RE: Time sync issues

[Merker, Michael R]

I stand semi-corrected!!  ;-}

Michael Merker
Director of Technology Infrastructure
Voice (561) 868-3252   Fax (561) 868-3259
merk...@palmbeachstate.edu
Palm Beach State College
4200 Congress Ave
Lake Worth, FL 33461

From: Webster [webs...@carlwebster.com]
Sent: Monday, January 14, 2013 6:46 PM
To: NT System Admin Issues
Subject: RE: Time sync issues

That is not a 100% accurate statement.

http://blogs.technet.com/b/askds/archive/2012/08/24/friday-i-mean-saturday-mail-sack-very-wordy-edition.aspx

•The semi-myth of Kerberos time skew

Thanks


Webster

> -Original Message-
> From: Merker, Michael R [mailto:merk...@palmbeachstate.edu]
> Subject: RE: Time sync issues
>
> Kerberos authentication fails if time drifts too far off and you lose access 
> to
> network resources, such as shares.  The tolerance for time drift varies with
> server editions.  I think Server 2003 had a 5 minute drift tolerance and I 
> think
> Server 2008 has a 10-minute tolerance.
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Please note: Due to Florida’s broad open records law, most written 
communication to or from College employees is public record, available to the 
public and the media upon request.  Therefore, this e-mail communication may be 
subject to public disclosure.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Time sync issues

[Webster]

That is not a 100% accurate statement.

http://blogs.technet.com/b/askds/archive/2012/08/24/friday-i-mean-saturday-mail-sack-very-wordy-edition.aspx

•The semi-myth of Kerberos time skew

Thanks


Webster

> -Original Message-
> From: Merker, Michael R [mailto:merk...@palmbeachstate.edu]
> Subject: RE: Time sync issues
> 
> Kerberos authentication fails if time drifts too far off and you lose access 
> to
> network resources, such as shares.  The tolerance for time drift varies with
> server editions.  I think Server 2003 had a 5 minute drift tolerance and I 
> think
> Server 2008 has a 10-minute tolerance.
> 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Time sync issues

[Merker, Michael R]

Kerberos authentication fails if time drifts too far off and you lose access to 
network resources, such as shares.  The tolerance for time drift varies with 
server editions.  I think Server 2003 had a 5 minute drift tolerance and I 
think Server 2008 has a 10-minute tolerance.

Best regards,

Michael Merker
Director of Technology Infrastructure
Voice (561) 868-3252  Fax (561) 868-3259
merk...@palmbeachstate.edu
Palm Beach State College
4200 Congress Avenue
Lake Worth, FL 33461

Please note: Palm Beach State College e-mail addresses have changed.  Please 
update your address book to reflect the new domain name for all College faculty 
and staff e-mail addresses: palmbeachstate.edu.
Example: OLD: smi...@pbcc.edu<mailto:smi...@pbcc.edu>   NEW: 
smi...@palmbeachstate.edu<mailto:smi...@palmbeachstate.edu>.  My new address is 
merk...@palmbeachstate.edu<mailto:mmerk...@palmbeachstate.edu>.


-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Monday, January 14, 2013 4:13 PM
To: NT System Admin Issues
Subject: Re: Time sync issues

On Mon, Jan 14, 2013 at 12:49 PM,   wrote:
> Quick brainstorm requiredwhat's the most common issues you'd expect in a 
> Windows/AD environment if some servers have incorrect time settings? 
> Obviously AD replication and logging inconsistencies spring to mind...just 
> looking for a few to flesh out a blog post that deals with preventing admins 
> from changing the system time.
>
> TIA,
>
>
> JRR

Anything that demands tight control on time - what springs to mind immediately 
is higher volume database updates, where tampering with the time on the 
machine, especially moving the clock backward, can really fubar things.

Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



Please note: Due to Florida’s broad open records law, most written 
communication to or from College employees is public record, available to the 
public and the media upon request.  Therefore, this e-mail communication may be 
subject to public disclosure.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Time sync issues

[Kurt Buff]

On Mon, Jan 14, 2013 at 12:49 PM,   wrote:
> Quick brainstorm requiredwhat's the most common issues you'd expect in a 
> Windows/AD environment if some servers have incorrect time settings? 
> Obviously AD replication and logging inconsistencies spring to mind...just 
> looking for a few to flesh out a blog post that deals with preventing admins 
> from changing the system time.
>
> TIA,
>
>
> JRR

Anything that demands tight control on time - what springs to mind
immediately is higher volume database updates, where tampering with
the time on the machine, especially moving the clock backward, can
really fubar things.

Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Time sync

[Ken Schaefer]

Hmm - the more I think about this, the more I think this is not really an issue.

You have three options:

a)  Fully provision your VMWare disks (with some spare raw capacity for 
expansion) - what you do today

b)  You thin provision your Hyper-V disks, but leave oodles of spare 
capacity to let them grow to full size (what you don't want to do)
However both (a) and (b) require roughly the same amount of raw disk space, but 
(b) gives you more flexibility IMHO, since across hundreds of servers, not all 
are going to go cuckoo at the same time.

Or you go for option (c):
Implement thin provisioned disks, but don't provision oodles of spare disk 
space - provision enough based on what you expect capacity growth for 6-12 
months will be (whatever your project lifecycle is), plus has a reserve 
capacity domain that you can migrate VMs to in the event that something 
unexpected occurs.

That will involve a bit more up-front architecture to give you that 
flexibility, but save you money in buying spare disk capacity. The flexibility 
would be useful for all sorts of resource constraints (disk, RAM, CPU), and 
also to give you automated ways of dealing with hardware failures as well, 
without having to over provision to start with.

Cheers
Ken

From: Ken Cornetet [mailto:ken.corne...@kimball.com]
Sent: Wednesday, 9 January 2013 1:29 AM
To: NT System Admin Issues
Subject: RE: Time sync

We use SCOM to monitor everything, and we have some homegrown stuff on top of 
that. So, we do monitor.

However, what we saw in the early days of virtualization was that dynamic disks 
could cause things to go south *very* quickly. I personally would not be 
comfortable in a situation where we've over-allocated disk without having a 
fairly large free host disk space buffer. I know at least one of the other 
admins here feels the same way.

As far as I'm concerned, I will not implement thin disks UNLESS I can add up 
all of the file system sizes and verify  the host store has enough capacity to 
handle them fully grown. To do otherwise just seems like an invitation for 
problems.

If I can't add up all the filesystem sizes, we'll either use thick disks and 
overestimate the sizes, or we'll use thin disks and just insure that we keep 
100's of gigs of free space on each host store. Management can worry about the 
explosion of disk costs.

From: Ken Schaefer [mailto:k...@adopenstatic.com]
Sent: Monday, January 07, 2013 11:21 PM
To: NT System Admin Issues
Subject: RE: Time sync

Seriously?

Are you an ITIL shop? Do you not have capacity management plans and 
systems/tools in place? Or do you just fly by the seat of your pants? 
Everything should be monitored, and you're getting nice trending graphs. Sure, 
sometimes things go unexpectedly wrong - but that can happen for all sorts of 
reasons and is a fact of IT - you need a proper incident system and recovery to 
handle it. This whole cloud thing you hear about is making sure you have 
resilient services

Cheers
Ken

From: Ken Cornetet [mailto:ken.corne...@kimball.com]
Sent: Tuesday, 8 January 2013 7:33 AM
To: NT System Admin Issues
Subject: RE: Time sync

How do you "manage your capacity properly"? I'm not being facetious - I really 
want to know since it looks like we are switching to HyperV.

Microsoft's recommendation is to create thin disks for more than you ever think 
you need. Then, when creating the OS, use disk manager to create the file 
system with the minimum you can get by with. This allows the VHD file to only 
grow up to the size of the file system it contains.

Then, if a virtual's file system runs out of space, you can use storage 
management to extend the disk into some the free space you allocated in the VHD 
file.  This allows you to have room for expansion, but keeps any one virtual 
from exhausting free physical disk.

For example: Let's say we need a SQL server. We think we can get by with the 
following disks:
C: - 40GB (os)
D: - 30GB (logs)
E: - 100GB (data)

Microsoft is telling us to create thin disks of, say,  1TB each. However, when 
we install the OS, we create NTFS file systems on each disk with the desired 
sizes of 40GB, 30GB, and 100GB. We now know that in the current state, this 
virtual can only grow its thin disks to a total of 170GB.  If the E:  runs out 
of space, we can use disk manager to extend the NTFS file system, which will 
grow the thin disk up to the new NTFS file system size. This gives you the 
ability to easily grow disks at will, but prevents any one virtual from hogging 
all the free host disk.

This sort of seems reasonable, but it complicates disk management immensely. 
Now, in order to know the max my virtuals might take, I have to look at each 
host store, find all of the virtual machines with VHD files on that store, then 
figure out each virtual's drive letter for that VHD (is that even possible?), 
then add up all the file system siz

RE: Time sync

[Ken Schaefer]

SCOM is just the lowest level of tool you need for something to monitor and 
manage an environment - what are you doing for your non-Wintel devices 
(network, *nix, security appliances etc?)

You feed all of that into an event management tool - it can auto ticket into 
your ITSM system and resolve for you e.g. if disk space is growing by x% an 
hour, then migrate the machine into a temporary location that has spare disk 
space, and alert the relevant business unit to look into their app. A problem 
ticket is raised for the business unit, and they can migrate the machine back 
to the normal production host once they've identified the root cause of the 
issue.

There's no need to keep vast amounts of spare storage just sitting around "just 
in case", provided you architect the solution correctly. That could handle 
unexpected incidents.

Capacity management is handled via a proper reporting tool that'll summarise 
the data coming out of SCOM (or Tivoli or whatever you are using) and provide 
proper reporting on the issues that are expected to arise in the next 3-6 
months, so you can initiate the necessary capacity improvement project and/or 
BAU work.

Cheers
ken

From: Ken Cornetet [mailto:ken.corne...@kimball.com]
Sent: Wednesday, 9 January 2013 1:29 AM
To: NT System Admin Issues
Subject: RE: Time sync

We use SCOM to monitor everything, and we have some homegrown stuff on top of 
that. So, we do monitor.

However, what we saw in the early days of virtualization was that dynamic disks 
could cause things to go south *very* quickly. I personally would not be 
comfortable in a situation where we've over-allocated disk without having a 
fairly large free host disk space buffer. I know at least one of the other 
admins here feels the same way.

As far as I'm concerned, I will not implement thin disks UNLESS I can add up 
all of the file system sizes and verify  the host store has enough capacity to 
handle them fully grown. To do otherwise just seems like an invitation for 
problems.

If I can't add up all the filesystem sizes, we'll either use thick disks and 
overestimate the sizes, or we'll use thin disks and just insure that we keep 
100's of gigs of free space on each host store. Management can worry about the 
explosion of disk costs.

From: Ken Schaefer [mailto:k...@adopenstatic.com]
Sent: Monday, January 07, 2013 11:21 PM
To: NT System Admin Issues
Subject: RE: Time sync

Seriously?

Are you an ITIL shop? Do you not have capacity management plans and 
systems/tools in place? Or do you just fly by the seat of your pants? 
Everything should be monitored, and you're getting nice trending graphs. Sure, 
sometimes things go unexpectedly wrong - but that can happen for all sorts of 
reasons and is a fact of IT - you need a proper incident system and recovery to 
handle it. This whole cloud thing you hear about is making sure you have 
resilient services

Cheers
Ken

From: Ken Cornetet [mailto:ken.corne...@kimball.com]
Sent: Tuesday, 8 January 2013 7:33 AM
To: NT System Admin Issues
Subject: RE: Time sync

How do you "manage your capacity properly"? I'm not being facetious - I really 
want to know since it looks like we are switching to HyperV.

Microsoft's recommendation is to create thin disks for more than you ever think 
you need. Then, when creating the OS, use disk manager to create the file 
system with the minimum you can get by with. This allows the VHD file to only 
grow up to the size of the file system it contains.

Then, if a virtual's file system runs out of space, you can use storage 
management to extend the disk into some the free space you allocated in the VHD 
file.  This allows you to have room for expansion, but keeps any one virtual 
from exhausting free physical disk.

For example: Let's say we need a SQL server. We think we can get by with the 
following disks:
C: - 40GB (os)
D: - 30GB (logs)
E: - 100GB (data)

Microsoft is telling us to create thin disks of, say,  1TB each. However, when 
we install the OS, we create NTFS file systems on each disk with the desired 
sizes of 40GB, 30GB, and 100GB. We now know that in the current state, this 
virtual can only grow its thin disks to a total of 170GB.  If the E:  runs out 
of space, we can use disk manager to extend the NTFS file system, which will 
grow the thin disk up to the new NTFS file system size. This gives you the 
ability to easily grow disks at will, but prevents any one virtual from hogging 
all the free host disk.

This sort of seems reasonable, but it complicates disk management immensely. 
Now, in order to know the max my virtuals might take, I have to look at each 
host store, find all of the virtual machines with VHD files on that store, then 
figure out each virtual's drive letter for that VHD (is that even possible?), 
then add up all the file system sizes. Seems like a lot of work, even if you 
script it up.


From: Andrew 

RE: Time sync

[Ken Cornetet]

We use SCOM to monitor everything, and we have some homegrown stuff on top of 
that. So, we do monitor.

However, what we saw in the early days of virtualization was that dynamic disks 
could cause things to go south *very* quickly. I personally would not be 
comfortable in a situation where we've over-allocated disk without having a 
fairly large free host disk space buffer. I know at least one of the other 
admins here feels the same way.

As far as I'm concerned, I will not implement thin disks UNLESS I can add up 
all of the file system sizes and verify  the host store has enough capacity to 
handle them fully grown. To do otherwise just seems like an invitation for 
problems.

If I can't add up all the filesystem sizes, we'll either use thick disks and 
overestimate the sizes, or we'll use thin disks and just insure that we keep 
100's of gigs of free space on each host store. Management can worry about the 
explosion of disk costs.

From: Ken Schaefer [mailto:k...@adopenstatic.com]
Sent: Monday, January 07, 2013 11:21 PM
To: NT System Admin Issues
Subject: RE: Time sync

Seriously?

Are you an ITIL shop? Do you not have capacity management plans and 
systems/tools in place? Or do you just fly by the seat of your pants? 
Everything should be monitored, and you're getting nice trending graphs. Sure, 
sometimes things go unexpectedly wrong - but that can happen for all sorts of 
reasons and is a fact of IT - you need a proper incident system and recovery to 
handle it. This whole cloud thing you hear about is making sure you have 
resilient services

Cheers
Ken

From: Ken Cornetet [mailto:ken.corne...@kimball.com]
Sent: Tuesday, 8 January 2013 7:33 AM
To: NT System Admin Issues
Subject: RE: Time sync

How do you "manage your capacity properly"? I'm not being facetious - I really 
want to know since it looks like we are switching to HyperV.

Microsoft's recommendation is to create thin disks for more than you ever think 
you need. Then, when creating the OS, use disk manager to create the file 
system with the minimum you can get by with. This allows the VHD file to only 
grow up to the size of the file system it contains.

Then, if a virtual's file system runs out of space, you can use storage 
management to extend the disk into some the free space you allocated in the VHD 
file.  This allows you to have room for expansion, but keeps any one virtual 
from exhausting free physical disk.

For example: Let's say we need a SQL server. We think we can get by with the 
following disks:
C: - 40GB (os)
D: - 30GB (logs)
E: - 100GB (data)

Microsoft is telling us to create thin disks of, say,  1TB each. However, when 
we install the OS, we create NTFS file systems on each disk with the desired 
sizes of 40GB, 30GB, and 100GB. We now know that in the current state, this 
virtual can only grow its thin disks to a total of 170GB.  If the E:  runs out 
of space, we can use disk manager to extend the NTFS file system, which will 
grow the thin disk up to the new NTFS file system size. This gives you the 
ability to easily grow disks at will, but prevents any one virtual from hogging 
all the free host disk.

This sort of seems reasonable, but it complicates disk management immensely. 
Now, in order to know the max my virtuals might take, I have to look at each 
host store, find all of the virtual machines with VHD files on that store, then 
figure out each virtual's drive letter for that VHD (is that even possible?), 
then add up all the file system sizes. Seems like a lot of work, even if you 
script it up.


From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Monday, January 07, 2013 12:08 PM
To: NT System Admin Issues
Subject: Re: Time sync

Yes, over subscribing can be an issue if you don't manage your capacity 
properly.

It hasn't proved to be an issue in any of the environments where I have been.





ASB
http://XeeMe.com/AndrewBaker<http://xeeme.com/AndrewBaker>
Providing Virtual CIO Services (IT Operations & Information Security) for the 
SMB market...




On Mon, Jan 7, 2013 at 11:35 AM, Ken Cornetet 
mailto:ken.corne...@kimball.com>> wrote:
Thin provisioning seems risky to me. Seems like you are always in danger of 
non-critical virtuals deciding to use more disk space thus exhausting  physical 
space which would cause critical VMs to pause if they happen to need more space.

We tried thin provisioning  back in the old VirtualServer days, and I ran into 
this problem a few times.

-Original Message-
From: Michael B. Smith 
[mailto:mich...@smithcons.com<mailto:mich...@smithcons.com>]
Sent: Monday, January 07, 2013 10:28 AM
To: NT System Admin Issues
Subject: RE: Time sync

Because the overhead associated with dynamic disks in Hyper-V v3 is in the very 
low single digits. We don't spend any time on this process, thin provisioning 
still works seamlessly, and we get on with our l

RE: Time sync

[Ken Schaefer]

Seriously?

Are you an ITIL shop? Do you not have capacity management plans and 
systems/tools in place? Or do you just fly by the seat of your pants? 
Everything should be monitored, and you're getting nice trending graphs. Sure, 
sometimes things go unexpectedly wrong - but that can happen for all sorts of 
reasons and is a fact of IT - you need a proper incident system and recovery to 
handle it. This whole cloud thing you hear about is making sure you have 
resilient services

Cheers
Ken

From: Ken Cornetet [mailto:ken.corne...@kimball.com]
Sent: Tuesday, 8 January 2013 7:33 AM
To: NT System Admin Issues
Subject: RE: Time sync

How do you "manage your capacity properly"? I'm not being facetious - I really 
want to know since it looks like we are switching to HyperV.

Microsoft's recommendation is to create thin disks for more than you ever think 
you need. Then, when creating the OS, use disk manager to create the file 
system with the minimum you can get by with. This allows the VHD file to only 
grow up to the size of the file system it contains.

Then, if a virtual's file system runs out of space, you can use storage 
management to extend the disk into some the free space you allocated in the VHD 
file.  This allows you to have room for expansion, but keeps any one virtual 
from exhausting free physical disk.

For example: Let's say we need a SQL server. We think we can get by with the 
following disks:
C: - 40GB (os)
D: - 30GB (logs)
E: - 100GB (data)

Microsoft is telling us to create thin disks of, say,  1TB each. However, when 
we install the OS, we create NTFS file systems on each disk with the desired 
sizes of 40GB, 30GB, and 100GB. We now know that in the current state, this 
virtual can only grow its thin disks to a total of 170GB.  If the E:  runs out 
of space, we can use disk manager to extend the NTFS file system, which will 
grow the thin disk up to the new NTFS file system size. This gives you the 
ability to easily grow disks at will, but prevents any one virtual from hogging 
all the free host disk.

This sort of seems reasonable, but it complicates disk management immensely. 
Now, in order to know the max my virtuals might take, I have to look at each 
host store, find all of the virtual machines with VHD files on that store, then 
figure out each virtual's drive letter for that VHD (is that even possible?), 
then add up all the file system sizes. Seems like a lot of work, even if you 
script it up.


From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Monday, January 07, 2013 12:08 PM
To: NT System Admin Issues
Subject: Re: Time sync

Yes, over subscribing can be an issue if you don't manage your capacity 
properly.

It hasn't proved to be an issue in any of the environments where I have been.





ASB
http://XeeMe.com/AndrewBaker<http://xeeme.com/AndrewBaker>
Providing Virtual CIO Services (IT Operations & Information Security) for the 
SMB market...




On Mon, Jan 7, 2013 at 11:35 AM, Ken Cornetet 
mailto:ken.corne...@kimball.com>> wrote:
Thin provisioning seems risky to me. Seems like you are always in danger of 
non-critical virtuals deciding to use more disk space thus exhausting  physical 
space which would cause critical VMs to pause if they happen to need more space.

We tried thin provisioning  back in the old VirtualServer days, and I ran into 
this problem a few times.

-Original Message-
From: Michael B. Smith 
[mailto:mich...@smithcons.com<mailto:mich...@smithcons.com>]
Sent: Monday, January 07, 2013 10:28 AM
To: NT System Admin Issues
Subject: RE: Time sync

Because the overhead associated with dynamic disks in Hyper-V v3 is in the very 
low single digits. We don't spend any time on this process, thin provisioning 
still works seamlessly, and we get on with our lives.

:)

-Original Message-
From: Ken Cornetet 
[mailto:ken.corne...@kimball.com<mailto:ken.corne...@kimball.com>]
Sent: Monday, January 7, 2013 10:06 AM
To: NT System Admin Issues
Subject: RE: Time sync

We are running ESX 5. To conserve SAN storage, we provision virtuals with the 
bare minimum needed disk space because it is so easy to extend disks later 
(extend the VMDK in VMWare, extend in Windows, done). No down time, and no 
wasted disk. We don't have to spend a lot of time trying to anticipate how big 
the disks will get and wasting disk if we guess too high.

In HyperV, you can't extend disks without shutting down the virtual - seriously.

I can't for the life of me figure out why MS isn't fixing this instead of 
adding silly features like 4TB of guest RAM. And, I also wonder why HyperV 
users aren't howling about this.

-Original Message-
From: Michael Leone [mailto:oozerd...@gmail.com<mailto:oozerd...@gmail.com>]
Sent: Monday, January 07, 2013 9:43 AM
To: NT System Admin Issues
Subject: Re: Time sync

On Mon, Jan 7, 2013 at 8:31 AM, Ken Cornetet 
mailto:ke

RE: Time sync

[Ken Schaefer]

You might not want them - but other people might. Personally I've never had to 
extend a VM disk outside a maintenance window, so it's never really been an 
issue for me.

Hyper-V supports shared-nothing migration as well - does VMWare do that?

Actually, the statement was that Hyper-V has nothing that VMWare doesn't have. 
That statement is patently untrue. That was the point I was trying to make.

Cheers
Ken

From: Ken Cornetet [mailto:ken.corne...@kimball.com]
Sent: Tuesday, 8 January 2013 12:31 AM
To: NT System Admin Issues
Subject: RE: Time sync

Lol, how many times do you need 64 vCPUs or 4TB of guest Ram versus needing to 
extend a disk?

From: Ken Schaefer [mailto:k...@adopenstatic.com]
Sent: Friday, January 04, 2013 8:50 PM
To: NT System Admin Issues
Subject: RE: Time sync

Can ESX support 64  vCPUs or 4TB RAM per guest yet? Or 64 hosts per cluster? 
Seems like there are all sorts of corner cases where one product has 
functionality the other doesn't yet. For 99% of things they are feature 
compatible. It's all about the management and operations tools now. Hypervisors 
are almost commoditised, and will be within the next version or two.

Cheers
Ken

From: Ken Cornetet [mailto:ken.corne...@kimball.com]
Sent: Saturday, 5 January 2013 6:26 AM
To: NT System Admin Issues
Subject: RE: Time sync

Cost.

HyperV give something that VMWare doesn't? I laughed so hard I think I peed 
myself a little...  Sheesh, you can't even extend disks on a running virtual 
under HyperV.

From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Friday, January 04, 2013 11:43 AM
To: NT System Admin Issues
Subject: RE: Time sync

I was thinking the same thing. Actually IMHO VM still does more than Hyper-V 
does...

Z

Edward E. Ziots, CISSP, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org<mailto:ezi...@lifespan.org>



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Time sync

[Andrew S. Baker]

http://technet.microsoft.com/en-us/systemcenter/hh278293Well, I wouldn't
use a 1TB as the range, but let's use your example and say we doubled all
of our expected minimums.

Then you have all the flexibility that you pointed out before.



*>>Now, in order to know the max my virtuals might take, I have to look at
each host store, find all of the virtual machines with VHD files on that
store, then figure out each virtual’s drive letter for that VHD (is that
even possible?), then add up all the file system sizes. *

Why do you have to do that?

I'd expect that you'd be using something like System Center VM
Manager<http://technet.microsoft.com/en-us/systemcenter/hh278293>to
manage your virtual hosts and give you a comprehensive view of storage
consumption, utilization, etc.

Right?



*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Mon, Jan 7, 2013 at 3:33 PM, Ken Cornetet wrote:

> How do you “manage your capacity properly”? I’m not being facetious – I
> really want to know since it looks like we are switching to HyperV.
>
> ** **
>
> Microsoft’s recommendation is to create thin disks for more than you ever
> think you need. Then, when creating the OS, use disk manager to create the
> file system with the minimum you can get by with. This allows the VHD file
> to only grow up to the size of the file system it contains.
>
> ** **
>
> Then, if a virtual’s file system runs out of space, you can use storage
> management to extend the disk into some the free space you allocated in the
> VHD file.  This allows you to have room for expansion, but keeps any one
> virtual from exhausting free physical disk.
>
> ** **
>
> For example: Let’s say we need a SQL server. We think we can get by with
> the following disks:
>
> C: - 40GB (os)
>
> D: - 30GB (logs)
>
> E: - 100GB (data)
>
> ** **
>
> Microsoft is telling us to create thin disks of, say,  1TB each. However,
> when we install the OS, we create NTFS file systems on each disk with the
> desired sizes of 40GB, 30GB, and 100GB. We now know that in the current
> state, this virtual can only grow its thin disks to a total of 170GB.  If
> the E:  runs out of space, we can use disk manager to extend the NTFS file
> system, which will grow the thin disk up to the new NTFS file system size.
> This gives you the ability to easily grow disks at will, but prevents any
> one virtual from hogging all the free host disk.
>
> ** **
>
> This sort of seems reasonable, but it complicates disk management
> immensely. Now, in order to know the max my virtuals might take, I have to
> look at each host store, find all of the virtual machines with VHD files on
> that store, then figure out each virtual’s drive letter for that VHD (is
> that even possible?), then add up all the file system sizes. Seems like a
> lot of work, even if you script it up.
>
> ** **
>
> 
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Monday, January 07, 2013 12:08 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Time sync
>
> ** **
>
> Yes, over subscribing can be an issue if you don't manage your capacity
> properly.
>
> ** **
>
> It hasn't proved to be an issue in any of the environments where I have
> been.
>
>  
>
>  
>
> *ASB
> **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
> **Providing Virtual CIO Services (IT Operations & Information Security)
> for the SMB market…*
>
>  
>
> ** **
>
> On Mon, Jan 7, 2013 at 11:35 AM, Ken Cornetet 
> wrote:
>
> Thin provisioning seems risky to me. Seems like you are always in danger
> of non-critical virtuals deciding to use more disk space thus exhausting
>  physical space which would cause critical VMs to pause if they happen to
> need more space.
>
> We tried thin provisioning  back in the old VirtualServer days, and I ran
> into this problem a few times.
>
>
> -Original Message-
> From: Michael B. Smith [mailto:mich...@smithcons.com]
> Sent: Monday, January 07, 2013 10:28 AM
> To: NT System Admin Issues
>
> Subject: RE: Time sync
>
> Because the overhead associated with dynamic disks in Hyper-V v3 is in the
> very low single digits. We don't spend any time on this process, thin
> provisioning still works seamlessly, and we get on with our lives.
>
> :)
>
> -Original Message-
> From: Ken Cornetet [mailto:ken.corne...@kimball.com]
>
> Sent: Monday, January 7, 2013 10:06 AM
> To: NT System Admin Issues
>
> 

RE: Time sync

[Ken Cornetet]

How do you "manage your capacity properly"? I'm not being facetious - I really 
want to know since it looks like we are switching to HyperV.

Microsoft's recommendation is to create thin disks for more than you ever think 
you need. Then, when creating the OS, use disk manager to create the file 
system with the minimum you can get by with. This allows the VHD file to only 
grow up to the size of the file system it contains.

