Re: OT question (was RE: AD and firewall ports)
By the removal of one letter, and addition of two others? (pathetic comedy answer) On 6 January 2011 15:28, Raper, Jonathan - Eagle jra...@eaglemds.comwrote: Ok, I’m curious. How does an MD end up becoming an MCSE? (serious question) Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA* *jra...@eaglemds.com* *www.eaglemds.com -- *From:* Thomas W Shinder MD [mailto:tshin...@tacteam.net] *Sent:* Thursday, January 06, 2011 9:50 AM *To:* NT System Admin Issues *Subject:* RE: AD and firewall ports Firewall guys are somewhat unclear regarding the relationship of ports and their implication in a security context. Often the easiest way to get around these guys is to use IPsec between the DMZ host and any other host on the intranet. Then you only need to allow UDP port 500. That makes the firewall guy happy and allows all protocols through the IPsec tunnel. *From:* Brian Desmond [mailto:br...@briandesmond.com] *Sent:* Thursday, January 06, 2011 8:33 AM *To:* NT System Admin Issues *Subject:* RE: AD and firewall ports *IIRC that KB that describes restricting DCOM ports actually explicitly recommends 100…* * * *Thanks,* *Brian Desmond* *br...@briandesmond.com* * * *c – 312.731.3132* * * *From:* joseph palmieri [mailto:jpalm...@yahoo.com] *Sent:* Wednesday, January 05, 2011 6:54 PM *To:* NT System Admin Issues *Subject:* AD and firewall ports Need assistance with firewall ports and active directory our server admin submitted a change request to open over 1000 port to support AD. The change was denied and resubmitted requesting a minimum of 100 ports to support RPC communications to a member server within our DMZ. Our firewall engineers stated while monitoring the firewall only 20 ports were communicated over and 100 ports are not needed. Has anyone had experience with this issue and can provide some clarity…are the server admin looking for an easy way out by requesting all these ports? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. *IMPORTANT: This email is intended for the use of the individual addressee(s) named above and may contain information that is confidential, privileged or unsuitable for overly sensitive persons with low self-esteem, no sense of humour or irrational religious beliefs. If you are not the intended recipient, any dissemination, distribution or copying of this email is not authorised (either explicitly or implicitly) and constitutes an irritating social faux pas. Unless the word absquatulation has been used in its correct context somewhere other than in this warning, it does not have any legal or no grammatical use and may be ignored. No animals were harmed in the
RE: OT question (was RE: AD and firewall ports)
Same way a guy who worked at a lumber yard for 5 years did. J Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com mailto:don.gu...@prufoxroach.com From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] Sent: Thursday, January 06, 2011 10:29 AM To: NT System Admin Issues Subject: OT question (was RE: AD and firewall ports) Ok, I'm curious. How does an MD end up becoming an MCSE? (serious question) Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.com BLOCKED::mailto:%20jra...@eaglemds.com www.eaglemds.com BLOCKED::http://www.eaglemds.com/ From: Thomas W Shinder MD [mailto:tshin...@tacteam.net] Sent: Thursday, January 06, 2011 9:50 AM To: NT System Admin Issues Subject: RE: AD and firewall ports Firewall guys are somewhat unclear regarding the relationship of ports and their implication in a security context. Often the easiest way to get around these guys is to use IPsec between the DMZ host and any other host on the intranet. Then you only need to allow UDP port 500. That makes the firewall guy happy and allows all protocols through the IPsec tunnel. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Thursday, January 06, 2011 8:33 AM To: NT System Admin Issues Subject: RE: AD and firewall ports IIRC that KB that describes restricting DCOM ports actually explicitly recommends 100... Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 From: joseph palmieri [mailto:jpalm...@yahoo.com] Sent: Wednesday, January 05, 2011 6:54 PM To: NT System Admin Issues Subject: AD and firewall ports Need assistance with firewall ports and active directory our server admin submitted a change request to open over 1000 port to support AD. The change was denied and resubmitted requesting a minimum of 100 ports to support RPC communications to a member server within our DMZ. Our firewall engineers stated while monitoring the firewall only 20 ports were communicated over and 100 ports are not needed. Has anyone had experience with this issue and can provide some clarity...are the server admin looking for an easy way out by requesting all these ports? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: OT question (was RE: AD and firewall ports)
Technically that would be by adding three others... (pathetic comedic reply to first pathetic attempt at a comedy answer!) ;-) Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.comBLOCKED::mailto:%20jra...@eaglemds.com www.eaglemds.comBLOCKED::http://www.eaglemds.com/ From: James Rankin [mailto:kz2...@googlemail.com] Sent: Thursday, January 06, 2011 10:28 AM To: NT System Admin Issues Subject: Re: OT question (was RE: AD and firewall ports) By the removal of one letter, and addition of two others? (pathetic comedy answer) On 6 January 2011 15:28, Raper, Jonathan - Eagle jra...@eaglemds.commailto:jra...@eaglemds.com wrote: Ok, I'm curious. How does an MD end up becoming an MCSE? (serious question) Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.com www.eaglemds.com From: Thomas W Shinder MD [mailto:tshin...@tacteam.netmailto:tshin...@tacteam.net] Sent: Thursday, January 06, 2011 9:50 AM To: NT System Admin Issues Subject: RE: AD and firewall ports Firewall guys are somewhat unclear regarding the relationship of ports and their implication in a security context. Often the easiest way to get around these guys is to use IPsec between the DMZ host and any other host on the intranet. Then you only need to allow UDP port 500. That makes the firewall guy happy and allows all protocols through the IPsec tunnel. From: Brian Desmond [mailto:br...@briandesmond.commailto:br...@briandesmond.com] Sent: Thursday, January 06, 2011 8:33 AM To: NT System Admin Issues Subject: RE: AD and firewall ports IIRC that KB that describes restricting DCOM ports actually explicitly recommends 100... Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com c - 312.731.3132 From: joseph palmieri [mailto:jpalm...@yahoo.commailto:jpalm...@yahoo.com] Sent: Wednesday, January 05, 2011 6:54 PM To: NT System Admin Issues Subject: AD and firewall ports Need assistance with firewall ports and active directory our server admin submitted a change request to open over 1000 port to support AD. The change was denied and resubmitted requesting a minimum of 100 ports to support RPC communications to a member server within our DMZ. Our firewall engineers stated while monitoring the firewall only 20 ports were communicated over and 100 ports are not needed. Has anyone had experience with this issue and can provide some clarity...are the server admin looking for an easy way out by requesting all these ports? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend
Re: OT question (was RE: AD and firewall ports)
