January-04-08 2:13 PM To: NT System Admin Issues Subject: RE: Persistent Mapped Drive Thanks... don't particularly care for the drawbacks but will try to mitigate with obscurity. Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 No trees were harmed in the sending of this message - but billions of electrons were terribly inconvenienced. -Original Message- From: Steve Kelsay [mailto:[EMAIL PROTECTED] Sent: Friday, January 04, 2008 3:32 PM To: NT System Admin Issues Subject: RE: Persistent Mapped Drive Two ways. 1. Set a GPO or local policy to select a script during startup as opposed to login: Computer Configuration\Windows Settings\Scripts(Startup/shutdown) Drawback, settung the user and password setting in the script 2. Run the same script from the registry Run key. Same drawback. I am doing this on a server to map a remote drive for an application that cannot use UNC connections and must have a drive letter. -Original Message- From: Roger Wright [mailto:[EMAIL PROTECTED] Sent: Friday, January 04, 2008 15:19 PM To: NT System Admin Issues Subject: Persistent Mapped Drive I need to map a drive to a network share and have it remain even when no one is logged in. Checked the Reconnect at logon box and maps the connection again when logging in, however, I need this drive to be consistent for a web app. Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 Certain brief sentences are peerless in their ability to give one the feeling that nothing remains to be said. - Jean Rostand ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~