Then, if a virtual's file system runs out of space, you can use storage 
management to extend the disk into some the free space you allocated in the VHD 
file.  This allows you to have room for expansion, but keeps any one virtual 
from exhausting free physical disk.

For example: Let's say we need a SQL server. We think we can get by with the 
following disks:
C: - 40GB (os)
D: - 30GB (logs)
E: - 100GB (data)

Microsoft is telling us to create thin disks of, say,  1TB each. However, when 
we install the OS, we create NTFS file systems on each disk with the desired 
sizes of 40GB, 30GB, and 100GB. We now know that in the current state, this 
virtual can only grow its thin disks to a total of 170GB.  If the E:  runs out 
of space, we can use disk manager to extend the NTFS file system, which will 
grow the thin disk up to the new NTFS file system size. This gives you the 
ability to easily grow disks at will, but prevents any one virtual from hogging 
all the free host disk.

This sort of seems reasonable, but it complicates disk management immensely. 
Now, in order to know the max my virtuals might take, I have to look at each 
host store, find all of the virtual machines with VHD files on that store, then 
figure out each virtual's drive letter for that VHD (is that even possible?), 
then add up all the file system sizes. Seems like a lot of work, even if you 
script it up.

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Monday, January 07, 2013 12:08 PM
To: NT System Admin Issues
Subject: Re: Time sync

Yes, over subscribing can be an issue if you don't manage your capacity 
properly.

It hasn't proved to be an issue in any of the environments where I have been.





ASB
http://XeeMe.com/AndrewBaker<http://xeeme.com/AndrewBaker>
Providing Virtual CIO Services (IT Operations & Information Security) for the 
SMB market...




On Mon, Jan 7, 2013 at 11:35 AM, Ken Cornetet 
mailto:ken.corne...@kimball.com>> wrote:
Thin provisioning seems risky to me. Seems like you are always in danger of 
non-critical virtuals deciding to use more disk space thus exhausting  physical 
space which would cause critical VMs to pause if they happen to need more space.

We tried thin provisioning  back in the old VirtualServer days, and I ran into 
this problem a few times.

-Original Message-
From: Michael B. Smith 
[mailto:mich...@smithcons.com<mailto:mich...@smithcons.com>]
Sent: Monday, January 07, 2013 10:28 AM
To: NT System Admin Issues
Subject: RE: Time sync

Because the overhead associated with dynamic disks in Hyper-V v3 is in the very 
low single digits. We don't spend any time on this process, thin provisioning 
still works seamlessly, and we get on with our lives.

:)

-Original Message-
From: Ken Cornetet 
[mailto:ken.corne...@kimball.com<mailto:ken.corne...@kimball.com>]
Sent: Monday, January 7, 2013 10:06 AM
To: NT System Admin Issues
Subject: RE: Time sync

We are running ESX 5. To conserve SAN storage, we provision virtuals with the 
bare minimum needed disk space because it is so easy to extend disks later 
(extend the VMDK in VMWare, extend in Windows, done). No down time, and no 
wasted disk. We don't have to spend a lot of time trying to anticipate how big 
the disks will get and wasting disk if we guess too high.

In HyperV, you can't extend disks without shutting down the virtual - seriously.

I can't for the life of me figure out why MS isn't fixing this instead of 
adding silly features like 4TB of guest RAM. And, I also wonder why HyperV 
users aren't howling about this.

-Original Message-
From: Michael Leone [mailto:oozerd...@gmail.com<mailto:oozerd...@gmail.com>]
Sent: Monday, January 07, 2013 9:43 AM
To: NT System Admin Issues
Subject: Re: Time sync

On Mon, Jan 7, 2013 at 8:31 AM, Ken Cornetet 
mailto:ken.corne...@kimball.com>> wrote:
> Lol, how many times do you need 64 vCPUs or 4TB of guest Ram versus
> needing to extend a disk?

I run VMware ESXi 5.0, and I know I have had to extend a disk any number of 
times. And Win2008 makes extending the boot disk so much easier, too.

My largest VM has 16G of RAM, and I was even leery of that. And I have
6 hosts with 512G RAM each ...


ASB

http://XeeMe.com/AndrewBaker<http://xeeme.com/AndrewBaker>

Providing Expert Technology Consulting Services for the SMB market...



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.co

Re: Time sync

[Andrew S. Baker]

Yes, over subscribing can be an issue if you don't manage your capacity
properly.

It hasn't proved to be an issue in any of the environments where I have
been.





*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Mon, Jan 7, 2013 at 11:35 AM, Ken Cornetet wrote:

> Thin provisioning seems risky to me. Seems like you are always in danger
> of non-critical virtuals deciding to use more disk space thus exhausting
>  physical space which would cause critical VMs to pause if they happen to
> need more space.
>
> We tried thin provisioning  back in the old VirtualServer days, and I ran
> into this problem a few times.
>
> -Original Message-
> From: Michael B. Smith [mailto:mich...@smithcons.com]
> Sent: Monday, January 07, 2013 10:28 AM
> To: NT System Admin Issues
> Subject: RE: Time sync
>
> Because the overhead associated with dynamic disks in Hyper-V v3 is in the
> very low single digits. We don't spend any time on this process, thin
> provisioning still works seamlessly, and we get on with our lives.
>
> :)
>
> -Original Message-
> From: Ken Cornetet [mailto:ken.corne...@kimball.com]
> Sent: Monday, January 7, 2013 10:06 AM
> To: NT System Admin Issues
> Subject: RE: Time sync
>
> We are running ESX 5. To conserve SAN storage, we provision virtuals with
> the bare minimum needed disk space because it is so easy to extend disks
> later (extend the VMDK in VMWare, extend in Windows, done). No down time,
> and no wasted disk. We don't have to spend a lot of time trying to
> anticipate how big the disks will get and wasting disk if we guess too high.
>
> In HyperV, you can't extend disks without shutting down the virtual -
> seriously.
>
> I can't for the life of me figure out why MS isn't fixing this instead of
> adding silly features like 4TB of guest RAM. And, I also wonder why HyperV
> users aren't howling about this.
>
> -Original Message-
> From: Michael Leone [mailto:oozerd...@gmail.com]
> Sent: Monday, January 07, 2013 9:43 AM
> To: NT System Admin Issues
> Subject: Re: Time sync
>
> On Mon, Jan 7, 2013 at 8:31 AM, Ken Cornetet 
> wrote:
> > Lol, how many times do you need 64 vCPUs or 4TB of guest Ram versus
> > needing to extend a disk?
>
> I run VMware ESXi 5.0, and I know I have had to extend a disk any number
> of times. And Win2008 makes extending the boot disk so much easier, too.
>
> My largest VM has 16G of RAM, and I was even leery of that. And I have
> 6 hosts with 512G RAM each ...
>
>



  *ASB*

*http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>**

*Providing Expert Technology Consulting Services for the SMB market…*

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Time sync

[Michael Leone]

On Mon, Jan 7, 2013 at 10:33 AM, Andrew S. Baker  wrote:
>
> You do know you can thin provision in both VMWare and HyperV, right?
>
> Thus, you can stipulate that a disk have a max size of 200GB, but if you're 
> only using 50GB, it will only be 50GB in size.

I never use think disks, personally. Not for production use - possibly
for a test VM. I'd be afraid of what would happen if the disk needed
to expand, and there wasn't enough available disk space. With
(hopefully) sensibly sized thick disks, you know the running machines
will continue to run, up to the assigned disk maximum. And with an
alerting system that notifies you of free disk left, you can deal with
the situation ahead of time (usually). If a production server needs
space in the middle of the night, and there's not enough room on that
datastore, that can be bad  altho I guess storage profiles (for
VMware) might be able to help with that. I guess Hyper-V has a similar
feature, to move VMs between datastores based on pre-defined profiles.

> Thus, no reason for Windows users to howl.
>
> Plus, Windows doesn't mind extending non-boot disks, but it's not all that 
> happy about having its boot disk extended, no matter what the underlying 
> hypervisor.

True. But it's a lot better and easier with Win2008, and I imagine at
least as easy with 2012.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Time sync

[Ken Cornetet]

Thin provisioning seems risky to me. Seems like you are always in danger of 
non-critical virtuals deciding to use more disk space thus exhausting  physical 
space which would cause critical VMs to pause if they happen to need more space.

We tried thin provisioning  back in the old VirtualServer days, and I ran into 
this problem a few times.

-Original Message-
From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Monday, January 07, 2013 10:28 AM
To: NT System Admin Issues
Subject: RE: Time sync

Because the overhead associated with dynamic disks in Hyper-V v3 is in the very 
low single digits. We don't spend any time on this process, thin provisioning 
still works seamlessly, and we get on with our lives. 

:)

-Original Message-
From: Ken Cornetet [mailto:ken.corne...@kimball.com]
Sent: Monday, January 7, 2013 10:06 AM
To: NT System Admin Issues
Subject: RE: Time sync

We are running ESX 5. To conserve SAN storage, we provision virtuals with the 
bare minimum needed disk space because it is so easy to extend disks later 
(extend the VMDK in VMWare, extend in Windows, done). No down time, and no 
wasted disk. We don't have to spend a lot of time trying to anticipate how big 
the disks will get and wasting disk if we guess too high.

In HyperV, you can't extend disks without shutting down the virtual - 
seriously. 

I can't for the life of me figure out why MS isn't fixing this instead of 
adding silly features like 4TB of guest RAM. And, I also wonder why HyperV 
users aren't howling about this.

-Original Message-
From: Michael Leone [mailto:oozerd...@gmail.com]
Sent: Monday, January 07, 2013 9:43 AM
To: NT System Admin Issues
Subject: Re: Time sync

On Mon, Jan 7, 2013 at 8:31 AM, Ken Cornetet  wrote:
> Lol, how many times do you need 64 vCPUs or 4TB of guest Ram versus 
> needing to extend a disk?

I run VMware ESXi 5.0, and I know I have had to extend a disk any number of 
times. And Win2008 makes extending the boot disk so much easier, too.

My largest VM has 16G of RAM, and I was even leery of that. And I have
6 hosts with 512G RAM each ...

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Time sync

[Andrew S. Baker]

You do know you can thin provision in both VMWare and HyperV, right?

Thus, you can stipulate that a disk have a max size of 200GB, but if you're
only using 50GB, it will only be 50GB in size.

Thus, no reason for Windows users to howl.

Plus, Windows doesn't mind extending non-boot disks, but it's not all that
happy about having its boot disk extended, no matter what the underlying
hypervisor.





*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***





On Mon, Jan 7, 2013 at 10:05 AM, Ken Cornetet wrote:

> We are running ESX 5. To conserve SAN storage, we provision virtuals with
> the bare minimum needed disk space because it is so easy to extend disks
> later (extend the VMDK in VMWare, extend in Windows, done). No down time,
> and no wasted disk. We don't have to spend a lot of time trying to
> anticipate how big the disks will get and wasting disk if we guess too high.
>
> In HyperV, you can't extend disks without shutting down the virtual -
> seriously.
>
> I can't for the life of me figure out why MS isn't fixing this instead of
> adding silly features like 4TB of guest RAM. And, I also wonder why HyperV
> users aren't howling about this.
>
> -Original Message-
> From: Michael Leone [mailto:oozerd...@gmail.com]
> Sent: Monday, January 07, 2013 9:43 AM
> To: NT System Admin Issues
> Subject: Re: Time sync
>
> On Mon, Jan 7, 2013 at 8:31 AM, Ken Cornetet 
> wrote:
> > Lol, how many times do you need 64 vCPUs or 4TB of guest Ram versus
> > needing to extend a disk?
>
> I run VMware ESXi 5.0, and I know I have had to extend a disk any number
> of times. And Win2008 makes extending the boot disk so much easier, too.
>
> My largest VM has 16G of RAM, and I was even leery of that. And I have
> 6 hosts with 512G RAM each ...
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>



  *ASB*

*http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>**

*Providing Expert Technology Consulting Services for the SMB market…*

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Time sync

[Michael B. Smith]

Because the overhead associated with dynamic disks in Hyper-V v3 is in the very 
low single digits. We don't spend any time on this process, thin provisioning 
still works seamlessly, and we get on with our lives. 

:)

-Original Message-
From: Ken Cornetet [mailto:ken.corne...@kimball.com] 
Sent: Monday, January 7, 2013 10:06 AM
To: NT System Admin Issues
Subject: RE: Time sync

We are running ESX 5. To conserve SAN storage, we provision virtuals with the 
bare minimum needed disk space because it is so easy to extend disks later 
(extend the VMDK in VMWare, extend in Windows, done). No down time, and no 
wasted disk. We don't have to spend a lot of time trying to anticipate how big 
the disks will get and wasting disk if we guess too high.

In HyperV, you can't extend disks without shutting down the virtual - 
seriously. 

I can't for the life of me figure out why MS isn't fixing this instead of 
adding silly features like 4TB of guest RAM. And, I also wonder why HyperV 
users aren't howling about this.

-Original Message-
From: Michael Leone [mailto:oozerd...@gmail.com]
Sent: Monday, January 07, 2013 9:43 AM
To: NT System Admin Issues
Subject: Re: Time sync

On Mon, Jan 7, 2013 at 8:31 AM, Ken Cornetet  wrote:
> Lol, how many times do you need 64 vCPUs or 4TB of guest Ram versus 
> needing to extend a disk?

I run VMware ESXi 5.0, and I know I have had to extend a disk any number of 
times. And Win2008 makes extending the boot disk so much easier, too.

My largest VM has 16G of RAM, and I was even leery of that. And I have
6 hosts with 512G RAM each ...

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Time sync

[Ken Cornetet]

We are running ESX 5. To conserve SAN storage, we provision virtuals with the 
bare minimum needed disk space because it is so easy to extend disks later 
(extend the VMDK in VMWare, extend in Windows, done). No down time, and no 
wasted disk. We don't have to spend a lot of time trying to anticipate how big 
the disks will get and wasting disk if we guess too high.

In HyperV, you can't extend disks without shutting down the virtual - 
seriously. 

I can't for the life of me figure out why MS isn't fixing this instead of 
adding silly features like 4TB of guest RAM. And, I also wonder why HyperV 
users aren't howling about this.

-Original Message-
From: Michael Leone [mailto:oozerd...@gmail.com] 
Sent: Monday, January 07, 2013 9:43 AM
To: NT System Admin Issues
Subject: Re: Time sync

On Mon, Jan 7, 2013 at 8:31 AM, Ken Cornetet  wrote:
> Lol, how many times do you need 64 vCPUs or 4TB of guest Ram versus 
> needing to extend a disk?

I run VMware ESXi 5.0, and I know I have had to extend a disk any number of 
times. And Win2008 makes extending the boot disk so much easier, too.

My largest VM has 16G of RAM, and I was even leery of that. And I have
6 hosts with 512G RAM each ...

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Time sync

[Michael Leone]

On Mon, Jan 7, 2013 at 8:31 AM, Ken Cornetet  wrote:
> Lol, how many times do you need 64 vCPUs or 4TB of guest Ram versus needing
> to extend a disk?

I run VMware ESXi 5.0, and I know I have had to extend a disk any
number of times. And Win2008 makes extending the boot disk so much
easier, too.

My largest VM has 16G of RAM, and I was even leery of that. And I have
6 hosts with 512G RAM each ...

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Time sync

[Ken Cornetet]

Lol, how many times do you need 64 vCPUs or 4TB of guest Ram versus needing to 
extend a disk?

From: Ken Schaefer [mailto:k...@adopenstatic.com]
Sent: Friday, January 04, 2013 8:50 PM
To: NT System Admin Issues
Subject: RE: Time sync

Can ESX support 64  vCPUs or 4TB RAM per guest yet? Or 64 hosts per cluster? 
Seems like there are all sorts of corner cases where one product has 
functionality the other doesn't yet. For 99% of things they are feature 
compatible. It's all about the management and operations tools now. Hypervisors 
are almost commoditised, and will be within the next version or two.

Cheers
Ken

From: Ken Cornetet [mailto:ken.corne...@kimball.com]
Sent: Saturday, 5 January 2013 6:26 AM
To: NT System Admin Issues
Subject: RE: Time sync

Cost.

HyperV give something that VMWare doesn't? I laughed so hard I think I peed 
myself a little...  Sheesh, you can't even extend disks on a running virtual 
under HyperV.

From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Friday, January 04, 2013 11:43 AM
To: NT System Admin Issues
Subject: RE: Time sync

I was thinking the same thing. Actually IMHO VM still does more than Hyper-V 
does...

Z

Edward E. Ziots, CISSP, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org<mailto:ezi...@lifespan.org>



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Time sync

[Ken Schaefer]

Can ESX support 64  vCPUs or 4TB RAM per guest yet? Or 64 hosts per cluster? 
Seems like there are all sorts of corner cases where one product has 
functionality the other doesn't yet. For 99% of things they are feature 
compatible. It's all about the management and operations tools now. Hypervisors 
are almost commoditised, and will be within the next version or two.

Cheers
Ken

From: Ken Cornetet [mailto:ken.corne...@kimball.com]
Sent: Saturday, 5 January 2013 6:26 AM
To: NT System Admin Issues
Subject: RE: Time sync

Cost.

HyperV give something that VMWare doesn't? I laughed so hard I think I peed 
myself a little...  Sheesh, you can't even extend disks on a running virtual 
under HyperV.

From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Friday, January 04, 2013 11:43 AM
To: NT System Admin Issues
Subject: RE: Time sync

I was thinking the same thing. Actually IMHO VM still does more than Hyper-V 
does...

Z

Edward E. Ziots, CISSP, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org<mailto:ezi...@lifespan.org>



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Time sync

[Bourque Daniel]

I presume that you have at least 2 redondant, stable, time sources for your 
telecom eqpt and that you use them to redistribute time to your PDC and others 
non windows material.  I also assume you have specific Stratum level define for 
your time sources and that you are not deasy chaining your router NTP too many 
level...
 
One solution would be to install a real NTP client on all the windows stations 
and servers part of your insurance setup (no need for the non critical stuff).  
With this, you could make sure the sync is every 2 hours for example.  As long 
as the DC don't drift too much, there would be no problem with auth.   If they 
are drifting, well, here is your problem...
 
PS: With your VM, where do you take the time?  From ESX or from the PDC/DC 
servers?
 
Here, we have 2 GPS base NTP source (Stratum 1) feeding the Cisco 6509 or Main 
router of each site (Stratum 2).  In turn, they redistribute time in their site 
using the same anycast address.  That way, an eqpt can allways reach one good 
time source. 
 
I also run the Meinberg NTP Time source Monitor to check my PC station agains 
all the NTP source (stratum 1 and 2)  I have defined in those sites.  If any 
timesource offset more then 100msec, It generate an e-mail alert.




De : Steven Peck [mailto:sep...@gmail.com] 
Envoyé : 4 janvier 2013 16:25
À : NT System Admin Issues
Objet : Re: Time sync


Oh, I should mention the PBX gets time from the routers as well, etc.  We do 
insurance and if the phones and customer call center apps and the time clock 
apps are off by more then a second or two we all have to go to irritating 
meetings
 


 
On Fri, Jan 4, 2013 at 12:59 PM, Steven Peck  wrote:


The drift is to far.  
We peer servers to DC's, DC's to vPDC
The DC's all peer to our routers and the routers are chained to each 
other and the root outside source we use.  Our servers are within seconds.
 
We do not sync with the hosts.


On Fri, Jan 4, 2013 at 12:48 PM, Steve Kradel  
wrote:


Hmm, could be your VM host has the wrong time, and is jamming 
that bad
time into its guests occasionally.  Disable the host->guest 
time sync
and, provided w32tm is set up properly, you may find everything 
is
good.

Also it wouldn't hurt to make sure the host has a solid time
configuration, as *fully* disabling host->guest sync, at least 
under
VMWare, takes a little more poking than one might think.

Definitely would sort this out before considering 3rd party NTP
solutions... anything more than a couple seconds of skew isn't 
w32tm's
fault.

--Steve


On Fri, Jan 4, 2013 at 12:11 PM, Richard McClary
 wrote:
> Thanks to all so far!
>
> The drift goes off into minutes apart.
>
> I presume somewhere in those TechNet articles is something 
(registry hack to workstations via GPO) that can have servers and workstations 
sync with the DC every 1-2 hours?  (At first skimming, it's not all that clear.)
>
> Thanks again
>

> -Original Message-
> From: Steve Kradel [mailto:skra...@zetetic.net]

> Sent: Friday, January 04, 2013 10:32 AM
    > To: NT System Admin Issues
> Subject: Re: Time sync
>

> How much time skew are we talking about here?  While MSFT 
will only support w32tm accuracy within 1-2 seconds, in practice I have found 
it to be stable within a tenth of a second or less, and would not feel 
compelled to look into very-high-accuracy NTP clients for regular 
non-scientific applications.  Do you have separate systems recording the 
timestamps of an incoming call and the creation of a linked medical record, or 
are things unreliable even on a single host?
>
> --Steve
>

> On Fri, Jan 4, 2013 at 9:10 AM, Richard McClary 
 wrote:
>> Greetings!
>>
>>
>>
>> I'm sure I and many others have asked this (but are still 
stumped).
>> Ken S's reply yesterday pointing to ultimately a chain of 
TechNet
>> articles has shed some light and will start us digging.
>>
>>
>>

Re: Time sync

[Steven Peck]

Oh, I should mention the PBX gets time from the routers as well, etc.  We
do insurance and if the phones and customer call center apps and the time
clock apps are off by more then a second or two we all have to go to
irritating meetings




On Fri, Jan 4, 2013 at 12:59 PM, Steven Peck  wrote:

> The drift is to far.
> We peer servers to DC's, DC's to vPDC
> The DC's all peer to our routers and the routers are chained to each other
> and the root outside source we use.  Our servers are within seconds.
>
> We do not sync with the hosts.
>
> On Fri, Jan 4, 2013 at 12:48 PM, Steve Kradel  wrote:
>
>> Hmm, could be your VM host has the wrong time, and is jamming that bad
>> time into its guests occasionally.  Disable the host->guest time sync
>> and, provided w32tm is set up properly, you may find everything is
>> good.
>>
>> Also it wouldn't hurt to make sure the host has a solid time
>> configuration, as *fully* disabling host->guest sync, at least under
>> VMWare, takes a little more poking than one might think.
>>
>> Definitely would sort this out before considering 3rd party NTP
>> solutions... anything more than a couple seconds of skew isn't w32tm's
>> fault.
>>
>> --Steve
>>
>> On Fri, Jan 4, 2013 at 12:11 PM, Richard McClary
>>  wrote:
>> > Thanks to all so far!
>> >
>> > The drift goes off into minutes apart.
>> >
>> > I presume somewhere in those TechNet articles is something (registry
>> hack to workstations via GPO) that can have servers and workstations sync
>> with the DC every 1-2 hours?  (At first skimming, it's not all that clear.)
>> >
>> > Thanks again
>> >
>> > -Original Message-
>> > From: Steve Kradel [mailto:skra...@zetetic.net]
>> > Sent: Friday, January 04, 2013 10:32 AM
>> > To: NT System Admin Issues
>> > Subject: Re: Time sync
>> >
>> > How much time skew are we talking about here?  While MSFT will only
>> support w32tm accuracy within 1-2 seconds, in practice I have found it to
>> be stable within a tenth of a second or less, and would not feel compelled
>> to look into very-high-accuracy NTP clients for regular non-scientific
>> applications.  Do you have separate systems recording the timestamps of an
>> incoming call and the creation of a linked medical record, or are things
>> unreliable even on a single host?
>> >
>> > --Steve
>> >
>> > On Fri, Jan 4, 2013 at 9:10 AM, Richard McClary <
>> richard.mccl...@aspca.org> wrote:
>> >> Greetings!
>> >>
>> >>
>> >>
>> >> I'm sure I and many others have asked this (but are still stumped).
>> >> Ken S's reply yesterday pointing to ultimately a chain of TechNet
>> >> articles has shed some light and will start us digging.
>> >>
>> >>
>> >>
>> >> Microsoft admits W32Time is sloppy
>> >> (http://support.microsoft.com/kb/939322)
>> >> - mainly meant to make Kerberos v5 work.
>> >>
>> >>
>> >>
>> >> Our issue is, W32Time lets things drift enough for weird things to
>> >> occur in our medical records.
>> >>
>> >>
>> >>
>> >> We have a veterinary toxicology consulting hotline.  Because things
>> >> get out of sync a bit, we frequently have medical records opening
>> >> before a client's telephone call is received.
>> >>
>> >>
>> >>
>> >> The article referenced above essentially says to go find an
>> >> alternative to W32Time.  NIST has gathered a list of time sync
>> >> software.  QUESTION:  has anyone on the list used (and would
>> >> recommend) anything on that list to fix the "record created prior to
>> the call" situation?
>> >> (http://www.nist.gov/pml/div688/grp40/softwarelist.cfm)
>> >>
>> >>
>> >>
>> >> Thank you...
>> >>
>> >> --
>> >>
>> >> richard
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> The information contained in this e-mail, and any attachments hereto,
>> >> is from The American Society for the Prevention of Cruelty to
>> Animals(r)
>> >> (ASPCA(r)) and is intended only for use by the addressee(s) named
>> herein
>> >> and may contain legally privileged and/or confidential information. If
>> >>

Re: Time sync

[Steven Peck]

The drift is to far.
We peer servers to DC's, DC's to vPDC
The DC's all peer to our routers and the routers are chained to each other
and the root outside source we use.  Our servers are within seconds.

We do not sync with the hosts.

On Fri, Jan 4, 2013 at 12:48 PM, Steve Kradel  wrote:

> Hmm, could be your VM host has the wrong time, and is jamming that bad
> time into its guests occasionally.  Disable the host->guest time sync
> and, provided w32tm is set up properly, you may find everything is
> good.
>
> Also it wouldn't hurt to make sure the host has a solid time
> configuration, as *fully* disabling host->guest sync, at least under
> VMWare, takes a little more poking than one might think.
>
> Definitely would sort this out before considering 3rd party NTP
> solutions... anything more than a couple seconds of skew isn't w32tm's
> fault.
>
> --Steve
>
> On Fri, Jan 4, 2013 at 12:11 PM, Richard McClary
>  wrote:
> > Thanks to all so far!
> >
> > The drift goes off into minutes apart.
> >
> > I presume somewhere in those TechNet articles is something (registry
> hack to workstations via GPO) that can have servers and workstations sync
> with the DC every 1-2 hours?  (At first skimming, it's not all that clear.)
> >
> > Thanks again
> >
> > -Original Message-----
> > From: Steve Kradel [mailto:skra...@zetetic.net]
> > Sent: Friday, January 04, 2013 10:32 AM
> > To: NT System Admin Issues
> > Subject: Re: Time sync
> >
> > How much time skew are we talking about here?  While MSFT will only
> support w32tm accuracy within 1-2 seconds, in practice I have found it to
> be stable within a tenth of a second or less, and would not feel compelled
> to look into very-high-accuracy NTP clients for regular non-scientific
> applications.  Do you have separate systems recording the timestamps of an
> incoming call and the creation of a linked medical record, or are things
> unreliable even on a single host?
> >
> > --Steve
> >
> > On Fri, Jan 4, 2013 at 9:10 AM, Richard McClary <
> richard.mccl...@aspca.org> wrote:
> >> Greetings!
> >>
> >>
> >>
> >> I'm sure I and many others have asked this (but are still stumped).
> >> Ken S's reply yesterday pointing to ultimately a chain of TechNet
> >> articles has shed some light and will start us digging.
> >>
> >>
> >>
> >> Microsoft admits W32Time is sloppy
> >> (http://support.microsoft.com/kb/939322)
> >> - mainly meant to make Kerberos v5 work.
> >>
> >>
> >>
> >> Our issue is, W32Time lets things drift enough for weird things to
> >> occur in our medical records.
> >>
> >>
> >>
> >> We have a veterinary toxicology consulting hotline.  Because things
> >> get out of sync a bit, we frequently have medical records opening
> >> before a client's telephone call is received.
> >>
> >>
> >>
> >> The article referenced above essentially says to go find an
> >> alternative to W32Time.  NIST has gathered a list of time sync
> >> software.  QUESTION:  has anyone on the list used (and would
> >> recommend) anything on that list to fix the "record created prior to
> the call" situation?
> >> (http://www.nist.gov/pml/div688/grp40/softwarelist.cfm)
> >>
> >>
> >>
> >> Thank you...
> >>
> >> --
> >>
> >> richard
> >>
> >>
> >>
> >>
> >>
> >> The information contained in this e-mail, and any attachments hereto,
> >> is from The American Society for the Prevention of Cruelty to Animals(r)
> >> (ASPCA(r)) and is intended only for use by the addressee(s) named herein
> >> and may contain legally privileged and/or confidential information. If
> >> you are not the intended recipient of this e-mail, you are hereby
> >> notified that any dissemination, distribution, copying or use of the
> >> contents of this e-mail, and any attachments hereto, is strictly
> >> prohibited. If you have received this e-mail in error, please
> >> immediately notify me by reply email and permanently delete the
> >> original and any copy of this e-mail and any printout thereof.
> >>
> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> >> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> >>
> >> ---
> >> To manage subscriptions click here:
> >> 

Re: Time sync

[Steve Kradel]

Hmm, could be your VM host has the wrong time, and is jamming that bad
time into its guests occasionally.  Disable the host->guest time sync
and, provided w32tm is set up properly, you may find everything is
good.