Hmmmmaybe I should have said three letters. It's getting late in the day (poor excuse) On 6 January 2011 15:28, James Rankin kz2...@googlemail.com wrote: By the removal of one letter, and addition of two others? (pathetic comedy answer) On 6 January 2011 15:28, Raper, Jonathan - Eagle jra...@eaglemds.comwrote: Ok, I’m curious. How does an MD end up becoming an MCSE? (serious question) Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA* *jra...@eaglemds.com* *www.eaglemds.com -- *From:* Thomas W Shinder MD [mailto:tshin...@tacteam.net] *Sent:* Thursday, January 06, 2011 9:50 AM *To:* NT System Admin Issues *Subject:* RE: AD and firewall ports Firewall guys are somewhat unclear regarding the relationship of ports and their implication in a security context. Often the easiest way to get around these guys is to use IPsec between the DMZ host and any other host on the intranet. Then you only need to allow UDP port 500. That makes the firewall guy happy and allows all protocols through the IPsec tunnel. *From:* Brian Desmond [mailto:br...@briandesmond.com] *Sent:* Thursday, January 06, 2011 8:33 AM *To:* NT System Admin Issues *Subject:* RE: AD and firewall ports *IIRC that KB that describes restricting DCOM ports actually explicitly recommends 100…* * * *Thanks,* *Brian Desmond* *br...@briandesmond.com* * * *c – 312.731.3132* * * *From:* joseph palmieri [mailto:jpalm...@yahoo.com] *Sent:* Wednesday, January 05, 2011 6:54 PM *To:* NT System Admin Issues *Subject:* AD and firewall ports Need assistance with firewall ports and active directory our server admin submitted a change request to open over 1000 port to support AD. The change was denied and resubmitted requesting a minimum of 100 ports to support RPC communications to a member server within our DMZ. Our firewall engineers stated while monitoring the firewall only 20 ports were communicated over and 100 ports are not needed. Has anyone had experience with this issue and can provide some clarity…are the server admin looking for an easy way out by requesting all these ports? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. *IMPORTANT: This email is intended for the use of the individual addressee(s) named above and may contain information that is confidential, privileged or unsuitable for overly sensitive persons with low self-esteem, no sense of humour or irrational religious beliefs. If you are not the intended recipient, any dissemination, distribution or copying of this email is not authorised (either explicitly or implicitly) and constitutes an irritating social faux pas. Unless the word
RE: OT question (was RE: AD and firewall ports)
Would I be incorrect in assuming that the MCSE who used to work at a lumber yard now earns substantially more than when they were employed at said lumber yard? Having worked for a private practice healthcare organization for the last 12 years, and having performed a payroll conversion in this organization, I also happen to have been privy to some of the physician salaries during that time. While what I make is nothing to sneeze at, physicians make more - even first year non-shareholder general practice physicians right out of residency make more (here anyway) than I do. Let's not even talk about specialists. While I know that money certainly isn't everything, it is a motivating factor much of the time. Like I said, I'm just curious what would motivate someone who spent at least 8 years (and who knows how much $) on higher education and residency rotations to make the transition from the healthcare world to the IT world - after obtaining the credentials as an MD. Certainly there is nothing wrong with that in the least. I'm simply curious. Everyone has a story, and this one (to me at least) seems like it might be more interesting than average. Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.comBLOCKED::mailto:%20jra...@eaglemds.com www.eaglemds.comBLOCKED::http://www.eaglemds.com/ From: Don Guyer [mailto:don.gu...@prufoxroach.com] Sent: Thursday, January 06, 2011 10:29 AM To: NT System Admin Issues Subject: RE: OT question (was RE: AD and firewall ports) Same way a guy who worked at a lumber yard for 5 years did. :) Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.commailto:don.gu...@prufoxroach.com From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] Sent: Thursday, January 06, 2011 10:29 AM To: NT System Admin Issues Subject: OT question (was RE: AD and firewall ports) Ok, I'm curious. How does an MD end up becoming an MCSE? (serious question) Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.comBLOCKED::mailto:%20jra...@eaglemds.com www.eaglemds.comBLOCKED::http://www.eaglemds.com/ From: Thomas W Shinder MD [mailto:tshin...@tacteam.net] Sent: Thursday, January 06, 2011 9:50 AM To: NT System Admin Issues Subject: RE: AD and firewall ports Firewall guys are somewhat unclear regarding the relationship of ports and their implication in a security context. Often the easiest way to get around these guys is to use IPsec between the DMZ host and any other host on the intranet. Then you only need to allow UDP port 500. That makes the firewall guy happy and allows all protocols through the IPsec tunnel. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Thursday, January 06, 2011 8:33 AM To: NT System Admin Issues Subject: RE: AD and firewall ports IIRC that KB that describes restricting DCOM ports actually explicitly recommends 100... Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com c - 312.731.3132 From: joseph palmieri [mailto:jpalm...@yahoo.com] Sent: Wednesday, January 05, 2011 6:54 PM To: NT System Admin Issues Subject: AD and firewall ports Need assistance with firewall ports and active directory our server admin submitted a change request to open over 1000 port to support AD. The change was denied and resubmitted requesting a minimum of 100 ports to support RPC communications to a member server within our DMZ. Our firewall engineers stated while monitoring the firewall only 20 ports were communicated over and 100 ports are not needed. Has anyone had experience with this issue and can provide some clarity...are the server admin looking for an easy way out by requesting all these ports? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana
Re: OT question (was RE: AD and firewall ports)
I used to aspire to be a writer. I wish I could be full-time, but there simply isn't the money in it to justify me trying it. I wish I could though - I would certainly be not as abysmally bored as I find myself at the moment! I'm concentrating on trying to do some writing on my train journeys home, but I'm usually too tired to bother. :-( On 6 January 2011 15:43, Raper, Jonathan - Eagle jra...@eaglemds.comwrote: Would I be incorrect in assuming that the MCSE who used to work at a lumber yard now earns substantially more than when they were employed at said lumber yard? Having worked for a private practice healthcare organization for the last 12 years, and having performed a payroll conversion in this organization, I also happen to have been privy to some of the physician salaries during that time. While what I make is nothing to sneeze at, physicians make more – even first year non-shareholder general practice physicians right out of residency make more (here anyway) than I do. Let’s not even talk about specialists. While I know that money certainly isn’t everything, it is a motivating factor much of the time. Like I said, I’m just curious what would motivate someone who spent at least 8 years (and who knows how much $) on higher education and residency rotations to make the transition from the healthcare world to the IT world – after obtaining the credentials as an MD. Certainly there is nothing wrong with that in the least. I’m simply curious. Everyone has a story, and this one (to me at least) seems like it might be more interesting than average. Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA* *jra...@eaglemds.com* *www.eaglemds.com -- *From:* Don Guyer [mailto:don.gu...@prufoxroach.com] *Sent:* Thursday, January 06, 2011 10:29 AM *To:* NT System Admin Issues *Subject:* RE: OT question (was RE: AD and firewall ports) Same way a guy who worked at a lumber yard for 5 years did. J Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com *From:* Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] *Sent:* Thursday, January 06, 2011 10:29 AM *To:* NT System Admin Issues *Subject:* OT question (was RE: AD and firewall ports) Ok, I’m curious. How does an MD end up becoming an MCSE? (serious question) Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA* *jra...@eaglemds.com* *www.eaglemds.com -- *From:* Thomas W Shinder MD [mailto:tshin...@tacteam.net] *Sent:* Thursday, January 06, 2011 9:50 AM *To:* NT System Admin Issues *Subject:* RE: AD and firewall ports Firewall guys are somewhat unclear regarding the relationship of ports and their implication in a security context. Often the easiest way to get around these guys is to use IPsec between the DMZ host and any other host on the intranet. Then you only need to allow UDP port 500. That makes the firewall guy happy and allows all protocols through the IPsec tunnel. *From:* Brian Desmond [mailto:br...@briandesmond.com] *Sent:* Thursday, January 06, 2011 8:33 AM *To:* NT System Admin Issues *Subject:* RE: AD and firewall ports *IIRC that KB that describes restricting DCOM ports actually explicitly recommends 100…* * * *Thanks,* *Brian Desmond* *br...@briandesmond.com* * * *c – 312.731.3132* * * *From:* joseph palmieri [mailto:jpalm...@yahoo.com] *Sent:* Wednesday, January 05, 2011 6:54 PM *To:* NT System Admin Issues *Subject:* AD and firewall ports Need assistance with firewall ports and active directory our server admin submitted a change request to open over 1000 port to support AD. The change was denied and resubmitted requesting a minimum of 100 ports to support RPC communications to a member server within our DMZ. Our firewall engineers stated while monitoring the firewall only 20 ports were communicated over and 100 ports are not needed. Has anyone had experience with this issue and can provide some clarity…are the server admin looking for an easy way out by requesting all these ports? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: OT question (was RE: AD and firewall ports)
:) All the details are in the forwards of my new Forefront books ;) http://www.amazon.com/s/ref=nb_sb_noss?url=search-alias%3Dapsfield-keywords=shinder+forefront From: James Rankin [mailto:kz2...@googlemail.com] Sent: Thursday, January 06, 2011 9:28 AM To: NT System Admin Issues Subject: Re: OT question (was RE: AD and firewall ports) By the removal of one letter, and addition of two others? (pathetic comedy answer) On 6 January 2011 15:28, Raper, Jonathan - Eagle jra...@eaglemds.commailto:jra...@eaglemds.com wrote: Ok, I'm curious. How does an MD end up becoming an MCSE? (serious question) Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.com www.eaglemds.com From: Thomas W Shinder MD [mailto:tshin...@tacteam.netmailto:tshin...@tacteam.net] Sent: Thursday, January 06, 2011 9:50 AM To: NT System Admin Issues Subject: RE: AD and firewall ports Firewall guys are somewhat unclear regarding the relationship of ports and their implication in a security context. Often the easiest way to get around these guys is to use IPsec between the DMZ host and any other host on the intranet. Then you only need to allow UDP port 500. That makes the firewall guy happy and allows all protocols through the IPsec tunnel. From: Brian Desmond [mailto:br...@briandesmond.commailto:br...@briandesmond.com] Sent: Thursday, January 06, 2011 8:33 AM To: NT System Admin Issues Subject: RE: AD and firewall ports IIRC that KB that describes restricting DCOM ports actually explicitly recommends 100... Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com c - 312.731.3132 From: joseph palmieri [mailto:jpalm...@yahoo.commailto:jpalm...@yahoo.com] Sent: Wednesday, January 05, 2011 6:54 PM To: NT System Admin Issues Subject: AD and firewall ports Need assistance with firewall ports and active directory our server admin submitted a change request to open over 1000 port to support AD. The change was denied and resubmitted requesting a minimum of 100 ports to support RPC communications to a member server within our DMZ. Our firewall engineers stated while monitoring the firewall only 20 ports were communicated over and 100 ports are not needed. Has anyone had experience with this issue and can provide some clarity...are the server admin looking for an easy way out by requesting all these ports? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. IMPORTANT: This email is intended for the use of the individual addressee(s) named above and may contain information
RE: OT question (was RE: AD and firewall ports)
Would it be the removal of one letter and the addition of three others? From: James Rankin [mailto:kz2...@googlemail.com] Sent: Thursday, January 06, 2011 7:28 AM To: NT System Admin Issues Subject: Re: OT question (was RE: AD and firewall ports) By the removal of one letter, and addition of two others? (pathetic comedy answer) On 6 January 2011 15:28, Raper, Jonathan - Eagle jra...@eaglemds.com wrote: Ok, I'm curious. How does an MD end up becoming an MCSE? (serious question) Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.com www.eaglemds.com _ From: Thomas W Shinder MD [mailto:tshin...@tacteam.net] Sent: Thursday, January 06, 2011 9:50 AM To: NT System Admin Issues Subject: RE: AD and firewall ports Firewall guys are somewhat unclear regarding the relationship of ports and their implication in a security context. Often the easiest way to get around these guys is to use IPsec between the DMZ host and any other host on the intranet. Then you only need to allow UDP port 500. That makes the firewall guy happy and allows all protocols through the IPsec tunnel. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Thursday, January 06, 2011 8:33 AM To: NT System Admin Issues Subject: RE: AD and firewall ports IIRC that KB that describes restricting DCOM ports actually explicitly recommends 100. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 From: joseph palmieri [mailto:jpalm...@yahoo.com] Sent: Wednesday, January 05, 2011 6:54 PM To: NT System Admin Issues Subject: AD and firewall ports Need assistance with firewall ports and active directory our server admin submitted a change request to open over 1000 port to support AD. The change was denied and resubmitted requesting a minimum of 100 ports to support RPC communications to a member server within our DMZ. Our firewall engineers stated while monitoring the firewall only 20 ports were communicated over and 100 ports are not needed. Has anyone had experience with this issue and can provide some clarity.are the server admin looking for an easy way out by requesting all these ports? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin _ Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. IMPORTANT: This email is intended for the use of the individual addressee(s) named above and may contain information that is confidential, privileged or unsuitable for overly sensitive persons with low self-esteem, no sense of humour or irrational religious beliefs. If you are not the intended recipient, any dissemination, distribution or copying of this email is not authorised (either explicitly or implicitly) and constitutes an irritating social faux pas. Unless the word absquatulation has been used in its correct context somewhere other than
RE: OT question (was RE: AD and firewall ports)
I agree, but I was answering the how not the why. J Maybe he's a Microsoft Doctor... Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com mailto:don.gu...@prufoxroach.com From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] Sent: Thursday, January 06, 2011 10:44 AM To: NT System Admin Issues Subject: RE: OT question (was RE: AD and firewall ports) Would I be incorrect in assuming that the MCSE who used to work at a lumber yard now earns substantially more than when they were employed at said lumber yard? Having worked for a private practice healthcare organization for the last 12 years, and having performed a payroll conversion in this organization, I also happen to have been privy to some of the physician salaries during that time. While what I make is nothing to sneeze at, physicians make more - even first year non-shareholder general practice physicians right out of residency make more (here anyway) than I do. Let's not even talk about specialists. While I know that money certainly isn't everything, it is a motivating factor much of the time. Like I said, I'm just curious what would motivate someone who spent at least 8 years (and who knows how much $) on higher education and residency rotations to make the transition from the healthcare world to the IT world - after obtaining the credentials as an MD. Certainly there is nothing wrong with that in the least. I'm simply curious. Everyone has a story, and this one (to me at least) seems like it might be more interesting than average. Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.com BLOCKED::mailto:%20jra...@eaglemds.com www.eaglemds.com BLOCKED::http://www.eaglemds.com/ From: Don Guyer [mailto:don.gu...@prufoxroach.com] Sent: Thursday, January 06, 2011 10:29 AM To: NT System Admin Issues Subject: RE: OT question (was RE: AD and firewall ports) Same way a guy who worked at a lumber yard for 5 years did. J Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] Sent: Thursday, January 06, 2011 10:29 AM To: NT System Admin Issues Subject: OT question (was RE: AD and firewall ports) Ok, I'm curious. How does an MD end up becoming an MCSE? (serious question) Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.com BLOCKED::mailto:%20jra...@eaglemds.com www.eaglemds.com BLOCKED::http://www.eaglemds.com/ From: Thomas W Shinder MD [mailto:tshin...@tacteam.net] Sent: Thursday, January 06, 2011 9:50 AM To: NT System Admin Issues Subject: RE: AD and firewall ports Firewall guys are somewhat unclear regarding the relationship of ports and their implication in a security context. Often the easiest way to get around these guys is to use IPsec between the DMZ host and any other host on the intranet. Then you only need to allow UDP port 500. That makes the firewall guy happy and allows all protocols through the IPsec tunnel. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Thursday, January 06, 2011 8:33 AM To: NT System Admin Issues Subject: RE: AD and firewall ports IIRC that KB that describes restricting DCOM ports actually explicitly recommends 100... Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 From: joseph palmieri [mailto:jpalm...@yahoo.com] Sent: Wednesday, January 05, 2011 6:54 PM To: NT System Admin Issues Subject: AD and firewall ports Need assistance with firewall ports and active directory our server admin submitted a change request to open over 1000 port to support AD. The change was denied and resubmitted requesting a minimum of 100 ports to support RPC communications to a member server within our DMZ. Our firewall engineers stated while monitoring the firewall only 20 ports were communicated over and 100 ports are not needed. Has anyone had experience with this issue and can provide some clarity...are the server admin looking for an easy way out by requesting all these ports? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt
Re: OT question (was RE: AD and firewall ports)
I'll have to get that, I just got a UAG set up, DA is awesome! John W. Cook Systems Administrator Partnership for Strong Families From: Thomas W Shinder MD tshin...@tacteam.net To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Thu Jan 06 10:47:51 2011 Subject: RE: OT question (was RE: AD and firewall ports) :) All the details are in the forwards of my new Forefront books ;) http://www.amazon.com/s/ref=nb_sb_noss?url=search-alias%3Dapsfield-keywords=shinder+forefront From: James Rankin [mailto:kz2...@googlemail.com] Sent: Thursday, January 06, 2011 9:28 AM To: NT System Admin Issues Subject: Re: OT question (was RE: AD and firewall ports) By the removal of one letter, and addition of two others? (pathetic comedy answer) On 6 January 2011 15:28, Raper, Jonathan - Eagle jra...@eaglemds.commailto:jra...@eaglemds.com wrote: Ok, I’m curious. How does an MD end up becoming an MCSE? (serious question) Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.com www.eaglemds.com From: Thomas W Shinder MD [mailto:tshin...@tacteam.netmailto:tshin...@tacteam.net] Sent: Thursday, January 06, 2011 9:50 AM To: NT System Admin Issues Subject: RE: AD and firewall ports Firewall guys are somewhat unclear regarding the relationship of ports and their implication in a security context. Often the easiest way to get around these guys is to use IPsec between the DMZ host and any other host on the intranet. Then you only need to allow UDP port 500. That makes the firewall guy happy and allows all protocols through the IPsec tunnel. From: Brian Desmond [mailto:br...@briandesmond.commailto:br...@briandesmond.com] Sent: Thursday, January 06, 2011 8:33 AM To: NT System Admin Issues Subject: RE: AD and firewall ports IIRC that KB that describes restricting DCOM ports actually explicitly recommends 100… Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com c – 312.731.3132 From: joseph palmieri [mailto:jpalm...@yahoo.commailto:jpalm...@yahoo.com] Sent: Wednesday, January 05, 2011 6:54 PM To: NT System Admin Issues Subject: AD and firewall ports Need assistance with firewall ports and active directory our server admin submitted a change request to open over 1000 port to support AD. The change was denied and resubmitted requesting a minimum of 100 ports to support RPC communications to a member server within our DMZ. Our firewall engineers stated while monitoring the firewall only 20 ports were communicated over and 100 ports are not needed. Has anyone had experience with this issue and can provide some clarity…are the server admin looking for an easy way out by requesting all these ports? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two
RE: OT question (was RE: AD and firewall ports)
Hi Jonathan, While in general what MDs make is a lot higher than those in IT - averages don't tell the entire story. IT has been very good to me and my wife and I suspect that I'm better of financially than I would have been had I stayed in neurology. In addition, I don't have the overhead that I would have had - I work from my home office, don't spend money on clothes (as those of you have met me at TechEd or other conferences can attest to), don't have malpractice to worry about, and don't spend more than $40/mo for gas :) But regardless of pay, I do pretty good and I *love* my work. I look forward to new challenges every day - and since I've joined MSFT life is even more interesting and fun - new problems to solve everyday, working with MSFT customers every day, and trying out new approaches on a regular basis. When I was practicing medicine (I left in the mid 1990s) I saw the writing on the wall and realized that I was young enough to get out without much damage. The early years were hard, but with a plan, hard work, and dedication to something I really loved doing, things turned out better than I could have ever imagined. That's the short course :) Tom From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] Sent: Thursday, January 06, 2011 9:44 AM To: NT System Admin Issues Subject: RE: OT question (was RE: AD and firewall ports) Would I be incorrect in assuming that the MCSE who used to work at a lumber yard now earns substantially more than when they were employed at said lumber yard? Having worked for a private practice healthcare organization for the last 12 years, and having performed a payroll conversion in this organization, I also happen to have been privy to some of the physician salaries during that time. While what I make is nothing to sneeze at, physicians make more - even first year non-shareholder general practice physicians right out of residency make more (here anyway) than I do. Let's not even talk about specialists. While I know that money certainly isn't everything, it is a motivating factor much of the time. Like I said, I'm just curious what would motivate someone who spent at least 8 years (and who knows how much $) on higher education and residency rotations to make the transition from the healthcare world to the IT world - after obtaining the credentials as an MD. Certainly there is nothing wrong with that in the least. I'm simply curious. Everyone has a story, and this one (to me at least) seems like it might be more interesting than average. Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.comBLOCKED::mailto:%20jra...@eaglemds.com www.eaglemds.comBLOCKED::http://www.eaglemds.com/ From: Don Guyer [mailto:don.gu...@prufoxroach.com] Sent: Thursday, January 06, 2011 10:29 AM To: NT System Admin Issues Subject: RE: OT question (was RE: AD and firewall ports) Same way a guy who worked at a lumber yard for 5 years did. :) Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.commailto:don.gu...@prufoxroach.com From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] Sent: Thursday, January 06, 2011 10:29 AM To: NT System Admin Issues Subject: OT question (was RE: AD and firewall ports) Ok, I'm curious. How does an MD end up becoming an MCSE? (serious question) Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.comBLOCKED::mailto:%20jra...@eaglemds.com www.eaglemds.comBLOCKED::http://www.eaglemds.com/ From: Thomas W Shinder MD [mailto:tshin...@tacteam.net] Sent: Thursday, January 06, 2011 9:50 AM To: NT System Admin Issues Subject: RE: AD and firewall ports Firewall guys are somewhat unclear regarding the relationship of ports and their implication in a security context. Often the easiest way to get around these guys is to use IPsec between the DMZ host and any other host on the intranet. Then you only need to allow UDP port 500. That makes the firewall guy happy and allows all protocols through the IPsec tunnel. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Thursday, January 06, 2011 8:33 AM To: NT System Admin Issues Subject: RE: AD and firewall ports IIRC that KB that describes restricting DCOM ports actually explicitly recommends 100... Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com c - 312.731.3132 From: joseph palmieri [mailto:jpalm...@yahoo.com] Sent: Wednesday, January 05, 2011 6:54 PM To: NT System Admin Issues Subject: AD and firewall ports Need assistance with firewall ports and active directory our server admin submitted a change request to open over 1000 port to support AD. The change was denied and resubmitted requesting a minimum of 100 ports to support