Also it wouldn't hurt to make sure the host has a solid time
configuration, as *fully* disabling host->guest sync, at least under
VMWare, takes a little more poking than one might think.

Definitely would sort this out before considering 3rd party NTP
solutions... anything more than a couple seconds of skew isn't w32tm's
fault.

--Steve

On Fri, Jan 4, 2013 at 12:11 PM, Richard McClary
 wrote:
> Thanks to all so far!
>
> The drift goes off into minutes apart.
>
> I presume somewhere in those TechNet articles is something (registry hack to 
> workstations via GPO) that can have servers and workstations sync with the DC 
> every 1-2 hours?  (At first skimming, it's not all that clear.)
>
> Thanks again
>
> -Original Message-
> From: Steve Kradel [mailto:skra...@zetetic.net]
> Sent: Friday, January 04, 2013 10:32 AM
> To: NT System Admin Issues
> Subject: Re: Time sync
>
> How much time skew are we talking about here?  While MSFT will only support 
> w32tm accuracy within 1-2 seconds, in practice I have found it to be stable 
> within a tenth of a second or less, and would not feel compelled to look into 
> very-high-accuracy NTP clients for regular non-scientific applications.  Do 
> you have separate systems recording the timestamps of an incoming call and 
> the creation of a linked medical record, or are things unreliable even on a 
> single host?
>
> --Steve
>
> On Fri, Jan 4, 2013 at 9:10 AM, Richard McClary  
> wrote:
>> Greetings!
>>
>>
>>
>> I'm sure I and many others have asked this (but are still stumped).
>> Ken S's reply yesterday pointing to ultimately a chain of TechNet
>> articles has shed some light and will start us digging.
>>
>>
>>
>> Microsoft admits W32Time is sloppy
>> (http://support.microsoft.com/kb/939322)
>> - mainly meant to make Kerberos v5 work.
>>
>>
>>
>> Our issue is, W32Time lets things drift enough for weird things to
>> occur in our medical records.
>>
>>
>>
>> We have a veterinary toxicology consulting hotline.  Because things
>> get out of sync a bit, we frequently have medical records opening
>> before a client's telephone call is received.
>>
>>
>>
>> The article referenced above essentially says to go find an
>> alternative to W32Time.  NIST has gathered a list of time sync
>> software.  QUESTION:  has anyone on the list used (and would
>> recommend) anything on that list to fix the "record created prior to the 
>> call" situation?
>> (http://www.nist.gov/pml/div688/grp40/softwarelist.cfm)
>>
>>
>>
>> Thank you...
>>
>> --
>>
>> richard
>>
>>
>>
>>
>>
>> The information contained in this e-mail, and any attachments hereto,
>> is from The American Society for the Prevention of Cruelty to Animals(r)
>> (ASPCA(r)) and is intended only for use by the addressee(s) named herein
>> and may contain legally privileged and/or confidential information. If
>> you are not the intended recipient of this e-mail, you are hereby
>> notified that any dissemination, distribution, copying or use of the
>> contents of this e-mail, and any attachments hereto, is strictly
>> prohibited. If you have received this e-mail in error, please
>> immediately notify me by reply email and permanently delete the
>> original and any copy of this e-mail and any printout thereof.
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
> The information contained in this e-mail, and any attachments hereto, is from 
> The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and 
> is intended only for use by the addressee(s) named herein and may contain 
>

Re: Time sync

[Eric Wittersheim]

Ken,

On HV guests the time snch feature really doesn't work.  I contacted
Meinberg and they told me that their product is not made to run on a Guest
OS.  VMware or HV.  Our experience with NTP on HV guests is that there is
way too much fluctuation and the time never stays within the limits.  When
you look at the server's clock the time is always what it should be.  So it
is getting off by 500ms or whatever the limit is.

On Fri, Jan 4, 2013 at 9:29 AM, Ken Cornetet wrote:

> We run the Meinberg NTP port as well. We will soon start migrating from
> VMWare (where the Meinberg NTP port works great) to HyperV. Care to
> elaborate on what you mean by “except on HV guests”?
>
> ** **
>
> *From:* Eric Wittersheim [mailto:eric.wittersh...@gmail.com]
> *Sent:* Friday, January 04, 2013 9:24 AM
> *To:* NT System Admin Issues
> *Subject:* Re: Time sync
>
> ** **
>
> We run the product from Meinberg.  It works very well except on HV guests.
> 
>
> On Fri, Jan 4, 2013 at 8:10 AM, Richard McClary 
> wrote:
>
> Greetings!
>
>  
>
> I’m sure I and many others have asked this (but are still stumped).  Ken
> S’s reply yesterday pointing to ultimately a chain of TechNet articles has
> shed some light and will start us digging.
>
>  
>
> Microsoft admits W32Time is sloppy (http://support.microsoft.com/kb/939322)
> – mainly meant to make Kerberos v5 work.
>
>  
>
> Our issue is, W32Time lets things drift enough for weird things to occur
> in our medical records.
>
>  
>
> We have a veterinary toxicology consulting hotline.  Because things get
> out of sync a bit, we frequently have medical records opening before a
> client’s telephone call is received.
>
>  
>
> The article referenced above essentially says to go find an alternative to
> W32Time.  NIST has gathered a list of time sync software.  QUESTION:  has
> anyone on the list used (and would recommend) anything on that list to fix
> the “record created prior to the call” situation?  (
> http://www.nist.gov/pml/div688/grp40/softwarelist.cfm) 
>
>  
>
> Thank you…
>
> --
>
> richard
>
>  
>
> ** **
>
>
> The information contained in this e-mail, and any attachments hereto, is
> from The American Society for the Prevention of Cruelty to Animals®
> (ASPCA®) and is intended only for use by the addressee(s) named herein and
> may contain legally privileged and/or confidential information. If you are
> not the intended recipient of this e-mail, you are hereby notified that any
> dissemination, distribution, copying or use of the contents of this e-mail,
> and any attachments hereto, is strictly prohibited. If you have received
> this e-mail in error, please immediately notify me by reply email and
> permanently delete the original and any copy of this e-mail and any
> printout thereof. 
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Time sync

[Ken Cornetet]

Cost.

HyperV give something that VMWare doesn't? I laughed so hard I think I peed 
myself a little...  Sheesh, you can't even extend disks on a running virtual 
under HyperV.

From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Friday, January 04, 2013 11:43 AM
To: NT System Admin Issues
Subject: RE: Time sync

I was thinking the same thing. Actually IMHO VM still does more than Hyper-V 
does...

Z

Edward E. Ziots, CISSP, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org<mailto:ezi...@lifespan.org>

From: Chinnery, Paul [mailto:pa...@mmcwm.com]
Sent: Friday, January 04, 2013 11:23 AM
To: NT System Admin Issues
Subject: RE: Time sync

Slightly OT, Ken, but why are you moving away from VM?  Cost or something else 
that HyperV gives you that VM doesn't?


Paul Chinnery
Network Admin
Memorial Medical Center
231.845.2319



From: Ken Cornetet [mailto:ken.corne...@kimball.com]
Sent: Friday, January 04, 2013 10:30 AM
To: NT System Admin Issues
Subject: RE: Time sync

We run the Meinberg NTP port as well. We will soon start migrating from VMWare 
(where the Meinberg NTP port works great) to HyperV. Care to elaborate on what 
you mean by "except on HV guests"?

From: Eric Wittersheim [mailto:eric.wittersh...@gmail.com]
Sent: Friday, January 04, 2013 9:24 AM
To: NT System Admin Issues
Subject: Re: Time sync

We run the product from Meinberg.  It works very well except on HV guests.
On Fri, Jan 4, 2013 at 8:10 AM, Richard McClary 
mailto:richard.mccl...@aspca.org>> wrote:
Greetings!

I'm sure I and many others have asked this (but are still stumped).  Ken S's 
reply yesterday pointing to ultimately a chain of TechNet articles has shed 
some light and will start us digging.

Microsoft admits W32Time is sloppy (http://support.microsoft.com/kb/939322) - 
mainly meant to make Kerberos v5 work.

Our issue is, W32Time lets things drift enough for weird things to occur in our 
medical records.

We have a veterinary toxicology consulting hotline.  Because things get out of 
sync a bit, we frequently have medical records opening before a client's 
telephone call is received.

The article referenced above essentially says to go find an alternative to 
W32Time.  NIST has gathered a list of time sync software.  QUESTION:  has 
anyone on the list used (and would recommend) anything on that list to fix the 
"record created prior to the call" situation?  
(http://www.nist.gov/pml/div688/grp40/softwarelist.cfm)

Thank you...
--
richard



The information contained in this e-mail, and any attachments hereto, is from 
The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and 
is intended only for use by the addressee(s) named herein and may contain 
legally privileged and/or confidential information. If you are not the intended 
recipient of this e-mail, you are hereby notified that any dissemination, 
distribution, copying or use of the contents of this e-mail, and any 
attachments hereto, is strictly prohibited. If you have received this e-mail in 
error, please immediately notify me by reply email and permanently delete the 
original and any copy of this e-mail and any printout thereof.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-softwa

RE: Time sync

[Free, Bob]

If it's minutes, something's wrong. My experience is much the same as Steve's. 
Other than some very specialized applications, w32time is sufficient. We do 
have a very intricate Time Synchronization Network with multiple atomic clocks 
and other sources but it's not needed on the majority of windows clients. We 
used to run the ntp.org software on the NT DCs in lieu of timeserv but w32time 
has been sufficient since we moved to AD. My DCs in the domain I just checked 
are all within 15 ms of Stratum 1, actually only one is over 10ms. My laptop is 
on VPN over LTE and hasn't been in the office in months and it is only +70ms 
from Stratum 2.

Biggest problem I've had over the years is with meddlers who *think* they know 
better and fool around with it. Usually setting things back to default and 
w32tm /resync fixes it.

-Original Message-
From: Steve Kradel [mailto:skra...@zetetic.net] 
Sent: Friday, January 04, 2013 8:32 AM
To: NT System Admin Issues
Subject: Re: Time sync

How much time skew are we talking about here?  While MSFT will only support 
w32tm accuracy within 1-2 seconds, in practice I have found it to be stable 
within a tenth of a second or less, and would not feel compelled to look into 
very-high-accuracy NTP clients for regular non-scientific applications.  Do you 
have separate systems recording the timestamps of an incoming call and the 
creation of a linked medical record, or are things unreliable even on a single 
host?

--Steve

On Fri, Jan 4, 2013 at 9:10 AM, Richard McClary  
wrote:
> Greetings!
>
>
>
> I'm sure I and many others have asked this (but are still stumped).  
> Ken S's reply yesterday pointing to ultimately a chain of TechNet 
> articles has shed some light and will start us digging.
>
>
>
> Microsoft admits W32Time is sloppy 
> (http://support.microsoft.com/kb/939322)
> - mainly meant to make Kerberos v5 work.
>
>
>
> Our issue is, W32Time lets things drift enough for weird things to 
> occur in our medical records.
>
>
>
> We have a veterinary toxicology consulting hotline.  Because things 
> get out of sync a bit, we frequently have medical records opening 
> before a client's telephone call is received.
>
>
>
> The article referenced above essentially says to go find an 
> alternative to W32Time.  NIST has gathered a list of time sync 
> software.  QUESTION:  has anyone on the list used (and would 
> recommend) anything on that list to fix the "record created prior to the 
> call" situation?
> (http://www.nist.gov/pml/div688/grp40/softwarelist.cfm)
>
>
>
> Thank you...
>
> --
>
> richard
>
>
>
>
>
> The information contained in this e-mail, and any attachments hereto, 
> is from The American Society for the Prevention of Cruelty to Animals(r) 
> (ASPCA(r)) and is intended only for use by the addressee(s) named herein 
> and may contain legally privileged and/or confidential information. If 
> you are not the intended recipient of this e-mail, you are hereby 
> notified that any dissemination, distribution, copying or use of the 
> contents of this e-mail, and any attachments hereto, is strictly 
> prohibited. If you have received this e-mail in error, please 
> immediately notify me by reply email and permanently delete the 
> original and any copy of this e-mail and any printout thereof.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



PG&E is committed to protecting our customers' privacy. 
To learn more, please visit http://www.pge.com/about/company/privacy/customer/

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Time sync

[Richard McClary]

Thanks to all so far!

The drift goes off into minutes apart.

I presume somewhere in those TechNet articles is something (registry hack to 
workstations via GPO) that can have servers and workstations sync with the DC 
every 1-2 hours?  (At first skimming, it's not all that clear.)

Thanks again

-Original Message-
From: Steve Kradel [mailto:skra...@zetetic.net] 
Sent: Friday, January 04, 2013 10:32 AM
To: NT System Admin Issues
Subject: Re: Time sync

How much time skew are we talking about here?  While MSFT will only support 
w32tm accuracy within 1-2 seconds, in practice I have found it to be stable 
within a tenth of a second or less, and would not feel compelled to look into 
very-high-accuracy NTP clients for regular non-scientific applications.  Do you 
have separate systems recording the timestamps of an incoming call and the 
creation of a linked medical record, or are things unreliable even on a single 
host?

--Steve

On Fri, Jan 4, 2013 at 9:10 AM, Richard McClary  
wrote:
> Greetings!
>
>
>
> I'm sure I and many others have asked this (but are still stumped).  
> Ken S's reply yesterday pointing to ultimately a chain of TechNet 
> articles has shed some light and will start us digging.
>
>
>
> Microsoft admits W32Time is sloppy 
> (http://support.microsoft.com/kb/939322)
> - mainly meant to make Kerberos v5 work.
>
>
>
> Our issue is, W32Time lets things drift enough for weird things to 
> occur in our medical records.
>
>
>
> We have a veterinary toxicology consulting hotline.  Because things 
> get out of sync a bit, we frequently have medical records opening 
> before a client's telephone call is received.
>
>
>
> The article referenced above essentially says to go find an 
> alternative to W32Time.  NIST has gathered a list of time sync 
> software.  QUESTION:  has anyone on the list used (and would 
> recommend) anything on that list to fix the "record created prior to the 
> call" situation?
> (http://www.nist.gov/pml/div688/grp40/softwarelist.cfm)
>
>
>
> Thank you...
>
> --
>
> richard
>
>
>
>
>
> The information contained in this e-mail, and any attachments hereto, 
> is from The American Society for the Prevention of Cruelty to Animals(r) 
> (ASPCA(r)) and is intended only for use by the addressee(s) named herein 
> and may contain legally privileged and/or confidential information. If 
> you are not the intended recipient of this e-mail, you are hereby 
> notified that any dissemination, distribution, copying or use of the 
> contents of this e-mail, and any attachments hereto, is strictly 
> prohibited. If you have received this e-mail in error, please 
> immediately notify me by reply email and permanently delete the 
> original and any copy of this e-mail and any printout thereof.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


The information contained in this e-mail, and any attachments hereto, is from 
The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and 
is intended only for use by the addressee(s) named herein and may contain 
legally privileged and/or confidential information. If you are not the intended 
recipient of this e-mail, you are hereby notified that any dissemination, 
distribution, copying or use of the contents of this e-mail, and any 
attachments hereto, is strictly prohibited. If you have received this e-mail in 
error, please immediately notify me by reply email and permanently delete the 
original and any copy of this e-mail and any printout thereof.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Time sync

[Ziots, Edward]

I was thinking the same thing. Actually IMHO VM still does more than
Hyper-V does...

 

Z

 

Edward E. Ziots, CISSP, Security +, Network +

Security Engineer

Lifespan Organization

ezi...@lifespan.org

 

From: Chinnery, Paul [mailto:pa...@mmcwm.com] 
Sent: Friday, January 04, 2013 11:23 AM
To: NT System Admin Issues
Subject: RE: Time sync

 

Slightly OT, Ken, but why are you moving away from VM?  Cost or
something else that HyperV gives you that VM doesn't?

 

 

Paul Chinnery

Network Admin

Memorial Medical Center

231.845.2319

 

 

 

From: Ken Cornetet [mailto:ken.corne...@kimball.com] 
Sent: Friday, January 04, 2013 10:30 AM
To: NT System Admin Issues
Subject: RE: Time sync

 

We run the Meinberg NTP port as well. We will soon start migrating from
VMWare (where the Meinberg NTP port works great) to HyperV. Care to
elaborate on what you mean by "except on HV guests"?

 

From: Eric Wittersheim [mailto:eric.wittersh...@gmail.com] 
Sent: Friday, January 04, 2013 9:24 AM
To: NT System Admin Issues
Subject: Re: Time sync

 

We run the product from Meinberg.  It works very well except on HV
guests.

On Fri, Jan 4, 2013 at 8:10 AM, Richard McClary
 wrote:

Greetings!

 

I'm sure I and many others have asked this (but are still stumped).  Ken
S's reply yesterday pointing to ultimately a chain of TechNet articles
has shed some light and will start us digging.

 

Microsoft admits W32Time is sloppy
(http://support.microsoft.com/kb/939322) - mainly meant to make Kerberos
v5 work.

 

Our issue is, W32Time lets things drift enough for weird things to occur
in our medical records.

 

We have a veterinary toxicology consulting hotline.  Because things get
out of sync a bit, we frequently have medical records opening before a
client's telephone call is received.

 

The article referenced above essentially says to go find an alternative
to W32Time.  NIST has gathered a list of time sync software.  QUESTION:
has anyone on the list used (and would recommend) anything on that list
to fix the "record created prior to the call" situation?
(http://www.nist.gov/pml/div688/grp40/softwarelist.cfm) 

 

Thank you...

--

richard

 

 


The information contained in this e-mail, and any attachments hereto, is
from The American Society for the Prevention of Cruelty to Animals(r)
(ASPCA(r)) and is intended only for use by the addressee(s) named herein
and may contain legally privileged and/or confidential information. If
you are not the intended recipient of this e-mail, you are hereby
notified that any dissemination, distribution, copying or use of the
contents of this e-mail, and any attachments hereto, is strictly
prohibited. If you have received this e-mail in error, please
immediately notify me by reply email and permanently delete the original
and any copy of this e-mail and any printout thereof. 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Time sync

[Steve Kradel]

How much time skew are we talking about here?  While MSFT will only
support w32tm accuracy within 1-2 seconds, in practice I have found it
to be stable within a tenth of a second or less, and would not feel
compelled to look into very-high-accuracy NTP clients for regular
non-scientific applications.  Do you have separate systems recording
the timestamps of an incoming call and the creation of a linked
medical record, or are things unreliable even on a single host?

--Steve

On Fri, Jan 4, 2013 at 9:10 AM, Richard McClary
 wrote:
> Greetings!
>
>
>
> I’m sure I and many others have asked this (but are still stumped).  Ken S’s
> reply yesterday pointing to ultimately a chain of TechNet articles has shed
> some light and will start us digging.
>
>
>
> Microsoft admits W32Time is sloppy (http://support.microsoft.com/kb/939322)
> – mainly meant to make Kerberos v5 work.
>
>
>
> Our issue is, W32Time lets things drift enough for weird things to occur in
> our medical records.
>
>
>
> We have a veterinary toxicology consulting hotline.  Because things get out
> of sync a bit, we frequently have medical records opening before a client’s
> telephone call is received.
>
>
>
> The article referenced above essentially says to go find an alternative to
> W32Time.  NIST has gathered a list of time sync software.  QUESTION:  has
> anyone on the list used (and would recommend) anything on that list to fix
> the “record created prior to the call” situation?
> (http://www.nist.gov/pml/div688/grp40/softwarelist.cfm)
>
>
>
> Thank you…
>
> --
>
> richard
>
>
>
>
>
> The information contained in this e-mail, and any attachments hereto, is
> from The American Society for the Prevention of Cruelty to Animals® (ASPCA®)
> and is intended only for use by the addressee(s) named herein and may
> contain legally privileged and/or confidential information. If you are not
> the intended recipient of this e-mail, you are hereby notified that any
> dissemination, distribution, copying or use of the contents of this e-mail,
> and any attachments hereto, is strictly prohibited. If you have received
> this e-mail in error, please immediately notify me by reply email and
> permanently delete the original and any copy of this e-mail and any printout
> thereof.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Time sync

[Chinnery, Paul]

Slightly OT, Ken, but why are you moving away from VM?  Cost or something else 
that HyperV gives you that VM doesn't?


Paul Chinnery
Network Admin
Memorial Medical Center
231.845.2319



From: Ken Cornetet [mailto:ken.corne...@kimball.com]
Sent: Friday, January 04, 2013 10:30 AM
To: NT System Admin Issues
Subject: RE: Time sync

We run the Meinberg NTP port as well. We will soon start migrating from VMWare 
(where the Meinberg NTP port works great) to HyperV. Care to elaborate on what 
you mean by "except on HV guests"?

From: Eric Wittersheim [mailto:eric.wittersh...@gmail.com]
Sent: Friday, January 04, 2013 9:24 AM
To: NT System Admin Issues
Subject: Re: Time sync

We run the product from Meinberg.  It works very well except on HV guests.
On Fri, Jan 4, 2013 at 8:10 AM, Richard McClary 
mailto:richard.mccl...@aspca.org>> wrote:
Greetings!

I'm sure I and many others have asked this (but are still stumped).  Ken S's 
reply yesterday pointing to ultimately a chain of TechNet articles has shed 
some light and will start us digging.

Microsoft admits W32Time is sloppy (http://support.microsoft.com/kb/939322) - 
mainly meant to make Kerberos v5 work.

Our issue is, W32Time lets things drift enough for weird things to occur in our 
medical records.

We have a veterinary toxicology consulting hotline.  Because things get out of 
sync a bit, we frequently have medical records opening before a client's 
telephone call is received.

The article referenced above essentially says to go find an alternative to 
W32Time.  NIST has gathered a list of time sync software.  QUESTION:  has 
anyone on the list used (and would recommend) anything on that list to fix the 
"record created prior to the call" situation?  
(http://www.nist.gov/pml/div688/grp40/softwarelist.cfm)

Thank you...
--
richard



The information contained in this e-mail, and any attachments hereto, is from 
The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and 
is intended only for use by the addressee(s) named herein and may contain 
legally privileged and/or confidential information. If you are not the intended 
recipient of this e-mail, you are hereby notified that any dissemination, 
distribution, copying or use of the contents of this e-mail, and any 
attachments hereto, is strictly prohibited. If you have received this e-mail in 
error, please immediately notify me by reply email and permanently delete the 
original and any copy of this e-mail and any printout thereof.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Time sync

[Christopher Bodnar]

How far is your drift? What it the tolerance for drift in the application? 


Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Richard McClary 
To: "NT System Admin Issues" 
Date:   01/04/2013 09:11 AM
Subject:Time sync



Greetings!
 
I’m sure I and many others have asked this (but are still stumped).  Ken 
S’s reply yesterday pointing to ultimately a chain of TechNet articles has 
shed some light and will start us digging.
 
Microsoft admits W32Time is sloppy (http://support.microsoft.com/kb/939322
) – mainly meant to make Kerberos v5 work.
 
Our issue is, W32Time lets things drift enough for weird things to occur 
in our medical records.
 
We have a veterinary toxicology consulting hotline.  Because things get 
out of sync a bit, we frequently have medical records opening before a 
client’s telephone call is received.
 
The article referenced above essentially says to go find an alternative to 
W32Time.  NIST has gathered a list of time sync software.  QUESTION:  has 
anyone on the list used (and would recommend) anything on that list to fix 
the “record created prior to the call” situation?  (
http://www.nist.gov/pml/div688/grp40/softwarelist.cfm) 
 
Thank you…
--
richard
 


The information contained in this e-mail, and any attachments hereto, is 
from The American Society for the Prevention of Cruelty to Animals® 
(ASPCA®) and is intended only for use by the addressee(s) named herein and 
may contain legally privileged and/or confidential information. If you are 
not the intended recipient of this e-mail, you are hereby notified that 
any dissemination, distribution, copying or use of the contents of this 
e-mail, and any attachments hereto, is strictly prohibited. If you have 
received this e-mail in error, please immediately notify me by reply email 
and permanently delete the original and any copy of this e-mail and any 
printout thereof. 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
<>

RE: Time sync

[Kennedy, Jim]

Here is how I do it.

I use the standard domain structure and have the PDC emulator sync to a good 
outside source.  But the one thing I added was a scheduled task on every server 
that runs twice a day to stop and start the time service. That has helped 
dramatically, I can't remember the last time (pun intended) we had a time sync 
issue.

From: Richard McClary [mailto:richard.mccl...@aspca.org]
Sent: Friday, January 04, 2013 9:11 AM
To: NT System Admin Issues
Subject: Time sync

Greetings!

I'm sure I and many others have asked this (but are still stumped).  Ken S's 
reply yesterday pointing to ultimately a chain of TechNet articles has shed 
some light and will start us digging.

Microsoft admits W32Time is sloppy (http://support.microsoft.com/kb/939322) - 
mainly meant to make Kerberos v5 work.

Our issue is, W32Time lets things drift enough for weird things to occur in our 
medical records.

We have a veterinary toxicology consulting hotline.  Because things get out of 
sync a bit, we frequently have medical records opening before a client's 
telephone call is received.

The article referenced above essentially says to go find an alternative to 
W32Time.  NIST has gathered a list of time sync software.  QUESTION:  has 
anyone on the list used (and would recommend) anything on that list to fix the 
"record created prior to the call" situation?  
(http://www.nist.gov/pml/div688/grp40/softwarelist.cfm)

Thank you...
--
richard



The information contained in this e-mail, and any attachments hereto, is from 
The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and 
is intended only for use by the addressee(s) named herein and may contain 
legally privileged and/or confidential information. If you are not the intended 
recipient of this e-mail, you are hereby notified that any dissemination, 
distribution, copying or use of the contents of this e-mail, and any 
attachments hereto, is strictly prohibited. If you have received this e-mail in 
error, please immediately notify me by reply email and permanently delete the 
original and any copy of this e-mail and any printout thereof.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Time sync

[Ken Cornetet]

We run the Meinberg NTP port as well. We will soon start migrating from VMWare 
(where the Meinberg NTP port works great) to HyperV. Care to elaborate on what 
you mean by "except on HV guests"?

From: Eric Wittersheim [mailto:eric.wittersh...@gmail.com]
Sent: Friday, January 04, 2013 9:24 AM
To: NT System Admin Issues
Subject: Re: Time sync

We run the product from Meinberg.  It works very well except on HV guests.
On Fri, Jan 4, 2013 at 8:10 AM, Richard McClary 
mailto:richard.mccl...@aspca.org>> wrote:
Greetings!

I'm sure I and many others have asked this (but are still stumped).  Ken S's 
reply yesterday pointing to ultimately a chain of TechNet articles has shed 
some light and will start us digging.

Microsoft admits W32Time is sloppy (http://support.microsoft.com/kb/939322) - 
mainly meant to make Kerberos v5 work.

Our issue is, W32Time lets things drift enough for weird things to occur in our 
medical records.