RE: OT question (was RE: AD and firewall ports)
Thanks! If you're into UAG DirectAccess - make sure to check out my Edge Man blog on TechNet: http://blogs.technet.com/b/tomshinder/ Thanks! Tom From: John Cook [mailto:john.c...@pfsf.org] Sent: Thursday, January 06, 2011 9:55 AM To: NT System Admin Issues Subject: Re: OT question (was RE: AD and firewall ports) I'll have to get that, I just got a UAG set up, DA is awesome! John W. Cook Systems Administrator Partnership for Strong Families From: Thomas W Shinder MD tshin...@tacteam.net To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Thu Jan 06 10:47:51 2011 Subject: RE: OT question (was RE: AD and firewall ports) :) All the details are in the forwards of my new Forefront books ;) http://www.amazon.com/s/ref=nb_sb_noss?url=search-alias%3Dapsfield-keywords=shinder+forefront From: James Rankin [mailto:kz2...@googlemail.com] Sent: Thursday, January 06, 2011 9:28 AM To: NT System Admin Issues Subject: Re: OT question (was RE: AD and firewall ports) By the removal of one letter, and addition of two others? (pathetic comedy answer) On 6 January 2011 15:28, Raper, Jonathan - Eagle jra...@eaglemds.commailto:jra...@eaglemds.com wrote: Ok, I’m curious. How does an MD end up becoming an MCSE? (serious question) Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.com www.eaglemds.com From: Thomas W Shinder MD [mailto:tshin...@tacteam.netmailto:tshin...@tacteam.net] Sent: Thursday, January 06, 2011 9:50 AM To: NT System Admin Issues Subject: RE: AD and firewall ports Firewall guys are somewhat unclear regarding the relationship of ports and their implication in a security context. Often the easiest way to get around these guys is to use IPsec between the DMZ host and any other host on the intranet. Then you only need to allow UDP port 500. That makes the firewall guy happy and allows all protocols through the IPsec tunnel. From: Brian Desmond [mailto:br...@briandesmond.commailto:br...@briandesmond.com] Sent: Thursday, January 06, 2011 8:33 AM To: NT System Admin Issues Subject: RE: AD and firewall ports IIRC that KB that describes restricting DCOM ports actually explicitly recommends 100… Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com c – 312.731.3132 From: joseph palmieri [mailto:jpalm...@yahoo.commailto:jpalm...@yahoo.com] Sent: Wednesday, January 05, 2011 6:54 PM To: NT System Admin Issues Subject: AD and firewall ports Need assistance with firewall ports and active directory our server admin submitted a change request to open over 1000 port to support AD. The change was denied and resubmitted requesting a minimum of 100 ports to support RPC communications to a member server within our DMZ. Our firewall engineers stated while monitoring the firewall only 20 ports were communicated over and 100 ports are not needed. Has anyone had experience with this issue and can provide some clarity…are the server admin looking for an easy way out by requesting all these ports? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource
RE: OT question (was RE: AD and firewall ports)
Dr. Tom, So many people lead quiet lives of desperation, never achieving contentment, happiness, or joy. It seems you have obtained all three, and that is remarkable. As for expenses, I certainly understand what you are saying. Between Medicare reimbursement decreasing (and the larger payors following suit), malpractice increasing, and overhead in general (not to mention stress levels) I could understand the idea that practicing medicine isn't what one would have hoped. Thanks for sharing, and I'm glad you've found your passion. Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.comBLOCKED::mailto:%20jra...@eaglemds.com www.eaglemds.comBLOCKED::http://www.eaglemds.com/ From: Thomas W Shinder MD [mailto:tshin...@tacteam.net] Sent: Thursday, January 06, 2011 10:58 AM To: NT System Admin Issues Subject: RE: OT question (was RE: AD and firewall ports) Hi Jonathan, While in general what MDs make is a lot higher than those in IT - averages don't tell the entire story. IT has been very good to me and my wife and I suspect that I'm better of financially than I would have been had I stayed in neurology. In addition, I don't have the overhead that I would have had - I work from my home office, don't spend money on clothes (as those of you have met me at TechEd or other conferences can attest to), don't have malpractice to worry about, and don't spend more than $40/mo for gas :) But regardless of pay, I do pretty good and I *love* my work. I look forward to new challenges every day - and since I've joined MSFT life is even more interesting and fun - new problems to solve everyday, working with MSFT customers every day, and trying out new approaches on a regular basis. When I was practicing medicine (I left in the mid 1990s) I saw the writing on the wall and realized that I was young enough to get out without much damage. The early years were hard, but with a plan, hard work, and dedication to something I really loved doing, things turned out better than I could have ever imagined. That's the short course :) Tom From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] Sent: Thursday, January 06, 2011 9:44 AM To: NT System Admin Issues Subject: RE: OT question (was RE: AD and firewall ports) Would I be incorrect in assuming that the MCSE who used to work at a lumber yard now earns substantially more than when they were employed at said lumber yard? Having worked for a private practice healthcare organization for the last 12 years, and having performed a payroll conversion in this organization, I also happen to have been privy to some of the physician salaries during that time. While what I make is nothing to sneeze at, physicians make more - even first year non-shareholder general practice physicians right out of residency make more (here anyway) than I do. Let's not even talk about specialists. While I know that money certainly isn't everything, it is a motivating factor much of the time. Like I said, I'm just curious what would motivate someone who spent at least 8 years (and who knows how much $) on higher education and residency rotations to make the transition from the healthcare world to the IT world - after obtaining the credentials as an MD. Certainly there is nothing wrong with that in the least. I'm simply curious. Everyone has a story, and this one (to me at least) seems like it might be more interesting than average. Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.comBLOCKED::mailto:%20jra...@eaglemds.com www.eaglemds.comBLOCKED::http://www.eaglemds.com/ From: Don Guyer [mailto:don.gu...@prufoxroach.com] Sent: Thursday, January 06, 2011 10:29 AM To: NT System Admin Issues Subject: RE: OT question (was RE: AD and firewall ports) Same way a guy who worked at a lumber yard for 5 years did. :) Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.commailto:don.gu...@prufoxroach.com From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] Sent: Thursday, January 06, 2011 10:29 AM To: NT System Admin Issues Subject: OT question (was RE: AD and firewall ports) Ok, I'm curious. How does an MD end up becoming an MCSE? (serious question) Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.comBLOCKED::mailto:%20jra...@eaglemds.com www.eaglemds.comBLOCKED::http://www.eaglemds.com/ From: Thomas W Shinder MD [mailto:tshin...@tacteam.net] Sent: Thursday, January 06, 2011 9:50 AM To: NT System Admin Issues Subject: RE: AD and firewall ports Firewall guys are somewhat unclear regarding the relationship of ports and their implication in a security context. Often
Re: OT question (was RE: AD and firewall ports)
I have a lady friend who is a lesbian and she calls herself an MD, but it means something different... :P On Thu, Jan 6, 2011 at 7:48 AM, Don Guyer don.gu...@prufoxroach.com wrote: I agree, but I was answering the “how” not the “why”. J Maybe he’s a “Microsoft Doctor”… Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com *From:* Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] *Sent:* Thursday, January 06, 2011 10:44 AM *To:* NT System Admin Issues *Subject:* RE: OT question (was RE: AD and firewall ports) Would I be incorrect in assuming that the MCSE who used to work at a lumber yard now earns substantially more than when they were employed at said lumber yard? Having worked for a private practice healthcare organization for the last 12 years, and having performed a payroll conversion in this organization, I also happen to have been privy to some of the physician salaries during that time. While what I make is nothing to sneeze at, physicians make more – even first year non-shareholder general practice physicians right out of residency make more (here anyway) than I do. Let’s not even talk about specialists. While I know that money certainly isn’t everything, it is a motivating factor much of the time. Like I said, I’m just curious what would motivate someone who spent at least 8 years (and who knows how much $) on higher education and residency rotations to make the transition from the healthcare world to the IT world – after obtaining the credentials as an MD. Certainly there is nothing wrong with that in the least. I’m simply curious. Everyone has a story, and this one (to me at least) seems like it might be more interesting than average. Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA * *jra...@eaglemds.com* *www.eaglemds.com -- *From:* Don Guyer [mailto:don.gu...@prufoxroach.com] *Sent:* Thursday, January 06, 2011 10:29 AM *To:* NT System Admin Issues *Subject:* RE: OT question (was RE: AD and firewall ports) Same way a guy who worked at a lumber yard for 5 years did. J Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com *From:* Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] *Sent:* Thursday, January 06, 2011 10:29 AM *To:* NT System Admin Issues *Subject:* OT question (was RE: AD and firewall ports) Ok, I’m curious. How does an MD end up becoming an MCSE? (serious question) Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA* *jra...@eaglemds.com* *www.eaglemds.com -- *From:* Thomas W Shinder MD [mailto:tshin...@tacteam.net] *Sent:* Thursday, January 06, 2011 9:50 AM *To:* NT System Admin Issues *Subject:* RE: AD and firewall ports Firewall guys are somewhat unclear regarding the relationship of ports and their implication in a security context. Often the easiest way to get around these guys is to use IPsec between the DMZ host and any other host on the intranet. Then you only need to allow UDP port 500. That makes the firewall guy happy and allows all protocols through the IPsec tunnel. *From:* Brian Desmond [mailto:br...@briandesmond.com] *Sent:* Thursday, January 06, 2011 8:33 AM *To:* NT System Admin Issues *Subject:* RE: AD and firewall ports *IIRC that KB that describes restricting DCOM ports actually explicitly recommends 100…* * * *Thanks,* *Brian Desmond* *br...@briandesmond.com* * * *c – 312.731.3132* * * *From:* joseph palmieri [mailto:jpalm...@yahoo.com] *Sent:* Wednesday, January 05, 2011 6:54 PM *To:* NT System Admin Issues *Subject:* AD and firewall ports Need assistance with firewall ports and active directory our server admin submitted a change request to open over 1000 port to support AD. The change was denied and resubmitted requesting a minimum of 100 ports to support RPC communications to a member server within our DMZ. Our firewall engineers stated while monitoring the firewall only 20 ports were communicated over and 100 ports are not needed. Has anyone had experience with this issue and can provide some clarity…are the server admin looking for an easy way out by requesting all these ports? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security
RE: OT question (was RE: AD and firewall ports)
:) From: Don Ely [mailto:don@gmail.com] Sent: Thursday, January 06, 2011 10:10 AM To: NT System Admin Issues Subject: Re: OT question (was RE: AD and firewall ports) I have a lady friend who is a lesbian and she calls herself an MD, but it means something different... :P On Thu, Jan 6, 2011 at 7:48 AM, Don Guyer don.gu...@prufoxroach.commailto:don.gu...@prufoxroach.com wrote: I agree, but I was answering the how not the why. :) Maybe he's a Microsoft Doctor... Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.commailto:don.gu...@prufoxroach.com From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.commailto:jra...@eaglemds.com] Sent: Thursday, January 06, 2011 10:44 AM To: NT System Admin Issues Subject: RE: OT question (was RE: AD and firewall ports) Would I be incorrect in assuming that the MCSE who used to work at a lumber yard now earns substantially more than when they were employed at said lumber yard? Having worked for a private practice healthcare organization for the last 12 years, and having performed a payroll conversion in this organization, I also happen to have been privy to some of the physician salaries during that time. While what I make is nothing to sneeze at, physicians make more - even first year non-shareholder general practice physicians right out of residency make more (here anyway) than I do. Let's not even talk about specialists. While I know that money certainly isn't everything, it is a motivating factor much of the time. Like I said, I'm just curious what would motivate someone who spent at least 8 years (and who knows how much $) on higher education and residency rotations to make the transition from the healthcare world to the IT world - after obtaining the credentials as an MD. Certainly there is nothing wrong with that in the least. I'm simply curious. Everyone has a story, and this one (to me at least) seems like it might be more interesting than average. Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.com www.eaglemds.com From: Don Guyer [mailto:don.gu...@prufoxroach.commailto:don.gu...@prufoxroach.com] Sent: Thursday, January 06, 2011 10:29 AM To: NT System Admin Issues Subject: RE: OT question (was RE: AD and firewall ports) Same way a guy who worked at a lumber yard for 5 years did. :) Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.commailto:don.gu...@prufoxroach.com From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.commailto:jra...@eaglemds.com] Sent: Thursday, January 06, 2011 10:29 AM To: NT System Admin Issues Subject: OT question (was RE: AD and firewall ports) Ok, I'm curious. How does an MD end up becoming an MCSE? (serious question) Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.com www.eaglemds.com From: Thomas W Shinder MD [mailto:tshin...@tacteam.netmailto:tshin...@tacteam.net] Sent: Thursday, January 06, 2011 9:50 AM To: NT System Admin Issues Subject: RE: AD and firewall ports Firewall guys are somewhat unclear regarding the relationship of ports and their implication in a security context. Often the easiest way to get around these guys is to use IPsec between the DMZ host and any other host on the intranet. Then you only need to allow UDP port 500. That makes the firewall guy happy and allows all protocols through the IPsec tunnel. From: Brian Desmond [mailto:br...@briandesmond.commailto:br...@briandesmond.com] Sent: Thursday, January 06, 2011 8:33 AM To: NT System Admin Issues Subject: RE: AD and firewall ports IIRC that KB that describes restricting DCOM ports actually explicitly recommends 100... Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com c - 312.731.3132 From: joseph palmieri [mailto:jpalm...@yahoo.commailto:jpalm...@yahoo.com] Sent: Wednesday, January 05, 2011 6:54 PM To: NT System Admin Issues Subject: AD and firewall ports Need assistance with firewall ports and active directory our server admin submitted a change request to open over 1000 port to support AD. The change was denied and resubmitted requesting a minimum of 100 ports to support RPC communications to a member server within our DMZ. Our firewall engineers stated while monitoring the firewall only 20 ports were communicated over and 100 ports are not needed. Has anyone had experience with this issue and can provide some clarity...are the server admin looking for an easy way out by requesting all these ports? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business
Re: OT question (was RE: AD and firewall ports)