We have a veterinary toxicology consulting hotline.  Because things get out of 
sync a bit, we frequently have medical records opening before a client's 
telephone call is received.

The article referenced above essentially says to go find an alternative to 
W32Time.  NIST has gathered a list of time sync software.  QUESTION:  has 
anyone on the list used (and would recommend) anything on that list to fix the 
"record created prior to the call" situation?  
(http://www.nist.gov/pml/div688/grp40/softwarelist.cfm)

Thank you...
--
richard



The information contained in this e-mail, and any attachments hereto, is from 
The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and 
is intended only for use by the addressee(s) named herein and may contain 
legally privileged and/or confidential information. If you are not the intended 
recipient of this e-mail, you are hereby notified that any dissemination, 
distribution, copying or use of the contents of this e-mail, and any 
attachments hereto, is strictly prohibited. If you have received this e-mail in 
error, please immediately notify me by reply email and permanently delete the 
original and any copy of this e-mail and any printout thereof.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Time sync

[Eric Wittersheim]

We run the product from Meinberg.  It works very well except on HV guests.

On Fri, Jan 4, 2013 at 8:10 AM, Richard McClary
wrote:

> Greetings!
>
> ** **
>
> I’m sure I and many others have asked this (but are still stumped).  Ken
> S’s reply yesterday pointing to ultimately a chain of TechNet articles has
> shed some light and will start us digging.
>
> ** **
>
> Microsoft admits W32Time is sloppy (http://support.microsoft.com/kb/939322)
> – mainly meant to make Kerberos v5 work.
>
> ** **
>
> Our issue is, W32Time lets things drift enough for weird things to occur
> in our medical records.
>
> ** **
>
> We have a veterinary toxicology consulting hotline.  Because things get
> out of sync a bit, we frequently have medical records opening before a
> client’s telephone call is received.
>
> ** **
>
> The article referenced above essentially says to go find an alternative to
> W32Time.  NIST has gathered a list of time sync software.  QUESTION:  has
> anyone on the list used (and would recommend) anything on that list to fix
> the “record created prior to the call” situation?  (
> http://www.nist.gov/pml/div688/grp40/softwarelist.cfm) 
>
> ** **
>
> Thank you…
>
> --
>
> richard
>
> ** **
>
>
> The information contained in this e-mail, and any attachments hereto, is
> from The American Society for the Prevention of Cruelty to Animals®
> (ASPCA®) and is intended only for use by the addressee(s) named herein and
> may contain legally privileged and/or confidential information. If you are
> not the intended recipient of this e-mail, you are hereby notified that any
> dissemination, distribution, copying or use of the contents of this e-mail,
> and any attachments hereto, is strictly prohibited. If you have received
> this e-mail in error, please immediately notify me by reply email and
> permanently delete the original and any copy of this e-mail and any
> printout thereof.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Time for new core switches

[Steven M. Caesare]

And we are moving away from them. Lack of reliability, their cost/port
density value is dropping, and they've given us some bad info to make a
sale (S-Series switches can run all ports at line rate... oh.. whoops...
no they can't).
 
-sc
 
From: Derek Harris [mailto:dhar...@panoramaortho.com] 
Sent: Sunday, May 20, 2012 2:55 PM
To: NT System Admin Issues
Subject: RE: Time for new core switches
 
I've been running Enterasys switches exclusively for several years and
am very happy with them http://www.enterasys.com/. Before that, I've had
Cisco, 3Com, & Dell. One cool thing about Enterasys is that the default
configs make sense, like the default QOS settings. 
 
From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Friday, May 18, 2012 10:09 AM
To: NT System Admin Issues
Subject: RE: Time for new core switches
 
http://www.dell.com/us/enterprise/p/force10-z-series
 
In the datacenter.
 
-sc
 
From: Tom Miller [mailto:tmil...@hnncsb.org] 
Sent: Thursday, May 17, 2012 2:31 PM
To: NT System Admin Issues
Subject: Time for new core switches
 
Hi Folks,
 
My core switch bank is a series of 3COM (HP) 1GIG managed switches.
They've worked very well.  I don't think the exact model is made
anymore, so I cannot add to the current bank.
 
Looking at my options, what speeds are you now using for your core
switches:  1 GB, 10, 100?  We don't do any audio or AutoCad type of
things here, but I do have several SANS that are connected to the core.
I haven't run any port stats yet but I will.  
 
What about port size?  Each of these switches has 24 ports.  I could
continue with smaller switches or look for a few switches with many
ports.  I recall seeing a Foundry core switch a few years ago and I
think it had a few hundred ports.  
 
Thoughts?  
 
Tom
 
Confidentiality Notice: This e-mail message, including attachments, is
for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure, or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message. 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
 


This e-mail may contain information that is privileged and confidential,
the disclosure of which is governed by applicable law. If the reader of
this message is not the intended recipient, you are hereby notified that
any dissemination, distribution or copying of the information is
strictly prohibited. E-mail is inherently insecure and Panorama
Orthopedics & Spine Center will not accept responsibility for any
disclosure or loss of information as a result of this electronic
communication.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Time for new core switches

[James Hill]

Haven't used Enterasys for a long time but one thing I really liked about
them was that each line in the config was numbered.  It made it so easy when
removing a bunch of lines as you could just use the negate cmd and specify
the line numbers/range.

 

From: Derek Harris [mailto:dhar...@panoramaortho.com] 
Sent: Monday, 21 May 2012 4:55 AM
To: NT System Admin Issues
Subject: RE: Time for new core switches

 

I've been running Enterasys switches exclusively for several years and am
very happy with them http://www.enterasys.com/. Before that, I've had Cisco,
3Com, & Dell. One cool thing about Enterasys is that the default configs
make sense, like the default QOS settings. 

 

From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Friday, May 18, 2012 10:09 AM
To: NT System Admin Issues
Subject: RE: Time for new core switches

 

http://www.dell.com/us/enterprise/p/force10-z-series

 

In the datacenter.

 

-sc

 

From: Tom Miller [mailto:tmil...@hnncsb.org] 
Sent: Thursday, May 17, 2012 2:31 PM
To: NT System Admin Issues
Subject: Time for new core switches

 

Hi Folks,

 

My core switch bank is a series of 3COM (HP) 1GIG managed switches.  They've
worked very well.  I don't think the exact model is made anymore, so I
cannot add to the current bank.

 

Looking at my options, what speeds are you now using for your core switches:
1 GB, 10, 100?  We don't do any audio or AutoCad type of things here, but I
do have several SANS that are connected to the core.  I haven't run any port
stats yet but I will.  

 

What about port size?  Each of these switches has 24 ports.  I could
continue with smaller switches or look for a few switches with many ports.
I recall seeing a Foundry core switch a few years ago and I think it had a
few hundred ports.  

 

Thoughts?  

 

Tom

 

Confidentiality Notice: This e-mail message, including attachments, is for
the sole use of the intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use, disclosure, or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message. 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

  _  

This e-mail may contain information that is privileged and confidential, the
disclosure of which is governed by applicable law. If the reader of this
message is not the intended recipient, you are hereby notified that any
dissemination, distribution or copying of the information is strictly
prohibited. E-mail is inherently insecure and Panorama Orthopedics & Spine
Center will not accept responsibility for any disclosure or loss of
information as a result of this electronic communication.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Time for new core switches

[Derek Harris]

I’ve been running Enterasys switches exclusively for several years and am very 
happy with them http://www.enterasys.com/. Before that, I’ve had Cisco, 3Com, & 
Dell. One cool thing about Enterasys is that the default configs make sense, 
like the default QOS settings.

From: Steven M. Caesare [mailto:scaes...@caesare.com]
Sent: Friday, May 18, 2012 10:09 AM
To: NT System Admin Issues
Subject: RE: Time for new core switches

http://www.dell.com/us/enterprise/p/force10-z-series

In the datacenter.

-sc

From: Tom Miller [mailto:tmil...@hnncsb.org]<mailto:[mailto:tmil...@hnncsb.org]>
Sent: Thursday, May 17, 2012 2:31 PM
To: NT System Admin Issues
Subject: Time for new core switches

Hi Folks,

My core switch bank is a series of 3COM (HP) 1GIG managed switches.  They've 
worked very well.  I don't think the exact model is made anymore, so I cannot 
add to the current bank.

Looking at my options, what speeds are you now using for your core switches:  1 
GB, 10, 100?  We don't do any audio or AutoCad type of things here, but I do 
have several SANS that are connected to the core.  I haven't run any port stats 
yet but I will.

What about port size?  Each of these switches has 24 ports.  I could continue 
with smaller switches or look for a few switches with many ports.  I recall 
seeing a Foundry core switch a few years ago and I think it had a few hundred 
ports.

Thoughts?

Tom


Confidentiality Notice: This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information. Any unauthorized review, use, disclosure, or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


This e-mail may contain information that is privileged and confidential, the 
disclosure of which is governed by applicable law. If the reader of this 
message is not the intended recipient, you are hereby notified that any 
dissemination, distribution or copying of the information is strictly 
prohibited. E-mail is inherently insecure and Panorama Orthopedics & Spine 
Center will not accept responsibility for any disclosure or loss of information 
as a result of this electronic communication.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Time for new core switches

[Ben Scott]

On Thu, May 17, 2012 at 2:30 PM, Tom Miller  wrote:
> My core switch bank is a series of 3COM (HP) 1GIG managed switches.  They've
> worked very well.  I don't think the exact model is made anymore, so I
> cannot add to the current bank.

  Call HP.  See if they offer a specific migration path for the
model(s) you have.  They may have options that will make your path
forward easier.

  I am a big fan of HP ProCurve switches.  Very cost effective, lots
of features, generally rock-solid operation, lifetime warranty.

> Looking at my options, what speeds are you now using for your core
> switches:  1 GB, 10, 100?

  I can tell you about our needs, but your needs may be entirely
different.  There's no generic answer to this one.  But as food for
thought:

  We're 100 meg to most desktops.  1 gig to servers, between switches,
and to heavy users like IT and CAD people.  Link aggregation (2 x 1
gig) between two switches in the server room.  That meets our needs
for now.

  For new construction, I'm having them run CAT6A between switches, to
allow for 10 gig in the future.  But I'm only running 1 gig on it
presently.  I don't think we will need more than that in the
foreseeable future.

> I do have several SANS that are connected to the core.

  SANs, or disk I/O of any kind, are one of the things that benefits
the most from higher speed links.  Since such uses are often in one
server room, very high speed links are also a lot more practical.  (As
opposed to a whole building, where both distance and old wiring often
hinder speeds => 1 gig).

> I haven't run any port stats yet but I will.

  You should start there.  :-)

> What about port size?  Each of these switches has 24 ports.  I could
> continue with smaller switches or look for a few switches with many ports.

  This depends mostly on the total port count you need.  If you only
need, say, 50 to 100 ports, a modular chassis may well be overkill.

  Stacking smaller switches gives you some fault-tolerance: If you
loose an entire switch, you can move critical stuff to the remaining
switches and drop less important nodes.  Or keep an entire spare
switch on-hand.

  On the downside, stacking smaller switches may make management
harder, as now you have to deal with several entities rather than one
big chassis.  It may also limit your bandwidth: Most modular chassis
platforms offer more backplane bandwidth than you can get using
interconnect cables on stacked switches.  Chassis may also be more
space and power efficient.

> I recall seeing a Foundry core switch a few years ago and I think it had a
> few hundred ports.

  There are switch platforms that support > 1000 ports in a single
chassis.  It's all about what you need.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Time for new core switches

[Ben Scott]

On Thu, May 17, 2012 at 4:06 PM, Kat Aylward Langan
 wrote:
> Have you checked out the products from Extreme Networks?  We just showed at
> Interop and won a bunch of awards, and have also compared VERY favorably to
> many of the more well known vendors.

  Plus they're that cool purple color.  ;-)

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Time for new core switches

[Crawford, Scott]

Big fan of exchange here as well.  We're looking to upgrade, so we might have a 
BlackDiamond 8810 for sale soon :)

From: Kat Aylward Langan [mailto:messagel...@gmail.com]
Sent: Thursday, May 17, 2012 3:07 PM
To: NT System Admin Issues
Subject: Re: Time for new core switches



Have you checked out the products from Extreme Networks?  We just showed at 
Interop and won a bunch of awards, and have also compared VERY favorably to 
many of the more well known vendors.

http://www.extremenetworks.com/products/products-hub.aspx
On Thu, May 17, 2012 at 11:53 AM, Chinnery, Paul 
mailto:pa...@mmcwm.com>> wrote:
I have a Cisco 4510 as core running 1 gig ports.  However, due to hospital 
expansion (including going to VOIP), I am going to upgrade to 10 gig.   Size of 
our org doesn't justify, at this time, going to 40 or 100.

From: Tom Miller [mailto:tmil...@hnncsb.org<mailto:tmil...@hnncsb.org>]
Sent: Thursday, May 17, 2012 2:31 PM
To: NT System Admin Issues
Subject: Time for new core switches

Hi Folks,

My core switch bank is a series of 3COM (HP) 1GIG managed switches.  They've 
worked very well.  I don't think the exact model is made anymore, so I cannot 
add to the current bank.

Looking at my options, what speeds are you now using for your core switches:  1 
GB, 10, 100?  We don't do any audio or AutoCad type of things here, but I do 
have several SANS that are connected to the core.  I haven't run any port stats 
yet but I will.

What about port size?  Each of these switches has 24 ports.  I could continue 
with smaller switches or look for a few switches with many ports.  I recall 
seeing a Foundry core switch a few years ago and I think it had a few hundred 
ports.

Thoughts?

Tom


Confidentiality Notice: This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information. Any unauthorized review, use, disclosure, or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin



--
Kat Aylward Langan

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Time for new core switches

[Kat Aylward Langan]

Have you checked out the products from Extreme Networks?  We just showed at
Interop and won a bunch of awards, and have also compared VERY favorably to
many of the more well known vendors.

http://www.extremenetworks.com/products/products-hub.aspx

On Thu, May 17, 2012 at 11:53 AM, Chinnery, Paul  wrote:

> 
>
> I have a Cisco 4510 as core running 1 gig ports.  However, due to hospital
> expansion (including going to VOIP), I am going to upgrade to 10 gig.
> Size of our org doesn't justify, at this time, going to 40 or 100.
>
> ** **
>
> *From:* Tom Miller [mailto:tmil...@hnncsb.org]
> *Sent:* Thursday, May 17, 2012 2:31 PM
> *To:* NT System Admin Issues
> *Subject:* Time for new core switches
>
> ** **
>
> Hi Folks,
>
>  
>
> My core switch bank is a series of 3COM (HP) 1GIG managed switches.
> They've worked very well.  I don't think the exact model is made anymore,
> so I cannot add to the current bank.
>
>  
>
> Looking at my options, what speeds are you now using for your core
> switches:  1 GB, 10, 100?  We don't do any audio or AutoCad type of things
> here, but I do have several SANS that are connected to the core.  I haven't
> run any port stats yet but I will.  
>
>  
>
> What about port size?  Each of these switches has 24 ports.  I could
> continue with smaller switches or look for a few switches with many ports.
> I recall seeing a Foundry core switch a few years ago and I think it had a
> few hundred ports.  
>
>  
>
> Thoughts?  
>
>  
>
> Tom
>
> ** **
>
> Confidentiality Notice: This e-mail message, including attachments, is for
> the sole use of the intended recipient(s) and may contain confidential and
> privileged information. Any unauthorized review, use, disclosure, or
> distribution is prohibited. If you are not the intended recipient, please
> contact the sender by reply e-mail and destroy all copies of the original
> message. 
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>



-- 
Kat Aylward Langan

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Time for new core switches

[Harry Singh]

I have the same set of switches here and they have been rock solid for over
7 years. I plan on moving forward next year and have been looking at HP and
Force10. It's really hard to beat the lifetime warranty of HP, it's come in
handy more than one since the HP purchase of 3com.

On Thu, May 17, 2012 at 3:09 PM, Tom Miller  wrote:

>  We use the HP 5500G-EI series.  Full management, and I have fiber cards
> in the back to that connect to our buildings here on Campus.   I don't use
> many features, just the common VLAN and dhcp forwarding.
>
> I might just keep with the same series in 10G.  The firmware set is
> different than the 3COM,  hence I can't put them in a single stack.
>
> >>> "Matthew W. Ross"  5/17/2012 2:55 PM >>>
>
> Off the cuff, I'd say HP.
>
> Which model depends on your needs. What switch(es) were you using? Exact
> model please.
>
> Are there additional features you require for this switch? (Layer 3
> routing, Fiber uplinks, etc.)
>
>
> --Matt Ross
> Ephrata School District
>
>
> - Original Message -
> From: Tom Miller
> [mailto:tmil...@hnncsb.org]
> To: NT System Admin Issues
> [mailto:ntsysadmin@lyris.sunbelt-software.com]
> Sent: Thu, 17 May 2012
> 11:30:46 -0700
> Subject: Time for new core switches
>
>
> > Hi Folks,
> >
> > My core switch bank is a series of 3COM (HP) 1GIG managed switches.
> They've
> > worked very well.  I don't think the exact model is made anymore, so I
> > cannot add to the current bank.
> >
> > Looking at my options, what speeds are you now using for your core
> switches:
> >  1 GB, 10, 100?  We don't do any audio or AutoCad type of things here,
> but I
> > do have several SANS that are connected to the core.  I haven't run any
> port
> > stats yet but I will.
> >
> > What about port size?  Each of these switches has 24 ports.  I could
> > continue with smaller switches or look for a few switches with many
> ports.
> > I recall seeing a Foundry core switch a few years ago and I think it had
> a
> > few hundred ports.
> >
> > Thoughts?
> >
> > Tom
> >
> > Confidentiality Notice:  This e-mail message, including attachments, is
> for
> > the sole use of the intended recipient(s) and may contain confidential
> and
> > privileged information.  Any unauthorized review, use, disclosure, or
> > distribution is prohibited.  If you are not the intended recipient,
> please
> > contact the sender by reply e-mail and destroy all copies of the original
> > message.
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~   ~
> >
> > ---
> > To manage subscriptions click here:
> > http://lyris.sunbelt-software.com/read/my_forums/
> > or send an email to listmana...@lyris.sunbeltsoftware.com
> > with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>  Confidentiality Notice: This e-mail message, including attachments, is
> for the sole use of the intended recipient(s) and may contain confidential
> and privileged information. Any unauthorized review, use, disclosure, or
> distribution is prohibited. If you are not the intended recipient, please
> contact the sender by reply e-mail and destroy all copies of the original
> message.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Time for new core switches

[Tom Miller]

We use the HP 5500G-EI series.  Full management, and I have fiber cards in the 
back to that connect to our buildings here on Campus.   I don't use many 
features, just the common VLAN and dhcp forwarding.   
 
I might just keep with the same series in 10G.  The firmware set is different 
than the 3COM,  hence I can't put them in a single stack.

>>> "Matthew W. Ross"  5/17/2012 2:55 PM >>>
Off the cuff, I'd say HP.

Which model depends on your needs. What switch(es) were you using? Exact model 
please.

Are there additional features you require for this switch? (Layer 3 routing, 
Fiber uplinks, etc.)


--Matt Ross
Ephrata School District


- Original Message -
From: Tom Miller
[mailto:tmil...@hnncsb.org]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Thu, 17 May 2012
11:30:46 -0700
Subject: Time for new core switches


> Hi Folks,
>  
> My core switch bank is a series of 3COM (HP) 1GIG managed switches.  They've
> worked very well.  I don't think the exact model is made anymore, so I
> cannot add to the current bank.
>  
> Looking at my options, what speeds are you now using for your core switches:
>  1 GB, 10, 100?  We don't do any audio or AutoCad type of things here, but I
> do have several SANS that are connected to the core.  I haven't run any port
> stats yet but I will.  
>  
> What about port size?  Each of these switches has 24 ports.  I could
> continue with smaller switches or look for a few switches with many ports. 
> I recall seeing a Foundry core switch a few years ago and I think it had a
> few hundred ports.  
>  
> Thoughts?  
>  
> Tom
> 
> Confidentiality Notice:  This e-mail message, including attachments, is for
> the sole use of the intended recipient(s) and may contain confidential and
> privileged information.  Any unauthorized review, use, disclosure, or
> distribution is prohibited.  If you are not the intended recipient, please
> contact the sender by reply e-mail and destroy all copies of the original
> message.
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


Confidentiality Notice:  This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information.  Any unauthorized review, use, disclosure, or 
distribution is prohibited.  If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Time for new core switches

[Matthew W. Ross]

Off the cuff, I'd say HP.

Which model depends on your needs. What switch(es) were you using? Exact model 
please.

Are there additional features you require for this switch? (Layer 3 routing, 
Fiber uplinks, etc.)


--Matt Ross
Ephrata School District


- Original Message -
From: Tom Miller
[mailto:tmil...@hnncsb.org]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Thu, 17 May 2012
11:30:46 -0700
Subject: Time for new core switches


> Hi Folks,
>  
> My core switch bank is a series of 3COM (HP) 1GIG managed switches.  They've
> worked very well.  I don't think the exact model is made anymore, so I
> cannot add to the current bank.
>  
> Looking at my options, what speeds are you now using for your core switches:
>  1 GB, 10, 100?  We don't do any audio or AutoCad type of things here, but I
> do have several SANS that are connected to the core.  I haven't run any port
> stats yet but I will.  
>  
> What about port size?  Each of these switches has 24 ports.  I could
> continue with smaller switches or look for a few switches with many ports. 
> I recall seeing a Foundry core switch a few years ago and I think it had a
> few hundred ports.  
>  
> Thoughts?  
>  
> Tom
> 
> Confidentiality Notice:  This e-mail message, including attachments, is for
> the sole use of the intended recipient(s) and may contain confidential and
> privileged information.  Any unauthorized review, use, disclosure, or
> distribution is prohibited.  If you are not the intended recipient, please
> contact the sender by reply e-mail and destroy all copies of the original
> message.
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Time for new core switches

[Chinnery, Paul]

I have a Cisco 4510 as core running 1 gig ports.  However, due to hospital 
expansion (including going to VOIP), I am going to upgrade to 10 gig.   Size of 
our org doesn't justify, at this time, going to 40 or 100.

From: Tom Miller [mailto:tmil...@hnncsb.org]
Sent: Thursday, May 17, 2012 2:31 PM
To: NT System Admin Issues
Subject: Time for new core switches

Hi Folks,

My core switch bank is a series of 3COM (HP) 1GIG managed switches.  They've 
worked very well.  I don't think the exact model is made anymore, so I cannot 
add to the current bank.

Looking at my options, what speeds are you now using for your core switches:  1 
GB, 10, 100?  We don't do any audio or AutoCad type of things here, but I do 
have several SANS that are connected to the core.  I haven't run any port stats 
yet but I will.

What about port size?  Each of these switches has 24 ports.  I could continue 
with smaller switches or look for a few switches with many ports.  I recall 
seeing a Foundry core switch a few years ago and I think it had a few hundred 
ports.

Thoughts?

Tom


Confidentiality Notice: This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information. Any unauthorized review, use, disclosure, or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: RE: Time to verify your IIS setup

[Steven Peck]

With hosting the price point determines a lot of things.  If you are
on shared hosting then your concern is not just your app and the host,
it's your app, the host security and everyone else' app on the box +
their security practice/knowledge.

If you have your own server, then security is between you and the host
provider and your support agreement.  So you've reduced your surface
down to you and the host (your practices / apps, the hosts
provisioning system and your connectivity, etc).  If your host uses
ftp instead of ssh/scp etc then your vector of vulnerability is
broadened.  If not then reduced, etc.

Really what it comes down to, is know your app and server
configuration and what you can control.

Steven Peck
http://www.blkmtn.org


On Wed, Jun 16, 2010 at 11:58 AM, Andrew S. Baker  wrote:
> Depends on the vendor and the pricepoint.  It's really a mixed bag.
>
> The result is either a lot of properly secured systems, or a boatload of
> insecure ones.
>
> And the clients in need of that outsourcing are usually lacking the skills
> or resources to verify.
>
> -ASB: http://XeeSM.com/AndrewBaker
>
> Sent from my Motorola Droid
>
> On Jun 16, 2010 7:58 AM, "Ziots, Edward"  wrote:
>
> ASB,
>
>
>
> Did you find that outsourced was better or worse than directly managed when
> it came to security of the systems….?
>
>
>
> Z
>
>
>
> Edward Ziots
>
> CISSP,MCSA,MCP+I,Security +,Network +,CCA
>
> Network Engineer
>
> Lifespan Organ...
>
> From: Andrew S. Baker [mailto:asbz...@gmail.com]
> Sent: Wednesday, June 16, 2010 6:19 AM
>
> To: NT System Admin Issues
>
> Subject: Re: Time to verify your IIS setup
>
>
>
> True.    My focus was not on IIS itself, but on whether the owners of the
> affected systems were directly managing the boxes vs outsourced management
> of the boxes.
>
> -ASB: http://XeeSM.com/AndrewBaker
>
> On Tue, Jun 15, 2010 at 7:17 PM, Ziots, Edward  wrote:
>
> Problem is that its not IIS in itself that is the problem is the
> web-application running on IIS th...
>
>
>
> Z
>
>
>
> Edward Ziots
>
> CISSP,MCSA,MCP+I,Security +,Network +,CCA
>
> Network Engineer
>
> Lifespan Organizatio...
>
> From: Andrew S. Baker [mailto:asbz...@gmail.com]
> Sent: Tuesday, June 15, 2010 5:46 PM
>
>
> To: NT System Admin Issues
> Subject: Re: Time to verify your IIS setup
>
>
>
> More important to me is, "How many discrete managers of IIS
> systems/environments does this represent?"
>
>
>
> I mean, on one level, if a single ISP hosting 500 discrete sites for clients
> is a victim, that'...
>
>
> -ASB: http://XeeSM.com/AndrewBaker
>
> On Tue, Jun 15, 2010 at 5:38 PM, Sam Cayze  wrote:
>
> Dang.
> I was just curious...
>
> How many IIS sites are there in the world?  Roughly 780K.  So if the
> ...
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: RE: Time to verify your IIS setup

[Andrew S. Baker]

Depends on the vendor and the pricepoint.  It's really a mixed bag.

The result is either a lot of properly secured systems, or a boatload of
insecure ones.

And the clients in need of that outsourcing are usually lacking the skills
or resources to verify.

-ASB: http://XeeSM.com/AndrewBaker

Sent from my Motorola Droid

On Jun 16, 2010 7:58 AM, "Ziots, Edward"  wrote:

 ASB,



Did you find that outsourced was better or worse than directly managed when
it came to security of the systems….?





Z



Edward Ziots

CISSP,MCSA,MCP+I,Security +,Network +,CCA

Network Engineer

Lifespan Organ...

*From:* Andrew S. Baker [mailto:asbz...@gmail.com]
*Sent:* Wednesday, June 16, 2010 6:19 AM


To: NT System Admin Issues

Subject: Re: Time to verify your IIS setup



True.My focus was not on IIS itself, but on whether the owners of the
affected systems were directly managing the boxes vs outsourced management
of the boxes.


-ASB: http://XeeSM.com/AndrewBaker

On Tue, Jun 15, 2010 at 7:17 PM, Ziots, Edward  wrote:



Problem is that its not IIS in itself that is the problem is the
web-application running on IIS th...



Z





Edward Ziots

CISSP,MCSA,MCP+I,Security +,Network +,CCA

Network Engineer

Lifespan Organizatio...

*From:* Andrew S. Baker [mailto:asbz...@gmail.com]
*Sent:* Tuesday, June 15, 2010 5:46 PM




To: NT System Admin Issues
Subject: Re: Time to verify your IIS setup



More important to me is, "How many discrete managers of IIS
systems/environments does this represent?"





I mean, on one level, if a single ISP hosting 500 discrete sites for clients
is a victim, that'...




-ASB: http://XeeSM.com/AndrewBaker

On Tue, Jun 15, 2010 at 5:38 PM, Sam Cayze  wrote:



Dang.
I was just curious...

How many IIS sites are there in the world?  Roughly 780K.  So if the
...

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Time to verify your IIS setup

[Ziots, Edward]

ASB, 

 

Did you find that outsourced was better or worse than directly managed
when it came to security of the systems?

 

Z

 

Edward Ziots

CISSP,MCSA,MCP+I,Security +,Network +,CCA

Network Engineer

Lifespan Organization

401-639-3505

ezi...@lifespan.org

 

From: Andrew S. Baker [mailto:asbz...@gmail.com] 
Sent: Wednesday, June 16, 2010 6:19 AM
To: NT System Admin Issues
Subject: Re: Time to verify your IIS setup

 

True.My focus was not on IIS itself, but on whether the owners of
the affected systems were directly managing the boxes vs outsourced
management of the boxes.


-ASB: http://XeeSM.com/AndrewBaker



On Tue, Jun 15, 2010 at 7:17 PM, Ziots, Edward 
wrote:

Problem is that its not IIS in itself that is the problem is the
web-application running on IIS that doesn't sanitize its input that is
the problem, that and probably using an Database user account with too
much privileges to access the backend, plus no auditing on the database
backend to track what is being viewed, and on and on...

 

Too bad it takes mass hacks like these to get some peoples attention to
the matter, often too late, after they have been 0wned.

 

Z

 

Edward Ziots

CISSP,MCSA,MCP+I,Security +,Network +,CCA

Network Engineer

Lifespan Organization

401-639-3505

ezi...@lifespan.org

 

From: Andrew S. Baker [mailto:asbz...@gmail.com] 
Sent: Tuesday, June 15, 2010 5:46 PM


To: NT System Admin Issues
Subject: Re: Time to verify your IIS setup

 

More important to me is, "How many discrete managers of IIS
systems/environments does this represent?"

 

I mean, on one level, if a single ISP hosting 500 discrete sites for
clients is a victim, that's not exactly the same thing as those 500
clients failing to manage this risk.

 

On the other hand (and from a more practical standpoint), they're still
victims just the same...


-ASB: http://XeeSM.com/AndrewBaker

On Tue, Jun 15, 2010 at 5:38 PM, Sam Cayze 
wrote:

Dang.
I was just curious...

How many IIS sites are there in the world?  Roughly 780K.  So if the
Sucuri.net's 111K number is accurate, that's about 1 in 7 IIS sites that
are affected.
Yikes.

Source:
http://news.netcraft.com/archives/category/web-server-survey/

(most places on my search pointed to NetCraft having the most accurate
results).

Sam






On Wed, Jun 9, 2010 at 3:43 PM, Kurt Buff  wrote:
> about 111,000 sites infected
>
> http://isc.sans.edu/diary.html?storyid=8935


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Time to verify your IIS setup

[Ziots, Edward]

Might not be with SQLi, but I have heard of some XSS vulnerabilities. 

 

Z

 

Edward Ziots

CISSP,MCSA,MCP+I,Security +,Network +,CCA

Network Engineer

Lifespan Organization

401-639-3505

ezi...@lifespan.org

 

From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Wednesday, June 16, 2010 5:44 AM
To: NT System Admin Issues
Subject: RE: Time to verify your IIS setup

 

I'm not aware that SharePoint is vulnerable to SQL Injection attacks at
all. If you've ever debugged SharePoint, you'll see that most of it uses
OLEDB under the covers with parametised queries.

 

Cheers

Ken

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Wednesday, 16 June 2010 7:10 AM
To: NT System Admin Issues
Subject: RE: Time to verify your IIS setup

 

SQLI and Blind SQLi are fun... You just need to go to some OWASP
meetings, it will start to make a lot of sense, that and scare the
living crap out of you, on how poorly web applications are written and
how much they are relied on to access very sensitive information in the
organization. Plus a poor written web app actually increases your attack
surface within the organization due to the multitude of people that can
hack at the web interface that couldn't do that as easily through
traditional thick client solutions. ( Not saying the Thick client is
better)

 

Now think of how secure or basically insecure your Sharepoint sites are
and possible SQLi/XSS vulnerabilities lying in those beasts, and it
seems to be the new craze in collaboration, but what about the
information stored in the website itself? Who can access should it even
be in Sharepoint? Can you encrypt it at rest? Lots of interesting
scenarios and fun questions abound.. 

 

Now that will make ya head hurt sometimes...

 

EZ

 

Edward Ziots

CISSP,MCSA,MCP+I,Security +,Network +,CCA

Network Engineer

Lifespan Organization

401-639-3505

ezi...@lifespan.org

 

From: David [mailto:blazer...@gmail.com] 
Sent: Tuesday, June 15, 2010 6:50 PM
To: NT System Admin Issues
Subject: Re: Time to verify your IIS setup

 

That just makes my head hurt.

On Tue, Jun 15, 2010 at 3:18 PM, Kurt Buff  wrote:

Here's an update on the issue:

http://blog.armorize.com/2010/06/recent-evolution-of-mass-sql-injection.
html


On Tue, Jun 15, 2010 at 14:45, Andrew S. Baker 
wrote:
> More important to me is, "How many discrete managers of IIS
> systems/environments does this represent?"
> I mean, on one level, if a single ISP hosting 500 discrete sites for
clients
> is a victim, that's not exactly the same thing as those 500 clients
failing
> to manage this risk.
> On the other hand (and from a more practical standpoint), they're
still
> victims just the same...
> -ASB: http://XeeSM.com/AndrewBaker

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: Time to verify your IIS setup

[Andrew S. Baker]

True.My focus was not on IIS itself, but on whether the owners of the
affected systems were directly managing the boxes vs outsourced management
of the boxes.

-ASB: http://XeeSM.com/AndrewBaker


On Tue, Jun 15, 2010 at 7:17 PM, Ziots, Edward  wrote:

>  Problem is that its not IIS in itself that is the problem is the
> web-application running on IIS that doesn’t sanitize its input that is the
> problem, that and probably using an Database user account with too much
> privileges to access the backend, plus no auditing on the database backend
> to track what is being viewed, and on and on…
>
>
>
> Too bad it takes mass hacks like these to get some peoples attention to the
> matter, often too late, after they have been 0wned…..
>
>
>
> Z
>
>
>
> Edward Ziots
>
> CISSP,MCSA,MCP+I,Security +,Network +,CCA
>
> Network Engineer
>
> Lifespan Organization
>
> 401-639-3505
>
> ezi...@lifespan.org
>
>
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Tuesday, June 15, 2010 5:46 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Time to verify your IIS setup
>
>
>
> More important to me is, "How many discrete managers of IIS
> systems/environments does this represent?"
>
>
>
> I mean, on one level, if a single ISP hosting 500 discrete sites for
> clients is a victim, that's not exactly the same thing as those 500 clients
> failing to manage this risk.
>
>
>
> On the other hand (and from a more practical standpoint), they're still
> victims just the same...
>
>
> -ASB: http://XeeSM.com/AndrewBaker
>
>  On Tue, Jun 15, 2010 at 5:38 PM, Sam Cayze 
> wrote:
>
> Dang.
> I was just curious...
>
> How many IIS sites are there in the world?  Roughly 780K.  So if the
> Sucuri.net's 111K number is accurate, that's about 1 in 7 IIS sites that
> are affected.
> Yikes.
>
> Source:
> http://news.netcraft.com/archives/category/web-server-survey/
>
> (most places on my search pointed to NetCraft having the most accurate
> results).
>
> Sam
>
>
>
>
>
>
> On Wed, Jun 9, 2010 at 3:43 PM, Kurt Buff  wrote:
> > about 111,000 sites infected
> >
> > http://isc.sans.edu/diary.html?storyid=8935
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
>
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Time to verify your IIS setup

[Ken Schaefer]

I'm not aware that SharePoint is vulnerable to SQL Injection attacks at all. If 
you've ever debugged SharePoint, you'll see that most of it uses OLEDB under 
the covers with parametised queries.

Cheers
Ken

From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Wednesday, 16 June 2010 7:10 AM
To: NT System Admin Issues
Subject: RE: Time to verify your IIS setup

SQLI and Blind SQLi are fun... You just need to go to some OWASP meetings, it 
will start to make a lot of sense, that and scare the living crap out of you, 
on how poorly web applications are written and how much they are relied on to 
access very sensitive information in the organization. Plus a poor written web 
app actually increases your attack surface within the organization due to the 
multitude of people that can hack at the web interface that couldn't do that as 
easily through traditional thick client solutions. ( Not saying the Thick 
client is better)

Now think of how secure or basically insecure your Sharepoint sites are and 
possible SQLi/XSS vulnerabilities lying in those beasts, and it seems to be the 
new craze in collaboration, but what about the information stored in the 
website itself? Who can access should it even be in Sharepoint? Can you encrypt 
it at rest? Lots of interesting scenarios and fun questions abound..

Now that will make ya head hurt sometimes...

EZ

Edward Ziots
CISSP,MCSA,MCP+I,Security +,Network +,CCA
Network Engineer
Lifespan Organization
401-639-3505
ezi...@lifespan.org<mailto:ezi...@lifespan.org>

From: David [mailto:blazer...@gmail.com]
Sent: Tuesday, June 15, 2010 6:50 PM
To: NT System Admin Issues
Subject: Re: Time to verify your IIS setup

That just makes my head hurt.

On Tue, Jun 15, 2010 at 3:18 PM, Kurt Buff 
mailto:kurt.b...@gmail.com>> wrote:
Here's an update on the issue:

http://blog.armorize.com/2010/06/recent-evolution-of-mass-sql-injection.html

On Tue, Jun 15, 2010 at 14:45, Andrew S. Baker 
mailto:asbz...@gmail.com>> wrote:
> More important to me is, "How many discrete managers of IIS
> systems/environments does this represent?"
> I mean, on one level, if a single ISP hosting 500 discrete sites for clients
> is a victim, that's not exactly the same thing as those 500 clients failing
> to manage this risk.
> On the other hand (and from a more practical standpoint), they're still
> victims just the same...
> -ASB: http://XeeSM.com/AndrewBaker




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: Time to verify your IIS setup

[Ben Scott]

On Tue, Jun 15, 2010 at 7:22 PM, Steven Peck  wrote:
> Yes but then we get these threads bitching about MS IIS instead of
> Crappy web page asp product X

  Yah.  People like to blame obvious targets, even when it doesn't
help (or even hurts).  A number of people in my local Linux User Group
(several of whom really should know better) are convinced the lack of
malware for Linux and Mac OS X is because of some inherent superiority
over MS Windows, and not because of a smaller target population and a
lower percentage of lusers.

  When I point to the new malware emerging for Mac OS X, they tell me
it's just one or two things so far.  I guess that makes it okay if you
get compromised?

  Sigh.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Time to verify your IIS setup

[Steven Peck]

Yes but then we get these threads bitching about MS IIS instead of
Crappy web page asp product X

On Tue, Jun 15, 2010 at 4:17 PM, Ziots, Edward  wrote:
> Problem is that its not IIS in itself that is the problem is the
> web-application running on IIS that doesn’t sanitize its input that is the
> problem, that and probably using an Database user account with too much
> privileges to access the backend, plus no auditing on the database backend
> to track what is being viewed, and on and on…
>
>
>
> Too bad it takes mass hacks like these to get some peoples attention to the
> matter, often too late, after they have been 0wned…..
>
>
>
> Z
>
>
>
> Edward Ziots
>
> CISSP,MCSA,MCP+I,Security +,Network +,CCA
>
> Network Engineer
>
> Lifespan Organization
>
> 401-639-3505
>
> ezi...@lifespan.org
>
>
>
> From: Andrew S. Baker [mailto:asbz...@gmail.com]
> Sent: Tuesday, June 15, 2010 5:46 PM
> To: NT System Admin Issues
> Subject: Re: Time to verify your IIS setup
>
>
>
> More important to me is, "How many discrete managers of IIS
> systems/environments does this represent?"
>
>
>
> I mean, on one level, if a single ISP hosting 500 discrete sites for clients
> is a victim, that's not exactly the same thing as those 500 clients failing
> to manage this risk.
>
>
>
> On the other hand (and from a more practical standpoint), they're still
> victims just the same...
>
> -ASB: http://XeeSM.com/AndrewBaker
>
> On Tue, Jun 15, 2010 at 5:38 PM, Sam Cayze  wrote:
>
> Dang.
> I was just curious...
>
> How many IIS sites are there in the world?  Roughly 780K.  So if the
> Sucuri.net's 111K number is accurate, that's about 1 in 7 IIS sites that
> are affected.
> Yikes.
>
> Source:
> http://news.netcraft.com/archives/category/web-server-survey/
>
> (most places on my search pointed to NetCraft having the most accurate
> results).
>
> Sam
>
>
>
>
> On Wed, Jun 9, 2010 at 3:43 PM, Kurt Buff  wrote:
>> about 111,000 sites infected
>>
>> http://isc.sans.edu/diary.html?storyid=8935
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Time to verify your IIS setup

[Ziots, Edward]

Problem is that its not IIS in itself that is the problem is the
web-application running on IIS that doesn't sanitize its input that is
the problem, that and probably using an Database user account with too
much privileges to access the backend, plus no auditing on the database
backend to track what is being viewed, and on and on...

 

Too bad it takes mass hacks like these to get some peoples attention to
the matter, often too late, after they have been 0wned.

 

Z

 

Edward Ziots

CISSP,MCSA,MCP+I,Security +,Network +,CCA

Network Engineer

Lifespan Organization

401-639-3505

ezi...@lifespan.org

 

From: Andrew S. Baker [mailto:asbz...@gmail.com] 
Sent: Tuesday, June 15, 2010 5:46 PM
To: NT System Admin Issues
Subject: Re: Time to verify your IIS setup

 

More important to me is, "How many discrete managers of IIS
systems/environments does this represent?"

 

I mean, on one level, if a single ISP hosting 500 discrete sites for
clients is a victim, that's not exactly the same thing as those 500
clients failing to manage this risk.

 

On the other hand (and from a more practical standpoint), they're still
victims just the same...


-ASB: http://XeeSM.com/AndrewBaker



On Tue, Jun 15, 2010 at 5:38 PM, Sam Cayze 
wrote:

Dang.
I was just curious...

How many IIS sites are there in the world?  Roughly 780K.  So if the
Sucuri.net's 111K number is accurate, that's about 1 in 7 IIS sites that
are affected.
Yikes.

Source:
http://news.netcraft.com/archives/category/web-server-survey/

(most places on my search pointed to NetCraft having the most accurate
results).

Sam






On Wed, Jun 9, 2010 at 3:43 PM, Kurt Buff  wrote:
> about 111,000 sites infected
>
> http://isc.sans.edu/diary.html?storyid=8935


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Time to verify your IIS setup

[Ziots, Edward]

Definitely a nice write up, but when you comb your IIS logs and set seeing 
DECLARE and CAST statements in the url sequences, you had better be on your 
guard because those are some tell-tale signs of SQLi.. I don’t know of many 
webapplications that are accepting that as INPUT.. so if you have things in 
place like URLSCAN, or WAF's you might want to make sure you drop that type of 
traffic and report on it as possible SQLI accordingly. 

Z

Edward Ziots
CISSP,MCSA,MCP+I,Security +,Network +,CCA
Network Engineer
Lifespan Organization
401-639-3505
ezi...@lifespan.org


-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Tuesday, June 15, 2010 6:19 PM
To: NT System Admin Issues
Subject: Re: Time to verify your IIS setup

Here's an update on the issue:

http://blog.armorize.com/2010/06/recent-evolution-of-mass-sql-injection.html

On Tue, Jun 15, 2010 at 14:45, Andrew S. Baker  wrote:
> More important to me is, "How many discrete managers of IIS
> systems/environments does this represent?"
> I mean, on one level, if a single ISP hosting 500 discrete sites for clients
> is a victim, that's not exactly the same thing as those 500 clients failing
> to manage this risk.
> On the other hand (and from a more practical standpoint), they're still
> victims just the same...
> -ASB: http://XeeSM.com/AndrewBaker
>
>
> On Tue, Jun 15, 2010 at 5:38 PM, Sam Cayze  wrote:
>>
>> Dang.
>> I was just curious...
>>
>> How many IIS sites are there in the world?  Roughly 780K.  So if the
>> Sucuri.net's 111K number is accurate, that's about 1 in 7 IIS sites that
>> are affected.
>> Yikes.
>>
>> Source:
>> http://news.netcraft.com/archives/category/web-server-survey/
>>
>> (most places on my search pointed to NetCraft having the most accurate
>> results).
>>
>> Sam
>>
>>
>>
>>
>>
>> On Wed, Jun 9, 2010 at 3:43 PM, Kurt Buff  wrote:
>> > about 111,000 sites infected
>> >
>> > http://isc.sans.edu/diary.html?storyid=8935
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Time to verify your IIS setup

[Ziots, Edward]

SQLI and Blind SQLi are fun... You just need to go to some OWASP
meetings, it will start to make a lot of sense, that and scare the
living crap out of you, on how poorly web applications are written and
how much they are relied on to access very sensitive information in the
organization. Plus a poor written web app actually increases your attack
surface within the organization due to the multitude of people that can
hack at the web interface that couldn't do that as easily through
traditional thick client solutions. ( Not saying the Thick client is
better)

 

Now think of how secure or basically insecure your Sharepoint sites are
and possible SQLi/XSS vulnerabilities lying in those beasts, and it
seems to be the new craze in collaboration, but what about the
information stored in the website itself? Who can access should it even
be in Sharepoint? Can you encrypt it at rest? Lots of interesting
scenarios and fun questions abound.. 

 

Now that will make ya head hurt sometimes...

 

EZ

 

Edward Ziots

CISSP,MCSA,MCP+I,Security +,Network +,CCA

Network Engineer

Lifespan Organization

401-639-3505

ezi...@lifespan.org

 

From: David [mailto:blazer...@gmail.com] 
Sent: Tuesday, June 15, 2010 6:50 PM
To: NT System Admin Issues
Subject: Re: Time to verify your IIS setup

 

That just makes my head hurt.




On Tue, Jun 15, 2010 at 3:18 PM, Kurt Buff  wrote:

Here's an update on the issue:

http://blog.armorize.com/2010/06/recent-evolution-of-mass-sql-injection.
html


On Tue, Jun 15, 2010 at 14:45, Andrew S. Baker 
wrote:
> More important to me is, "How many discrete managers of IIS
> systems/environments does this represent?"
> I mean, on one level, if a single ISP hosting 500 discrete sites for
clients
> is a victim, that's not exactly the same thing as those 500 clients
failing
> to manage this risk.
> On the other hand (and from a more practical standpoint), they're
still
> victims just the same...
> -ASB: http://XeeSM.com/AndrewBaker
>
>



-- 
David

_

Firearms are second only to the Constitution in importance; 
they are the peoples' liberty's teeth.

~ George Washington

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: Time to verify your IIS setup

[David]

That just makes my head hurt.



On Tue, Jun 15, 2010 at 3:18 PM, Kurt Buff  wrote:

> Here's an update on the issue:
>
>
> http://blog.armorize.com/2010/06/recent-evolution-of-mass-sql-injection.html
>
> On Tue, Jun 15, 2010 at 14:45, Andrew S. Baker  wrote:
> > More important to me is, "How many discrete managers of IIS
> > systems/environments does this represent?"
> > I mean, on one level, if a single ISP hosting 500 discrete sites for
> clients
> > is a victim, that's not exactly the same thing as those 500 clients
> failing
> > to manage this risk.
> > On the other hand (and from a more practical standpoint), they're still
> > victims just the same...
> > -ASB: http://XeeSM.com/AndrewBaker
> >
> >
>

-- 
David

_

Firearms are second only to the Constitution in importance;
they are the peoples' liberty's teeth.

~ George Washington

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Time to verify your IIS setup

[Ben Scott]

On Tue, Jun 15, 2010 at 6:18 PM, Kurt Buff  wrote:
> http://blog.armorize.com/2010/06/recent-evolution-of-mass-sql-injection.html

  So, as usual, the biggest problem is the large amount of server-side
web application software written by people who don't know how to write
secure code.  :-(

  (For those that think I'm just a blind FOSS/Linux supporter: This is
an area where FOSS/Linux does not appear to do any better.  It sucks
everywhere.)

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Time to verify your IIS setup

[Kurt Buff]

Here's an update on the issue:

http://blog.armorize.com/2010/06/recent-evolution-of-mass-sql-injection.html

On Tue, Jun 15, 2010 at 14:45, Andrew S. Baker  wrote:
> More important to me is, "How many discrete managers of IIS
> systems/environments does this represent?"
> I mean, on one level, if a single ISP hosting 500 discrete sites for clients
> is a victim, that's not exactly the same thing as those 500 clients failing
> to manage this risk.
> On the other hand (and from a more practical standpoint), they're still
> victims just the same...
> -ASB: http://XeeSM.com/AndrewBaker
>
>
> On Tue, Jun 15, 2010 at 5:38 PM, Sam Cayze  wrote:
>>
>> Dang.
>> I was just curious...
>>
>> How many IIS sites are there in the world?  Roughly 780K.  So if the
>> Sucuri.net's 111K number is accurate, that's about 1 in 7 IIS sites that
>> are affected.
>> Yikes.
>>
>> Source:
>> http://news.netcraft.com/archives/category/web-server-survey/
>>
>> (most places on my search pointed to NetCraft having the most accurate
>> results).
>>
>> Sam
>>
>>
>>
>>
>>
>> On Wed, Jun 9, 2010 at 3:43 PM, Kurt Buff  wrote:
>> > about 111,000 sites infected
>> >
>> > http://isc.sans.edu/diary.html?storyid=8935
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Time to verify your IIS setup

[Andrew S. Baker]

More important to me is, "How many discrete managers of IIS
systems/environments does this represent?"

I mean, on one level, if a single ISP hosting 500 discrete sites for clients
is a victim, that's not exactly the same thing as those 500 clients failing
to manage this risk.

On the other hand (and from a more practical standpoint), they're still
victims just the same...

-ASB: http://XeeSM.com/AndrewBaker


On Tue, Jun 15, 2010 at 5:38 PM, Sam Cayze  wrote:

> Dang.
> I was just curious...
>
> How many IIS sites are there in the world?  Roughly 780K.  So if the
> Sucuri.net's 111K number is accurate, that's about 1 in 7 IIS sites that
> are affected.
> Yikes.
>
> Source:
> http://news.netcraft.com/archives/category/web-server-survey/
>
> (most places on my search pointed to NetCraft having the most accurate
> results).
>
> Sam
>
>
>
>
>
> On Wed, Jun 9, 2010 at 3:43 PM, Kurt Buff  wrote:
> > about 111,000 sites infected
> >
> > http://isc.sans.edu/diary.html?storyid=8935
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Time to verify your IIS setup

[Sam Cayze]

Dang.
I was just curious...

How many IIS sites are there in the world?  Roughly 780K.  So if the
Sucuri.net's 111K number is accurate, that's about 1 in 7 IIS sites that
are affected.
Yikes.

Source:
http://news.netcraft.com/archives/category/web-server-survey/

(most places on my search pointed to NetCraft having the most accurate
results).

Sam





On Wed, Jun 9, 2010 at 3:43 PM, Kurt Buff  wrote:
> about 111,000 sites infected
>
> http://isc.sans.edu/diary.html?storyid=8935


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Time to verify your IIS setup

[Roger Wright]

Perhaps this will help:
http://www.qualys.com/products/qg_suite/malware_detection/


Die dulci fruere!

Roger Wright
___




On Wed, Jun 9, 2010 at 3:43 PM, Kurt Buff  wrote:
> about 111,000 sites infected
>
> http://isc.sans.edu/diary.html?storyid=8935
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Time to verify your IIS setup

[Micheal Espinola Jr]

Wee!!!

--
ME2


On Wed, Jun 9, 2010 at 12:43 PM, Kurt Buff  wrote:

> about 111,000 sites infected
>
> http://isc.sans.edu/diary.html?storyid=8935
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Time to verify your IIS setup

[Ziots, Edward]

They got an abuse ticket on those IPs and are working to take it down 
accordingly. 

Funny how SQL injection is still at the top of the latest OWASP Top 10, because 
it works soo well, when you don’t use input validation Poor development is 
the culprit...

Z

Edward Ziots
CISSP,MCSA,MCP+I,Security +,Network +,CCA
Network Engineer
Lifespan Organization
401-639-3505
ezi...@lifespan.org


-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Wednesday, June 09, 2010 3:43 PM
To: NT System Admin Issues
Subject: Time to verify your IIS setup

about 111,000 sites infected

http://isc.sans.edu/diary.html?storyid=8935

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Time to verify your IIS setup

[Ziots, Edward]

On the phone with their abuse center right now, talking with a rep about the 
situation, so see if they have calls on it. 

Z

Edward Ziots
CISSP,MCSA,MCP+I,Security +,Network +,CCA
Network Engineer
Lifespan Organization
401-639-3505
ezi...@lifespan.org


-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Wednesday, June 09, 2010 3:43 PM
To: NT System Admin Issues
Subject: Time to verify your IIS setup

about 111,000 sites infected

http://isc.sans.edu/diary.html?storyid=8935

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: time limit software

[Benjamin Zachary - Lists]

So the issue is the job is all computer/phone based, and is about 90%
commission. So a lot of the guys want to sit there 12 hours a day i.e. to
make more money. However, there is obviously an issue with that. If they
cant get their leads on the lead system then they can't work. i.e. the
computer issue. Because it's a high volume sales floor open from 7am - 1am
people come and go as they please. Some guys leave in the day to do personal
stuff, or go to the gym or whatever and come back for evening sales or West
coast sales.

 

They aren't really looking to have them punch in/out since it has no real
effect on their pay. The office would love to just have them work as much as
they wanted, which is what they used to do, but all the new banking
regulations put in place are forcing them to stop working. (Go figure).

 

The idea being now that we had to hire more people to compensate for the
hours. (2 guys at 60hours now is 3 guys at 40 hours) they want to just shut
the user down after XX hours. The logon times option doesn't work either as
described above. I know it exists out there because the old bank we were
working with used it. I just haven't been able to contact them to get the
answer.

 

 

From: James Kerr [mailto:cluster...@gmail.com] 
Sent: Thursday, April 01, 2010 4:46 PM
To: NT System Admin Issues
Subject: Re: time limit software

 

For a grand they could get wasppro time management with a biometric clock.
You can set it to only allow punches between certain hours of the day.

 

James 

- Original Message - 

From: Benjamin Zachary - Lists <mailto:li...@levelfive.us>  

To: NT System Admin Issues <mailto:ntsysadmin@lyris.sunbelt-software.com>  

Sent: Thursday, April 01, 2010 4:09 PM

Subject: time limit software

 

Ive been tasked on finding some software for a small office (40-50 users)
that wants to limit computer usage to 40 hrs / week so no one gets overtime.

 

One of the banks that I consulted with was using it but I never asked what
it was, they included it into AD as a group and would put the computers in
the AD group and they would lock users out at 40 hours.

 

The stuff Im finding just googling is turning up all kind of parental
control stuff which would probably work to start but not a real viable
solution.

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: time limit software

[James Kerr]

For a grand they could get wasppro time management with a biometric clock. You 
can set it to only allow punches between certain hours of the day.

James 
  - Original Message - 
  From: Benjamin Zachary - Lists 
  To: NT System Admin Issues 
  Sent: Thursday, April 01, 2010 4:09 PM
  Subject: time limit software


  Ive been tasked on finding some software for a small office (40-50 users) 
that wants to limit computer usage to 40 hrs / week so no one gets overtime.

   

  One of the banks that I consulted with was using it but I never asked what it 
was, they included it into AD as a group and would put the computers in the AD 
group and they would lock users out at 40 hours.

   

  The stuff Im finding just googling is turning up all kind of parental control 
stuff which would probably work to start but not a real viable solution.

   




 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: time limit software

[Jonathan Link]

And if the OP doesn't mention it, who's left holding the bag when someone
sues for back wages. I imagine the scene going down like so:

Manager: We're being sued for back wages because of this system you
implemented.  Why didn't you tell me this was a consequence of your system?
OP (strangled look on face): Wha?
Manager: Your services are no longer required.

To pose a related problem, do all employees logoff when they go to lunch?
No one browses over lunch hour/break?


On Thu, Apr 1, 2010 at 4:30 PM, Jacob  wrote:

>  “HR / management issue with IT – rarely works out as intended”
>
>
>
> Yea.. but it’s typical.
>
>
>
> *From:* David L Herrick [mailto:davidherr...@nincal.com]
> *Sent:* Thursday, April 01, 2010 1:22 PM
>
> *To:* NT System Admin Issues
> *Subject:* RE: time limit software
>
>
>
> Is your HR/Legal on top of this? In many states, just being booted the
> computer system would not automatically mean they were off the clock.
>
> You are being asked to fix an HR / management issue with IT – rarely works
> out as intended
>
> YMMV
>
>
>
> *From:* Benjamin Zachary - Lists [mailto:li...@levelfive.us]
> *Sent:* Thursday, April 01, 2010 1:10 PM
> *To:* NT System Admin Issues
> *Subject:* time limit software
>
>
>
> Ive been tasked on finding some software for a small office (40-50 users)
> that wants to limit computer usage to 40 hrs / week so no one gets overtime.
>
>
>
> One of the banks that I consulted with was using it but I never asked what
> it was, they included it into AD as a group and would put the computers in
> the AD group and they would lock users out at 40 hours.
>
>
>
> The stuff Im finding just googling is turning up all kind of parental
> control stuff which would probably work to start but not a real viable
> solution.
>
>
>
>
>
>
>
>
>
> Regards,
>
>
>
> David Herrick
>
> Chief Financial Officer - Executive Vice President
> Names in the News
> 1300 Clay St. 11th Floor
> Oakland, CA 94612
> 415 989-3350
> 415 433 7796
> davidherr...@nincal.com
> www.namesinthenews.com
>
>
>
> This email and any attached files are confidential and intended solely for
> the intended recipient(s). If you are not the named recipient you should not
> read, distribute, copy or alter this email. Any views or opinions expressed
> in this email are those of the author and do not represent those of Names in
> the News. Warning: Although precautions have been taken to make sure no
> viruses are present in this email, the company cannot accept responsibility
> for any loss or damage that arise from the use of this email or attachments.
> {*}
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: time limit software

[Jacob]

"HR / management issue with IT - rarely works out as intended"

 

Yea.. but it's typical.

 

From: David L Herrick [mailto:davidherr...@nincal.com] 
Sent: Thursday, April 01, 2010 1:22 PM
To: NT System Admin Issues
Subject: RE: time limit software

 

Is your HR/Legal on top of this? In many states, just being booted the
computer system would not automatically mean they were off the clock. 

You are being asked to fix an HR / management issue with IT - rarely works
out as intended 

YMMV

 

From: Benjamin Zachary - Lists [mailto:li...@levelfive.us] 
Sent: Thursday, April 01, 2010 1:10 PM
To: NT System Admin Issues
Subject: time limit software

 

Ive been tasked on finding some software for a small office (40-50 users)
that wants to limit computer usage to 40 hrs / week so no one gets overtime.

 

One of the banks that I consulted with was using it but I never asked what
it was, they included it into AD as a group and would put the computers in
the AD group and they would lock users out at 40 hours.

 

The stuff Im finding just googling is turning up all kind of parental
control stuff which would probably work to start but not a real viable
solution.

 

 

 

 

Regards,

 

David Herrick

Chief Financial Officer - Executive Vice President
Names in the News
1300 Clay St. 11th Floor
Oakland, CA 94612
415 989-3350
415 433 7796
davidherr...@nincal.com
www.namesinthenews.com 

 

This email and any attached files are confidential and intended solely for
the intended recipient(s). If you are not the named recipient you should not
read, distribute, copy or alter this email. Any views or opinions expressed
in this email are those of the author and do not represent those of Names in
the News. Warning: Although precautions have been taken to make sure no
viruses are present in this email, the company cannot accept responsibility
for any loss or damage that arise from the use of this email or attachments.
{*} 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: time limit software

[David L Herrick]

Is your HR/Legal on top of this? In many states, just being booted the
computer system would not automatically mean they were off the clock. 

You are being asked to fix an HR / management issue with IT - rarely
works out as intended 

YMMV

 

From: Benjamin Zachary - Lists [mailto:li...@levelfive.us] 
Sent: Thursday, April 01, 2010 1:10 PM
To: NT System Admin Issues
Subject: time limit software

 

Ive been tasked on finding some software for a small office (40-50
users) that wants to limit computer usage to 40 hrs / week so no one
gets overtime.

 

One of the banks that I consulted with was using it but I never asked
what it was, they included it into AD as a group and would put the
computers in the AD group and they would lock users out at 40 hours.

 

The stuff Im finding just googling is turning up all kind of parental
control stuff which would probably work to start but not a real viable
solution.

 

 

 



This email and any attached files are confidential and intended solely
for the intended recipient(s). If you are not the named recipient you 
should not read, distribute, copy or alter this email. Any views or
opinions expressed in this email are those of the author and do not
represent those of Names in the News. Warning: Although precautions have been
taken to make sure no viruses are present in this email, the company 
cannot accept responsibility for any loss or damage that arise from the 
use of this email or attachments. 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: time limit software

[Carol Fee]

Can you use the Logon hours in the user properties ?

CFee
From: Benjamin Zachary - Lists [mailto:li...@levelfive.us]
Sent: Thursday, April 01, 2010 4:10 PM
To: NT System Admin Issues
Subject: time limit software

Ive been tasked on finding some software for a small office (40-50 users) that 
wants to limit computer usage to 40 hrs / week so no one gets overtime.

One of the banks that I consulted with was using it but I never asked what it 
was, they included it into AD as a group and would put the computers in the AD 
group and they would lock users out at 40 hours.

The stuff Im finding just googling is turning up all kind of parental control 
stuff which would probably work to start but not a real viable solution.






~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: time limit software

[Jay Dale]

Isn't there an option in AD to set logon time limits?  Or are you just looking 
to track them?

Jay Dale
I.T. Manager, 3GiG
Mobile: 713.299.2541
Email: jay.d...@3-gig.com

Confidentiality Notice: This e-mail, including any attached files, may contain 
confidential and/or privileged information for the sole use of the intended 
recipient. If you are not the intended recipient, you are hereby notified that 
any review, dissemination or copying of this e-mail and attachments, if any, or 
the information contained herein, is strictly prohibited. If you are not the 
intended recipient (or authorized to receive information for the intended 
recipient), please contact the sender by reply e-mail and delete all copies of 
this message.


From: Benjamin Zachary - Lists [mailto:li...@levelfive.us]
Sent: Thursday, April 01, 2010 3:10 PM
To: NT System Admin Issues
Subject: time limit software

Ive been tasked on finding some software for a small office (40-50 users) that 
wants to limit computer usage to 40 hrs / week so no one gets overtime.

One of the banks that I consulted with was using it but I never asked what it 
was, they included it into AD as a group and would put the computers in the AD 
group and they would lock users out at 40 hours.

The stuff Im finding just googling is turning up all kind of parental control 
stuff which would probably work to start but not a real viable solution.






~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Time and Attendance applications

[James Kerr]

I believe these guys meet your requirements (Hand Punch 3000 and ADP). We are 
currently looking at time and attendance systems and these guys have a nice 
product.

http://www.infotronics.com/
  - Original Message - 
  From: John Aldrich 
  To: NT System Admin Issues 
  Sent: Wednesday, February 03, 2010 4:48 PM
  Subject: OT: Time and Attendance applications


  We currently have Kronos for our time and attendance, but due to some 
problems that have started appearing these past few days and the lack of tech 
support by Kronos, we are actively looking at switching to a new time and 
attendance application. We have HandPunch 3000 time clocks and are not looking 
to replace the hardware, only the time and attendance software.

  Wondering if anyone has any recommendations, preferably something that'll 
work with the HP3000 time clocks. J Oh, and our payroll is ADP, so that has to 
be compatible as well. J

   



   




 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<><>

Re: Time

[Jon Harris]

That is a feature that the ASA should have and does not.

Jon

On Fri, Jan 8, 2010 at 2:24 PM, Richard Stovall <
richard.stov...@researchdata.com> wrote:

>  I pulled the trigger on a SonicWall NSA 240 the other day and one of the
> swooftiest features is that you can add an address object as an FQDN.  So in
> this case you could create a rule allowing outbound NTP to pool.ntp.organd it 
> would work no matter which IP is resolved by the query.  I guess you
> would really want to trust your resolvers, but it is a neat feature that my
> old Pixes didn’t have.
>
>
>
> You can also ad MAC addresses as address objects, which is also pretty cool
> for creating static rules for dynamic clients.
>
>
>
> (Please forgive me if these sorts of features are standard now.  I’ve been
> living in antiquated Pix land for too long.)
>
>
>
> So far I’m very happy with this SonicWall device and the support (which I
> raised all kinds of specific questions about before beginning a trial) has
> been superb.  I’ve only really needed support to figure out one thing, but
> they got back to me in a reasonable amount of time and had it resolved in 10
> or 15 minutes.
>
>
> RS
>
>
>
> *From:* Jon Harris [mailto:jk.har...@gmail.com]
> *Sent:* Friday, January 08, 2010 12:40 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Time
>
>
>
> Be advised that pool.ntp.org goes to a bunch of different sources so you
> will have firewall issues unless you watch it carefully or have some kind of
> rule that only allows the PDCe to be the only one going to the ntp port.
>
>
>
> Jon
>
> On Fri, Jan 8, 2010 at 6:19 AM, John Hornbuckle <
> john.hornbuc...@taylor.k12.fl.us> wrote:
>
> I'm convinced!
>
> :-)
>
>
>
>
>
> -Original Message-
> From: Ben Schorr [mailto:b...@rolandschorr.com]
>
> Sent: Thursday, January 07, 2010 5:06 PM
> To: NT System Admin Issues
> Subject: RE: Time
>
> Exactly right.  Takes mere seconds to do it and requires no maintenance.
>
> Ben M. Schorr
> Chief Executive Officer
> Roland Schorr & Tower
> www.rolandschorr.com / www.officeforlawyers.com
> Member: American Bar Association - 01473703
> Author: The Lawyer's Guide to Microsoft Outlook 2007:
> http://tinyurl.com/ol4law-amazon
> Author: The Lawyer's Guide to Microsoft Word 2007:
> http://tinyurl.com/abaword2007
>
>
>
> > -Original Message-
> > From: Carl Houseman [mailto:c.house...@gmail.com]
> > Sent: Thursday, January 07, 2010 11:41 AM
> > To: NT System Admin Issues
> > Subject: RE: Time
> >
> > +1
> >
> > Not to mention, setting this up is almost trivial - at the PDC you
> type one
> > command line and you're done.  The hardest part might be creating a
> rule to
> > allow the NTP protocol out through your firewall.
> >
> > Carl
> >
> > -Original Message-
> > From: Ben Schorr [mailto:b...@rolandschorr.com]
> > Sent: Thursday, January 07, 2010 3:20 PM
> > To: NT System Admin Issues
> > Subject: RE: Time
> >
> > You should point the DC to an external time source just as a matter of
> best
> > practice. I'll echo my colleagues here who use pool.ntp.org.  We set
> all of our
> > clients (companies, I mean) up to sync to that and it works
> beautifully.
> > Everything stays nice and tight and in sync.
> >
> > Ben M. Schorr
> > Chief Executive Officer
> > Roland Schorr & Tower
> > www.rolandschorr.com / www.officeforlawyers.com
> > Member: American Bar Association - 01473703
> > Author: The Lawyer's Guide to Microsoft Outlook 2007:
> > http://tinyurl.com/ol4law-amazon
> > Author: The Lawyer's Guide to Microsoft Word 2007:
> > http://tinyurl.com/abaword2007
> >
> >
> >
> > > -Original Message-
> > > From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> > > Sent: Thursday, January 07, 2010 10:16 AM
> > > To: NT System Admin Issues
> > > Subject: RE: Time
> > >
> > > It may well have been, to be honest. I'm not sure I'd have noticed
> it
> > being 4
> > > minutes off when I first set it up.
> > >
> > > I'll keep an eye on things, and if it keeps losing time I'll
> > definitely look at
> > > pointing it to an external source.
> > >
> > >
> > >
> > > -Original Message-
> > > From: Carl Houseman [mailto:c.house...@gmail.com]
> > > Sent: Thursday, January 07, 2010 2:56 PM
> > > To: NT System Admin Issues
> > > 

RE: Time

[Richard Stovall]

I pulled the trigger on a SonicWall NSA 240 the other day and one of the 
swooftiest features is that you can add an address object as an FQDN.  So in 
this case you could create a rule allowing outbound NTP to pool.ntp.org and it 
would work no matter which IP is resolved by the query.  I guess you would 
really want to trust your resolvers, but it is a neat feature that my old Pixes 
didn’t have.

 

You can also ad MAC addresses as address objects, which is also pretty cool for 
creating static rules for dynamic clients.

 

(Please forgive me if these sorts of features are standard now.  I’ve been 
living in antiquated Pix land for too long.)

 

So far I’m very happy with this SonicWall device and the support (which I 
raised all kinds of specific questions about before beginning a trial) has been 
superb.  I’ve only really needed support to figure out one thing, but they got 
back to me in a reasonable amount of time and had it resolved in 10 or 15 
minutes.


RS

 

From: Jon Harris [mailto:jk.har...@gmail.com] 
Sent: Friday, January 08, 2010 12:40 PM
To: NT System Admin Issues
Subject: Re: Time

 

Be advised that pool.ntp.org goes to a bunch of different sources so you will 
have firewall issues unless you watch it carefully or have some kind of rule 
that only allows the PDCe to be the only one going to the ntp port.

 

Jon

On Fri, Jan 8, 2010 at 6:19 AM, John Hornbuckle 
 wrote:

I'm convinced!

:-)





-Original Message-
From: Ben Schorr [mailto:b...@rolandschorr.com]

Sent: Thursday, January 07, 2010 5:06 PM
To: NT System Admin Issues
Subject: RE: Time

Exactly right.  Takes mere seconds to do it and requires no maintenance.

Ben M. Schorr
Chief Executive Officer
Roland Schorr & Tower
www.rolandschorr.com <http://www.rolandschorr.com/>  / www.officeforlawyers.com 
<http://www.officeforlawyers.com/> 
Member: American Bar Association - 01473703
Author: The Lawyer's Guide to Microsoft Outlook 2007:
http://tinyurl.com/ol4law-amazon
Author: The Lawyer's Guide to Microsoft Word 2007:
http://tinyurl.com/abaword2007



> -Original Message-
> From: Carl Houseman [mailto:c.house...@gmail.com]
> Sent: Thursday, January 07, 2010 11:41 AM
> To: NT System Admin Issues
> Subject: RE: Time
>
> +1
>
> Not to mention, setting this up is almost trivial - at the PDC you
type one
> command line and you're done.  The hardest part might be creating a
rule to
> allow the NTP protocol out through your firewall.
>
> Carl
>
> -Original Message-
> From: Ben Schorr [mailto:b...@rolandschorr.com]
> Sent: Thursday, January 07, 2010 3:20 PM
> To: NT System Admin Issues
> Subject: RE: Time
>
> You should point the DC to an external time source just as a matter of
best
> practice. I'll echo my colleagues here who use pool.ntp.org 
> <http://pool.ntp.org/> .  We set
all of our
> clients (companies, I mean) up to sync to that and it works
beautifully.
> Everything stays nice and tight and in sync.
>
> Ben M. Schorr
> Chief Executive Officer
> Roland Schorr & Tower
> www.rolandschorr.com <http://www.rolandschorr.com/>  / 
> www.officeforlawyers.com <http://www.officeforlawyers.com/> 
> Member: American Bar Association - 01473703
> Author: The Lawyer's Guide to Microsoft Outlook 2007:
> http://tinyurl.com/ol4law-amazon
> Author: The Lawyer's Guide to Microsoft Word 2007:
> http://tinyurl.com/abaword2007
>
>
>
> > -Original Message-
> > From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> > Sent: Thursday, January 07, 2010 10:16 AM
> > To: NT System Admin Issues
> > Subject: RE: Time
> >
> > It may well have been, to be honest. I'm not sure I'd have noticed
it
> being 4
> > minutes off when I first set it up.
> >
> > I'll keep an eye on things, and if it keeps losing time I'll
> definitely look at
> > pointing it to an external source.
> >
> >
> >
> > -Original Message-
> > From: Carl Houseman [mailto:c.house...@gmail.com]
> > Sent: Thursday, January 07, 2010 2:56 PM
> > To: NT System Admin Issues
> > Subject: RE: Time
> >
> > Was your clock of by 4 minutes?  Was it always that way?
> >
> > -Original Message-
> > From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> > Sent: Thursday, January 07, 2010 2:33 PM
> > To: NT System Admin Issues
> > Subject: RE: Time
> >
> > Are servers' internal clocks that flaky?
> >
> > -Original Message-
> > From: Carl Houseman [mailto:c.house...@gmail.com]
> > Sent: Thursday, January 07, 2010 12:51 PM
> > To: NT System Admin Issues
> > Subject: RE: Time
> >
> > You want to set 

Re: Time

[Kurt Buff]

Which is exactly the way I have it - only PDCs allowed out on port 123.

On Fri, Jan 8, 2010 at 09:40, Jon Harris  wrote:
> Be advised that pool.ntp.org goes to a bunch of different sources so you
> will have firewall issues unless you watch it carefully or have some kind of
> rule that only allows the PDCe to be the only one going to the ntp port.
>
> Jon
>
> On Fri, Jan 8, 2010 at 6:19 AM, John Hornbuckle
>  wrote:
>>
>> I'm convinced!
>>
>> :-)
>>
>>
>>
>>
>> -Original Message-
>> From: Ben Schorr [mailto:b...@rolandschorr.com]
>> Sent: Thursday, January 07, 2010 5:06 PM
>> To: NT System Admin Issues
>> Subject: RE: Time
>>
>> Exactly right.  Takes mere seconds to do it and requires no maintenance.
>>
>> Ben M. Schorr
>> Chief Executive Officer
>> Roland Schorr & Tower
>> www.rolandschorr.com / www.officeforlawyers.com
>> Member: American Bar Association - 01473703
>> Author: The Lawyer's Guide to Microsoft Outlook 2007:
>> http://tinyurl.com/ol4law-amazon
>> Author: The Lawyer's Guide to Microsoft Word 2007:
>> http://tinyurl.com/abaword2007
>>
>>
>>
>> > -Original Message-
>> > From: Carl Houseman [mailto:c.house...@gmail.com]
>> > Sent: Thursday, January 07, 2010 11:41 AM
>> > To: NT System Admin Issues
>> > Subject: RE: Time
>> >
>> > +1
>> >
>> > Not to mention, setting this up is almost trivial - at the PDC you
>> type one
>> > command line and you're done.  The hardest part might be creating a
>> rule to
>> > allow the NTP protocol out through your firewall.
>> >
>> > Carl
>> >
>> > -Original Message-
>> > From: Ben Schorr [mailto:b...@rolandschorr.com]
>> > Sent: Thursday, January 07, 2010 3:20 PM
>> > To: NT System Admin Issues
>> > Subject: RE: Time
>> >
>> > You should point the DC to an external time source just as a matter of
>> best
>> > practice. I'll echo my colleagues here who use pool.ntp.org.  We set
>> all of our
>> > clients (companies, I mean) up to sync to that and it works
>> beautifully.
>> > Everything stays nice and tight and in sync.
>> >
>> > Ben M. Schorr
>> > Chief Executive Officer
>> > Roland Schorr & Tower
>> > www.rolandschorr.com / www.officeforlawyers.com
>> > Member: American Bar Association - 01473703
>> > Author: The Lawyer's Guide to Microsoft Outlook 2007:
>> > http://tinyurl.com/ol4law-amazon
>> > Author: The Lawyer's Guide to Microsoft Word 2007:
>> > http://tinyurl.com/abaword2007
>> >
>> >
>> >
>> > > -Original Message-
>> > > From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
>> > > Sent: Thursday, January 07, 2010 10:16 AM
>> > > To: NT System Admin Issues
>> > > Subject: RE: Time
>> > >
>> > > It may well have been, to be honest. I'm not sure I'd have noticed
>> it
>> > being 4
>> > > minutes off when I first set it up.
>> > >
>> > > I'll keep an eye on things, and if it keeps losing time I'll
>> > definitely look at
>> > > pointing it to an external source.
>> > >
>> > >
>> > >
>> > > -Original Message-
>> > > From: Carl Houseman [mailto:c.house...@gmail.com]
>> > > Sent: Thursday, January 07, 2010 2:56 PM
>> > > To: NT System Admin Issues
>> > > Subject: RE: Time
>> > >
>> > > Was your clock of by 4 minutes?  Was it always that way?
>> > >
>> > > -Original Message-
>> > > From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
>> > > Sent: Thursday, January 07, 2010 2:33 PM
>> > > To: NT System Admin Issues
>> > > Subject: RE: Time
>> > >
>> > > Are servers' internal clocks that flaky?
>> > >
>> > > -Original Message-
>> > > From: Carl Houseman [mailto:c.house...@gmail.com]
>> > > Sent: Thursday, January 07, 2010 12:51 PM
>> > > To: NT System Admin Issues
>> > > Subject: RE: Time
>> > >
>> > > You want to set up the PDC to sync time an external NTP source or
>> > you'll be
>> > > doing this manual adjustment on a regular basis...  command lines
>> have
>> > been

RE: Time

[Raper, Jonathan - Eagle]

FYI, Cisco ACS v5 is HIGHLY dependant on time synchronization (v4.2 not as 
much) between ACS, Windows AD, WLC, and Windows Clients in order for 802.1x 
authentication to function. If you're looking to implement ACS version 5 or 5.1 
(just released last month) you had better have your NTP strategy worked out.


Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.commailto:%20jra...@eaglemds.com>
www.eaglemds.comhttp://www.eaglemds.com/>


From: Jon Harris [mailto:jk.har...@gmail.com]
Sent: Friday, January 08, 2010 12:40 PM
To: NT System Admin Issues
Subject: Re: Time

Be advised that pool.ntp.org<http://pool.ntp.org> goes to a bunch of different 
sources so you will have firewall issues unless you watch it carefully or have 
some kind of rule that only allows the PDCe to be the only one going to the ntp 
port.

Jon
On Fri, Jan 8, 2010 at 6:19 AM, John Hornbuckle 
mailto:john.hornbuc...@taylor.k12.fl.us>> 
wrote:
I'm convinced!

:-)




-Original Message-
From: Ben Schorr [mailto:b...@rolandschorr.com<mailto:b...@rolandschorr.com>]
Sent: Thursday, January 07, 2010 5:06 PM
To: NT System Admin Issues
Subject: RE: Time

Exactly right.  Takes mere seconds to do it and requires no maintenance.

Ben M. Schorr
Chief Executive Officer
Roland Schorr & Tower
www.rolandschorr.com<http://www.rolandschorr.com/> / 
www.officeforlawyers.com<http://www.officeforlawyers.com/>
Member: American Bar Association - 01473703
Author: The Lawyer's Guide to Microsoft Outlook 2007:
http://tinyurl.com/ol4law-amazon
Author: The Lawyer's Guide to Microsoft Word 2007:
http://tinyurl.com/abaword2007



> -Original Message-
> From: Carl Houseman [mailto:c.house...@gmail.com<mailto:c.house...@gmail.com>]
> Sent: Thursday, January 07, 2010 11:41 AM
> To: NT System Admin Issues
> Subject: RE: Time
>
> +1
>
> Not to mention, setting this up is almost trivial - at the PDC you
type one
> command line and you're done.  The hardest part might be creating a
rule to
> allow the NTP protocol out through your firewall.
>
> Carl
>
> -Original Message-
> From: Ben Schorr [mailto:b...@rolandschorr.com<mailto:b...@rolandschorr.com>]
> Sent: Thursday, January 07, 2010 3:20 PM
> To: NT System Admin Issues
> Subject: RE: Time
>
> You should point the DC to an external time source just as a matter of
best
> practice. I'll echo my colleagues here who use 
> pool.ntp.org<http://pool.ntp.org/>.  We set
all of our
> clients (companies, I mean) up to sync to that and it works
beautifully.
> Everything stays nice and tight and in sync.
>
> Ben M. Schorr
> Chief Executive Officer
> Roland Schorr & Tower
> www.rolandschorr.com<http://www.rolandschorr.com/> / 
> www.officeforlawyers.com<http://www.officeforlawyers.com/>
> Member: American Bar Association - 01473703
> Author: The Lawyer's Guide to Microsoft Outlook 2007:
> http://tinyurl.com/ol4law-amazon
> Author: The Lawyer's Guide to Microsoft Word 2007:
> http://tinyurl.com/abaword2007
>
>
>
> > -Original Message-
> > From: John Hornbuckle 
> > [mailto:john.hornbuc...@taylor.k12.fl.us<mailto:john.hornbuc...@taylor.k12.fl.us>]
> > Sent: Thursday, January 07, 2010 10:16 AM
> > To: NT System Admin Issues
> > Subject: RE: Time
> >
> > It may well have been, to be honest. I'm not sure I'd have noticed
it
> being 4
> > minutes off when I first set it up.
> >
> > I'll keep an eye on things, and if it keeps losing time I'll
> definitely look at
> > pointing it to an external source.
> >
> >
> >
> > -Original Message-
> > From: Carl Houseman 
> > [mailto:c.house...@gmail.com<mailto:c.house...@gmail.com>]
> > Sent: Thursday, January 07, 2010 2:56 PM
> > To: NT System Admin Issues
> > Subject: RE: Time
> >
> > Was your clock of by 4 minutes?  Was it always that way?
> >
> > -Original Message-
> > From: John Hornbuckle 
> > [mailto:john.hornbuc...@taylor.k12.fl.us<mailto:john.hornbuc...@taylor.k12.fl.us>]
> > Sent: Thursday, January 07, 2010 2:33 PM
> > To: NT System Admin Issues
> > Subject: RE: Time
> >
> > Are servers' internal clocks that flaky?
> >
> > -Original Message-
> > From: Carl Houseman 
> > [mailto:c.house...@gmail.com<mailto:c.house...@gmail.com>]
> > Sent: Thursday, January 07, 2010 12:51 PM
> > To: NT System Admin Issues
> > Subject: RE: Time
> >
> > You want to set up the PDC to sync time an external NTP source or
> you'll be
&

Re: Time

[Jon Harris]

Be advised that pool.ntp.org goes to a bunch of different sources so you
will have firewall issues unless you watch it carefully or have some kind of
rule that only allows the PDCe to be the only one going to the ntp port.

Jon

On Fri, Jan 8, 2010 at 6:19 AM, John Hornbuckle <
john.hornbuc...@taylor.k12.fl.us> wrote:

> I'm convinced!
>
> :-)
>
>
>
>
> -Original Message-
> From: Ben Schorr [mailto:b...@rolandschorr.com]
>  Sent: Thursday, January 07, 2010 5:06 PM
> To: NT System Admin Issues
> Subject: RE: Time
>
> Exactly right.  Takes mere seconds to do it and requires no maintenance.
>
> Ben M. Schorr
> Chief Executive Officer
> Roland Schorr & Tower
> www.rolandschorr.com / www.officeforlawyers.com
> Member: American Bar Association - 01473703
> Author: The Lawyer's Guide to Microsoft Outlook 2007:
> http://tinyurl.com/ol4law-amazon
> Author: The Lawyer's Guide to Microsoft Word 2007:
> http://tinyurl.com/abaword2007
>
>
>
> > -Original Message-
> > From: Carl Houseman [mailto:c.house...@gmail.com]
> > Sent: Thursday, January 07, 2010 11:41 AM
> > To: NT System Admin Issues
> > Subject: RE: Time
> >
> > +1
> >
> > Not to mention, setting this up is almost trivial - at the PDC you
> type one
> > command line and you're done.  The hardest part might be creating a
> rule to
> > allow the NTP protocol out through your firewall.
> >
> > Carl
> >
> > -Original Message-
> > From: Ben Schorr [mailto:b...@rolandschorr.com]
> > Sent: Thursday, January 07, 2010 3:20 PM
> > To: NT System Admin Issues
> > Subject: RE: Time
> >
> > You should point the DC to an external time source just as a matter of
> best
> > practice. I'll echo my colleagues here who use pool.ntp.org.  We set
> all of our
> > clients (companies, I mean) up to sync to that and it works
> beautifully.
> > Everything stays nice and tight and in sync.
> >
> > Ben M. Schorr
> > Chief Executive Officer
> > Roland Schorr & Tower
> > www.rolandschorr.com / www.officeforlawyers.com
> > Member: American Bar Association - 01473703
> > Author: The Lawyer's Guide to Microsoft Outlook 2007:
> > http://tinyurl.com/ol4law-amazon
> > Author: The Lawyer's Guide to Microsoft Word 2007:
> > http://tinyurl.com/abaword2007
> >
> >
> >
> > > -Original Message-
> > > From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> > > Sent: Thursday, January 07, 2010 10:16 AM
> > > To: NT System Admin Issues
> > > Subject: RE: Time
> > >
> > > It may well have been, to be honest. I'm not sure I'd have noticed
> it
> > being 4
> > > minutes off when I first set it up.
> > >
> > > I'll keep an eye on things, and if it keeps losing time I'll
> > definitely look at
> > > pointing it to an external source.
> > >
> > >
> > >
> > > -Original Message-
> > > From: Carl Houseman [mailto:c.house...@gmail.com]
> > > Sent: Thursday, January 07, 2010 2:56 PM
> > > To: NT System Admin Issues
> > > Subject: RE: Time
> > >
> > > Was your clock of by 4 minutes?  Was it always that way?
> > >
> > > -Original Message-
> > > From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> > > Sent: Thursday, January 07, 2010 2:33 PM
> > > To: NT System Admin Issues
> > > Subject: RE: Time
> > >
> > > Are servers' internal clocks that flaky?
> > >
> > > -Original Message-
> > > From: Carl Houseman [mailto:c.house...@gmail.com]
> > > Sent: Thursday, January 07, 2010 12:51 PM
> > > To: NT System Admin Issues
> > > Subject: RE: Time
> > >
> > > You want to set up the PDC to sync time an external NTP source or
> > you'll be
> > > doing this manual adjustment on a regular basis...  command lines
> have
> > been
> > > previously suggested to do just that.
> > >
> > > Carl
> > >
> > > -Original Message-
> > > From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> > > Sent: Thursday, January 07, 2010 12:29 PM
> > > To: NT System Admin Issues
> > > Subject: RE: Time
> > >
> > > Thanks to everyone for the info. I found that the PDC machine time
> was
> > four
> > > minutes off. It looks to have been using its own internal clock, and
> I
> > gu

RE: Time

[John Hornbuckle]

I'm convinced!

:-)




-Original Message-
From: Ben Schorr [mailto:b...@rolandschorr.com] 
Sent: Thursday, January 07, 2010 5:06 PM
To: NT System Admin Issues
Subject: RE: Time

Exactly right.  Takes mere seconds to do it and requires no maintenance.

Ben M. Schorr
Chief Executive Officer
Roland Schorr & Tower
www.rolandschorr.com / www.officeforlawyers.com 
Member: American Bar Association - 01473703
Author: The Lawyer's Guide to Microsoft Outlook 2007:
http://tinyurl.com/ol4law-amazon 
Author: The Lawyer's Guide to Microsoft Word 2007:
http://tinyurl.com/abaword2007   



> -Original Message-
> From: Carl Houseman [mailto:c.house...@gmail.com]
> Sent: Thursday, January 07, 2010 11:41 AM
> To: NT System Admin Issues
> Subject: RE: Time
> 
> +1
> 
> Not to mention, setting this up is almost trivial - at the PDC you
type one
> command line and you're done.  The hardest part might be creating a
rule to
> allow the NTP protocol out through your firewall.
> 
> Carl
> 
> -Original Message-
> From: Ben Schorr [mailto:b...@rolandschorr.com]
> Sent: Thursday, January 07, 2010 3:20 PM
> To: NT System Admin Issues
> Subject: RE: Time
> 
> You should point the DC to an external time source just as a matter of
best
> practice. I'll echo my colleagues here who use pool.ntp.org.  We set
all of our
> clients (companies, I mean) up to sync to that and it works
beautifully.
> Everything stays nice and tight and in sync.
> 
> Ben M. Schorr
> Chief Executive Officer
> Roland Schorr & Tower
> www.rolandschorr.com / www.officeforlawyers.com
> Member: American Bar Association - 01473703
> Author: The Lawyer's Guide to Microsoft Outlook 2007:
> http://tinyurl.com/ol4law-amazon
> Author: The Lawyer's Guide to Microsoft Word 2007:
> http://tinyurl.com/abaword2007
> 
> 
> 
> > -Original Message-
> > From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> > Sent: Thursday, January 07, 2010 10:16 AM
> > To: NT System Admin Issues
> > Subject: RE: Time
> >
> > It may well have been, to be honest. I'm not sure I'd have noticed
it
> being 4
> > minutes off when I first set it up.
> >
> > I'll keep an eye on things, and if it keeps losing time I'll
> definitely look at
> > pointing it to an external source.
> >
> >
> >
> > -Original Message-
> > From: Carl Houseman [mailto:c.house...@gmail.com]
> > Sent: Thursday, January 07, 2010 2:56 PM
> > To: NT System Admin Issues
> > Subject: RE: Time
> >
> > Was your clock of by 4 minutes?  Was it always that way?
> >
> > -Original Message-
> > From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> > Sent: Thursday, January 07, 2010 2:33 PM
> > To: NT System Admin Issues
> > Subject: RE: Time
> >
> > Are servers' internal clocks that flaky?
> >
> > -Original Message-
> > From: Carl Houseman [mailto:c.house...@gmail.com]
> > Sent: Thursday, January 07, 2010 12:51 PM
> > To: NT System Admin Issues
> > Subject: RE: Time
> >
> > You want to set up the PDC to sync time an external NTP source or
> you'll be
> > doing this manual adjustment on a regular basis...  command lines
have
> been
> > previously suggested to do just that.
> >
> > Carl
> >
> > -Original Message-
> > From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> > Sent: Thursday, January 07, 2010 12:29 PM
> > To: NT System Admin Issues
> > Subject: RE: Time
> >
> > Thanks to everyone for the info. I found that the PDC machine time
was
> four
> > minutes off. It looks to have been using its own internal clock, and
I
> guess
> > that was off. I adjusted it, then after a few minutes checked my
> site's DC and
> > found that it had updated to the correct time, then a bit later my
> machine
> > had done the same. So presumably all DCs and workstations on the
> network
> > will by correct soon.
> >
> > -Original Message-
> > From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> > Sent: Thursday, January 07, 2010 9:37 AM
> > To: NT System Admin Issues
> > Subject: Time
> >
> > I received a complaint from one of my users that the time on her
> computer is
> > four minutes behind actual time. And she's right--I've noticed
myself
> that all
> > of our computers are four minutes behind.
> >
> > I've never messed with the time features in Windows, so I'm not sure
> how to
> > correct this. From wh

RE: Time

[Ben Schorr]

Exactly right.  Takes mere seconds to do it and requires no maintenance.

Ben M. Schorr
Chief Executive Officer
Roland Schorr & Tower
www.rolandschorr.com / www.officeforlawyers.com 
Member: American Bar Association - 01473703
Author: The Lawyer's Guide to Microsoft Outlook 2007:
http://tinyurl.com/ol4law-amazon 
Author: The Lawyer's Guide to Microsoft Word 2007:
http://tinyurl.com/abaword2007   



> -Original Message-
> From: Carl Houseman [mailto:c.house...@gmail.com]
> Sent: Thursday, January 07, 2010 11:41 AM
> To: NT System Admin Issues
> Subject: RE: Time
> 
> +1
> 
> Not to mention, setting this up is almost trivial - at the PDC you
type one
> command line and you're done.  The hardest part might be creating a
rule to
> allow the NTP protocol out through your firewall.
> 
> Carl
> 
> -Original Message-
> From: Ben Schorr [mailto:b...@rolandschorr.com]
> Sent: Thursday, January 07, 2010 3:20 PM
> To: NT System Admin Issues
> Subject: RE: Time
> 
> You should point the DC to an external time source just as a matter of
best
> practice. I'll echo my colleagues here who use pool.ntp.org.  We set
all of our
> clients (companies, I mean) up to sync to that and it works
beautifully.
> Everything stays nice and tight and in sync.
> 
> Ben M. Schorr
> Chief Executive Officer
> Roland Schorr & Tower
> www.rolandschorr.com / www.officeforlawyers.com
> Member: American Bar Association - 01473703
> Author: The Lawyer's Guide to Microsoft Outlook 2007:
> http://tinyurl.com/ol4law-amazon
> Author: The Lawyer's Guide to Microsoft Word 2007:
> http://tinyurl.com/abaword2007
> 
> 
> 
> > -Original Message-
> > From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> > Sent: Thursday, January 07, 2010 10:16 AM
> > To: NT System Admin Issues
> > Subject: RE: Time
> >
> > It may well have been, to be honest. I'm not sure I'd have noticed
it
> being 4
> > minutes off when I first set it up.
> >
> > I'll keep an eye on things, and if it keeps losing time I'll
> definitely look at
> > pointing it to an external source.
> >
> >
> >
> > -Original Message-
> > From: Carl Houseman [mailto:c.house...@gmail.com]
> > Sent: Thursday, January 07, 2010 2:56 PM
> > To: NT System Admin Issues
> > Subject: RE: Time
> >
> > Was your clock of by 4 minutes?  Was it always that way?
> >
> > -Original Message-
> > From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> > Sent: Thursday, January 07, 2010 2:33 PM
> > To: NT System Admin Issues
> > Subject: RE: Time
> >
> > Are servers' internal clocks that flaky?
> >
> > -Original Message-
> > From: Carl Houseman [mailto:c.house...@gmail.com]
> > Sent: Thursday, January 07, 2010 12:51 PM
> > To: NT System Admin Issues
> > Subject: RE: Time
> >
> > You want to set up the PDC to sync time an external NTP source or
> you'll be
> > doing this manual adjustment on a regular basis...  command lines
have
> been
> > previously suggested to do just that.
> >
> > Carl
> >
> > -Original Message-
> > From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> > Sent: Thursday, January 07, 2010 12:29 PM
> > To: NT System Admin Issues
> > Subject: RE: Time
> >
> > Thanks to everyone for the info. I found that the PDC machine time
was
> four
> > minutes off. It looks to have been using its own internal clock, and
I
> guess
> > that was off. I adjusted it, then after a few minutes checked my
> site's DC and
> > found that it had updated to the correct time, then a bit later my
> machine
> > had done the same. So presumably all DCs and workstations on the
> network
> > will by correct soon.
> >
> > -Original Message-
> > From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> > Sent: Thursday, January 07, 2010 9:37 AM
> > To: NT System Admin Issues
> > Subject: Time
> >
> > I received a complaint from one of my users that the time on her
> computer is
> > four minutes behind actual time. And she's right--I've noticed
myself
> that all
> > of our computers are four minutes behind.
> >
> > I've never messed with the time features in Windows, so I'm not sure
> how to
> > correct this. From what I can tell, it client machines update their
> time from
> > their site's domain controller. Since this is happening at multiple
> sites, the
> > time on all sites' 

Re: Time

[Kurt Buff]

Let me expand upon that.

NTP is your friend unless you have a local time synch source, such as
a GPS unit or radio unit that provides network or serial port synch.

Kurt

On Thu, Jan 7, 2010 at 11:32, John Hornbuckle
 wrote:
> Are servers' internal clocks that flaky?
>
>
>
> -Original Message-
> From: Carl Houseman [mailto:c.house...@gmail.com]
> Sent: Thursday, January 07, 2010 12:51 PM
> To: NT System Admin Issues
> Subject: RE: Time
>
> You want to set up the PDC to sync time an external NTP source or you'll be
> doing this manual adjustment on a regular basis...  command lines have been
> previously suggested to do just that.
>
> Carl
>
> -Original Message-
> From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> Sent: Thursday, January 07, 2010 12:29 PM
> To: NT System Admin Issues
> Subject: RE: Time
>
> Thanks to everyone for the info. I found that the PDC machine time was four
> minutes off. It looks to have been using its own internal clock, and I guess
> that was off. I adjusted it, then after a few minutes checked my site's DC
> and found that it had updated to the correct time, then a bit later my
> machine had done the same. So presumably all DCs and workstations on the
> network will by correct soon.
>
> -Original Message-
> From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> Sent: Thursday, January 07, 2010 9:37 AM
> To: NT System Admin Issues
> Subject: Time
>
> I received a complaint from one of my users that the time on her computer is
> four minutes behind actual time. And she's right--I've noticed myself that
> all of our computers are four minutes behind.
>
> I've never messed with the time features in Windows, so I'm not sure how to
> correct this. From what I can tell, it client machines update their time
> from their site's domain controller. Since this is happening at multiple
> sites, the time on all sites' DCs appears to be four minutes behind. But
> where do the domain controllers get THEIR time from?
>
>
> John Hornbuckle
> MIS Department
> Taylor County School District
> www.taylor.k12.fl.us
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
>
> NOTICE: Florida has a broad public records law. Most written communications 
> to or from this entity are public records that will be disclosed to the 
> public and the media upon request. E-mail communications may be subject to 
> public disclosure.
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: Time

[Kurt Buff]

Yes. NTP is your friend.

On Thu, Jan 7, 2010 at 11:32, John Hornbuckle
 wrote:
> Are servers' internal clocks that flaky?
>
>
>
> -Original Message-
> From: Carl Houseman [mailto:c.house...@gmail.com]
> Sent: Thursday, January 07, 2010 12:51 PM
> To: NT System Admin Issues
> Subject: RE: Time
>
> You want to set up the PDC to sync time an external NTP source or you'll be
> doing this manual adjustment on a regular basis...  command lines have been
> previously suggested to do just that.
>
> Carl
>
> -Original Message-
> From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> Sent: Thursday, January 07, 2010 12:29 PM
> To: NT System Admin Issues
> Subject: RE: Time
>
> Thanks to everyone for the info. I found that the PDC machine time was four
> minutes off. It looks to have been using its own internal clock, and I guess
> that was off. I adjusted it, then after a few minutes checked my site's DC
> and found that it had updated to the correct time, then a bit later my
> machine had done the same. So presumably all DCs and workstations on the
> network will by correct soon.
>
> -Original Message-
> From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> Sent: Thursday, January 07, 2010 9:37 AM
> To: NT System Admin Issues
> Subject: Time
>
> I received a complaint from one of my users that the time on her computer is
> four minutes behind actual time. And she's right--I've noticed myself that
> all of our computers are four minutes behind.
>
> I've never messed with the time features in Windows, so I'm not sure how to
> correct this. From what I can tell, it client machines update their time
> from their site's domain controller. Since this is happening at multiple
> sites, the time on all sites' DCs appears to be four minutes behind. But
> where do the domain controllers get THEIR time from?
>
>
> John Hornbuckle
> MIS Department
> Taylor County School District
> www.taylor.k12.fl.us
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
>
> NOTICE: Florida has a broad public records law. Most written communications 
> to or from this entity are public records that will be disclosed to the 
> public and the media upon request. E-mail communications may be subject to 
> public disclosure.
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Time

[Carl Houseman]

+1

Not to mention, setting this up is almost trivial - at the PDC you type one
command line and you're done.  The hardest part might be creating a rule to
allow the NTP protocol out through your firewall.

Carl

-Original Message-
From: Ben Schorr [mailto:b...@rolandschorr.com] 
Sent: Thursday, January 07, 2010 3:20 PM
To: NT System Admin Issues
Subject: RE: Time

You should point the DC to an external time source just as a matter of
best practice. I'll echo my colleagues here who use pool.ntp.org.  We
set all of our clients (companies, I mean) up to sync to that and it
works beautifully.  Everything stays nice and tight and in sync.

Ben M. Schorr
Chief Executive Officer
Roland Schorr & Tower
www.rolandschorr.com / www.officeforlawyers.com 
Member: American Bar Association - 01473703
Author: The Lawyer's Guide to Microsoft Outlook 2007:
http://tinyurl.com/ol4law-amazon 
Author: The Lawyer's Guide to Microsoft Word 2007:
http://tinyurl.com/abaword2007   



> -Original Message-
> From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> Sent: Thursday, January 07, 2010 10:16 AM
> To: NT System Admin Issues
> Subject: RE: Time
> 
> It may well have been, to be honest. I'm not sure I'd have noticed it
being 4
> minutes off when I first set it up.
> 
> I'll keep an eye on things, and if it keeps losing time I'll
definitely look at
> pointing it to an external source.
> 
> 
> 
> -Original Message-
> From: Carl Houseman [mailto:c.house...@gmail.com]
> Sent: Thursday, January 07, 2010 2:56 PM
> To: NT System Admin Issues
> Subject: RE: Time
> 
> Was your clock of by 4 minutes?  Was it always that way?
> 
> -Original Message-
> From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> Sent: Thursday, January 07, 2010 2:33 PM
> To: NT System Admin Issues
> Subject: RE: Time
> 
> Are servers' internal clocks that flaky?
> 
> -Original Message-----
> From: Carl Houseman [mailto:c.house...@gmail.com]
> Sent: Thursday, January 07, 2010 12:51 PM
> To: NT System Admin Issues
> Subject: RE: Time
> 
> You want to set up the PDC to sync time an external NTP source or
you'll be
> doing this manual adjustment on a regular basis...  command lines have
been
> previously suggested to do just that.
> 
> Carl
> 
> -----Original Message-
> From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> Sent: Thursday, January 07, 2010 12:29 PM
> To: NT System Admin Issues
> Subject: RE: Time
> 
> Thanks to everyone for the info. I found that the PDC machine time was
four
> minutes off. It looks to have been using its own internal clock, and I
guess
> that was off. I adjusted it, then after a few minutes checked my
site's DC and
> found that it had updated to the correct time, then a bit later my
machine
> had done the same. So presumably all DCs and workstations on the
network
> will by correct soon.
> 
> -Original Message-
> From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> Sent: Thursday, January 07, 2010 9:37 AM
> To: NT System Admin Issues
> Subject: Time
> 
> I received a complaint from one of my users that the time on her
computer is
> four minutes behind actual time. And she's right--I've noticed myself
that all
> of our computers are four minutes behind.
> 
> I've never messed with the time features in Windows, so I'm not sure
how to
> correct this. From what I can tell, it client machines update their
time from
> their site's domain controller. Since this is happening at multiple
sites, the
> time on all sites' DCs appears to be four minutes behind. But where do
the
> domain controllers get THEIR time from?
> 
> 
> John Hornbuckle
> MIS Department
> Taylor County School District
> www.taylor.k12.fl.us
> 
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> 
> 
> NOTICE: Florida has a broad public records law. Most written
communications
> to or from this entity are public records that will be disclosed to
the public
> and the media upon request. E-mail communications may be subject to
> public disclosure.
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: Time

[Steven Peck]

While for authentication purposes it is necessary to be in sync and
consistent with your own domain, it can be useful to be somewhat in
sync with the rest of the world.  Messaging, cell phones, etc being
close enough to the same prevents questions like, why is my
workstation 4 minutes off.  Automation with an external source helps
with this.

Steven

On Thu, Jan 7, 2010 at 12:19 PM, Ben Schorr  wrote:
> You should point the DC to an external time source just as a matter of
> best practice. I'll echo my colleagues here who use pool.ntp.org.  We
> set all of our clients (companies, I mean) up to sync to that and it
> works beautifully.  Everything stays nice and tight and in sync.
>
> Ben M. Schorr
> Chief Executive Officer
> Roland Schorr & Tower
> www.rolandschorr.com / www.officeforlawyers.com
> Member: American Bar Association - 01473703
> Author: The Lawyer's Guide to Microsoft Outlook 2007:
> http://tinyurl.com/ol4law-amazon
> Author: The Lawyer's Guide to Microsoft Word 2007:
> http://tinyurl.com/abaword2007
>
>
>
>> -Original Message-
>> From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
>> Sent: Thursday, January 07, 2010 10:16 AM
>> To: NT System Admin Issues
>> Subject: RE: Time
>>
>> It may well have been, to be honest. I'm not sure I'd have noticed it
> being 4
>> minutes off when I first set it up.
>>
>> I'll keep an eye on things, and if it keeps losing time I'll
> definitely look at
>> pointing it to an external source.
>>
>>
>>
>> -Original Message-
>> From: Carl Houseman [mailto:c.house...@gmail.com]
>> Sent: Thursday, January 07, 2010 2:56 PM
>> To: NT System Admin Issues
>> Subject: RE: Time
>>
>> Was your clock of by 4 minutes?  Was it always that way?
>>
>> -Original Message-
>> From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
>> Sent: Thursday, January 07, 2010 2:33 PM
>> To: NT System Admin Issues
>> Subject: RE: Time
>>
>> Are servers' internal clocks that flaky?
>>
>> -Original Message-
>> From: Carl Houseman [mailto:c.house...@gmail.com]
>> Sent: Thursday, January 07, 2010 12:51 PM
>> To: NT System Admin Issues
>> Subject: RE: Time
>>
>> You want to set up the PDC to sync time an external NTP source or
> you'll be
>> doing this manual adjustment on a regular basis...  command lines have
> been
>> previously suggested to do just that.
>>
>> Carl
>>
>> -Original Message-
>> From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
>> Sent: Thursday, January 07, 2010 12:29 PM
>> To: NT System Admin Issues
>> Subject: RE: Time
>>
>> Thanks to everyone for the info. I found that the PDC machine time was
> four
>> minutes off. It looks to have been using its own internal clock, and I
> guess
>> that was off. I adjusted it, then after a few minutes checked my
> site's DC and
>> found that it had updated to the correct time, then a bit later my
> machine
>> had done the same. So presumably all DCs and workstations on the
> network
>> will by correct soon.
>>
>> -Original Message-
>> From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
>> Sent: Thursday, January 07, 2010 9:37 AM
>> To: NT System Admin Issues
>> Subject: Time
>>
>> I received a complaint from one of my users that the time on her
> computer is
>> four minutes behind actual time. And she's right--I've noticed myself
> that all
>> of our computers are four minutes behind.
>>
>> I've never messed with the time features in Windows, so I'm not sure
> how to
>> correct this. From what I can tell, it client machines update their
> time from
>> their site's domain controller. Since this is happening at multiple
> sites, the
>> time on all sites' DCs appears to be four minutes behind. But where do
> the
>> domain controllers get THEIR time from?
>>
>>
>> John Hornbuckle
>> MIS Department
>> Taylor County School District
>> www.taylor.k12.fl.us
>>
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>>
>>
>> NOTICE: Florida has a broad public records law. Most written
> communications
>> to or from this entity are public records that will be disclosed to
> the public
>> and the media upon request. E-mail communications may be subject to
>> public disclosure.
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Time

[Ben Schorr]

You should point the DC to an external time source just as a matter of
best practice. I'll echo my colleagues here who use pool.ntp.org.  We
set all of our clients (companies, I mean) up to sync to that and it
works beautifully.  Everything stays nice and tight and in sync.

Ben M. Schorr
Chief Executive Officer
Roland Schorr & Tower
www.rolandschorr.com / www.officeforlawyers.com 
Member: American Bar Association - 01473703
Author: The Lawyer's Guide to Microsoft Outlook 2007:
http://tinyurl.com/ol4law-amazon 
Author: The Lawyer's Guide to Microsoft Word 2007:
http://tinyurl.com/abaword2007   



> -Original Message-
> From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> Sent: Thursday, January 07, 2010 10:16 AM
> To: NT System Admin Issues
> Subject: RE: Time
> 
> It may well have been, to be honest. I'm not sure I'd have noticed it
being 4
> minutes off when I first set it up.
> 
> I'll keep an eye on things, and if it keeps losing time I'll
definitely look at
> pointing it to an external source.
> 
> 
> 
> -Original Message-
> From: Carl Houseman [mailto:c.house...@gmail.com]
> Sent: Thursday, January 07, 2010 2:56 PM
> To: NT System Admin Issues
> Subject: RE: Time
> 
> Was your clock of by 4 minutes?  Was it always that way?
> 
> -Original Message-
> From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> Sent: Thursday, January 07, 2010 2:33 PM
> To: NT System Admin Issues
> Subject: RE: Time
> 
> Are servers' internal clocks that flaky?
> 
> -Original Message-
> From: Carl Houseman [mailto:c.house...@gmail.com]
> Sent: Thursday, January 07, 2010 12:51 PM
> To: NT System Admin Issues
> Subject: RE: Time
> 
> You want to set up the PDC to sync time an external NTP source or
you'll be
> doing this manual adjustment on a regular basis...  command lines have
been
> previously suggested to do just that.
> 
> Carl
> 
> -----Original Message-
> From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> Sent: Thursday, January 07, 2010 12:29 PM
> To: NT System Admin Issues
> Subject: RE: Time
> 
> Thanks to everyone for the info. I found that the PDC machine time was
four
> minutes off. It looks to have been using its own internal clock, and I
guess
> that was off. I adjusted it, then after a few minutes checked my
site's DC and
> found that it had updated to the correct time, then a bit later my
machine
> had done the same. So presumably all DCs and workstations on the
network
> will by correct soon.
> 
> -Original Message-
> From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> Sent: Thursday, January 07, 2010 9:37 AM
> To: NT System Admin Issues
> Subject: Time
> 
> I received a complaint from one of my users that the time on her
computer is
> four minutes behind actual time. And she's right--I've noticed myself
that all
> of our computers are four minutes behind.
> 
> I've never messed with the time features in Windows, so I'm not sure
how to
> correct this. From what I can tell, it client machines update their
time from
> their site's domain controller. Since this is happening at multiple
sites, the
> time on all sites' DCs appears to be four minutes behind. But where do
the
> domain controllers get THEIR time from?
> 
> 
> John Hornbuckle
> MIS Department
> Taylor County School District
> www.taylor.k12.fl.us
> 
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> 
> 
> NOTICE: Florida has a broad public records law. Most written
communications
> to or from this entity are public records that will be disclosed to
the public
> and the media upon request. E-mail communications may be subject to
> public disclosure.
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Time

[David Lum]

With any luck, I WON’T be.

Dave

From: John Aldrich [mailto:jaldr...@blueridgecarpet.com]
Sent: Thursday, January 07, 2010 7:33 AM
To: NT System Admin Issues
Subject: RE: Time


ROFL! That’s a good one! ☺ I’m probably in the same boat.









-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Thursday, January 07, 2010 10:28 AM
To: NT System Admin Issues
Subject: Re: Time



So, I'll get to use that in about 5 years at $WORK, if things go the

way they usually do...



I'll try to keep that in mind.



On Thu, Jan 7, 2010 at 07:19, Michael B. Smith  wrote:

> Setsntp is GONE in Server 2008 R2.

>

> C:\Users\Administrator>net help time

> The syntax of this command is:

>

> NET TIME

>

> [\\computername | /DOMAIN[:domainname] | /RTSDOMAIN[:domainname]] [/SET]

>

> NET TIME synchronizes the computer's clock with that of another computer

> or domain, or displays the time for a computer or domain. When used without

> options on a Windows Server domain, it displays the current

> date and time at the computer designated as the time server for the domain.

>

> \\computername Is the name of the computer you want to check or

>synchronize with.

>

> /DOMAIN[:domainname] Specifies to synchronize the time from the Primary Domain

>   Controller of domainname.

>

> /RTSDOMAIN[:domainname] Specifies to synchronize with a Reliable Time Server

> from domainname.

>

> /SET  Synchronizes the computer's time with the time

>on the specified computer or domain.

>

> The /QUERYSNTP and /SETSNTP options have been deprecated. Please use w32tm.exe

> to configure the Windows Time Service.

>

> -Original Message-

> From: John Aldrich [mailto:jaldr...@blueridgecarpet.com]

> Sent: Thursday, January 07, 2010 9:53 AM

> To: NT System Admin Issues

> Subject: RE: Time

>

> By default, I think they get it from a Microsoft server. However, I think you 
> can change that using the "net time" command as follows: "net time 
> /setsntp:" Or you can do like I did and download a time sync util 
> and have it set the time on the DCs. I usually use us.pool.ntp.org as my 
> default time server and it'll automatically select a server out of that pool.

>

> The time sync util I like is Tardis from a UK company. It's shareware, and 
> technically I suppose I ought to pay for it, but hey... getting money for 
> something like that isn't easy.

>

>

>

> -Original Message-

> From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]

> Sent: Thursday, January 07, 2010 9:37 AM

> To: NT System Admin Issues

> Subject: Time

>

> I received a complaint from one of my users that the time on her computer is 
> four minutes behind actual time. And she's right--I've noticed myself that 
> all of our computers are four minutes behind.

>

> I've never messed with the time features in Windows, so I'm not sure how to 
> correct this. From what I can tell, it client machines update their time from 
> their site's domain controller. Since this is happening at multiple sites, 
> the time on all sites' DCs appears to be four minutes behind. But where do 
> the domain controllers get THEIR time from?

>

>

>

>

> John Hornbuckle

> MIS Department

> Taylor County School District

> www.taylor.k12.fl.us

>

>

>

> NOTICE: Florida has a broad public records law. Most written communications 
> to or from this entity are public records that will be disclosed to the 
> public and the media upon request. E-mail communications may be subject to 
> public disclosure.

>

>

> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~

>

>

>

> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~

>

> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~

> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~

>

>



~ Finally, powerful endpoint security that ISN'T a resource hog! ~

~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~







~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Time

[John Hornbuckle]

It may well have been, to be honest. I'm not sure I'd have noticed it being 4 
minutes off when I first set it up.

I'll keep an eye on things, and if it keeps losing time I'll definitely look at 
pointing it to an external source.



-Original Message-
From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Thursday, January 07, 2010 2:56 PM
To: NT System Admin Issues
Subject: RE: Time

Was your clock of by 4 minutes?  Was it always that way?

-Original Message-
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Thursday, January 07, 2010 2:33 PM
To: NT System Admin Issues
Subject: RE: Time

Are servers' internal clocks that flaky?

-Original Message-
From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Thursday, January 07, 2010 12:51 PM
To: NT System Admin Issues
Subject: RE: Time

You want to set up the PDC to sync time an external NTP source or you'll be
doing this manual adjustment on a regular basis...  command lines have been
previously suggested to do just that.

Carl

-Original Message-
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Thursday, January 07, 2010 12:29 PM
To: NT System Admin Issues
Subject: RE: Time

Thanks to everyone for the info. I found that the PDC machine time was four
minutes off. It looks to have been using its own internal clock, and I guess
that was off. I adjusted it, then after a few minutes checked my site's DC
and found that it had updated to the correct time, then a bit later my
machine had done the same. So presumably all DCs and workstations on the
network will by correct soon.

-Original Message-
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Thursday, January 07, 2010 9:37 AM
To: NT System Admin Issues
Subject: Time

I received a complaint from one of my users that the time on her computer is
four minutes behind actual time. And she's right--I've noticed myself that
all of our computers are four minutes behind.

I've never messed with the time features in Windows, so I'm not sure how to
correct this. From what I can tell, it client machines update their time
from their site's domain controller. Since this is happening at multiple
sites, the time on all sites' DCs appears to be four minutes behind. But
where do the domain controllers get THEIR time from?


John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


NOTICE: Florida has a broad public records law. Most written communications to 
or from this entity are public records that will be disclosed to the public and 
the media upon request. E-mail communications may be subject to public 
disclosure.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Time

[Mayo, Bill]

They can be, yes.  As has already been mentioned, the best solution is
to use the standard Windows time synchronization throughout the domain,
and have the PDC emulator sync to an external source.  IME that protects
you from drift pretty well.

Bill Mayo 

-Original Message-
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Thursday, January 07, 2010 2:33 PM
To: NT System Admin Issues
Subject: RE: Time

Are servers' internal clocks that flaky?



-Original Message-
From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Thursday, January 07, 2010 12:51 PM
To: NT System Admin Issues
Subject: RE: Time

You want to set up the PDC to sync time an external NTP source or you'll
be doing this manual adjustment on a regular basis...  command lines
have been previously suggested to do just that.

Carl

-Original Message-
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Thursday, January 07, 2010 12:29 PM
To: NT System Admin Issues
Subject: RE: Time

Thanks to everyone for the info. I found that the PDC machine time was
four minutes off. It looks to have been using its own internal clock,
and I guess that was off. I adjusted it, then after a few minutes
checked my site's DC and found that it had updated to the correct time,
then a bit later my machine had done the same. So presumably all DCs and
workstations on the network will by correct soon.

-Original Message-
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Thursday, January 07, 2010 9:37 AM
To: NT System Admin Issues
Subject: Time

I received a complaint from one of my users that the time on her
computer is four minutes behind actual time. And she's right--I've
noticed myself that all of our computers are four minutes behind.

I've never messed with the time features in Windows, so I'm not sure how
to correct this. From what I can tell, it client machines update their
time from their site's domain controller. Since this is happening at
multiple sites, the time on all sites' DCs appears to be four minutes
behind. But where do the domain controllers get THEIR time from?


John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us



~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


NOTICE: Florida has a broad public records law. Most written
communications to or from this entity are public records that will be
disclosed to the public and the media upon request. E-mail
communications may be subject to public disclosure.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Time

[Carl Houseman]

Was your clock of by 4 minutes?  Was it always that way?

-Original Message-
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Thursday, January 07, 2010 2:33 PM
To: NT System Admin Issues
Subject: RE: Time

Are servers' internal clocks that flaky?

-Original Message-
From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Thursday, January 07, 2010 12:51 PM
To: NT System Admin Issues
Subject: RE: Time

You want to set up the PDC to sync time an external NTP source or you'll be
doing this manual adjustment on a regular basis...  command lines have been
previously suggested to do just that.

Carl

-Original Message-
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Thursday, January 07, 2010 12:29 PM
To: NT System Admin Issues
Subject: RE: Time

Thanks to everyone for the info. I found that the PDC machine time was four
minutes off. It looks to have been using its own internal clock, and I guess
that was off. I adjusted it, then after a few minutes checked my site's DC
and found that it had updated to the correct time, then a bit later my
machine had done the same. So presumably all DCs and workstations on the
network will by correct soon.

-Original Message-
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Thursday, January 07, 2010 9:37 AM
To: NT System Admin Issues
Subject: Time

I received a complaint from one of my users that the time on her computer is
four minutes behind actual time. And she's right--I've noticed myself that
all of our computers are four minutes behind.

I've never messed with the time features in Windows, so I'm not sure how to
correct this. From what I can tell, it client machines update their time
from their site's domain controller. Since this is happening at multiple
sites, the time on all sites' DCs appears to be four minutes behind. But
where do the domain controllers get THEIR time from?


John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Time

[John Hornbuckle]

Are servers' internal clocks that flaky?



-Original Message-
From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Thursday, January 07, 2010 12:51 PM
To: NT System Admin Issues
Subject: RE: Time

You want to set up the PDC to sync time an external NTP source or you'll be
doing this manual adjustment on a regular basis...  command lines have been
previously suggested to do just that.

Carl

-Original Message-
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Thursday, January 07, 2010 12:29 PM
To: NT System Admin Issues
Subject: RE: Time

Thanks to everyone for the info. I found that the PDC machine time was four
minutes off. It looks to have been using its own internal clock, and I guess
that was off. I adjusted it, then after a few minutes checked my site's DC
and found that it had updated to the correct time, then a bit later my
machine had done the same. So presumably all DCs and workstations on the
network will by correct soon.

-Original Message-
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Thursday, January 07, 2010 9:37 AM
To: NT System Admin Issues
Subject: Time

I received a complaint from one of my users that the time on her computer is
four minutes behind actual time. And she's right--I've noticed myself that
all of our computers are four minutes behind.

I've never messed with the time features in Windows, so I'm not sure how to
correct this. From what I can tell, it client machines update their time
from their site's domain controller. Since this is happening at multiple
sites, the time on all sites' DCs appears to be four minutes behind. But
where do the domain controllers get THEIR time from?


John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


NOTICE: Florida has a broad public records law. Most written communications to 
or from this entity are public records that will be disclosed to the public and 
the media upon request. E-mail communications may be subject to public 
disclosure.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Time

[Carl Houseman]

You want to set up the PDC to sync time an external NTP source or you'll be
doing this manual adjustment on a regular basis...  command lines have been
previously suggested to do just that.

Carl

-Original Message-
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Thursday, January 07, 2010 12:29 PM
To: NT System Admin Issues
Subject: RE: Time

Thanks to everyone for the info. I found that the PDC machine time was four
minutes off. It looks to have been using its own internal clock, and I guess
that was off. I adjusted it, then after a few minutes checked my site's DC
and found that it had updated to the correct time, then a bit later my
machine had done the same. So presumably all DCs and workstations on the
network will by correct soon.

-Original Message-
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Thursday, January 07, 2010 9:37 AM
To: NT System Admin Issues
Subject: Time

I received a complaint from one of my users that the time on her computer is
four minutes behind actual time. And she's right--I've noticed myself that
all of our computers are four minutes behind.

I've never messed with the time features in Windows, so I'm not sure how to
correct this. From what I can tell, it client machines update their time
from their site's domain controller. Since this is happening at multiple
sites, the time on all sites' DCs appears to be four minutes behind. But
where do the domain controllers get THEIR time from?


John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Time (UNCLASSIFIED)

[Kent, Larry CTR USA]

Classification: UNCLASSIFIED
Caveats: NONE

I'm on a Boat...

 

http://www.youtube.com/watch?v=avaSdC0QOUM

 

From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Thursday, January 07, 2010 10:33 AM
To: NT System Admin Issues
Subject: RE: Time

 

ROFL! That's a good one! J I'm probably in the same boat.

 

 

 

 

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Thursday, January 07, 2010 10:28 AM
To: NT System Admin Issues
Subject: Re: Time

 

So, I'll get to use that in about 5 years at $WORK, if things go the

way they usually do...

 

I'll try to keep that in mind.

 

On Thu, Jan 7, 2010 at 07:19, Michael B. Smith 
wrote:

> Setsntp is GONE in Server 2008 R2.

> 

> C:\Users\Administrator>net help time

> The syntax of this command is:

> 

> NET TIME

> 

> [\\computername | /DOMAIN[:domainname] | /RTSDOMAIN[:domainname]]
[/SET]

> 

> NET TIME synchronizes the computer's clock with that of another
computer

> or domain, or displays the time for a computer or domain. When used
without

> options on a Windows Server domain, it displays the current

> date and time at the computer designated as the time server for the
domain.

> 

> \\computername Is the name of the computer you want to check or

>synchronize with.

> 

> /DOMAIN[:domainname] Specifies to synchronize the time from the
Primary Domain

>   Controller of domainname.

> 

> /RTSDOMAIN[:domainname] Specifies to synchronize with a Reliable Time
Server

> from domainname.

> 

> /SET  Synchronizes the computer's time with the time

>on the specified computer or domain.

> 

> The /QUERYSNTP and /SETSNTP options have been deprecated. Please use
w32tm.exe

> to configure the Windows Time Service.

> 

> -Original Message-

> From: John Aldrich [mailto:jaldr...@blueridgecarpet.com]

> Sent: Thursday, January 07, 2010 9:53 AM

> To: NT System Admin Issues

> Subject: RE: Time

> 

> By default, I think they get it from a Microsoft server. However, I
think you can change that using the "net time" command as follows: "net
time /setsntp:" Or you can do like I did and download a time
sync util and have it set the time on the DCs. I usually use
us.pool.ntp.org as my default time server and it'll automatically select
a server out of that pool.

> 

> The time sync util I like is Tardis from a UK company. It's shareware,
and technically I suppose I ought to pay for it, but hey... getting
money for something like that isn't easy.

> 

> 

> 

> -Original Message-

> From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]

> Sent: Thursday, January 07, 2010 9:37 AM

> To: NT System Admin Issues

> Subject: Time

> 

> I received a complaint from one of my users that the time on her
computer is four minutes behind actual time. And she's right--I've
noticed myself that all of our computers are four minutes behind.

> 

> I've never messed with the time features in Windows, so I'm not sure
how to correct this. From what I can tell, it client machines update
their time from their site's domain controller. Since this is happening
at multiple sites, the time on all sites' DCs appears to be four minutes
behind. But where do the domain controllers get THEIR time from?

> 

> 

> 

> 

> John Hornbuckle

> MIS Department

> Taylor County School District

> www.taylor.k12.fl.us

> 

> 

> 

> NOTICE: Florida has a broad public records law. Most written
communications to or from this entity are public records that will be
disclosed to the public and the media upon request. E-mail
communications may be subject to public disclosure.

> 

> 

> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~

> 

> 

> 

> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~

> 

> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~

> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~

> 

> 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~

~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

 

 

 

Classification: UNCLASSIFIED
Caveats: NONE


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Time

[John Hornbuckle]

Thanks to everyone for the info. I found that the PDC machine time was four 
minutes off. It looks to have been using its own internal clock, and I guess 
that was off. I adjusted it, then after a few minutes checked my site's DC and 
found that it had updated to the correct time, then a bit later my machine had 
done the same. So presumably all DCs and workstations on the network will by 
correct soon.




-Original Message-
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Thursday, January 07, 2010 9:37 AM
To: NT System Admin Issues
Subject: Time

I received a complaint from one of my users that the time on her computer is 
four minutes behind actual time. And she's right--I've noticed myself that all 
of our computers are four minutes behind.

I've never messed with the time features in Windows, so I'm not sure how to 
correct this. From what I can tell, it client machines update their time from 
their site's domain controller. Since this is happening at multiple sites, the 
time on all sites' DCs appears to be four minutes behind. But where do the 
domain controllers get THEIR time from?




John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us



NOTICE: Florida has a broad public records law. Most written communications to 
or from this entity are public records that will be disclosed to the public and 
the media upon request. E-mail communications may be subject to public 
disclosure.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Time

[John Aldrich]

ROFL! That’s a good one! J I’m probably in the same boat.

 

 

 

 

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Thursday, January 07, 2010 10:28 AM
To: NT System Admin Issues
Subject: Re: Time

 

So, I'll get to use that in about 5 years at $WORK, if things go the

way they usually do...

 

I'll try to keep that in mind.

 

On Thu, Jan 7, 2010 at 07:19, Michael B. Smith  wrote:

> Setsntp is GONE in Server 2008 R2.

> 

> C:\Users\Administrator>net help time

> The syntax of this command is:

> 

> NET TIME

> 

> [\\computername | /DOMAIN[:domainname] | /RTSDOMAIN[:domainname]] [/SET]

> 

> NET TIME synchronizes the computer's clock with that of another computer

> or domain, or displays the time for a computer or domain. When used without

> options on a Windows Server domain, it displays the current

> date and time at the computer designated as the time server for the domain.

> 

> \\computername Is the name of the computer you want to check or

>synchronize with.

> 

> /DOMAIN[:domainname] Specifies to synchronize the time from the Primary Domain

>   Controller of domainname.

> 

> /RTSDOMAIN[:domainname] Specifies to synchronize with a Reliable Time Server

> from domainname.

> 

> /SET  Synchronizes the computer's time with the time

>on the specified computer or domain.

> 

> The /QUERYSNTP and /SETSNTP options have been deprecated. Please use w32tm.exe

> to configure the Windows Time Service.

> 

> -Original Message-

> From: John Aldrich [mailto:jaldr...@blueridgecarpet.com]

> Sent: Thursday, January 07, 2010 9:53 AM

> To: NT System Admin Issues

> Subject: RE: Time

> 

> By default, I think they get it from a Microsoft server. However, I think you 
> can change that using the "net time" command as follows: "net time 
> /setsntp:" Or you can do like I did and download a time sync util 
> and have it set the time on the DCs. I usually use us.pool.ntp.org as my 
> default time server and it'll automatically select a server out of that pool.

> 

> The time sync util I like is Tardis from a UK company. It's shareware, and 
> technically I suppose I ought to pay for it, but hey... getting money for 
> something like that isn't easy.

> 

> 

> 

> -Original Message-

> From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]

> Sent: Thursday, January 07, 2010 9:37 AM

> To: NT System Admin Issues

> Subject: Time

> 

> I received a complaint from one of my users that the time on her computer is 
> four minutes behind actual time. And she's right--I've noticed myself that 
> all of our computers are four minutes behind.

> 

> I've never messed with the time features in Windows, so I'm not sure how to 
> correct this. From what I can tell, it client machines update their time from 
> their site's domain controller. Since this is happening at multiple sites, 
> the time on all sites' DCs appears to be four minutes behind. But where do 
> the domain controllers get THEIR time from?

> 

> 

> 

> 

> John Hornbuckle

> MIS Department

> Taylor County School District

> www.taylor.k12.fl.us

> 

> 

> 

> NOTICE: Florida has a broad public records law. Most written communications 
> to or from this entity are public records that will be disclosed to the 
> public and the media upon request. E-mail communications may be subject to 
> public disclosure.

> 

> 

> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~

> 

> 

> 

> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~

> 

> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~

> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~

> 

> 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~

~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Time

[John Aldrich]

Ahh... that's good to know. We're still on 2003 here.



-Original Message-
From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Thursday, January 07, 2010 10:20 AM
To: NT System Admin Issues
Subject: RE: Time

Setsntp is GONE in Server 2008 R2.

C:\Users\Administrator>net help time
The syntax of this command is:

NET TIME

[\\computername | /DOMAIN[:domainname] | /RTSDOMAIN[:domainname]] [/SET]

NET TIME synchronizes the computer's clock with that of another computer
or domain, or displays the time for a computer or domain. When used without
options on a Windows Server domain, it displays the current
date and time at the computer designated as the time server for the domain.

\\computername  Is the name of the computer you want to check or
synchronize with.

/DOMAIN[:domainname]  Specifies to synchronize the time from the Primary
Domain
  Controller of domainname.

/RTSDOMAIN[:domainname]  Specifies to synchronize with a Reliable Time
Server
 from domainname.

/SETSynchronizes the computer's time with the time
on the specified computer or domain.

The /QUERYSNTP and /SETSNTP options have been deprecated. Please use
w32tm.exe
to configure the Windows Time Service.

-Original Message-
From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Thursday, January 07, 2010 9:53 AM
To: NT System Admin Issues
Subject: RE: Time

By default, I think they get it from a Microsoft server. However, I think
you can change that using the "net time" command as follows: "net time
/setsntp:" Or you can do like I did and download a time sync
util and have it set the time on the DCs. I usually use us.pool.ntp.org as
my default time server and it'll automatically select a server out of that
pool.

The time sync util I like is Tardis from a UK company. It's shareware, and
technically I suppose I ought to pay for it, but hey... getting money for
something like that isn't easy.



-Original Message-
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Thursday, January 07, 2010 9:37 AM
To: NT System Admin Issues
Subject: Time

I received a complaint from one of my users that the time on her computer is
four minutes behind actual time. And she's right--I've noticed myself that
all of our computers are four minutes behind.

I've never messed with the time features in Windows, so I'm not sure how to
correct this. From what I can tell, it client machines update their time
from their site's domain controller. Since this is happening at multiple
sites, the time on all sites' DCs appears to be four minutes behind. But
where do the domain controllers get THEIR time from?




John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us



NOTICE: Florida has a broad public records law. Most written communications
to or from this entity are public records that will be disclosed to the
public and the media upon request. E-mail communications may be subject to
public disclosure.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~



~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: Time

[Kurt Buff]

So, I'll get to use that in about 5 years at $WORK, if things go the
way they usually do...

I'll try to keep that in mind.

On Thu, Jan 7, 2010 at 07:19, Michael B. Smith  wrote:
> Setsntp is GONE in Server 2008 R2.
>
> C:\Users\Administrator>net help time
> The syntax of this command is:
>
> NET TIME
>
> [\\computername | /DOMAIN[:domainname] | /RTSDOMAIN[:domainname]] [/SET]
>
> NET TIME synchronizes the computer's clock with that of another computer
> or domain, or displays the time for a computer or domain. When used without
> options on a Windows Server domain, it displays the current
> date and time at the computer designated as the time server for the domain.
>
> \\computername  Is the name of the computer you want to check or
>                synchronize with.
>
> /DOMAIN[:domainname]  Specifies to synchronize the time from the Primary 
> Domain
>                      Controller of domainname.
>
> /RTSDOMAIN[:domainname]  Specifies to synchronize with a Reliable Time Server
>                         from domainname.
>
> /SET            Synchronizes the computer's time with the time
>                on the specified computer or domain.
>
> The /QUERYSNTP and /SETSNTP options have been deprecated. Please use w32tm.exe
> to configure the Windows Time Service.
>
> -Original Message-
> From: John Aldrich [mailto:jaldr...@blueridgecarpet.com]
> Sent: Thursday, January 07, 2010 9:53 AM
> To: NT System Admin Issues
> Subject: RE: Time
>
> By default, I think they get it from a Microsoft server. However, I think you 
> can change that using the "net time" command as follows: "net time 
> /setsntp:" Or you can do like I did and download a time sync util 
> and have it set the time on the DCs. I usually use us.pool.ntp.org as my 
> default time server and it'll automatically select a server out of that pool.
>
> The time sync util I like is Tardis from a UK company. It's shareware, and 
> technically I suppose I ought to pay for it, but hey... getting money for 
> something like that isn't easy.
>
>
>
> -Original Message-
> From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> Sent: Thursday, January 07, 2010 9:37 AM
> To: NT System Admin Issues
> Subject: Time
>
> I received a complaint from one of my users that the time on her computer is 
> four minutes behind actual time. And she's right--I've noticed myself that 
> all of our computers are four minutes behind.
>
> I've never messed with the time features in Windows, so I'm not sure how to 
> correct this. From what I can tell, it client machines update their time from 
> their site's domain controller. Since this is happening at multiple sites, 
> the time on all sites' DCs appears to be four minutes behind. But where do 
> the domain controllers get THEIR time from?
>
>
>
>
> John Hornbuckle
> MIS Department
> Taylor County School District
> www.taylor.k12.fl.us
>
>
>
> NOTICE: Florida has a broad public records law. Most written communications 
> to or from this entity are public records that will be disclosed to the 
> public and the media upon request. E-mail communications may be subject to 
> public disclosure.
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Time

[Michael B. Smith]

Setsntp is GONE in Server 2008 R2.

C:\Users\Administrator>net help time
The syntax of this command is:

NET TIME

[\\computername | /DOMAIN[:domainname] | /RTSDOMAIN[:domainname]] [/SET]

NET TIME synchronizes the computer's clock with that of another computer
or domain, or displays the time for a computer or domain. When used without
options on a Windows Server domain, it displays the current
date and time at the computer designated as the time server for the domain.

\\computername  Is the name of the computer you want to check or
synchronize with.

/DOMAIN[:domainname]  Specifies to synchronize the time from the Primary Domain
  Controller of domainname.

/RTSDOMAIN[:domainname]  Specifies to synchronize with a Reliable Time Server
 from domainname.

/SETSynchronizes the computer's time with the time
on the specified computer or domain.

The /QUERYSNTP and /SETSNTP options have been deprecated. Please use w32tm.exe
to configure the Windows Time Service.

-Original Message-
From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Thursday, January 07, 2010 9:53 AM
To: NT System Admin Issues
Subject: RE: Time

By default, I think they get it from a Microsoft server. However, I think you 
can change that using the "net time" command as follows: "net time 
/setsntp:" Or you can do like I did and download a time sync util 
and have it set the time on the DCs. I usually use us.pool.ntp.org as my 
default time server and it'll automatically select a server out of that pool.

The time sync util I like is Tardis from a UK company. It's shareware, and 
technically I suppose I ought to pay for it, but hey... getting money for 
something like that isn't easy.



-Original Message-
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Thursday, January 07, 2010 9:37 AM
To: NT System Admin Issues
Subject: Time

I received a complaint from one of my users that the time on her computer is 
four minutes behind actual time. And she's right--I've noticed myself that all 
of our computers are four minutes behind.

I've never messed with the time features in Windows, so I'm not sure how to 
correct this. From what I can tell, it client machines update their time from 
their site's domain controller. Since this is happening at multiple sites, the 
time on all sites' DCs appears to be four minutes behind. But where do the 
domain controllers get THEIR time from?




John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us



NOTICE: Florida has a broad public records law. Most written communications to 
or from this entity are public records that will be disclosed to the public and 
the media upon request. E-mail communications may be subject to public 
disclosure.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~



~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Time

[Michael Waltonen]

You can also run the below command on the PDC.

 

w32tm.exe /config /syncfromflags:MANUAL /manualpeerlist:"" /update

 

-Mike

 

From: bounce-8784773-8243...@lyris.sunbelt-software.com
[mailto:bounce-8784773-8243...@lyris.sunbelt-software.com] On Behalf Of
richardmccl...@aspca.org
Sent: Thursday, January 07, 2010 8:49 AM
To: NT System Admin Issues
Subject: Re: Time

 


I had all this fun back in September.  This is a message I saved (thank you,
Bill Mayo and others!): 


I would suggest you read some of the articles that I'll link below, but I
will try to summarize to the best of my recollection (without re-reading
myself).  What you are seeing in the registry is not necessarily in effect.
When HKLM\System\CurrentControlSet\Services\W32Time\Parameters\Type is set
to "NT5DS", the "NtpServer" key is ignored.  The default operation in a
domain environment is that all member computers use domain controllers for
their time source.  Among the domain controllers, the one with the PDC
emulator role is authoritative--this is the one that you should set to sync
from an external, trusted source. 
  
 <http://technet.microsoft.com/en-us/library/cc773013(WS.10).aspx>
http://technet.microsoft.com/en-us/library/cc773013(WS.10).aspx 
 <http://support.microsoft.com/kb/816042/>
http://support.microsoft.com/kb/816042/ 
 
<http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en
-us/time_w32tm.mspx?mfr=true>
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-
us/time_w32tm.mspx?mfr=true 
 <http://technet.microsoft.com/en-us/library/cc773263(WS.10).aspx>
http://technet.microsoft.com/en-us/library/cc773263(WS.10).aspx 


-- 
Richard D. McClary 
Systems Administrator, Information Technology Group 
ASPCAR 
  

John Hornbuckle  wrote on 01/07/2010
08:37:21 AM:

> I received a complaint from one of my users that the time on her 
> computer is four minutes behind actual time. And she's right--I've 
> noticed myself that all of our computers are four minutes behind.
> 
> I've never messed with the time features in Windows, so I'm not sure
> how to correct this. From what I can tell, it client machines update
> their time from their site's domain controller. Since this is 
> happening at multiple sites, the time on all sites' DCs appears to 
> be four minutes behind. But where do the domain controllers get 
> THEIR time from?
> 
> 
> 
> 
> John Hornbuckle
> MIS Department
> Taylor County School District
> www.taylor.k12.fl.us
> 
> 
> 
> NOTICE: Florida has a broad public records law. Most written 
> communications to or from this entity are public records that will 
> be disclosed to the public and the media upon request. E-mail 
> communications may be subject to public disclosure.
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Time

[John Aldrich]

By default, I think they get it from a Microsoft server. However, I think
you can change that using the "net time" command as follows: "net time
/setsntp:" Or you can do like I did and download a time sync
util and have it set the time on the DCs. I usually use us.pool.ntp.org as
my default time server and it'll automatically select a server out of that
pool.

The time sync util I like is Tardis from a UK company. It's shareware, and
technically I suppose I ought to pay for it, but hey... getting money for
something like that isn't easy.



-Original Message-
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Thursday, January 07, 2010 9:37 AM
To: NT System Admin Issues
Subject: Time

I received a complaint from one of my users that the time on her computer is
four minutes behind actual time. And she's right--I've noticed myself that
all of our computers are four minutes behind.

I've never messed with the time features in Windows, so I'm not sure how to
correct this. From what I can tell, it client machines update their time
from their site's domain controller. Since this is happening at multiple
sites, the time on all sites' DCs appears to be four minutes behind. But
where do the domain controllers get THEIR time from?




John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us



NOTICE: Florida has a broad public records law. Most written communications
to or from this entity are public records that will be disclosed to the
public and the media upon request. E-mail communications may be subject to
public disclosure.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~