I'm inspired. I am going to kick IT into touch and spend the rest of the year finishing my book. Where's that resignation letter site I used recently? On 6 January 2011 15:57, Thomas W Shinder MD tshin...@tacteam.net wrote: Hi Jonathan, While in general what MDs make is a lot higher than those in IT - averages don't tell the entire story. IT has been very good to me and my wife and I suspect that I'm better of financially than I would have been had I stayed in neurology. In addition, I don't have the overhead that I would have had - I work from my home office, don't spend money on clothes (as those of you have met me at TechEd or other conferences can attest to), don't have malpractice to worry about, and don't spend more than $40/mo for gas :) But regardless of pay, I do pretty good and I *love* my work. I look forward to new challenges every day - and since I've joined MSFT life is even more interesting and fun - new problems to solve everyday, working with MSFT customers every day, and trying out new approaches on a regular basis. When I was practicing medicine (I left in the mid 1990s) I saw the writing on the wall and realized that I was young enough to get out without much damage. The early years were hard, but with a plan, hard work, and dedication to something I really loved doing, things turned out better than I could have ever imagined. That's the short course :) Tom *From:* Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] *Sent:* Thursday, January 06, 2011 9:44 AM *To:* NT System Admin Issues *Subject:* RE: OT question (was RE: AD and firewall ports) Would I be incorrect in assuming that the MCSE who used to work at a lumber yard now earns substantially more than when they were employed at said lumber yard? Having worked for a private practice healthcare organization for the last 12 years, and having performed a payroll conversion in this organization, I also happen to have been privy to some of the physician salaries during that time. While what I make is nothing to sneeze at, physicians make more – even first year non-shareholder general practice physicians right out of residency make more (here anyway) than I do. Let’s not even talk about specialists. While I know that money certainly isn’t everything, it is a motivating factor much of the time. Like I said, I’m just curious what would motivate someone who spent at least 8 years (and who knows how much $) on higher education and residency rotations to make the transition from the healthcare world to the IT world – after obtaining the credentials as an MD. Certainly there is nothing wrong with that in the least. I’m simply curious. Everyone has a story, and this one (to me at least) seems like it might be more interesting than average. Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA * *jra...@eaglemds.com* *www.eaglemds.com -- *From:* Don Guyer [mailto:don.gu...@prufoxroach.com] *Sent:* Thursday, January 06, 2011 10:29 AM *To:* NT System Admin Issues *Subject:* RE: OT question (was RE: AD and firewall ports) Same way a guy who worked at a lumber yard for 5 years did. J Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com *From:* Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] *Sent:* Thursday, January 06, 2011 10:29 AM *To:* NT System Admin Issues *Subject:* OT question (was RE: AD and firewall ports) Ok, I’m curious. How does an MD end up becoming an MCSE? (serious question) Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA* *jra...@eaglemds.com* *www.eaglemds.com -- *From:* Thomas W Shinder MD [mailto:tshin...@tacteam.net] *Sent:* Thursday, January 06, 2011 9:50 AM *To:* NT System Admin Issues *Subject:* RE: AD and firewall ports Firewall guys are somewhat unclear regarding the relationship of ports and their implication in a security context. Often the easiest way to get around these guys is to use IPsec between the DMZ host and any other host on the intranet. Then you only need to allow UDP port 500. That makes the firewall guy happy and allows all protocols through the IPsec tunnel. *From:* Brian Desmond [mailto:br...@briandesmond.com] *Sent:* Thursday, January 06, 2011 8:33 AM *To:* NT System Admin Issues *Subject:* RE: AD and firewall ports *IIRC that KB that describes restricting DCOM ports actually explicitly recommends 100…* * * *Thanks,* *Brian Desmond* *br...@briandesmond.com* * * *c – 312.731.3132* * * *From:* joseph palmieri [mailto:jpalm...@yahoo.com] *Sent:* Wednesday, January 05, 2011 6:54 PM *To:* NT System Admin Issues *Subject:* AD and firewall ports
RE: OT question (was RE: AD and firewall ports)
Check out this recent article by my wife: http://blogs.techrepublic.com.com/10things/?p=2106 Tom From: James Rankin [mailto:kz2...@googlemail.com] Sent: Thursday, January 06, 2011 10:16 AM To: NT System Admin Issues Subject: Re: OT question (was RE: AD and firewall ports) I'm inspired. I am going to kick IT into touch and spend the rest of the year finishing my book. Where's that resignation letter site I used recently? On 6 January 2011 15:57, Thomas W Shinder MD tshin...@tacteam.netmailto:tshin...@tacteam.net wrote: Hi Jonathan, While in general what MDs make is a lot higher than those in IT - averages don't tell the entire story. IT has been very good to me and my wife and I suspect that I'm better of financially than I would have been had I stayed in neurology. In addition, I don't have the overhead that I would have had - I work from my home office, don't spend money on clothes (as those of you have met me at TechEd or other conferences can attest to), don't have malpractice to worry about, and don't spend more than $40/mo for gas :) But regardless of pay, I do pretty good and I *love* my work. I look forward to new challenges every day - and since I've joined MSFT life is even more interesting and fun - new problems to solve everyday, working with MSFT customers every day, and trying out new approaches on a regular basis. When I was practicing medicine (I left in the mid 1990s) I saw the writing on the wall and realized that I was young enough to get out without much damage. The early years were hard, but with a plan, hard work, and dedication to something I really loved doing, things turned out better than I could have ever imagined. That's the short course :) Tom From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.commailto:jra...@eaglemds.com] Sent: Thursday, January 06, 2011 9:44 AM To: NT System Admin Issues Subject: RE: OT question (was RE: AD and firewall ports) Would I be incorrect in assuming that the MCSE who used to work at a lumber yard now earns substantially more than when they were employed at said lumber yard? Having worked for a private practice healthcare organization for the last 12 years, and having performed a payroll conversion in this organization, I also happen to have been privy to some of the physician salaries during that time. While what I make is nothing to sneeze at, physicians make more - even first year non-shareholder general practice physicians right out of residency make more (here anyway) than I do. Let's not even talk about specialists. While I know that money certainly isn't everything, it is a motivating factor much of the time. Like I said, I'm just curious what would motivate someone who spent at least 8 years (and who knows how much $) on higher education and residency rotations to make the transition from the healthcare world to the IT world - after obtaining the credentials as an MD. Certainly there is nothing wrong with that in the least. I'm simply curious. Everyone has a story, and this one (to me at least) seems like it might be more interesting than average. Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.com www.eaglemds.com From: Don Guyer [mailto:don.gu...@prufoxroach.commailto:don.gu...@prufoxroach.com] Sent: Thursday, January 06, 2011 10:29 AM To: NT System Admin Issues Subject: RE: OT question (was RE: AD and firewall ports) Same way a guy who worked at a lumber yard for 5 years did. :) Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.commailto:don.gu...@prufoxroach.com From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.commailto:jra...@eaglemds.com] Sent: Thursday, January 06, 2011 10:29 AM To: NT System Admin Issues Subject: OT question (was RE: AD and firewall ports) Ok, I'm curious. How does an MD end up becoming an MCSE? (serious question) Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.com www.eaglemds.com From: Thomas W Shinder MD [mailto:tshin...@tacteam.netmailto:tshin...@tacteam.net] Sent: Thursday, January 06, 2011 9:50 AM To: NT System Admin Issues Subject: RE: AD and firewall ports Firewall guys are somewhat unclear regarding the relationship of ports and their implication in a security context. Often the easiest way to get around these guys is to use IPsec between the DMZ host and any other host on the intranet. Then you only need to allow UDP port 500. That makes the firewall guy happy and allows all protocols through the IPsec tunnel. From: Brian Desmond [mailto:br...@briandesmond.commailto:br...@briandesmond.com] Sent: Thursday, January 06, 2011 8:33 AM To: NT System Admin Issues Subject: RE: AD and firewall ports IIRC that KB
RE: OT question (was RE: AD and firewall ports)
Touché. I did say how in my original query. :) Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.comBLOCKED::mailto:%20jra...@eaglemds.com www.eaglemds.comBLOCKED::http://www.eaglemds.com/ From: Don Guyer [mailto:don.gu...@prufoxroach.com] Sent: Thursday, January 06, 2011 10:49 AM To: NT System Admin Issues Subject: RE: OT question (was RE: AD and firewall ports) I agree, but I was answering the how not the why. :) Maybe he's a Microsoft Doctor... Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.commailto:don.gu...@prufoxroach.com From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] Sent: Thursday, January 06, 2011 10:44 AM To: NT System Admin Issues Subject: RE: OT question (was RE: AD and firewall ports) Would I be incorrect in assuming that the MCSE who used to work at a lumber yard now earns substantially more than when they were employed at said lumber yard? Having worked for a private practice healthcare organization for the last 12 years, and having performed a payroll conversion in this organization, I also happen to have been privy to some of the physician salaries during that time. While what I make is nothing to sneeze at, physicians make more - even first year non-shareholder general practice physicians right out of residency make more (here anyway) than I do. Let's not even talk about specialists. While I know that money certainly isn't everything, it is a motivating factor much of the time. Like I said, I'm just curious what would motivate someone who spent at least 8 years (and who knows how much $) on higher education and residency rotations to make the transition from the healthcare world to the IT world - after obtaining the credentials as an MD. Certainly there is nothing wrong with that in the least. I'm simply curious. Everyone has a story, and this one (to me at least) seems like it might be more interesting than average. Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.comBLOCKED::mailto:%20jra...@eaglemds.com www.eaglemds.comBLOCKED::http://www.eaglemds.com/ From: Don Guyer [mailto:don.gu...@prufoxroach.com] Sent: Thursday, January 06, 2011 10:29 AM To: NT System Admin Issues Subject: RE: OT question (was RE: AD and firewall ports) Same way a guy who worked at a lumber yard for 5 years did. :) Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.commailto:don.gu...@prufoxroach.com From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] Sent: Thursday, January 06, 2011 10:29 AM To: NT System Admin Issues Subject: OT question (was RE: AD and firewall ports) Ok, I'm curious. How does an MD end up becoming an MCSE? (serious question) Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.comBLOCKED::mailto:%20jra...@eaglemds.com www.eaglemds.comBLOCKED::http://www.eaglemds.com/ From: Thomas W Shinder MD [mailto:tshin...@tacteam.net] Sent: Thursday, January 06, 2011 9:50 AM To: NT System Admin Issues Subject: RE: AD and firewall ports Firewall guys are somewhat unclear regarding the relationship of ports and their implication in a security context. Often the easiest way to get around these guys is to use IPsec between the DMZ host and any other host on the intranet. Then you only need to allow UDP port 500. That makes the firewall guy happy and allows all protocols through the IPsec tunnel. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Thursday, January 06, 2011 8:33 AM To: NT System Admin Issues Subject: RE: AD and firewall ports IIRC that KB that describes restricting DCOM ports actually explicitly recommends 100... Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com c - 312.731.3132 From: joseph palmieri [mailto:jpalm...@yahoo.com] Sent: Wednesday, January 05, 2011 6:54 PM To: NT System Admin Issues Subject: AD and firewall ports Need assistance with firewall ports and active directory our server admin submitted a change request to open over 1000 port to support AD. The change was denied and resubmitted requesting a minimum of 100 ports to support RPC communications to a member server within our DMZ. Our firewall engineers stated while monitoring the firewall only 20 ports were communicated over and 100 ports are not needed. Has anyone had experience with this issue and can provide some clarity...are the server admin looking for an easy way out by requesting all these ports? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http
RE: OT question (was RE: AD and firewall ports)
Really good article. I really like numbers 5, 6, 7 and 8 followed closely by numbers 10, 1, 4, 9 and 2. BTW, many moons ago when I made the move from AppDev to network engineering, Deb did my resume. Tell her I said hi. Carl Webster Citrix Technology Professional http://dabcc.com/Webster http://dabcc.com/Webster From: Thomas W Shinder MD [mailto:tshin...@tacteam.net] Subject: RE: OT question (was RE: AD and firewall ports) Check out this recent article by my wife: http://blogs.techrepublic.com.com/10things/?p=2106 Tom From: James Rankin [mailto:kz2...@googlemail.com] Subject: Re: OT question (was RE: AD and firewall ports) I'm inspired. I am going to kick IT into touch and spend the rest of the year finishing my book. Where's that resignation letter site I used recently? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT question (was RE: AD and firewall ports)
Ironically, 10 years ago, the new guy on my team's previous job was at a lumber yard and he took a pay cut to get into IT (desktop support, entry level). He's making more now and enjoys his job now so it was a 'right' choice at the time but still, he did take that inital pay cut. On Thu, Jan 6, 2011 at 7:29 AM, Don Guyer don.gu...@prufoxroach.com wrote: Same way a guy who worked at a lumber yard for 5 years did. J Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com *From:* Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] *Sent:* Thursday, January 06, 2011 10:29 AM *To:* NT System Admin Issues *Subject:* OT question (was RE: AD and firewall ports) Ok, I’m curious. How does an MD end up becoming an MCSE? (serious question) Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA* *jra...@eaglemds.com* *www.eaglemds.com -- *From:* Thomas W Shinder MD [mailto:tshin...@tacteam.net] *Sent:* Thursday, January 06, 2011 9:50 AM *To:* NT System Admin Issues *Subject:* RE: AD and firewall ports Firewall guys are somewhat unclear regarding the relationship of ports and their implication in a security context. Often the easiest way to get around these guys is to use IPsec between the DMZ host and any other host on the intranet. Then you only need to allow UDP port 500. That makes the firewall guy happy and allows all protocols through the IPsec tunnel. *From:* Brian Desmond [mailto:br...@briandesmond.com] *Sent:* Thursday, January 06, 2011 8:33 AM *To:* NT System Admin Issues *Subject:* RE: AD and firewall ports *IIRC that KB that describes restricting DCOM ports actually explicitly recommends 100…* * * *Thanks,* *Brian Desmond* *br...@briandesmond.com* * * *c – 312.731.3132* * * *From:* joseph palmieri [mailto:jpalm...@yahoo.com] *Sent:* Wednesday, January 05, 2011 6:54 PM *To:* NT System Admin Issues *Subject:* AD and firewall ports Need assistance with firewall ports and active directory our server admin submitted a change request to open over 1000 port to support AD. The change was denied and resubmitted requesting a minimum of 100 ports to support RPC communications to a member server within our DMZ. Our firewall engineers stated while monitoring the firewall only 20 ports were communicated over and 100 ports are not needed. Has anyone had experience with this issue and can provide some clarity…are the server admin looking for an easy way out by requesting all these ports? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send
RE: OT question (was RE: AD and firewall ports)
Will do! From: Webster [mailto:carlwebs...@gmail.com] Sent: Thursday, January 06, 2011 10:36 AM To: NT System Admin Issues Subject: RE: OT question (was RE: AD and firewall ports) Really good article. I really like numbers 5, 6, 7 and 8 followed closely by numbers 10, 1, 4, 9 and 2. BTW, many moons ago when I made the move from AppDev to network engineering, Deb did my resume. Tell her I said hi. Carl Webster Citrix Technology Professional http://dabcc.com/Webster From: Thomas W Shinder MD [mailto:tshin...@tacteam.net] Subject: RE: OT question (was RE: AD and firewall ports) Check out this recent article by my wife: http://blogs.techrepublic.com.com/10things/?p=2106 Tom From: James Rankin [mailto:kz2...@googlemail.com] Subject: Re: OT question (was RE: AD and firewall ports) I'm inspired. I am going to kick IT into touch and spend the rest of the year finishing my book. Where's that resignation letter site I used recently? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin