RE: Question on how to dump users via a group Pshell or Joeware or Dsquery

[Ziots, Edward]

Looks like I got it.

 

C:\Pstools>dsget group "CN=Innovian Clinical Users,OU=Application User
Groups,OU

=Groups,OU=Lifespan,dc=Domain,dc=Domain,dc=org" -members -expand >
userlist.txt

 

Thanks for the suggestion, its been a long while since I have done this.


 

Z

 

Edward E. Ziots, CISSP, Security +, Network +

Security Engineer

Lifespan Organization

ezi...@lifespan.org

 

From: Mayo, Bill [mailto:bill.m...@pittcountync.gov] 
Sent: Wednesday, December 19, 2012 2:01 PM
To: NT System Admin Issues
Subject: RE: Question on how to dump users via a group Pshell or Joeware
or Dsquery

 

Haven't used dsget, but I have done stuff in ADSI.  In there, the path
goes in the other direction

 

CN=GroupX,OU=Application User
Groups,OU=Groups,OU=lifespan,dc=domain,dc=lifespan,dc=org

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Wednesday, December 19, 2012 1:57 PM
To: NT System Admin Issues
Subject: Question on how to dump users via a group Pshell or Joeware or
Dsquery

 

I have a group which is at this level of my query. 

 

Assume that root of accounts tree is DC=Account Domain,
DC=Lifespan,DC=org. 

 

Under that there is 3 OU's

 

Lifespan

Groups

Application User Groups

 
(Group I want to dump) (Named Groupx) 

 

I am trying to use the following to dump the users of the group since
showmbrs doesn't seem to work for me anymore. 

 

dsget group  "DC=domain,
DC=lifespan,DC=org,OU=lifespan,OU=Groups,OU=Application User
Groups,CN=GroupX" -members -expand > userlist.txt

 

I keep getting errors

dsget failed:No superior reference has been configured for the directory
service

. The directory service is therefore unable to issue referrals to
objects outside this forest.

 

Any help on how to get this stuff easy, not a Pshell or Joeware or
dsquery guru at all. 

 

Z

 

Edward E. Ziots, CISSP, Security +, Network +

Security Engineer

Lifespan Organization

ezi...@lifespan.org

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Question on how to dump users via a group Pshell or Joeware or Dsquery

[Webster]

Reverse it.

dsget group  "CN=GroupX ,OU=Application User 
Groups,OU=Groups,OU=lifespan,DC=domain, DC=lifespan,DC=org" -members -expand > 
userlist.txt

Start from the inner most level and work your way back to the top.


Thanks


Webster

From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Wednesday, December 19, 2012 12:57 PM
To: NT System Admin Issues
Subject: Question on how to dump users via a group Pshell or Joeware or Dsquery

I have a group which is at this level of my query.

Assume that root of accounts tree is DC=Account Domain, DC=Lifespan,DC=org.

Under that there is 3 OU's

Lifespan
Groups
Application User Groups

(Group I want to dump) (Named Groupx)

I am trying to use the following to dump the users of the group since showmbrs 
doesn't seem to work for me anymore.

dsget group  "DC=domain, 
DC=lifespan,DC=org,OU=lifespan,OU=Groups,OU=Application User Groups,CN=GroupX" 
-members -expand > userlist.txt

I keep getting errors
dsget failed:No superior reference has been configured for the directory service
. The directory service is therefore unable to issue referrals to objects 
outside this forest.

Any help on how to get this stuff easy, not a Pshell or Joeware or dsquery guru 
at all.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Question about RU5 for Exchange 2010 SP2

[Ziots, Edward]

Bingo, I am thinking that we will have to wait till RU5 is in Shavlik. 

Z

Edward E. Ziots, CISSP, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org


-Original Message-
From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Thursday, December 13, 2012 8:15 AM
To: NT System Admin Issues
Subject: RE: Question about RU5 for Exchange 2010 SP2

Because it runs as LocalSystem in that case - which is a member of the Windows 
Trusted Subsystem privileged group.

When you try to apply it, it is running as your user account. :)

-Original Message-
From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Thursday, December 13, 2012 8:00 AM
To: NT System Admin Issues
Subject: RE: Question about RU5 for Exchange 2010 SP2

Thanks, 

Looks like since I am not an exchange admin I am not going to be able to add 
this patch, the weird part is we did apply RU4 via Shavlik, and it did take. 

Z

Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan 
Organization ezi...@lifespan.org


-Original Message-
From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Wednesday, December 12, 2012 9:53 AM
To: NT System Admin Issues
Subject: RE: Question about RU5 for Exchange 2010 SP2

Yes. To apply a patch to an arbitrary Exchange server in the organization you 
need local admin rights and Exchange Server Admin rights on that particular 
server.

-Original Message-
From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Tuesday, December 11, 2012 4:42 PM
To: NT System Admin Issues
Subject: Question about RU5 for Exchange 2010 SP2

All, (Mr Smith have you seen this?)

We are currently having an issue with event ID 1 on Exchange 2010 SP2 Hotfix 
Rollup 4 on our internal CAS Servers that are filling up the application log 
with event ID1. 

It seems that logs  
http://exchangeserverpro.com/exchange-server-2010-error-user-setting-preferredsite-is-not-available-after-installing-service-pack-2-update-rollup-3
 ( We have rollup 4, but it’s the same thing)

It seems that RU5 is available today, 

http://support.microsoft.com/?kbid=2785908  see fix 2733415

It was a MSExchange Autodiscover error with Perferred Site. 

Running out of options here, I have downloaded the RU5 patch and run the 
install but claims that is fails prematurely. I am not an Exchange Admin nor 
claim to be one, and I am not sure if this patch needs Exchange Admin rights to 
patch. 

Z

Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan 
Organization ezi...@lifespan.org



~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Question about RU5 for Exchange 2010 SP2

[Michael B. Smith]

Because it runs as LocalSystem in that case - which is a member of the Windows 
Trusted Subsystem privileged group.

When you try to apply it, it is running as your user account. :)

-Original Message-
From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Thursday, December 13, 2012 8:00 AM
To: NT System Admin Issues
Subject: RE: Question about RU5 for Exchange 2010 SP2

Thanks, 

Looks like since I am not an exchange admin I am not going to be able to add 
this patch, the weird part is we did apply RU4 via Shavlik, and it did take. 

Z

Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan 
Organization ezi...@lifespan.org


-Original Message-
From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Wednesday, December 12, 2012 9:53 AM
To: NT System Admin Issues
Subject: RE: Question about RU5 for Exchange 2010 SP2

Yes. To apply a patch to an arbitrary Exchange server in the organization you 
need local admin rights and Exchange Server Admin rights on that particular 
server.

-Original Message-
From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Tuesday, December 11, 2012 4:42 PM
To: NT System Admin Issues
Subject: Question about RU5 for Exchange 2010 SP2

All, (Mr Smith have you seen this?)

We are currently having an issue with event ID 1 on Exchange 2010 SP2 Hotfix 
Rollup 4 on our internal CAS Servers that are filling up the application log 
with event ID1. 

It seems that logs  
http://exchangeserverpro.com/exchange-server-2010-error-user-setting-preferredsite-is-not-available-after-installing-service-pack-2-update-rollup-3
 ( We have rollup 4, but it’s the same thing)

It seems that RU5 is available today, 

http://support.microsoft.com/?kbid=2785908  see fix 2733415

It was a MSExchange Autodiscover error with Perferred Site. 

Running out of options here, I have downloaded the RU5 patch and run the 
install but claims that is fails prematurely. I am not an Exchange Admin nor 
claim to be one, and I am not sure if this patch needs Exchange Admin rights to 
patch. 

Z

Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan 
Organization ezi...@lifespan.org



~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Question about RU5 for Exchange 2010 SP2

[Ziots, Edward]

Thanks, 

Looks like since I am not an exchange admin I am not going to be able to add 
this patch, the weird part is we did apply RU4 via Shavlik, and it did take. 

Z

Edward E. Ziots, CISSP, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org


-Original Message-
From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Wednesday, December 12, 2012 9:53 AM
To: NT System Admin Issues
Subject: RE: Question about RU5 for Exchange 2010 SP2

Yes. To apply a patch to an arbitrary Exchange server in the organization you 
need local admin rights and Exchange Server Admin rights on that particular 
server.

-Original Message-
From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Tuesday, December 11, 2012 4:42 PM
To: NT System Admin Issues
Subject: Question about RU5 for Exchange 2010 SP2

All, (Mr Smith have you seen this?)

We are currently having an issue with event ID 1 on Exchange 2010 SP2 Hotfix 
Rollup 4 on our internal CAS Servers that are filling up the application log 
with event ID1. 

It seems that logs  
http://exchangeserverpro.com/exchange-server-2010-error-user-setting-preferredsite-is-not-available-after-installing-service-pack-2-update-rollup-3
 ( We have rollup 4, but it’s the same thing)

It seems that RU5 is available today, 

http://support.microsoft.com/?kbid=2785908  see fix 2733415

It was a MSExchange Autodiscover error with Perferred Site. 

Running out of options here, I have downloaded the RU5 patch and run the 
install but claims that is fails prematurely. I am not an Exchange Admin nor 
claim to be one, and I am not sure if this patch needs Exchange Admin rights to 
patch. 

Z

Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan 
Organization ezi...@lifespan.org



~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Question about RU5 for Exchange 2010 SP2

[Michael B. Smith]

Yes. To apply a patch to an arbitrary Exchange server in the organization you 
need local admin rights and Exchange Server Admin rights on that particular 
server.

-Original Message-
From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Tuesday, December 11, 2012 4:42 PM
To: NT System Admin Issues
Subject: Question about RU5 for Exchange 2010 SP2

All, (Mr Smith have you seen this?)

We are currently having an issue with event ID 1 on Exchange 2010 SP2 Hotfix 
Rollup 4 on our internal CAS Servers that are filling up the application log 
with event ID1. 

It seems that logs  
http://exchangeserverpro.com/exchange-server-2010-error-user-setting-preferredsite-is-not-available-after-installing-service-pack-2-update-rollup-3
 ( We have rollup 4, but it’s the same thing)

It seems that RU5 is available today, 

http://support.microsoft.com/?kbid=2785908  see fix 2733415

It was a MSExchange Autodiscover error with Perferred Site. 

Running out of options here, I have downloaded the RU5 patch and run the 
install but claims that is fails prematurely. I am not an Exchange Admin nor 
claim to be one, and I am not sure if this patch needs Exchange Admin rights to 
patch. 

Z

Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan 
Organization ezi...@lifespan.org



~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Question about RU5 for Exchange 2010 SP2

[Steven Peck]

http://technet.microsoft.com/en-us/library/ff637981.aspx
^^ There is a check list for installing Exchange rollups.

The other answer is, depends on the patch but generally yes.  I haven't
reviewed this one yet (they are moving me off Ops Manager back to messaging
after a two year break).

Steven Peck
http://www.blkmtn.org



On Tue, Dec 11, 2012 at 1:41 PM, Ziots, Edward  wrote:

> All, (Mr Smith have you seen this?)
>
> We are currently having an issue with event ID 1 on Exchange 2010 SP2
> Hotfix Rollup 4 on our internal CAS Servers that are filling up the
> application log with event ID1.
>
> It seems that logs
> http://exchangeserverpro.com/exchange-server-2010-error-user-setting-preferredsite-is-not-available-after-installing-service-pack-2-update-rollup-3(
>  We have rollup 4, but it’s the same thing)
>
> It seems that RU5 is available today,
>
> http://support.microsoft.com/?kbid=2785908  see fix 2733415
>
> It was a MSExchange Autodiscover error with Perferred Site.
>
> Running out of options here, I have downloaded the RU5 patch and run the
> install but claims that is fails prematurely. I am not an Exchange Admin
> nor claim to be one, and I am not sure if this patch needs Exchange Admin
> rights to patch.
>
> Z
>
> Edward E. Ziots, CISSP, Security +, Network +
> Security Engineer
> Lifespan Organization
> ezi...@lifespan.org
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Question about Windows Backup in 2008 R2

[David Lum]

I cheat, I use BackupAssist. Pretty cheap and a little better than what 2K8 
ships with.

From: John Cook [mailto:john.c...@pfsf.org]
Sent: Wednesday, December 14, 2011 1:18 PM
To: NT System Admin Issues
Subject: Re: Question about Windows Backup in 2008 R2

Thx, I'll check that out. Yet another example of depricated functionality, they 
must have taken notes from the Exchange 2007 team.
John W. Cook
Systems Administrator
Partnership for Strong Families

From: Richard Stovall 
[mailto:rich...@gmail.com]<mailto:[mailto:rich...@gmail.com]>
Sent: Wednesday, December 14, 2011 04:06 PM
To: NT System Admin Issues 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Subject: Re: Question about Windows Backup in 2008 R2

I don't believe you can do it from the wizard.  A wbadmin from job running as a 
scheduled task might be the answer.

A similar scenario is described here:  
http://exchangeserverpro.com/schedule-windows-server-backup-exchange-2010
On Wed, Dec 14, 2011 at 2:45 PM, John Cook 
mailto:john.c...@pfsf.org>> wrote:
Does anyone know if it’s possible to setup a second scheduled backup to a 
different location with the W2K8 R2 built in backup? I’m not finding anything 
and my brain is mush at this point from dealing with several other fires.

TIA

John Cook
Systems Administrator
Partnership for Strong Families


CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you really need 
to.

This email and any attached files are confidential and intended solely for the 
intended recipient(s). If you are not the named recipient you should not read, 
distribute, copy or alter this email. Any views or opinions expressed in this 
email are those of the author and do not represent those of the company. 
Warning: Although precautions have been taken to make sure no viruses are 
present in this email, the company cannot accept responsibility for any loss or 
damage that arise from the use of this email or attachments.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you really need 
to.


This email and any attached files are confidential and intended solely for the 
intended recipient(s). If you are not the named recipient you should not read, 
distribute, copy or alter this email. Any views or opinions expressed in this 
email are those of the author and do not represent those of the company. 
Warning: Although precautions have been taken to make sure no viruses are 
present in this email, the company cannot accept responsibility for any loss or 
damage that arise from the use of this email or attachments.

~ 

Re: Question about Windows Backup in 2008 R2

[John Cook]

Thx, I'll check that out. Yet another example of depricated functionality, they 
must have taken notes from the Exchange 2007 team.
John W. Cook
Systems Administrator
Partnership for Strong Families

From: Richard Stovall [mailto:rich...@gmail.com]
Sent: Wednesday, December 14, 2011 04:06 PM
To: NT System Admin Issues 
Subject: Re: Question about Windows Backup in 2008 R2

I don't believe you can do it from the wizard.  A wbadmin from job running as a 
scheduled task might be the answer.

A similar scenario is described here:  
http://exchangeserverpro.com/schedule-windows-server-backup-exchange-2010

On Wed, Dec 14, 2011 at 2:45 PM, John Cook 
mailto:john.c...@pfsf.org>> wrote:
Does anyone know if it’s possible to setup a second scheduled backup to a 
different location with the W2K8 R2 built in backup? I’m not finding anything 
and my brain is mush at this point from dealing with several other fires.

TIA

John Cook
Systems Administrator
Partnership for Strong Families


CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you really need 
to.

This email and any attached files are confidential and intended solely for the 
intended recipient(s). If you are not the named recipient you should not read, 
distribute, copy or alter this email. Any views or opinions expressed in this 
email are those of the author and do not represent those of the company. 
Warning: Although precautions have been taken to make sure no viruses are 
present in this email, the company cannot accept responsibility for any loss or 
damage that arise from the use of this email or attachments.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you really need 
to.

This email and any attached files are confidential and intended solely for the 
intended recipient(s). If you are not the named recipient you should not read, 
distribute, copy or alter this email. Any views or opinions expressed in this 
email are those of the author and do not represent those of the company. 
Warning: Although precautions have been taken to make sure no viruses are 
present in this email, the company cannot accept responsibility for any loss or 
damage that arise from the use of this email or attachments.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Question about Windows Backup in 2008 R2

[Richard Stovall]

I don't believe you can do it from the wizard.  A wbadmin from job running
as a scheduled task might be the answer.

A similar scenario is described here:
http://exchangeserverpro.com/schedule-windows-server-backup-exchange-2010

On Wed, Dec 14, 2011 at 2:45 PM, John Cook  wrote:

>  Does anyone know if it’s possible to setup a second scheduled backup to
> a different location with the W2K8 R2 built in backup? I’m not finding
> anything and my brain is mush at this point from dealing with several other
> fires.
>
> ** **
>
> TIA
>
> ** **
>
> John Cook
>
> Systems Administrator
>
> Partnership for Strong Families
>
> --
> CONFIDENTIALITY STATEMENT: The information transmitted, or contained or
> attached to or with this Notice is intended only for the person or entity
> to which it is addressed and may contain Protected Health Information
> (PHI), confidential and/or privileged material. Any review, transmission,
> dissemination, or other use of, and taking any action in reliance upon this
> information by persons or entities other than the intended recipient
> without the express written consent of the sender are prohibited. This
> information may be protected by the Health Insurance Portability and
> Accountability Act of 1996 (HIPAA), and other Federal and Florida laws.
> Improper or unauthorized use or disclosure of this information could result
> in civil and/or criminal penalties.
> Consider the environment. Please don't print this e-mail unless you really
> need to.
>
> This email and any attached files are confidential and intended solely for
> the intended recipient(s). If you are not the named recipient you should
> not read, distribute, copy or alter this email. Any views or opinions
> expressed in this email are those of the author and do not represent those
> of the company. Warning: Although precautions have been taken to make sure
> no viruses are present in this email, the company cannot accept
> responsibility for any loss or damage that arise from the use of this email
> or attachments.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Question on Self Service Password change for Active Directory

[Cameron]

Netwrix does have a free version for up to 50 users for self-server
password mgmt. Another one that is good that actually helps to avoid the
issue is their Password Expiration Notifier which sends emails when a
password is going to expire (configurable).

On Thu, Dec 8, 2011 at 9:39 AM, Ben Scott  wrote:

> On Wed, Dec 7, 2011 at 3:44 PM, Brian Desmond 
> wrote:
> >> Going to be signing off the list at the end of the day tomorrow, I
> >> hope to have it back up on a hotmail address or gmail soon enough
> >
> > Gmail provides a nice indexing mechanism
>
>  +1.  I've got years of ntsysadmin and other list traffic archived.
> I find it works well as a knowledge base.  I search for a task and
> find answers.  And unlike the Internet at large, I know many of the
> posters well enough to judge if I should trust them or not.  (Some of
> the people posting in Internet forums shouldn't be allowed to use a
> computer, let alone tell others how to fix one.)
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Question on Self Service Password change for Active Directory

[Ben Scott]

On Wed, Dec 7, 2011 at 3:44 PM, Brian Desmond  wrote:
>> Going to be signing off the list at the end of the day tomorrow, I
>> hope to have it back up on a hotmail address or gmail soon enough
>
> Gmail provides a nice indexing mechanism

  +1.  I've got years of ntsysadmin and other list traffic archived.
I find it works well as a knowledge base.  I search for a task and
find answers.  And unlike the Internet at large, I know many of the
posters well enough to judge if I should trust them or not.  (Some of
the people posting in Internet forums shouldn't be allowed to use a
computer, let alone tell others how to fix one.)

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Question on Self Service Password change for Active Directory

[Brian Desmond]

Gmail provides a nice indexing mechanism

Thanks,
Brian Desmond
br...@briandesmond.com

w – 312.625.1438 | c   – 312.731.3132

From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Wednesday, December 07, 2011 8:38 AM
To: NT System Admin Issues
Subject: RE: Question on Self Service Password change for Active Directory

Thanks gents, getting this to my management.

Going to be signing off the list at the end of the day tomorrow, I hope to have 
it back up on a hotmail address or gmail soon enough, since the new job kinda 
discourages the mass emailing going forward.

Z

Edward E. Ziots, CISSP, Security +, Network +
Security Engineer
Lifespan Organization
email:ezi...@lifespan.org
phone:401-639-3505
[CISSP_logo]

From: Joseph L. Casale 
[mailto:jcas...@activenetwerx.com]<mailto:[mailto:jcas...@activenetwerx.com]>
Sent: Tuesday, December 06, 2011 8:16 PM
To: NT System Admin Issues
Subject: RE: Question on Self Service Password change for Active Directory

Hitachi-ID Password Manager, I know it fairly well and its solid.

From: Steve Ens [mailto:stevey...@gmail.com]
Sent: Tuesday, December 06, 2011 5:59 PM
To: NT System Admin Issues
Subject: Re: Question on Self Service Password change for Active Directory

How about spec ops?  Good product and fairly inexpensive

Sent from my FriPad

On 2011-12-06, at 4:59 PM, David Lum 
mailto:david@nwea.org>> wrote:
“function fine, and was easy enough to use”
And inexpensive. And easy for me to set up. Anything that does that at a client 
that has no local onsite IT six days out of seven is a win in my book, I get 
zero “Joe user forgot his password, please help” calls. This client has police 
(not shockingly, some are short tempered when it comes to IT stuff like not 
being able to recover quickly from forgetting their password) and part-time 
firefighters so it’s not an infrequent occurrence (happens in batches, 
actually).

Keeping guys with guns, Tasers and axes happy is a good thing ☺

I deployed it about 4 years ago so it’s likely identical to what you saw. It 
has also been 100% trouble free – haven’t touched it since the initial 
deployment, and I get notices every time they use it so I know they still do 
use it. A complete win for what I wanted from it at least.

Dave


From: Kurt Buff 
[mailto:kurt.b...@gmail.com]<mailto:[mailto:kurt.b...@gmail.com]>
Sent: Tuesday, December 06, 2011 1:31 PM
To: NT System Admin Issues
Subject: Re: Question on Self Service Password change for Active Directory

Definitely IIS.

We weren't that impressed by it about 5-6 years ago when we set it up, but it 
might have improved since then. By "not impressed" I mean basically that it 
just didn't offer much - it seemed to function fine, and was easy enough to 
use, but I didn't see the value in it.

Of course, we only get perhaps 1 or 2 password reset requests per month from 
our roughly 250 staff in three countries.

Kurt
On Tue, Dec 6, 2011 at 12:50, David Lum 
mailto:david@nwea.org>> wrote:
Namescape – makers of rDirectory.

www.namescape.com<http://www.namescape.com>

Works well at my 55-user client for resetting and not needing me. Simple to set 
up and use, just sits on IIS (or Apache, I forget at the moment).

Dave

From: Ziots, Edward [mailto:ezi...@lifespan.org<mailto:ezi...@lifespan.org>]
Sent: Tuesday, December 06, 2011 12:18 PM
To: NT System Admin Issues
Subject: Question on Self Service Password change for Active Directory

I remember a while ago, that someone ( might have been Mr Lum) that discussed a 
third party product for an interface for password change/reset to cut down on 
calls to help desk ( was based on factors of authentication or answered known 
questions)

I think it was Rdirectory or something close,

Anyone have the 411 on it, or a link, my manager is asking about it.

Z

Edward E. Ziots, CISSP, Security +, Network +
Security Engineer
Lifespan Organization
email:ezi...@lifespan.org<mailto:email%3aezi...@lifespan.org>
phone:401-639-3505


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click her

Re: Question on Self Service Password change for Active Directory

[James Rankin]

If (though unlikely) you are a Citrix XenApp environment with Platinum
licenses, you get Citrix Single Sign-On free. It works and has lots of
features, just a bit tricky to set up sometimes. If you're not Platinum,
though, it is restrictively expensive to implement and you'd be better off
with something else.

On 7 December 2011 14:38, Ziots, Edward  wrote:

> Thanks gents, getting this to my management. 
>
> ** **
>
> Going to be signing off the list at the end of the day tomorrow, I hope to
> have it back up on a hotmail address or gmail soon enough, since the new
> job kinda discourages the mass emailing going forward. 
>
> ** **
>
> Z
>
> ** **
>
> Edward E. Ziots, CISSP, Security +, Network +
>
> Security Engineer
>
> Lifespan Organization
>
> email:ezi...@lifespan.org
>
> phone:401-639-3505 
>
> [image: CISSP_logo]
>
> ** **
>
> *From:* Joseph L. Casale [mailto:jcas...@activenetwerx.com]
> *Sent:* Tuesday, December 06, 2011 8:16 PM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Question on Self Service Password change for Active
> Directory
>
> ** **
>
> Hitachi-ID Password Manager, I know it fairly well and its solid.
>
> ** **
>
> *From:* Steve Ens [mailto:stevey...@gmail.com ]
> *Sent:* Tuesday, December 06, 2011 5:59 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Question on Self Service Password change for Active
> Directory
>
> ** **
>
> How about spec ops?  Good product and fairly inexpensive
>
> Sent from my FriPad
>
>
> On 2011-12-06, at 4:59 PM, David Lum  wrote:
>
> “function fine, and was easy enough to use”
>
> And inexpensive. And easy for me to set up. Anything that does that at a
> client that has no local onsite IT six days out of seven is a win in my
> book, I get zero “Joe user forgot his password, please help” calls. This
> client has police (not shockingly, some are short tempered when it comes to
> IT stuff like not being able to recover quickly from forgetting their
> password) and part-time firefighters so it’s not an infrequent occurrence
> (happens in batches, actually).
>
>  
>
> Keeping guys with guns, Tasers and axes happy is a good thing J
>
>  
>
> I deployed it about 4 years ago so it’s likely identical to what you saw.
> It has also been 100% trouble free – haven’t touched it since the initial
> deployment, and I get notices every time they use it so I know they still
> do use it. A complete win for what I wanted from it at least.
>
>  
>
> Dave
>
>  
>
>  
>
> *From:* Kurt Buff [mailto:kurt.b...@gmail.com]
> *Sent:* Tuesday, December 06, 2011 1:31 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Question on Self Service Password change for Active
> Directory
> 
>
>  
>
> Definitely IIS.
>
> We weren't that impressed by it about 5-6 years ago when we set it up, but
> it might have improved since then. By "not impressed" I mean basically that
> it just didn't offer much - it seemed to function fine, and was easy enough
> to use, but I didn't see the value in it.
>
> Of course, we only get perhaps 1 or 2 password reset requests per month
> from our roughly 250 staff in three countries.
>
> Kurt
>
> On Tue, Dec 6, 2011 at 12:50, David Lum  wrote:
>
> Namescape – makers of rDirectory.
>
>  
>
> www.namescape.com
>
>  
>
> Works well at my 55-user client for resetting and not needing me. Simple
> to set up and use, just sits on IIS (or Apache, I forget at the moment).**
> **
>
>  
>
> Dave
>
>  
>
> *From:* Ziots, Edward [mailto:ezi...@lifespan.org]
> *Sent:* Tuesday, December 06, 2011 12:18 PM
>
> *To:* NT System Admin Issues
> *Subject:* Question on Self Service Password change for Active Directory
> 
>
>  
>
> I remember a while ago, that someone ( might have been Mr Lum) that
> discussed a third party product for an interface for password change/reset
> to cut down on calls to help desk ( was based on factors of authentication
> or answered known questions) 
>
>  
>
> I think it was Rdirectory or something close, 
>
>  
>
> Anyone have the 411 on it, or a link, my manager is asking about it. 
>
>  
>
> Z
>
>  
>
> Edward E. Ziots, CISSP, Security +, Network +
>
> Security Engineer
>
> Lifespan Organization
>
> email:ezi...@lifespan.org
>
> phone:401-639-3505 
>
> 
>
> ~ Finally, powerful endpoint security that ISN'

RE: Question on Self Service Password change for Active Directory

[Ziots, Edward]

Thanks gents, getting this to my management. 

 

Going to be signing off the list at the end of the day tomorrow, I hope to have 
it back up on a hotmail address or gmail soon enough, since the new job kinda 
discourages the mass emailing going forward. 

 

Z

 

Edward E. Ziots, CISSP, Security +, Network +

Security Engineer

Lifespan Organization

email:ezi...@lifespan.org

phone:401-639-3505 

 

 

From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] 
Sent: Tuesday, December 06, 2011 8:16 PM
To: NT System Admin Issues
Subject: RE: Question on Self Service Password change for Active Directory

 

Hitachi-ID Password Manager, I know it fairly well and its solid.

 

From: Steve Ens [mailto:stevey...@gmail.com] 
Sent: Tuesday, December 06, 2011 5:59 PM
To: NT System Admin Issues
Subject: Re: Question on Self Service Password change for Active Directory

 

How about spec ops?  Good product and fairly inexpensive

Sent from my FriPad


On 2011-12-06, at 4:59 PM, David Lum  wrote:

“function fine, and was easy enough to use”

And inexpensive. And easy for me to set up. Anything that does that at 
a client that has no local onsite IT six days out of seven is a win in my book, 
I get zero “Joe user forgot his password, please help” calls. This client has 
police (not shockingly, some are short tempered when it comes to IT stuff like 
not being able to recover quickly from forgetting their password) and part-time 
firefighters so it’s not an infrequent occurrence (happens in batches, 
actually).

 

Keeping guys with guns, Tasers and axes happy is a good thing J

 

I deployed it about 4 years ago so it’s likely identical to what you 
saw. It has also been 100% trouble free – haven’t touched it since the initial 
deployment, and I get notices every time they use it so I know they still do 
use it. A complete win for what I wanted from it at least.

 

Dave

 

 

From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Tuesday, December 06, 2011 1:31 PM
To: NT System Admin Issues
Subject: Re: Question on Self Service Password change for Active 
Directory

 

Definitely IIS. 

We weren't that impressed by it about 5-6 years ago when we set it up, 
but it might have improved since then. By "not impressed" I mean basically that 
it just didn't offer much - it seemed to function fine, and was easy enough to 
use, but I didn't see the value in it.

Of course, we only get perhaps 1 or 2 password reset requests per month 
from our roughly 250 staff in three countries.

Kurt

On Tue, Dec 6, 2011 at 12:50, David Lum  wrote:

Namescape – makers of rDirectory.

 

www.namescape.com

 

Works well at my 55-user client for resetting and not needing me. 
Simple to set up and use, just sits on IIS (or Apache, I forget at the moment).

 

Dave

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Tuesday, December 06, 2011 12:18 PM
To: NT System Admin Issues
Subject: Question on Self Service Password change for Active Directory

 

I remember a while ago, that someone ( might have been Mr Lum) that 
discussed a third party product for an interface for password change/reset to 
cut down on calls to help desk ( was based on factors of authentication or 
answered known questions) 

 

I think it was Rdirectory or something close, 

 

Anyone have the 411 on it, or a link, my manager is asking about it. 

 

Z

 

Edward E. Ziots, CISSP, Security +, Network +

Security Engineer

Lifespan Organization

email:ezi...@lifespan.org <mailto:email%3aezi...@lifespan.org> 

phone:401-639-3505 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.

RE: Question on Self Service Password change for Active Directory

[Zvonimir Bilic]

http://www.thycotic.com/products_passwordresetserver_overview.html

 

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Tuesday, December 06, 2011 3:18 PM
To: NT System Admin Issues
Subject: Question on Self Service Password change for Active Directory

 

I remember a while ago, that someone ( might have been Mr Lum) that
discussed a third party product for an interface for password
change/reset to cut down on calls to help desk ( was based on factors of
authentication or answered known questions) 

 

I think it was Rdirectory or something close, 

 

Anyone have the 411 on it, or a link, my manager is asking about it. 

 

Z

 

Edward E. Ziots, CISSP, Security +, Network +

Security Engineer

Lifespan Organization

email:ezi...@lifespan.org

phone:401-639-3505 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: Question on Self Service Password change for Active Directory

[Joseph L. Casale]

Hitachi-ID Password Manager, I know it fairly well and its solid.

From: Steve Ens [mailto:stevey...@gmail.com]
Sent: Tuesday, December 06, 2011 5:59 PM
To: NT System Admin Issues
Subject: Re: Question on Self Service Password change for Active Directory

How about spec ops?  Good product and fairly inexpensive

Sent from my FriPad

On 2011-12-06, at 4:59 PM, David Lum 
mailto:david@nwea.org>> wrote:
“function fine, and was easy enough to use”
And inexpensive. And easy for me to set up. Anything that does that at a client 
that has no local onsite IT six days out of seven is a win in my book, I get 
zero “Joe user forgot his password, please help” calls. This client has police 
(not shockingly, some are short tempered when it comes to IT stuff like not 
being able to recover quickly from forgetting their password) and part-time 
firefighters so it’s not an infrequent occurrence (happens in batches, 
actually).

Keeping guys with guns, Tasers and axes happy is a good thing ☺

I deployed it about 4 years ago so it’s likely identical to what you saw. It 
has also been 100% trouble free – haven’t touched it since the initial 
deployment, and I get notices every time they use it so I know they still do 
use it. A complete win for what I wanted from it at least.

Dave


From: Kurt Buff 
[mailto:kurt.b...@gmail.com]<mailto:[mailto:kurt.b...@gmail.com]>
Sent: Tuesday, December 06, 2011 1:31 PM
To: NT System Admin Issues
Subject: Re: Question on Self Service Password change for Active Directory

Definitely IIS.

We weren't that impressed by it about 5-6 years ago when we set it up, but it 
might have improved since then. By "not impressed" I mean basically that it 
just didn't offer much - it seemed to function fine, and was easy enough to 
use, but I didn't see the value in it.

Of course, we only get perhaps 1 or 2 password reset requests per month from 
our roughly 250 staff in three countries.

Kurt
On Tue, Dec 6, 2011 at 12:50, David Lum 
mailto:david@nwea.org>> wrote:
Namescape – makers of rDirectory.

www.namescape.com<http://www.namescape.com>

Works well at my 55-user client for resetting and not needing me. Simple to set 
up and use, just sits on IIS (or Apache, I forget at the moment).

Dave

From: Ziots, Edward [mailto:ezi...@lifespan.org<mailto:ezi...@lifespan.org>]
Sent: Tuesday, December 06, 2011 12:18 PM
To: NT System Admin Issues
Subject: Question on Self Service Password change for Active Directory

I remember a while ago, that someone ( might have been Mr Lum) that discussed a 
third party product for an interface for password change/reset to cut down on 
calls to help desk ( was based on factors of authentication or answered known 
questions)

I think it was Rdirectory or something close,

Anyone have the 411 on it, or a link, my manager is asking about it.

Z

Edward E. Ziots, CISSP, Security +, Network +
Security Engineer
Lifespan Organization
email:ezi...@lifespan.org<mailto:email%3aezi...@lifespan.org>
phone:401-639-3505


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

Re: Question on Self Service Password change for Active Directory

[Steve Ens]

How about spec ops?  Good product and fairly inexpensive

Sent from my FriPad

On 2011-12-06, at 4:59 PM, David Lum  wrote:

> “function fine, and was easy enough to use”
> And inexpensive. And easy for me to set up. Anything that does that at a 
> client that has no local onsite IT six days out of seven is a win in my book, 
> I get zero “Joe user forgot his password, please help” calls. This client has 
> police (not shockingly, some are short tempered when it comes to IT stuff 
> like not being able to recover quickly from forgetting their password) and 
> part-time firefighters so it’s not an infrequent occurrence (happens in 
> batches, actually).
>  
> Keeping guys with guns, Tasers and axes happy is a good thing J
>  
> I deployed it about 4 years ago so it’s likely identical to what you saw. It 
> has also been 100% trouble free – haven’t touched it since the initial 
> deployment, and I get notices every time they use it so I know they still do 
> use it. A complete win for what I wanted from it at least.
>  
> Dave
>  
>  
> From: Kurt Buff [mailto:kurt.b...@gmail.com] 
> Sent: Tuesday, December 06, 2011 1:31 PM
> To: NT System Admin Issues
> Subject: Re: Question on Self Service Password change for Active Directory
>  
> Definitely IIS. 
> 
> We weren't that impressed by it about 5-6 years ago when we set it up, but it 
> might have improved since then. By "not impressed" I mean basically that it 
> just didn't offer much - it seemed to function fine, and was easy enough to 
> use, but I didn't see the value in it.
> 
> Of course, we only get perhaps 1 or 2 password reset requests per month from 
> our roughly 250 staff in three countries.
> 
> Kurt
> 
> On Tue, Dec 6, 2011 at 12:50, David Lum  wrote:
> Namescape – makers of rDirectory.
>  
> www.namescape.com
>  
> Works well at my 55-user client for resetting and not needing me. Simple to 
> set up and use, just sits on IIS (or Apache, I forget at the moment).
>  
> Dave
>  
> From: Ziots, Edward [mailto:ezi...@lifespan.org] 
> Sent: Tuesday, December 06, 2011 12:18 PM
> To: NT System Admin Issues
> Subject: Question on Self Service Password change for Active Directory
>  
> I remember a while ago, that someone ( might have been Mr Lum) that discussed 
> a third party product for an interface for password change/reset to cut down 
> on calls to help desk ( was based on factors of authentication or answered 
> known questions)
>  
> I think it was Rdirectory or something close,
>  
> Anyone have the 411 on it, or a link, my manager is asking about it.
>  
> Z
>  
> Edward E. Ziots, CISSP, Security +, Network +
> Security Engineer
> Lifespan Organization
> email:ezi...@lifespan.org
> phone:401-639-3505
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> 
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> 
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
> 
>  
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> 
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> 
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Question on Self Service Password change for Active Directory

[Brian Desmond]

I also know Jim and his solution came to mind when I read this thread.

Everybody and their brother sells one of these things - look at some of them, 
figure out what requirements you have, and get a few trials/demos.

Thanks,
Brian Desmond
br...@briandesmond.com

w - 312.625.1438 | c   - 312.731.3132

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Tuesday, December 06, 2011 4:42 PM
To: NT System Admin Issues
Subject: RE: Question on Self Service Password change for Active Directory

NetWrix also has a solution (and they might have a free version as well).

Ithicos Solutions (www.ithicos.com<http://www.ithicos.com>) also has Directory 
Password.

http://www.ithicos.com/active-directory-tools/self-service-password-reset/directory-password.aspx

Disclaimer: Ithicos is owned by another Exchange MVP and he's a good friend of 
mine.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Sean Rector 
[mailto:sean.rec...@vaopera.org]<mailto:[mailto:sean.rec...@vaopera.org]>
Sent: Tuesday, December 06, 2011 5:13 PM
To: NT System Admin Issues
Subject: RE: Question on Self Service Password change for Active Directory

Another one to look at is ADSelfService Plus from ManageEngine.

Sean Rector, MCSE

From: David Lum [mailto:david@nwea.org]<mailto:[mailto:david@nwea.org]>
Sent: Tuesday, December 06, 2011 3:51 PM
To: NT System Admin Issues
Subject: RE: Question on Self Service Password change for Active Directory

Namescape - makers of rDirectory.

www.namescape.com<http://www.namescape.com>

Works well at my 55-user client for resetting and not needing me. Simple to set 
up and use, just sits on IIS (or Apache, I forget at the moment).

Dave

From: Ziots, Edward 
[mailto:ezi...@lifespan.org]<mailto:[mailto:ezi...@lifespan.org]>
Sent: Tuesday, December 06, 2011 12:18 PM
To: NT System Admin Issues
Subject: Question on Self Service Password change for Active Directory

I remember a while ago, that someone ( might have been Mr Lum) that discussed a 
third party product for an interface for password change/reset to cut down on 
calls to help desk ( was based on factors of authentication or answered known 
questions)

I think it was Rdirectory or something close,

Anyone have the 411 on it, or a link, my manager is asking about it.

Z

Edward E. Ziots, CISSP, Security +, Network +
Security Engineer
Lifespan Organization
email:ezi...@lifespan.org
phone:401-639-3505
[CISSP_logo]

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin
Information Technology Manager
Virginia Opera Association

E-Mail: sean.rec...@vaopera.org<mailto:sean.rec...@vaopera.org>
Phone:(757) 213-4548 (direct line)
{+}

Tickets and Subscriptions On Sale Now!
Aida | Hansel And Gretel | Orphée | The Mikado
Visit us online at www.VaOpera.org<http://www.vaopera.org/> or call 
1-866-OPERA-VA

Experience the Beauty, Power & Passion of Virginia Opera.



This e-mail and any attached files are confidential and intended solely for the 
intended recipient(s). Unless otherwise specified, persons unnamed as 
recipients may not read, distribute, copy or alter this e-mail. Any views or 
opinions expressed in this e-mail belong to the author and may not necessarily 
represent those of Virginia Opera. Although precautions have been taken to 
ensure no viruses are present, Virginia Opera cannot accept responsibility for 
any loss or damage that may arise from the use of this e-mail or attachments.

{*}

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbelt

Re: Question on Self Service Password change for Active Directory

[Jon Harris]

i would think "Keeping guys with guns, Tasers and axes happy is a good
thing" that is they are a little short of patience it would be a great
thing.

Jon


On Tue, Dec 6, 2011 at 5:59 PM, David Lum  wrote:

> “function fine, and was easy enough to use”
>
> And inexpensive. And easy for me to set up. Anything that does that at a
> client that has no local onsite IT six days out of seven is a win in my
> book, I get zero “Joe user forgot his password, please help” calls. This
> client has police (not shockingly, some are short tempered when it comes to
> IT stuff like not being able to recover quickly from forgetting their
> password) and part-time firefighters so it’s not an infrequent occurrence
> (happens in batches, actually).
>
> ** **
>
> Keeping guys with guns, Tasers and axes happy is a good thing J
>
> ** **
>
> I deployed it about 4 years ago so it’s likely identical to what you saw.
> It has also been 100% trouble free – haven’t touched it since the initial
> deployment, and I get notices every time they use it so I know they still
> do use it. A complete win for what I wanted from it at least.
>
> ** **
>
> Dave
>
> ** **
>
> ** **
>
> *From:* Kurt Buff [mailto:kurt.b...@gmail.com]
> *Sent:* Tuesday, December 06, 2011 1:31 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Question on Self Service Password change for Active
> Directory
>
> ** **
>
> Definitely IIS.
>
> We weren't that impressed by it about 5-6 years ago when we set it up, but
> it might have improved since then. By "not impressed" I mean basically that
> it just didn't offer much - it seemed to function fine, and was easy enough
> to use, but I didn't see the value in it.
>
> Of course, we only get perhaps 1 or 2 password reset requests per month
> from our roughly 250 staff in three countries.
>
> Kurt
>
> On Tue, Dec 6, 2011 at 12:50, David Lum  wrote:
>
> Namescape – makers of rDirectory.
>
>  
>
> www.namescape.com
>
>  
>
> Works well at my 55-user client for resetting and not needing me. Simple
> to set up and use, just sits on IIS (or Apache, I forget at the moment).**
> **
>
>  
>
> Dave
>
>  
>
> *From:* Ziots, Edward [mailto:ezi...@lifespan.org]
> *Sent:* Tuesday, December 06, 2011 12:18 PM
> *To:* NT System Admin Issues
> *Subject:* Question on Self Service Password change for Active Directory**
> **
>
>  
>
> I remember a while ago, that someone ( might have been Mr Lum) that
> discussed a third party product for an interface for password change/reset
> to cut down on calls to help desk ( was based on factors of authentication
> or answered known questions) 
>
>  
>
> I think it was Rdirectory or something close, 
>
>  
>
> Anyone have the 411 on it, or a link, my manager is asking about it. 
>
>  
>
> Z
>
>  
>
> Edward E. Ziots, CISSP, Security +, Network +
>
> Security Engineer
>
> Lifespan Organization
>
> email:ezi...@lifespan.org
>
> phone:401-639-3505 
>
> [image: CISSP_logo]
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: Question on Self Service Password change for Active Directory

[Kurt Buff]

Seems reasonable. Different use case for us, and it's withered on the vine.

I don't believe anyone here has used it in about three years. Part of our
expectation for the product was that it would help us provision users.
Unfortunately, several of our most important systems don't auth against AD,
so it didn't scale.

Kurt

On Tue, Dec 6, 2011 at 14:59, David Lum  wrote:

> “function fine, and was easy enough to use”
>
> And inexpensive. And easy for me to set up. Anything that does that at a
> client that has no local onsite IT six days out of seven is a win in my
> book, I get zero “Joe user forgot his password, please help” calls. This
> client has police (not shockingly, some are short tempered when it comes to
> IT stuff like not being able to recover quickly from forgetting their
> password) and part-time firefighters so it’s not an infrequent occurrence
> (happens in batches, actually).
>
> ** **
>
> Keeping guys with guns, Tasers and axes happy is a good thing J
>
> ** **
>
> I deployed it about 4 years ago so it’s likely identical to what you saw.
> It has also been 100% trouble free – haven’t touched it since the initial
> deployment, and I get notices every time they use it so I know they still
> do use it. A complete win for what I wanted from it at least.
>
> ** **
>
> Dave
>
> ** **
>
> ** **
>
> *From:* Kurt Buff [mailto:kurt.b...@gmail.com]
> *Sent:* Tuesday, December 06, 2011 1:31 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Question on Self Service Password change for Active
> Directory
>
> ** **
>
> Definitely IIS.
>
> We weren't that impressed by it about 5-6 years ago when we set it up, but
> it might have improved since then. By "not impressed" I mean basically that
> it just didn't offer much - it seemed to function fine, and was easy enough
> to use, but I didn't see the value in it.
>
> Of course, we only get perhaps 1 or 2 password reset requests per month
> from our roughly 250 staff in three countries.
>
> Kurt
>
> On Tue, Dec 6, 2011 at 12:50, David Lum  wrote:
>
> Namescape – makers of rDirectory.
>
>  
>
> www.namescape.com
>
>  
>
> Works well at my 55-user client for resetting and not needing me. Simple
> to set up and use, just sits on IIS (or Apache, I forget at the moment).**
> **
>
>  
>
> Dave
>
>  
>
> *From:* Ziots, Edward [mailto:ezi...@lifespan.org]
> *Sent:* Tuesday, December 06, 2011 12:18 PM
> *To:* NT System Admin Issues
> *Subject:* Question on Self Service Password change for Active Directory**
> **
>
>  
>
> I remember a while ago, that someone ( might have been Mr Lum) that
> discussed a third party product for an interface for password change/reset
> to cut down on calls to help desk ( was based on factors of authentication
> or answered known questions) 
>
>  
>
> I think it was Rdirectory or something close, 
>
>  
>
> Anyone have the 411 on it, or a link, my manager is asking about it. 
>
>  
>
> Z
>
>  
>
> Edward E. Ziots, CISSP, Security +, Network +
>
> Security Engineer
>
> Lifespan Organization
>
> email:ezi...@lifespan.org
>
> phone:401-639-3505 
>
> [image: CISSP_logo]
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: Question on Self Service Password change for Active Directory

[David Lum]

“function fine, and was easy enough to use”
And inexpensive. And easy for me to set up. Anything that does that at a client 
that has no local onsite IT six days out of seven is a win in my book, I get 
zero “Joe user forgot his password, please help” calls. This client has police 
(not shockingly, some are short tempered when it comes to IT stuff like not 
being able to recover quickly from forgetting their password) and part-time 
firefighters so it’s not an infrequent occurrence (happens in batches, 
actually).

Keeping guys with guns, Tasers and axes happy is a good thing ☺

I deployed it about 4 years ago so it’s likely identical to what you saw. It 
has also been 100% trouble free – haven’t touched it since the initial 
deployment, and I get notices every time they use it so I know they still do 
use it. A complete win for what I wanted from it at least.

Dave


From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Tuesday, December 06, 2011 1:31 PM
To: NT System Admin Issues
Subject: Re: Question on Self Service Password change for Active Directory

Definitely IIS.

We weren't that impressed by it about 5-6 years ago when we set it up, but it 
might have improved since then. By "not impressed" I mean basically that it 
just didn't offer much - it seemed to function fine, and was easy enough to 
use, but I didn't see the value in it.

Of course, we only get perhaps 1 or 2 password reset requests per month from 
our roughly 250 staff in three countries.

Kurt
On Tue, Dec 6, 2011 at 12:50, David Lum 
mailto:david@nwea.org>> wrote:
Namescape – makers of rDirectory.

www.namescape.com<http://www.namescape.com>

Works well at my 55-user client for resetting and not needing me. Simple to set 
up and use, just sits on IIS (or Apache, I forget at the moment).

Dave

From: Ziots, Edward [mailto:ezi...@lifespan.org<mailto:ezi...@lifespan.org>]
Sent: Tuesday, December 06, 2011 12:18 PM
To: NT System Admin Issues
Subject: Question on Self Service Password change for Active Directory

I remember a while ago, that someone ( might have been Mr Lum) that discussed a 
third party product for an interface for password change/reset to cut down on 
calls to help desk ( was based on factors of authentication or answered known 
questions)

I think it was Rdirectory or something close,

Anyone have the 411 on it, or a link, my manager is asking about it.

Z

Edward E. Ziots, CISSP, Security +, Network +
Security Engineer
Lifespan Organization
email:ezi...@lifespan.org<mailto:email%3aezi...@lifespan.org>
phone:401-639-3505
[cid:image001.jpg@01CCB426.7ADC5A00]

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
<>

RE: Question on Self Service Password change for Active Directory

[Michael B. Smith]

NetWrix also has a solution (and they might have a free version as well).

Ithicos Solutions (www.ithicos.com<http://www.ithicos.com>) also has Directory 
Password.

http://www.ithicos.com/active-directory-tools/self-service-password-reset/directory-password.aspx

Disclaimer: Ithicos is owned by another Exchange MVP and he's a good friend of 
mine.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Sean Rector [mailto:sean.rec...@vaopera.org]
Sent: Tuesday, December 06, 2011 5:13 PM
To: NT System Admin Issues
Subject: RE: Question on Self Service Password change for Active Directory

Another one to look at is ADSelfService Plus from ManageEngine.

Sean Rector, MCSE

From: David Lum [mailto:david@nwea.org]<mailto:[mailto:david@nwea.org]>
Sent: Tuesday, December 06, 2011 3:51 PM
To: NT System Admin Issues
Subject: RE: Question on Self Service Password change for Active Directory

Namescape - makers of rDirectory.

www.namescape.com<http://www.namescape.com>

Works well at my 55-user client for resetting and not needing me. Simple to set 
up and use, just sits on IIS (or Apache, I forget at the moment).

Dave

From: Ziots, Edward 
[mailto:ezi...@lifespan.org]<mailto:[mailto:ezi...@lifespan.org]>
Sent: Tuesday, December 06, 2011 12:18 PM
To: NT System Admin Issues
Subject: Question on Self Service Password change for Active Directory

I remember a while ago, that someone ( might have been Mr Lum) that discussed a 
third party product for an interface for password change/reset to cut down on 
calls to help desk ( was based on factors of authentication or answered known 
questions)

I think it was Rdirectory or something close,

Anyone have the 411 on it, or a link, my manager is asking about it.

Z

Edward E. Ziots, CISSP, Security +, Network +
Security Engineer
Lifespan Organization
email:ezi...@lifespan.org
phone:401-639-3505
[CISSP_logo]

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin
Information Technology Manager
Virginia Opera Association

E-Mail: sean.rec...@vaopera.org<mailto:sean.rec...@vaopera.org>
Phone:(757) 213-4548 (direct line)
{+}

Tickets and Subscriptions On Sale Now!
Aida | Hansel And Gretel | Orphée | The Mikado
Visit us online at www.VaOpera.org<http://www.vaopera.org/> or call 
1-866-OPERA-VA

Experience the Beauty, Power & Passion of Virginia Opera.



This e-mail and any attached files are confidential and intended solely for the 
intended recipient(s). Unless otherwise specified, persons unnamed as 
recipients may not read, distribute, copy or alter this e-mail. Any views or 
opinions expressed in this e-mail belong to the author and may not necessarily 
represent those of Virginia Opera. Although precautions have been taken to 
ensure no viruses are present, Virginia Opera cannot accept responsibility for 
any loss or damage that may arise from the use of this e-mail or attachments.

{*}

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: Question on Self Service Password change for Active Directory

[Sean Rector]

Another one to look at is ADSelfService Plus from ManageEngine.

 

Sean Rector, MCSE

 

From: David Lum [mailto:david@nwea.org] 
Sent: Tuesday, December 06, 2011 3:51 PM
To: NT System Admin Issues
Subject: RE: Question on Self Service Password change for Active
Directory

 

Namescape - makers of rDirectory.

 

www.namescape.com

 

Works well at my 55-user client for resetting and not needing me. Simple
to set up and use, just sits on IIS (or Apache, I forget at the moment).

 

Dave

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Tuesday, December 06, 2011 12:18 PM
To: NT System Admin Issues
Subject: Question on Self Service Password change for Active Directory

 

I remember a while ago, that someone ( might have been Mr Lum) that
discussed a third party product for an interface for password
change/reset to cut down on calls to help desk ( was based on factors of
authentication or answered known questions) 

 

I think it was Rdirectory or something close, 

 

Anyone have the 411 on it, or a link, my manager is asking about it. 

 

Z

 

Edward E. Ziots, CISSP, Security +, Network +

Security Engineer

Lifespan Organization

email:ezi...@lifespan.org

phone:401-639-3505 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


Information Technology Manager
Virginia Opera Association 
E-Mail:   sean.rec...@vaopera.org
Phone:(757) 213-4548 (direct line)
{+}
Tickets and Subscriptions On Sale Now!
Aida | Hansel And Gretel | Orph?e | The Mikado
Visit us online at www.VaOpera.org or call 1-866-OPERA-VA

Experience the Beauty, Power & Passion of Virginia Opera.

This e-mail and any attached files are confidential and intended solely for the 
intended recipient(s). Unless otherwise specified, persons unnamed as 
recipients may not read, distribute, copy or alter this e-mail. Any views or 
opinions expressed in this e-mail belong to the author and may not necessarily 
represent those of Virginia Opera. Although precautions have been taken to 
ensure no viruses are present, Virginia Opera cannot accept responsibility for 
any loss or damage that may arise from the use of this e-mail or attachments.
{*}
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: Question on Self Service Password change for Active Directory

[Kurt Buff]

Definitely IIS.

We weren't that impressed by it about 5-6 years ago when we set it up, but
it might have improved since then. By "not impressed" I mean basically that
it just didn't offer much - it seemed to function fine, and was easy enough
to use, but I didn't see the value in it.

Of course, we only get perhaps 1 or 2 password reset requests per month
from our roughly 250 staff in three countries.

Kurt

On Tue, Dec 6, 2011 at 12:50, David Lum  wrote:

> Namescape – makers of rDirectory.
>
> ** **
>
> www.namescape.com
>
> ** **
>
> Works well at my 55-user client for resetting and not needing me. Simple
> to set up and use, just sits on IIS (or Apache, I forget at the moment).**
> **
>
> ** **
>
> Dave
>
> ** **
>
> *From:* Ziots, Edward [mailto:ezi...@lifespan.org]
> *Sent:* Tuesday, December 06, 2011 12:18 PM
> *To:* NT System Admin Issues
> *Subject:* Question on Self Service Password change for Active Directory**
> **
>
> ** **
>
> I remember a while ago, that someone ( might have been Mr Lum) that
> discussed a third party product for an interface for password change/reset
> to cut down on calls to help desk ( was based on factors of authentication
> or answered known questions) 
>
> ** **
>
> I think it was Rdirectory or something close, 
>
> ** **
>
> Anyone have the 411 on it, or a link, my manager is asking about it. 
>
> ** **
>
> Z
>
> ** **
>
> Edward E. Ziots, CISSP, Security +, Network +
>
> Security Engineer
>
> Lifespan Organization
>
> email:ezi...@lifespan.org
>
> phone:401-639-3505 
>
> [image: CISSP_logo]
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: Question on Self Service Password change for Active Directory

[David Lum]

Namescape - makers of rDirectory.

www.namescape.com

Works well at my 55-user client for resetting and not needing me. Simple to set 
up and use, just sits on IIS (or Apache, I forget at the moment).

Dave

From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Tuesday, December 06, 2011 12:18 PM
To: NT System Admin Issues
Subject: Question on Self Service Password change for Active Directory

I remember a while ago, that someone ( might have been Mr Lum) that discussed a 
third party product for an interface for password change/reset to cut down on 
calls to help desk ( was based on factors of authentication or answered known 
questions)

I think it was Rdirectory or something close,

Anyone have the 411 on it, or a link, my manager is asking about it.

Z

Edward E. Ziots, CISSP, Security +, Network +
Security Engineer
Lifespan Organization
email:ezi...@lifespan.org
phone:401-639-3505
[cid:image001.jpg@01CCB415.B14258D0]

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: Question on ESX VM issue, NEED HELP

[Ziots, Edward]

Here was the solution in our case, pretty darn obsecure. 

 

http://support.microsoft.com/kb/870910

 

Basically when I compared with a known good system after doing a netsh
int ip reset command that the IPSEC policies key was not on the system
in question but was on the system that was known good. So the regsvr32
command took care of re-registering the default ipsec policy and things
came up as expected. 

 

Look for event ID 4292  with Source IPSEC accordingly. 

 

I think between the patching and an issue with the VMTools not updating
correctly, that was the issue that caused the Registry to go funky. That
coupled with WinPcap from a installation of Wireshark ( which was
already on the machine) 

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Security Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

 

From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Monday, August 15, 2011 2:26 PM
To: NT System Admin Issues
Subject: RE: Question on ESX VM issue, NEED HELP

 

Have you seen this issue referred to anywhere else? Pr know which patch
#?

 

Thanks for the heads up...

 

-sc

 

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Monday, August 15, 2011 2:22 PM
To: NT System Admin Issues
Subject: RE: Question on ESX VM issue, NEED HELP

 

Ms Patches I rolled them all back, I did take care of the Show_Dev_non
connections=1 thing, and deleted that NIC, but still having issues
getting anything routable. 

 

Might be rebuild and restore time back to last known good backup. Jeeze,


 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Security Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

 

From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Monday, August 15, 2011 2:00 PM
To: NT System Admin Issues
Subject: RE: Question on ESX VM issue, NEED HELP

 

MS patches, or VMWare patches?

 

-sc

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Monday, August 15, 2011 1:55 PM
To: NT System Admin Issues
Subject: Question on ESX VM issue, NEED HELP

 

Has anyone seen an issue with this months patches causing the TCP/IP
Stack on Windows 2003 to blow up? 

 

I have already did the following. 

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd
=displayKC&externalId=1014169

 

I have even uninstall and rebooted and reinstalled the Virtual NIC and
upgraded the VM tools and I get the following issue. 

 

I can assign the IP address of the physical system. 

I can ping 127.0.0.1 and the address. 

I can't ping the gateway   its set correctly, 255.255.255.128 and the
gateway is .129 which is also correct, also the VLAN ID for the NIC is
correct accordingly. 

 

Change the IP address on that VLAN segment same issue so I knows its
going down the stack issue. 

 

Any ideas? 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Security Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505



 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<><>

RE: Question on ESX VM issue, NEED HELP

[Kelsey, John]

I had a similar issue during a migration.  It had to do with the way we had the 
NICs trunked up to our Cisco switch.  I had to change the vswitch to 'Route 
based on IP hash'.  Something to check anyway.  Machines would work fine until 
a reboot, then I had to do all kinds of messing around with the IP stack to get 
it to reconnect.

-John Kelsey

From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Monday, August 15, 2011 1:55 PM
To: NT System Admin Issues
Subject: Question on ESX VM issue, NEED HELP

Has anyone seen an issue with this months patches causing the TCP/IP Stack on 
Windows 2003 to blow up?

I have already did the following.
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1014169

I have even uninstall and rebooted and reinstalled the Virtual NIC and upgraded 
the VM tools and I get the following issue.

I can assign the IP address of the physical system.
I can ping 127.0.0.1 and the address.
I can't ping the gateway   its set correctly, 255.255.255.128 and the gateway 
is .129 which is also correct, also the VLAN ID for the NIC is correct 
accordingly.

Change the IP address on that VLAN segment same issue so I knows its going down 
the stack issue.

Any ideas?
Z

Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505
[cid:image001.jpg@01CC5B5C.86AD87A0]


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

This email and any attached files are confidential and intended solely for the 
intended recipient(s). If you are not the named recipient you should not read, 
distribute, copy or alter this email. Any views or opinions expressed in this 
email are those of the author and do not represent those of the company. 
Warning: Although precautions have been taken to make sure no viruses are 
present in this email, the company cannot accept responsibility for any loss or 
damage that arise from the use of this email or attachments.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: Question on ESX VM issue, NEED HELP

[Steven M. Caesare]

Have you seen this issue referred to anywhere else? Pr know which patch
#?

 

Thanks for the heads up...

 

-sc

 

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Monday, August 15, 2011 2:22 PM
To: NT System Admin Issues
Subject: RE: Question on ESX VM issue, NEED HELP

 

Ms Patches I rolled them all back, I did take care of the Show_Dev_non
connections=1 thing, and deleted that NIC, but still having issues
getting anything routable. 

 

Might be rebuild and restore time back to last known good backup. Jeeze,


 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Security Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

 

From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Monday, August 15, 2011 2:00 PM
To: NT System Admin Issues
Subject: RE: Question on ESX VM issue, NEED HELP

 

MS patches, or VMWare patches?

 

-sc

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Monday, August 15, 2011 1:55 PM
To: NT System Admin Issues
Subject: Question on ESX VM issue, NEED HELP

 

Has anyone seen an issue with this months patches causing the TCP/IP
Stack on Windows 2003 to blow up? 

 

I have already did the following. 

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd
=displayKC&externalId=1014169

 

I have even uninstall and rebooted and reinstalled the Virtual NIC and
upgraded the VM tools and I get the following issue. 

 

I can assign the IP address of the physical system. 

I can ping 127.0.0.1 and the address. 

I can't ping the gateway   its set correctly, 255.255.255.128 and the
gateway is .129 which is also correct, also the VLAN ID for the NIC is
correct accordingly. 

 

Change the IP address on that VLAN segment same issue so I knows its
going down the stack issue. 

 

Any ideas? 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Security Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505



 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: Question on ESX VM issue, NEED HELP

[Ziots, Edward]

Ms Patches I rolled them all back, I did take care of the Show_Dev_non
connections=1 thing, and deleted that NIC, but still having issues
getting anything routable. 

 

Might be rebuild and restore time back to last known good backup. Jeeze,


 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Security Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

 

From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Monday, August 15, 2011 2:00 PM
To: NT System Admin Issues
Subject: RE: Question on ESX VM issue, NEED HELP

 

MS patches, or VMWare patches?

 

-sc

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Monday, August 15, 2011 1:55 PM
To: NT System Admin Issues
Subject: Question on ESX VM issue, NEED HELP

 

Has anyone seen an issue with this months patches causing the TCP/IP
Stack on Windows 2003 to blow up? 

 

I have already did the following. 

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd
=displayKC&externalId=1014169

 

I have even uninstall and rebooted and reinstalled the Virtual NIC and
upgraded the VM tools and I get the following issue. 

 

I can assign the IP address of the physical system. 

I can ping 127.0.0.1 and the address. 

I can't ping the gateway   its set correctly, 255.255.255.128 and the
gateway is .129 which is also correct, also the VLAN ID for the NIC is
correct accordingly. 

 

Change the IP address on that VLAN segment same issue so I knows its
going down the stack issue. 

 

Any ideas? 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Security Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<><>

RE: Question on ESX VM issue, NEED HELP

[Steven M. Caesare]

MS patches, or VMWare patches?

 

-sc

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Monday, August 15, 2011 1:55 PM
To: NT System Admin Issues
Subject: Question on ESX VM issue, NEED HELP

 

Has anyone seen an issue with this months patches causing the TCP/IP
Stack on Windows 2003 to blow up? 

 

I have already did the following. 

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd
=displayKC&externalId=1014169

 

I have even uninstall and rebooted and reinstalled the Virtual NIC and
upgraded the VM tools and I get the following issue. 

 

I can assign the IP address of the physical system. 

I can ping 127.0.0.1 and the address. 

I can't ping the gateway   its set correctly, 255.255.255.128 and the
gateway is .129 which is also correct, also the VLAN ID for the NIC is
correct accordingly. 

 

Change the IP address on that VLAN segment same issue so I knows its
going down the stack issue. 

 

Any ideas? 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Security Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: question about OEM Windows License Keys

[Mike Gill]

Any OEM media will work, even generic OEM media from Newegg.

 

--

Mike

 

From: Jimmy Tran [mailto:jt...@teachtci.com] 
Sent: Friday, July 08, 2011 11:23 AM
To: NT System Admin Issues
Subject: RE: question about OEM Windows License Keys

 

Ok, good enough.  I'll just wait for the cd's from Dell.  Thanks for
clarifying that OEM key requires OEM media.

 

Jimmy

 

 

From: Tammy Stewart [mailto:copper...@personainternet.com] 
Sent: Friday, July 08, 2011 11:17 AM
To: NT System Admin Issues
Subject: RE: question about OEM Windows License Keys

 

I had a machine a couple years ago Jimmy, Dell as well.

Customer did not have the recovery CDs & the machine needed a new hard
drive.

I just called Dell, provided them with the model, serial, customer info etc
& asked for a recovery CD set.

Took me a couple attempts as the person who I talked to obviously did not
put my request and such on record so delivery never happened.

However after a few attempts - finally got the CDs. No charge even though
warranty was up.

Install went w/o a hitch.

I figure they must have a recovery CD set for your make/model available.

In my case they did not charge for the CDs but if they do charge now I can't
see it being that expensive for the customer.

 

Cheers

 

Tammy

 

  _  

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Friday, July 08, 2011 1:43 PM
To: NT System Admin Issues
Subject: RE: question about OEM Windows License Keys

 

So far all you've told us is that you have an OEM key, not a retail key.

So having an OEM key means there is no point in downloading or trying to use
retail media from any source.

If you have an OEM media from another machine it *may* work with your Dell
OEM key.

 

From: Jimmy Tran [mailto:jt...@teachtci.com] 
Sent: Friday, July 08, 2011 1:16 PM
To: NT System Admin Issues
Subject: RE: question about OEM Windows License Keys

 

Ok, with that being said, is there a way to download retail media from MS if
I already have a key?

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Friday, July 08, 2011 10:11 AM
To: NT System Admin Issues
Subject: RE: question about OEM Windows License Keys

 

OEM media requires OEM key.

Retail media requires Retail key.

Etc.

 

And I wouldn't trust any downloaded media unless it came directly from MS.

 

Carl

 

From: Jimmy Tran [mailto:jt...@teachtci.com] 
Sent: Friday, July 08, 2011 1:06 PM
To: NT System Admin Issues
Subject: question about OEM Windows License Keys

 

So I have a Dell XPS laptop that needs the Vista reinstalled.  The original
OS version is Vista Home Premium.  Since I don't have the OEM install disc
from Dell, I decided to download a Vista Retail ISO (I think it was retail)
So I ran the installer and it comes to the license key window.  I put in the
key from the COA label under the laptop but it doesn't like the key.  

 

So my real question is, does the OEM key on the Microsoft COA label work
with any media type as long as it is not Volume Licensing Media and same OS
version?  Any clarification would be awesome!

 

 

Thanks,

Jimmy

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: question about OEM Windows License Keys

[John Aldrich]

I was pleasantly surprised awhile back that HP did not charge for OEM
restore disks. Had a PC that came as part of a "machine" for making carpet
samples and we needed to reformat and reinstall due to some glitches in the
software we used on the machine and we had no restore CDs. I did like you
did and copied down the serial # and called HP. They sent me the restore
disks free of charge.



From: Tammy Stewart [mailto:copper...@personainternet.com] 
Sent: Friday, July 08, 2011 2:17 PM
To: NT System Admin Issues
Subject: RE: question about OEM Windows License Keys

I had a machine a couple years ago Jimmy, Dell as well.
Customer did not have the recovery CDs & the machine needed a new hard
drive.
I just called Dell, provided them with the model, serial, customer info etc
& asked for a recovery CD set.
Took me a couple attempts as the person who I talked to obviously did not
put my request and such on record so delivery never happened.
However after a few attempts – finally got the CDs. No charge even though
warranty was up.
Install went w/o a hitch.
I figure they must have a recovery CD set for your make/model available.
In my case they did not charge for the CDs but if they do charge now I can’t
see it being that expensive for the customer.

Cheers

Tammy


From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Friday, July 08, 2011 1:43 PM
To: NT System Admin Issues
Subject: RE: question about OEM Windows License Keys

So far all you've told us is that you have an OEM key, not a retail key.
So having an OEM key means there is no point in downloading or trying to use
retail media from any source.
If you have an OEM media from another machine it *may* work with your Dell
OEM key.

From: Jimmy Tran [mailto:jt...@teachtci.com] 
Sent: Friday, July 08, 2011 1:16 PM
To: NT System Admin Issues
Subject: RE: question about OEM Windows License Keys

Ok, with that being said, is there a way to download retail media from MS if
I already have a key?

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Friday, July 08, 2011 10:11 AM
To: NT System Admin Issues
Subject: RE: question about OEM Windows License Keys

OEM media requires OEM key.
Retail media requires Retail key.
Etc.

And I wouldn't trust any downloaded media unless it came directly from MS.

Carl

From: Jimmy Tran [mailto:jt...@teachtci.com] 
Sent: Friday, July 08, 2011 1:06 PM
To: NT System Admin Issues
Subject: question about OEM Windows License Keys

So I have a Dell XPS laptop that needs the Vista reinstalled.  The original
OS version is Vista Home Premium.  Since I don’t have the OEM install disc
from Dell, I decided to download a Vista Retail ISO (I think it was retail) 
So I ran the installer and it comes to the license key window.  I put in the
key from the COA label under the laptop but it doesn’t like the key.  

So my real question is, does the OEM key on the Microsoft COA label work
with any media type as long as it is not Volume Licensing Media and same OS
version?  Any clarification would be awesome!


Thanks,

Jimmy
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: question about OEM Windows License Keys

[Jimmy Tran]

Ok, good enough.  I'll just wait for the cd's from Dell.  Thanks for
clarifying that OEM key requires OEM media.

 

Jimmy

 

 

From: Tammy Stewart [mailto:copper...@personainternet.com] 
Sent: Friday, July 08, 2011 11:17 AM
To: NT System Admin Issues
Subject: RE: question about OEM Windows License Keys

 

I had a machine a couple years ago Jimmy, Dell as well.

Customer did not have the recovery CDs & the machine needed a new hard
drive.

I just called Dell, provided them with the model, serial, customer info
etc & asked for a recovery CD set.

Took me a couple attempts as the person who I talked to obviously did
not put my request and such on record so delivery never happened.

However after a few attempts - finally got the CDs. No charge even
though warranty was up.

Install went w/o a hitch.

I figure they must have a recovery CD set for your make/model available.

In my case they did not charge for the CDs but if they do charge now I
can't see it being that expensive for the customer.

 

Cheers

 

Tammy

 



From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Friday, July 08, 2011 1:43 PM
To: NT System Admin Issues
Subject: RE: question about OEM Windows License Keys

 

So far all you've told us is that you have an OEM key, not a retail key.

So having an OEM key means there is no point in downloading or trying to
use retail media from any source.

If you have an OEM media from another machine it *may* work with your
Dell OEM key.

 

From: Jimmy Tran [mailto:jt...@teachtci.com] 
Sent: Friday, July 08, 2011 1:16 PM
To: NT System Admin Issues
Subject: RE: question about OEM Windows License Keys

 

Ok, with that being said, is there a way to download retail media from
MS if I already have a key?

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Friday, July 08, 2011 10:11 AM
To: NT System Admin Issues
Subject: RE: question about OEM Windows License Keys

 

OEM media requires OEM key.

Retail media requires Retail key.

Etc.

 

And I wouldn't trust any downloaded media unless it came directly from
MS.

 

Carl

 

From: Jimmy Tran [mailto:jt...@teachtci.com] 
Sent: Friday, July 08, 2011 1:06 PM
To: NT System Admin Issues
Subject: question about OEM Windows License Keys

 

So I have a Dell XPS laptop that needs the Vista reinstalled.  The
original OS version is Vista Home Premium.  Since I don't have the OEM
install disc from Dell, I decided to download a Vista Retail ISO (I
think it was retail)  So I ran the installer and it comes to the license
key window.  I put in the key from the COA label under the laptop but it
doesn't like the key.  

 

So my real question is, does the OEM key on the Microsoft COA label work
with any media type as long as it is not Volume Licensing Media and same
OS version?  Any clarification would be awesome!

 

 

Thanks,

Jimmy

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: question about OEM Windows License Keys

[Tammy Stewart]

I had a machine a couple years ago Jimmy, Dell as well.

Customer did not have the recovery CDs & the machine needed a new hard
drive.

I just called Dell, provided them with the model, serial, customer info etc
& asked for a recovery CD set.

Took me a couple attempts as the person who I talked to obviously did not
put my request and such on record so delivery never happened.

However after a few attempts - finally got the CDs. No charge even though
warranty was up.

Install went w/o a hitch.

I figure they must have a recovery CD set for your make/model available.

In my case they did not charge for the CDs but if they do charge now I can't
see it being that expensive for the customer.

 

Cheers

 

Tammy

 

  _  

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Friday, July 08, 2011 1:43 PM
To: NT System Admin Issues
Subject: RE: question about OEM Windows License Keys

 

So far all you've told us is that you have an OEM key, not a retail key.

So having an OEM key means there is no point in downloading or trying to use
retail media from any source.

If you have an OEM media from another machine it *may* work with your Dell
OEM key.

 

From: Jimmy Tran [mailto:jt...@teachtci.com] 
Sent: Friday, July 08, 2011 1:16 PM
To: NT System Admin Issues
Subject: RE: question about OEM Windows License Keys

 

Ok, with that being said, is there a way to download retail media from MS if
I already have a key?

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Friday, July 08, 2011 10:11 AM
To: NT System Admin Issues
Subject: RE: question about OEM Windows License Keys

 

OEM media requires OEM key.

Retail media requires Retail key.

Etc.

 

And I wouldn't trust any downloaded media unless it came directly from MS.

 

Carl

 

From: Jimmy Tran [mailto:jt...@teachtci.com] 
Sent: Friday, July 08, 2011 1:06 PM
To: NT System Admin Issues
Subject: question about OEM Windows License Keys

 

So I have a Dell XPS laptop that needs the Vista reinstalled.  The original
OS version is Vista Home Premium.  Since I don't have the OEM install disc
from Dell, I decided to download a Vista Retail ISO (I think it was retail)
So I ran the installer and it comes to the license key window.  I put in the
key from the COA label under the laptop but it doesn't like the key.  

 

So my real question is, does the OEM key on the Microsoft COA label work
with any media type as long as it is not Volume Licensing Media and same OS
version?  Any clarification would be awesome!

 

 

Thanks,

Jimmy

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: question about OEM Windows License Keys

[Carl Houseman]

So far all you've told us is that you have an OEM key, not a retail key.

So having an OEM key means there is no point in downloading or trying to use
retail media from any source.

If you have an OEM media from another machine it *may* work with your Dell
OEM key.

 

From: Jimmy Tran [mailto:jt...@teachtci.com] 
Sent: Friday, July 08, 2011 1:16 PM
To: NT System Admin Issues
Subject: RE: question about OEM Windows License Keys

 

Ok, with that being said, is there a way to download retail media from MS if
I already have a key?

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Friday, July 08, 2011 10:11 AM
To: NT System Admin Issues
Subject: RE: question about OEM Windows License Keys

 

OEM media requires OEM key.

Retail media requires Retail key.

Etc.

 

And I wouldn't trust any downloaded media unless it came directly from MS.

 

Carl

 

From: Jimmy Tran [mailto:jt...@teachtci.com] 
Sent: Friday, July 08, 2011 1:06 PM
To: NT System Admin Issues
Subject: question about OEM Windows License Keys

 

So I have a Dell XPS laptop that needs the Vista reinstalled.  The original
OS version is Vista Home Premium.  Since I don't have the OEM install disc
from Dell, I decided to download a Vista Retail ISO (I think it was retail)
So I ran the installer and it comes to the license key window.  I put in the
key from the COA label under the laptop but it doesn't like the key.  

 

So my real question is, does the OEM key on the Microsoft COA label work
with any media type as long as it is not Volume Licensing Media and same OS
version?  Any clarification would be awesome!

 

 

Thanks,

Jimmy


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: question about OEM Windows License Keys

[Jimmy Tran]

Dell is going to take about 2-3 business days to get the CD which is
what I ended up doing.

-Original Message-
From: Candee [mailto:can...@gmail.com] 
Sent: Friday, July 08, 2011 10:15 AM
To: NT System Admin Issues
Subject: Re: question about OEM Windows License Keys

Why not call DELL and get the reinstall disk? License numbers are
version specific

On 7/8/11, Jimmy Tran  wrote:
> So I have a Dell XPS laptop that needs the Vista reinstalled.  The
> original OS version is Vista Home Premium.  Since I don't have the OEM
> install disc from Dell, I decided to download a Vista Retail ISO (I
> think it was retail).  So I ran the installer and it comes to the
> license key window.  I put in the key from the COA label under the
> laptop but it doesn't like the key.
>
>
>
> So my real question is, does the OEM key on the Microsoft COA label
work
> with any media type as long as it is not Volume Licensing Media and
same
> OS version?  Any clarification would be awesome!
>
>
>
>
>
> Thanks,
>
> Jimmy
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

-- 
Sent from my mobile device

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: question about OEM Windows License Keys

[Jimmy Tran]

Ok, with that being said, is there a way to download retail media from
MS if I already have a key?

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Friday, July 08, 2011 10:11 AM
To: NT System Admin Issues
Subject: RE: question about OEM Windows License Keys

 

OEM media requires OEM key.

Retail media requires Retail key.

Etc.

 

And I wouldn't trust any downloaded media unless it came directly from
MS.

 

Carl

 

From: Jimmy Tran [mailto:jt...@teachtci.com] 
Sent: Friday, July 08, 2011 1:06 PM
To: NT System Admin Issues
Subject: question about OEM Windows License Keys

 

So I have a Dell XPS laptop that needs the Vista reinstalled.  The
original OS version is Vista Home Premium.  Since I don't have the OEM
install disc from Dell, I decided to download a Vista Retail ISO (I
think it was retail)  So I ran the installer and it comes to the license
key window.  I put in the key from the COA label under the laptop but it
doesn't like the key.  

 

So my real question is, does the OEM key on the Microsoft COA label work
with any media type as long as it is not Volume Licensing Media and same
OS version?  Any clarification would be awesome!

 

 

Thanks,

Jimmy

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: question about OEM Windows License Keys

[Candee]

Why not call DELL and get the reinstall disk? License numbers are
version specific

On 7/8/11, Jimmy Tran  wrote:
> So I have a Dell XPS laptop that needs the Vista reinstalled.  The
> original OS version is Vista Home Premium.  Since I don't have the OEM
> install disc from Dell, I decided to download a Vista Retail ISO (I
> think it was retail).  So I ran the installer and it comes to the
> license key window.  I put in the key from the COA label under the
> laptop but it doesn't like the key.
>
>
>
> So my real question is, does the OEM key on the Microsoft COA label work
> with any media type as long as it is not Volume Licensing Media and same
> OS version?  Any clarification would be awesome!
>
>
>
>
>
> Thanks,
>
> Jimmy
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

-- 
Sent from my mobile device

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: question about OEM Windows License Keys

[Carl Houseman]

OEM media requires OEM key.

Retail media requires Retail key.

Etc.

 

And I wouldn't trust any downloaded media unless it came directly from MS.

 

Carl

 

From: Jimmy Tran [mailto:jt...@teachtci.com] 
Sent: Friday, July 08, 2011 1:06 PM
To: NT System Admin Issues
Subject: question about OEM Windows License Keys

 

So I have a Dell XPS laptop that needs the Vista reinstalled.  The original
OS version is Vista Home Premium.  Since I don't have the OEM install disc
from Dell, I decided to download a Vista Retail ISO (I think it was retail).
So I ran the installer and it comes to the license key window.  I put in the
key from the COA label under the laptop but it doesn't like the key.  

 

So my real question is, does the OEM key on the Microsoft COA label work
with any media type as long as it is not Volume Licensing Media and same OS
version?  Any clarification would be awesome!

 

 

Thanks,

Jimmy


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Question on PCI compliance

[Gordon Stewart]

Data Sentinel is no longer available, as it's been replaced by Verisys (same 
price, better functionality). We just upgraded our existing Data Sentinel 
instances and added a few new Verisys ones. We're monitoring 12 servers, and 
Tripwire just made *no* sense from a financial or technical standpoint - they 
wanted some crazy money, and unless you're monitoring 100+ servers, and you do 
'hardcore' change management with a whole department dedicated to it, it's 
complete overkill and I'd just forget about it.

There's more on Ionx Verisys here http://www.ionx.co.uk, and there's another 
list of file integrity monitoring tools here too:
http://www.securitywizardry.com/index.php/products/ids-and-ips/file-integrity-checkers.html

/G
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Question on PCI compliance

[Mark Robinson]

Data Sentinel does it for us, but there are other cheap alternatives.
If you do not store any credit card info at all, then you don't need to
be as stringent as other merchants who do.

 

I agree with Erik.  Initially we were a level 1 when we did store cc
details on our LAN, but now that we don't, although we still need to be
stringent and have clear policies, procedures and tools in place for
automated (or manual) monitoring of system files and logs, we do not
need to be as hot on it as we were (although we still maintain the
original standard).  The advice I received from Security Metrics when I
went through this was that "each network is different and you need to
find a solution to suit your own environment and your level of
processing."  Helpful and unhelpful at the same time.  Independent
assessors will not give you specific pieces of advice or recommend
specific products (in my experience anyway) so you have to do what you
think is right based on your own situation.  You know yourself if you
don't think a piece of software is quite up to the job or the procedure
isn't quite right so you just have to cover all bases until you are
happy...

 

 

 

From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: 19 May 2011 13:31
To: NT System Admin Issues
Subject: RE: Question on PCI compliance

 

"However, you need a more clear concept of "expensive"..."

 

Depends on your budget/revenue, but then again, if you're a level 1
merchant you need to make the most stringent efforts, if you're down at
level 4 as a small business with transaction volume towards the bottom
of the chart, there can be many 'compensating' controls and mitigating
factors that allow less spendy options as reasonable effort.

 

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] 
Sent: Thursday, May 19, 2011 7:37 AM
To: NT System Admin Issues
Subject: Re: Question on PCI compliance

 


I'll be watching this thread because we're in a similar situation. 

However, you need a more clear concept of "expensive"... 

Tripwire may cost a lot of money. 

Fines, higher processing fees, or being denied the right to accept
credit card payements - now THAT's expensive! 
-- 
richard 



Greg Olson  

05/18/2011 04:01 PM 

Please respond to
"NT System Admin Issues" 

To

"NT System Admin Issues"  
 Press this button if the "To" is a fax number. Enter in the fax number
like 123-456-7890. 

cc


Subject

Question on PCI compliance

 






Hi all, 
I have a quick question on pci compliance and how you guys\gals are
handling it for servers you have that take credit card data? 
We have a small amount of servers that basically host the web code to
take cc info and its then passed on directly to the processor. Nothing
stays on the server at any time, but we would like to be able to pass a
pci audit on these servers which requires that we have "automated"
software that monitors and detects changes in the log files, and
software that monitors key files (windows directories, and our app
directories) for any changes and sends out an alert.  
We're looking at Tripwire product, but they seem pretty expensive for
the small amount of servers we're talking about.  
Any thoughts? 
  
Thanks in advance.  
-Greg  
  

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


IMPORTANT INFORMATION
   
Internet communications are not secure and therefore CIPS does not accept legal 
responsibility for the contents of any e-mail message sent via this medium. The 
content of any e-mail communication is the view of the individual and CIPS does 
not accept legal liability for the contents. Although this message and any 
attachments are believed to be free of virus or other defect that might affect 
any computer system into which it is re

RE: Question on PCI compliance

[Erik Goldoff]

“However, you need a more clear concept of "expensive"...”

 

Depends on your budget/revenue, but then again, if you’re a level 1 merchant
you need to make the most stringent efforts, if you’re down at level 4 as a
small business with transaction volume towards the bottom of the chart,
there can be many ‘compensating’ controls and mitigating factors that allow
less spendy options as reasonable effort.

 

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] 
Sent: Thursday, May 19, 2011 7:37 AM
To: NT System Admin Issues
Subject: Re: Question on PCI compliance

 


I'll be watching this thread because we're in a similar situation. 

However, you need a more clear concept of "expensive"... 

Tripwire may cost a lot of money. 

Fines, higher processing fees, or being denied the right to accept credit
card payements - now THAT's expensive! 
-- 
richard 





Greg Olson  

05/18/2011 04:01 PM 


Please respond to
"NT System Admin Issues" 


To

"NT System Admin Issues"  
 Press this button if the "To" is a fax number. Enter in the fax number like
123-456-7890. 


cc



Subject

Question on PCI compliance

 






Hi all, 
I have a quick question on pci compliance and how you guys\gals are handling
it for servers you have that take credit card data? 
We have a small amount of servers that basically host the web code to take
cc info and its then passed on directly to the processor. Nothing stays on
the server at any time, but we would like to be able to pass a pci audit on
these servers which requires that we have "automated" software that monitors
and detects changes in the log files, and software that monitors key files
(windows directories, and our app directories) for any changes and sends out
an alert.  
We're looking at Tripwire product, but they seem pretty expensive for the
small amount of servers we're talking about.  
Any thoughts? 
  
Thanks in advance.  
-Greg  
  

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Question on PCI compliance

[RichardMcClary]

I'll be watching this thread because we're in a similar situation.

However, you need a more clear concept of "expensive"...

Tripwire may cost a lot of money.

Fines, higher processing fees, or being denied the right to accept credit 
card payements - now THAT's expensive!
--
richard




Greg Olson  
05/18/2011 04:01 PM
Please respond to
"NT System Admin Issues" 


To
"NT System Admin Issues" 
 Press this button if the "To" is a fax number. Enter in the fax number 
like 123-456-7890.
cc

Subject
Question on PCI compliance






Hi all, 
I have a quick question on pci compliance and how you guys\gals are 
handling it for servers you have that take credit card data?
We have a small amount of servers that basically host the web code to take 
cc info and its then passed on directly to the processor. Nothing stays on 
the server at any time, but we would like to be able to pass a pci audit 
on these servers which requires that we have "automated" software that 
monitors and detects changes in the log files, and software that monitors 
key files (windows directories, and our app directories) for any changes 
and sends out an alert. 
We're looking at Tripwire product, but they seem pretty expensive for the 
small amount of servers we're talking about. 
Any thoughts?
 
Thanks in advance. 
-Greg 
 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Question on PCI compliance

[Level 5 Lists]

you used to be able to still find it if you hit ftp.gfi.com<ftp://ftp.gfi.com> 
we still use the system integrity monitor, along with a couple of their other 
tools now for pci compliance (event log monitor, languard).



From: Erik Goldoff [mailto:egold...@gmail.com]
Sent: Wednesday, May 18, 2011 10:38 PM
To: NT System Admin Issues
Subject: RE: Question on PCI compliance

GFI used to have a free/inexpensive SIM software ( System Integrity Monitor ) 
but don't think that's available anymore.  But if you Google for 'system 
integrity monitor free' you'll get a few hits on software you can test to see 
if it meets your needs.  You'll also need to have the web server hardened ( 
what version OS, what version IIS ??) and verification that you only collect 
card numbers under SSL connection, and that you only transmit them on to the 
processor also via secure channel ( ssl, ipsec, etc )

Hit me up offline if you don't find what you need.  I've brought a couple SMB 
retail organizations into PCI compliance and presented some lectures, webinars, 
and workshops on PCI compliance so I've got a sense of what can be done within 
budget.

Erik Goldoff
IT  Consultant
Systems, Networks, & Security
'  Security is an ongoing process, not a one time event ! '
From: Greg Olson [mailto:olson.g...@gmail.com]
Sent: Wednesday, May 18, 2011 5:01 PM
To: NT System Admin Issues
Subject: Question on PCI compliance

Hi all,
I have a quick question on pci compliance and how you guys\gals are handling it 
for servers you have that take credit card data?
We have a small amount of servers that basically host the web code to take cc 
info and its then passed on directly to the processor. Nothing stays on the 
server at any time, but we would like to be able to pass a pci audit on these 
servers which requires that we have "automated" software that monitors and 
detects changes in the log files, and software that monitors key files (windows 
directories, and our app directories) for any changes and sends out an alert.
We're looking at Tripwire product, but they seem pretty expensive for the small 
amount of servers we're talking about.
Any thoughts?

Thanks in advance.
-Greg


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Question on PCI compliance

[Erik Goldoff]

GFI used to have a free/inexpensive SIM software ( System Integrity Monitor
) but don’t think that’s available anymore.  But if you Google for ‘system
integrity monitor free’ you’ll get a few hits on software you can test to
see if it meets your needs.  You’ll also need to have the web server
hardened ( what version OS, what version IIS ??) and verification that you
only collect card numbers under SSL connection, and that you only transmit
them on to the processor also via secure channel ( ssl, ipsec, etc )

 

Hit me up offline if you don’t find what you need.  I’ve brought a couple
SMB retail organizations into PCI compliance and presented some lectures,
webinars, and workshops on PCI compliance so I’ve got a sense of what can be
done within budget.

 

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: Greg Olson [mailto:olson.g...@gmail.com] 
Sent: Wednesday, May 18, 2011 5:01 PM
To: NT System Admin Issues
Subject: Question on PCI compliance

 

Hi all, 

I have a quick question on pci compliance and how you guys\gals are handling
it for servers you have that take credit card data?

We have a small amount of servers that basically host the web code to take
cc info and its then passed on directly to the processor. Nothing stays on
the server at any time, but we would like to be able to pass a pci audit on
these servers which requires that we have "automated" software that monitors
and detects changes in the log files, and software that monitors key files
(windows directories, and our app directories) for any changes and sends out
an alert. 

We're looking at Tripwire product, but they seem pretty expensive for the
small amount of servers we're talking about. 

Any thoughts?

 

Thanks in advance. 

-Greg 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Question on PCI compliance

[Andrew S. Baker]

There are alternatives to TripWire, of course...

   - Verisys - http://www.ionx.co.uk/
   - CimTrak - http://www.cimcor.com/cimtrak-home
   - Various -
   http://www.windowsecurity.com/software/file-integrity-checkers/


It's going to cost something, but it is a worthy investment if you need to
be PCI compliant, or have other similar sensitive data to protect.



*ASB *(Professional Bio )
 *Harnessing the Advantages of Technology for the SMB market...

 *



On Wed, May 18, 2011 at 5:00 PM, Greg Olson  wrote:

>  Hi all,
>  I have a quick question on pci compliance and how you guys\gals are
> handling it for servers you have that take credit card data?
> We have a small amount of servers that basically host the web code to take
> cc info and its then passed on directly to the processor. Nothing stays on
> the server at any time, but we would like to be able to pass a pci audit on
> these servers which requires that we have "automated" software that monitors
> and detects changes in the log files, and software that monitors key files
> (windows directories, and our app directories) for any changes and sends out
> an alert.
> We're looking at Tripwire product, but they seem pretty expensive for the
> small amount of servers we're talking about.
> Any thoughts?
>
> Thanks in advance.
> -Greg
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Question on DFS roots in Windows 2008

[Christopher Bodnar]

I would suggest some reading if you haven't done so already. Specifically 
this document:


http://technet.microsoft.com/en-us/library/cc732863(WS.10).aspx

My first question, is why you don't want to use a domain based DFS 
namespace?  There are valid reasons for choosing a stand alone namespace, 
but I suggest that you really understand those before proceeding. 




Chris Bodnar, MCSE
Technical Support III
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003



From:   "Ziots, Edward" 
To: "NT System Admin Issues" 
Date:   03/23/2011 11:20 AM
Subject:Question on DFS roots in Windows 2008



Since I am a total N00b on DFS, 
 
On a Standalone Root on a Windows 2008 R2 Server, does one need AD 
permissions to create said DFS root? If the administrator have full rights 
to his servers ( one to host the root and the other server to replicate 
to), then I would figure none of this information is needed to be stored 
in AD since its not a Domain Root. 
 
( Yes this department has their own admin, he needs to be responsible for 
it) 
 
Also it seems they want to use EFS so do security on the file system of 
the servers, along with this DFS, has anyone setup this and how much of a 
pain is the EFS/DFS combo ( Again never used DFS, and we utilize a third 
party application for disk encryption at the desktop)
 
Any advice from the DFS guru’s out there would be helpful ‘
 
Z
 
Edward E. Ziots
CISSP, Network +, Security +
Network Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505
 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Question about VMWARE- virtualisation

[Andrew S. Baker]

You're going to have trouble virtualizing any system where there is
uncorrected (or uncorrectable) disk errors.

Try using Disk2VHD from SysInternals, and then see if it will run under
VirtualBox.  At least then you'll have a basis for converting it to
something else.


*ASB *(My XeeSM Profile) 
*Exploiting Technology for Business Advantage...*
* *



On Thu, Nov 4, 2010 at 9:33 AM, Nigel Parker
wrote:

> We are in the process of Trailing one of our NT 4 Servers and converting
> it to a Virtual machine
> I tried the Vm ware converter but the machine fails to convert - various
> errors
>
> The end file is a single processor machine (the original machine has 2
> processors) and the 2 network cards although detected on the image
> theonly 1 can bhave properties set the other  errors and ipconfig shows
> only 1 card!
>
> Question
> Is there some software that you could recommend to virtualizes this nt4
> system
> I its an old I'm server (Cant be upgraded as the software runs on nt4
> only!) as we don't have the funds
>
> The server has an ibm raid card setup as raid 5
> Its an old p3 system with 1gb memory
>
> Any help or links or help on converting this would be appreciated, as
> the hardware supports is now very high
>
> The system has some disc corruption but check disk doesn't finish even
> when left to run for 1 week!
> So its in a bad state
>
> What would you recommend to virtualise the system?
> Thanks
>
> Nigel Parker
>
> Systems Engineer
> Ultraframe (UK) Ltd
> Tel:   01200 452329
> Fax:   01200 452201
> Web:   
> Email: 
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Question about VMWARE- virtualisation

[Tobie Fysh]

We used Platespin about 3 years ago which worked at the time.

Tobie

From: Nigel Parker [mailto:nigel.par...@ultraframe.co.uk]
Sent: 04 November 2010 15:32
To: NT System Admin Issues
Subject: RE: Question about VMWARE- virtualisation

Hi
Its a sql server back end Document Image server
we have no idea how the system is setup or how it finds the files (saved as 
tiff files numbered sequentially)

If the system DIED it wouldn't be the end of the world but would be very 
inconvenient and could delay customer payment queries

Regards
Nigel



From: Jonathan Link [mailto:jonathan.l...@gmail.com]
Sent: 04 November 2010 15:14
To: NT System Admin Issues
Subject: Re: Question about VMWARE- virtualisation
What is on this disk that is so important?
On Thu, Nov 4, 2010 at 11:12 AM, Nigel Parker 
<mailto:nigel.par...@ultraframe.co.uk>> wrote:
Hi
Tried this but there are still errors and the machine still trys to run 
checkdisk on boot
The conversion almost works but when the machine is booted although it reports 
2 processors on the vm console the nt installation only says it has 1
UPTO multi dosent work .. when the machine is rebooted it complains about 
various files being corrupt and crashes

Just wondered if there was anything else (imaging software) to try and capture 
the machine as is
then maybe try a repair on the virtualised system,
Maybe it is a duff disk but the server manager reports the disks as ok

Regards
Nigel


From: James Rankin [mailto:kz2...@googlemail.com<mailto:kz2...@googlemail.com>]
Sent: 04 November 2010 14:06

To: NT System Admin Issues
Subject: Re: Question about VMWARE- virtualisation

If the installation is "corrupt", P2V'ing it is going to replicate that 
corruption in your new virtual server

How do you come to the conclusion the installation is "corrupt"? Can you repair 
the OS install?
On 4 November 2010 14:02, Nigel Parker 
<mailto:nigel.par...@ultraframe.co.uk>> wrote:
Hi
the erros are different each time the P2V
Yep its server raid , although this reports the disks are ok without errors the 
installation of NT is Corrupt. This is another reason we need to move the 
system its been like this for some "years" :-(

THanks
Nigel



From: James Rankin [mailto:kz2...@googlemail.com<mailto:kz2...@googlemail.com>]
Sent: 04 November 2010 13:37
To: NT System Admin Issues
Subject: Re: Question about VMWARE- virtualisation
What are the errors from the VMWare P2V tool?

Can you view the disks through IBM's native tools (is it ServeRAID Manager?) to 
try and ascertain if any are failed or degraded?
On 4 November 2010 13:33, Nigel Parker 
<mailto:nigel.par...@ultraframe.co.uk>> wrote:
We are in the process of Trailing one of our NT 4 Servers and converting
it to a Virtual machine
I tried the Vm ware converter but the machine fails to convert - various
errors

The end file is a single processor machine (the original machine has 2
processors) and the 2 network cards although detected on the image
theonly 1 can bhave properties set the other  errors and ipconfig shows
only 1 card!

Question
Is there some software that you could recommend to virtualizes this nt4
system
I its an old I'm server (Cant be upgraded as the software runs on nt4
only!) as we don't have the funds

The server has an ibm raid card setup as raid 5
Its an old p3 system with 1gb memory

Any help or links or help on converting this would be appreciated, as
the hardware supports is now very high

The system has some disc corruption but check disk doesn't finish even
when left to run for 1 week!
So its in a bad state

What would you recommend to virtualise the system?
Thanks

Nigel Parker

Systems Engineer
Ultraframe (UK) Ltd
Tel:   01200 452329
Fax:   01200 452201
Web:   <http://www.ultraframe.com/>>
Email: 
<mailto:nigel.par...@ultraframe.co.uk><mailto:nigel.par...@ultraframe.co.uk>>


Please consider the environment before printing this e-mail

The statements and opinions expressed in this email are my own and may not 
represent those of Ultraframe (UK) Ltd.
This email is subject to copyright and the information contained in it is 
confidential and may be legally privileged. It is sent out only for intended 
recipient(s). Access to this email by anyone else is unauthorised. If you are 
not an intended recipient, any disclosure, copying, distribution or other use 
or any action taken or omitted to be taken in reliance on it, is prohibited and 
unlawful.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsub

Re: Question about VMWARE- virtualisation

[Andrew Laya]

You may need the server version.

http://www.acronis.com/promo/choose_disk_director/?source=us_google&ad=partition+magic&c=2703015827&k=partition%20magic

Perhaps contacting them directly may be in your best interest.



On Thu, Nov 4, 2010 at 11:46 AM, Nigel Parker  wrote:

>  OH looks like bt4 isnt supported with this software
> Can anyone recomend anything else
>
>  System Requirements Supported operating systems
>
>- Windows 2000 Server SP 4+
>- Windows 2003 Server SP 2+ x32 and x64 Editions
>- Windows 2008 Server SP2 x32 and x64 
> Editions*<http://www.acronis.co.uk/backup-recovery/server-windows/requirements.html#lim>
>- Windows 2008 Server Foundation
>
>
>  --
> *From:* Andrew Laya [mailto:andrew.l...@gmail.com]
> *Sent:* 04 November 2010 15:36
> *To:* NT System Admin Issues
> *Subject:* Re: Question about VMWARE- virtualisation
>
> Doesn't the VM Converter tool support reading from an Acronis image file?
> (it has been a long while since I used it)  If that is the case, could you
> not make an image of the server, and then convert from that image?
>
> Andrew.
>
>
> On Thu, Nov 4, 2010 at 11:32 AM, Nigel Parker <
> nigel.par...@ultraframe.co.uk> wrote:
>
>>  Hi
>> Its a sql server back end Document Image server
>> we have no idea how the system is setup or how it finds the files (saved
>> as tiff files numbered sequentially)
>>
>> If the system DIED it wouldn't be the end of the world but would be very
>> inconvenient and could delay customer payment queries
>>
>> Regards
>> Nigel
>>
>>
>>  --
>>  *From:* Jonathan Link [mailto:jonathan.l...@gmail.com]
>> *Sent:* 04 November 2010 15:14
>>
>> *To:* NT System Admin Issues
>> *Subject:* Re: Question about VMWARE- virtualisation
>>
>>  What is on this disk that is so important?
>>
>>  On Thu, Nov 4, 2010 at 11:12 AM, Nigel Parker <
>> nigel.par...@ultraframe.co.uk> wrote:
>>
>>>  Hi
>>>  Tried this but there are still errors and the machine still trys to run
>>> checkdisk on boot
>>> The conversion almost works but when the machine is booted although it
>>> reports 2 processors on the vm console the nt installation only says it has
>>> 1
>>> UPTO multi dosent work .. when the machine is rebooted it complains about
>>> various files being corrupt and crashes
>>>
>>> Just wondered if there was anything else (imaging software) to try and
>>> capture the machine as is
>>> then maybe try a repair on the virtualised system,
>>> Maybe it is a duff disk but the server manager reports the disks as ok
>>>
>>> Regards
>>> Nigel
>>>
>>>  --
>>>  *From:* James Rankin [mailto:kz2...@googlemail.com]
>>> *Sent:* 04 November 2010 14:06
>>>
>>> *To:* NT System Admin Issues
>>> *Subject:* Re: Question about VMWARE- virtualisation
>>>
>>>If the installation is "corrupt", P2V'ing it is going to replicate
>>> that corruption in your new virtual server
>>>
>>> How do you come to the conclusion the installation is "corrupt"? Can you
>>> repair the OS install?
>>>
>>> On 4 November 2010 14:02, Nigel Parker wrote:
>>>
>>>>  Hi
>>>> the erros are different each time the P2V
>>>> Yep its server raid , although this reports the disks are ok without
>>>> errors the installation of NT is Corrupt. This is another reason we need to
>>>> move the system its been like this for some "years" :-(
>>>>
>>>> THanks
>>>> Nigel
>>>>
>>>>
>>>>  --
>>>> *From:* James Rankin [mailto:kz2...@googlemail.com]
>>>> *Sent:* 04 November 2010 13:37
>>>> *To:* NT System Admin Issues
>>>> *Subject:* Re: Question about VMWARE- virtualisation
>>>>
>>>>   What are the errors from the VMWare P2V tool?
>>>>
>>>> Can you view the disks through IBM's native tools (is it ServeRAID
>>>> Manager?) to try and ascertain if any are failed or degraded?
>>>>
>>>> On 4 November 2010 13:33, Nigel Parker 
>>>> wrote:
>>>>
>>>>> We are in the process of Trailing one of our NT 4 Servers and
>>>>> converting
>>>>> it to a Virtual machine
>>>>> I tried the Vm ware convert

RE: Question about VMWARE- virtualisation

[Nigel Parker]

OH looks like bt4 isnt supported with this software 
Can anyone recomend anything else 
 

System Requirements


Supported operating systems


*   Windows 2000 Server SP 4+ 
*   Windows 2003 Server SP 2+ x32 and x64 Editions 
*   Windows 2008 Server SP2 x32 and x64 Editions*
<http://www.acronis.co.uk/backup-recovery/server-windows/requirements.ht
ml#lim>  
*   Windows 2008 Server Foundation 




From: Andrew Laya [mailto:andrew.l...@gmail.com] 
Sent: 04 November 2010 15:36
To: NT System Admin Issues
Subject: Re: Question about VMWARE- virtualisation


Doesn't the VM Converter tool support reading from an Acronis image
file? (it has been a long while since I used it)  If that is the case,
could you not make an image of the server, and then convert from that
image?

Andrew.



On Thu, Nov 4, 2010 at 11:32 AM, Nigel Parker
 wrote:


Hi 
Its a sql server back end Document Image server
we have no idea how the system is setup or how it finds the
files (saved as tiff files numbered sequentially)
 
If the system DIED it wouldn't be the end of the world but would
be very inconvenient and could delay customer payment queries 
 
Regards
Nigel 
 




From: Jonathan Link [mailto:jonathan.l...@gmail.com] 

Sent: 04 November 2010 15:14 

To: NT System Admin Issues
        Subject: Re: Question about VMWARE- virtualisation


What is on this disk that is so important?


On Thu, Nov 4, 2010 at 11:12 AM, Nigel Parker
 wrote:


Hi 
Tried this but there are still errors and the machine
still trys to run checkdisk on boot 
The conversion almost works but when the machine is
booted although it reports 2 processors on the vm console the nt
installation only says it has 1 
UPTO multi dosent work .. when the machine is rebooted
it complains about various files being corrupt and crashes 
 
Just wondered if there was anything else (imaging
software) to try and capture the machine as is 
then maybe try a repair on the virtualised system, 
Maybe it is a duff disk but the server manager reports
the disks as ok 
 
Regards
Nigel 




From: James Rankin [mailto:kz2...@googlemail.com] 

Sent: 04 November 2010 14:06 

To: NT System Admin Issues
        Subject: Re: Question about VMWARE- virtualisation


If the installation is "corrupt", P2V'ing it is going to
replicate that corruption in your new virtual server

How do you come to the conclusion the installation is
"corrupt"? Can you repair the OS install?


On 4 November 2010 14:02, Nigel Parker
 wrote:


Hi 
the erros are different each time the P2V
Yep its server raid , although this reports the
disks are ok without errors the installation of NT is Corrupt. This is
another reason we need to move the system its been like this for some
"years" :-(
 
THanks 
Nigel 
 



From: James Rankin
[mailto:kz2...@googlemail.com] 
Sent: 04 November 2010 13:37
To: NT System Admin Issues
Subject: Re: Question about VMWARE-
virtualisation


What are the errors from the VMWare P2V tool?

Can you view the disks through IBM's native
tools (is it ServeRAID Manager?) to try and ascertain if any are failed
or degraded?


On 4 November 2010 13:33, Nigel Parker
 wrote:


We are in the process of Trailing one of
our NT 4 Servers and converting
it to a Virtual machine
I tried the Vm ware converter but the
machine fails to convert - various
errors

The end file is a single processor
machine (the original machine has 2
processors) and the 2 network cards
although detected on the image
theonly 1 can bhave properties set the
other  errors and ip

RE: Question about VMWARE- virtualisation

[Nigel Parker]

Hi 
Ah this was my thinking 
Acronis ok googling 
 
Regards
Nigel 
 
 


From: Andrew Laya [mailto:andrew.l...@gmail.com] 
Sent: 04 November 2010 15:36
To: NT System Admin Issues
Subject: Re: Question about VMWARE- virtualisation


Doesn't the VM Converter tool support reading from an Acronis image
file? (it has been a long while since I used it)  If that is the case,
could you not make an image of the server, and then convert from that
image?

Andrew.



On Thu, Nov 4, 2010 at 11:32 AM, Nigel Parker
 wrote:


Hi 
Its a sql server back end Document Image server
we have no idea how the system is setup or how it finds the
files (saved as tiff files numbered sequentially)
 
If the system DIED it wouldn't be the end of the world but would
be very inconvenient and could delay customer payment queries 
 
Regards
Nigel 
 




From: Jonathan Link [mailto:jonathan.l...@gmail.com] 

Sent: 04 November 2010 15:14 

To: NT System Admin Issues
    Subject: Re: Question about VMWARE- virtualisation


What is on this disk that is so important?


On Thu, Nov 4, 2010 at 11:12 AM, Nigel Parker
 wrote:


Hi 
Tried this but there are still errors and the machine
still trys to run checkdisk on boot 
The conversion almost works but when the machine is
booted although it reports 2 processors on the vm console the nt
installation only says it has 1 
UPTO multi dosent work .. when the machine is rebooted
it complains about various files being corrupt and crashes 
 
Just wondered if there was anything else (imaging
software) to try and capture the machine as is 
then maybe try a repair on the virtualised system, 
Maybe it is a duff disk but the server manager reports
the disks as ok 
 
Regards
Nigel 




From: James Rankin [mailto:kz2...@googlemail.com] 

Sent: 04 November 2010 14:06 

To: NT System Admin Issues
    Subject: Re: Question about VMWARE- virtualisation


If the installation is "corrupt", P2V'ing it is going to
replicate that corruption in your new virtual server

How do you come to the conclusion the installation is
"corrupt"? Can you repair the OS install?


On 4 November 2010 14:02, Nigel Parker
 wrote:


Hi 
the erros are different each time the P2V
Yep its server raid , although this reports the
disks are ok without errors the installation of NT is Corrupt. This is
another reason we need to move the system its been like this for some
"years" :-(
 
THanks 
Nigel 
 



From: James Rankin
[mailto:kz2...@googlemail.com] 
Sent: 04 November 2010 13:37
To: NT System Admin Issues
Subject: Re: Question about VMWARE-
virtualisation


What are the errors from the VMWare P2V tool?

Can you view the disks through IBM's native
tools (is it ServeRAID Manager?) to try and ascertain if any are failed
or degraded?


On 4 November 2010 13:33, Nigel Parker
 wrote:


We are in the process of Trailing one of
our NT 4 Servers and converting
it to a Virtual machine
I tried the Vm ware converter but the
machine fails to convert - various
errors

The end file is a single processor
machine (the original machine has 2
processors) and the 2 network cards
although detected on the image
theonly 1 can bhave properties set the
other  errors and ipconfig shows
only 1 card!

Question
Is there some software that you could
recommend to virtualizes this nt4
system
I its an old I'

RE: Question about VMWARE- virtualisation

[Nigel Parker]

WELL 
we back it up but have never performed a full DR test Mainly due to the
time it was taking to restore 
 
we back the system everynight and I can do test restores of files but
recovering the whole system ?
Nont know 
 
Regards
Nigel 



From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: 04 November 2010 15:24
To: NT System Admin Issues
Subject: Re: Question about VMWARE- virtualisation


Do you have a backup of this system?


On 4 November 2010 15:15, Nigel Parker 
wrote:


Cant upgrade as the system works on NT4 only 
the developer and company are BUST so we have no support
 
REgards
Nigel 



From: Jonathan Link [mailto:jonathan.l...@gmail.com] 
Sent: 04 November 2010 14:17 

To: NT System Admin Issues
Subject: Re: Question about VMWARE- virtualisation


And if you're going to go through all that trouble, might as
well upgrade the OS, unless there's an application need to stay at NT4.


On Thu, Nov 4, 2010 at 10:14 AM, Cameron
 wrote:


Rather than P2Ving the machine (esp if you know it has
issues), why not just do a fresh install? Chances are you will save
yourself a lot of time and grief.


 
On Thu, Nov 4, 2010 at 10:06 AM, James Rankin
 wrote:


If the installation is "corrupt", P2V'ing it is
going to replicate that corruption in your new virtual server

How do you come to the conclusion the
installation is "corrupt"? Can you repair the OS install? 


On 4 November 2010 14:02, Nigel Parker
 wrote:


Hi 
the erros are different each time the
P2V
Yep its server raid , although this
reports the disks are ok without errors the installation of NT is
Corrupt. This is another reason we need to move the system its been like
this for some "years" :-(
 
THanks 
Nigel 
 



From: James Rankin
[mailto:kz2...@googlemail.com] 
Sent: 04 November 2010 13:37
To: NT System Admin Issues
Subject: Re: Question about VMWARE-
virtualisation


What are the errors from the VMWare P2V
tool?

Can you view the disks through IBM's
native tools (is it ServeRAID Manager?) to try and ascertain if any are
failed or degraded?


On 4 November 2010 13:33, Nigel Parker
 wrote:


We are in the process of Trailing one of
our NT 4 Servers and converting
it to a Virtual machine
I tried the Vm ware converter but the
machine fails to convert - various
errors

The end file is a single processor
machine (the original machine has 2
processors) and the 2 network cards
although detected on the image
theonly 1 can bhave properties set the
other  errors and ipconfig shows
only 1 card!

Question
Is there some software that you could
recommend to virtualizes this nt4
system
I its an old I'm server (Cant be
upgraded as the software runs on nt4
only!) as we don't have the funds

The server has an ibm raid card setup as
raid 5
Its an old p3 system with 1gb memory

Any help or links or help on converting
this would be appreciated, as
the hardware supports is now very high

The system has some disc corruption but
check disk doesn't finish even
when left to run for 1 week!
So its in a bad state

RE: Question about VMWARE- virtualisation

[Nigel Parker]

Hi 
Sadly NO we don't have anything that nt4 will install on 
Also the software is "keyed" to the hardware so we tried an old Compaq
p3 server but never got the same unique hardware ID 
 
ALTHOUGH!
If we look at what VMware has done 
The Unique hardware ID is the same except for 1 digit and we know this
is down to the number of processors unfortunately as I said up to muli
seems to kill the system 
 
 
This is what I decided 2 options currently 
Install a clean nt 4 on vmware and try our backup system see if it will
restore the files enough to boot the system 
 
OR 
USe what VM has created as a base and see what happens if I update to
Windows 2000 server 
 
Is there anything else worth trying to capture an image I can test on
Vmware 
 
Thanks 
Nigel 
 



From: Jonathan Link [mailto:jonathan.l...@gmail.com] 
Sent: 04 November 2010 15:20
To: NT System Admin Issues
Subject: Re: Question about VMWARE- virtualisation


Ouch!
I'm sorry I can't be more helpful.  While the P2V issues might be
technical, your underlying issue is not.
 
That being said, can you access identical hardware, install NT4 fresh
and see if the behavior of the converter is the same?


On Thu, Nov 4, 2010 at 11:15 AM, Nigel Parker
 wrote:


Cant upgrade as the system works on NT4 only 
the developer and company are BUST so we have no support
 
REgards
Nigel 



From: Jonathan Link [mailto:jonathan.l...@gmail.com] 
Sent: 04 November 2010 14:17 

To: NT System Admin Issues
Subject: Re: Question about VMWARE- virtualisation


And if you're going to go through all that trouble, might as
well upgrade the OS, unless there's an application need to stay at NT4.


On Thu, Nov 4, 2010 at 10:14 AM, Cameron
 wrote:


Rather than P2Ving the machine (esp if you know it has
issues), why not just do a fresh install? Chances are you will save
yourself a lot of time and grief.


 
On Thu, Nov 4, 2010 at 10:06 AM, James Rankin
 wrote:


If the installation is "corrupt", P2V'ing it is
going to replicate that corruption in your new virtual server

How do you come to the conclusion the
installation is "corrupt"? Can you repair the OS install? 


On 4 November 2010 14:02, Nigel Parker
 wrote:


Hi 
the erros are different each time the
P2V
Yep its server raid , although this
reports the disks are ok without errors the installation of NT is
Corrupt. This is another reason we need to move the system its been like
this for some "years" :-(
 
THanks 
Nigel 
 



From: James Rankin
[mailto:kz2...@googlemail.com] 
Sent: 04 November 2010 13:37
    To: NT System Admin Issues
Subject: Re: Question about VMWARE-
virtualisation


What are the errors from the VMWare P2V
tool?

Can you view the disks through IBM's
native tools (is it ServeRAID Manager?) to try and ascertain if any are
failed or degraded?


On 4 November 2010 13:33, Nigel Parker
 wrote:


We are in the process of Trailing one of
our NT 4 Servers and converting
it to a Virtual machine
I tried the Vm ware converter but the
machine fails to convert - various
errors

The end file is a single processor
machine (the original machine has 2
processors) and the 2 network cards
although detected on the image
theonly 1 can bhave properties set the
other  errors and ipconfig shows
only 1 card!

Question
Is there some software that you could
recommend to virtualizes this nt4
system
I its an old I'm server (Cant be
upgraded as the softwa

Re: Question about VMWARE- virtualisation

[Andrew Laya]

Doesn't the VM Converter tool support reading from an Acronis image file?
(it has been a long while since I used it)  If that is the case, could you
not make an image of the server, and then convert from that image?

Andrew.


On Thu, Nov 4, 2010 at 11:32 AM, Nigel Parker  wrote:

>  Hi
> Its a sql server back end Document Image server
> we have no idea how the system is setup or how it finds the files (saved as
> tiff files numbered sequentially)
>
> If the system DIED it wouldn't be the end of the world but would be very
> inconvenient and could delay customer payment queries
>
> Regards
> Nigel
>
>
>  --
> *From:* Jonathan Link [mailto:jonathan.l...@gmail.com]
> *Sent:* 04 November 2010 15:14
>
> *To:* NT System Admin Issues
> *Subject:* Re: Question about VMWARE- virtualisation
>
> What is on this disk that is so important?
>
> On Thu, Nov 4, 2010 at 11:12 AM, Nigel Parker <
> nigel.par...@ultraframe.co.uk> wrote:
>
>>  Hi
>> Tried this but there are still errors and the machine still trys to run
>> checkdisk on boot
>> The conversion almost works but when the machine is booted although it
>> reports 2 processors on the vm console the nt installation only says it has
>> 1
>> UPTO multi dosent work .. when the machine is rebooted it complains about
>> various files being corrupt and crashes
>>
>> Just wondered if there was anything else (imaging software) to try and
>> capture the machine as is
>> then maybe try a repair on the virtualised system,
>> Maybe it is a duff disk but the server manager reports the disks as ok
>>
>> Regards
>> Nigel
>>
>>  --
>>  *From:* James Rankin [mailto:kz2...@googlemail.com]
>> *Sent:* 04 November 2010 14:06
>>
>> *To:* NT System Admin Issues
>> *Subject:* Re: Question about VMWARE- virtualisation
>>
>>   If the installation is "corrupt", P2V'ing it is going to replicate that
>> corruption in your new virtual server
>>
>> How do you come to the conclusion the installation is "corrupt"? Can you
>> repair the OS install?
>>
>> On 4 November 2010 14:02, Nigel Parker wrote:
>>
>>>  Hi
>>> the erros are different each time the P2V
>>> Yep its server raid , although this reports the disks are ok without
>>> errors the installation of NT is Corrupt. This is another reason we need to
>>> move the system its been like this for some "years" :-(
>>>
>>> THanks
>>> Nigel
>>>
>>>
>>>  --
>>> *From:* James Rankin [mailto:kz2...@googlemail.com]
>>> *Sent:* 04 November 2010 13:37
>>> *To:* NT System Admin Issues
>>> *Subject:* Re: Question about VMWARE- virtualisation
>>>
>>>   What are the errors from the VMWare P2V tool?
>>>
>>> Can you view the disks through IBM's native tools (is it ServeRAID
>>> Manager?) to try and ascertain if any are failed or degraded?
>>>
>>> On 4 November 2010 13:33, Nigel Parker wrote:
>>>
>>>> We are in the process of Trailing one of our NT 4 Servers and converting
>>>> it to a Virtual machine
>>>> I tried the Vm ware converter but the machine fails to convert - various
>>>> errors
>>>>
>>>> The end file is a single processor machine (the original machine has 2
>>>> processors) and the 2 network cards although detected on the image
>>>> theonly 1 can bhave properties set the other  errors and ipconfig shows
>>>> only 1 card!
>>>>
>>>> Question
>>>> Is there some software that you could recommend to virtualizes this nt4
>>>> system
>>>> I its an old I'm server (Cant be upgraded as the software runs on nt4
>>>> only!) as we don't have the funds
>>>>
>>>> The server has an ibm raid card setup as raid 5
>>>> Its an old p3 system with 1gb memory
>>>>
>>>> Any help or links or help on converting this would be appreciated, as
>>>> the hardware supports is now very high
>>>>
>>>> The system has some disc corruption but check disk doesn't finish even
>>>> when left to run for 1 week!
>>>> So its in a bad state
>>>>
>>>> What would you recommend to virtualise the system?
>>>> Thanks
>>>>
>>>> Nigel Parker
>>>>
>>>> Systems Engineer
>>>> Ultraframe (UK) Ltd
&g

RE: Question about VMWARE- virtualisation

[Nigel Parker]

Hi 
Its a sql server back end Document Image server
we have no idea how the system is setup or how it finds the files (saved
as tiff files numbered sequentially)
 
If the system DIED it wouldn't be the end of the world but would be very
inconvenient and could delay customer payment queries 
 
Regards
Nigel 
 



From: Jonathan Link [mailto:jonathan.l...@gmail.com] 
Sent: 04 November 2010 15:14
To: NT System Admin Issues
Subject: Re: Question about VMWARE- virtualisation


What is on this disk that is so important?


On Thu, Nov 4, 2010 at 11:12 AM, Nigel Parker
 wrote:


Hi 
Tried this but there are still errors and the machine still trys
to run checkdisk on boot 
The conversion almost works but when the machine is booted
although it reports 2 processors on the vm console the nt installation
only says it has 1 
UPTO multi dosent work .. when the machine is rebooted it
complains about various files being corrupt and crashes 
 
Just wondered if there was anything else (imaging software) to
try and capture the machine as is 
then maybe try a repair on the virtualised system, 
Maybe it is a duff disk but the server manager reports the disks
as ok 
 
Regards
Nigel 




From: James Rankin [mailto:kz2...@googlemail.com] 

Sent: 04 November 2010 14:06 

To: NT System Admin Issues
Subject: Re: Question about VMWARE- virtualisation


If the installation is "corrupt", P2V'ing it is going to
replicate that corruption in your new virtual server

How do you come to the conclusion the installation is "corrupt"?
Can you repair the OS install?


On 4 November 2010 14:02, Nigel Parker
 wrote:


Hi 
the erros are different each time the P2V
Yep its server raid , although this reports the disks
are ok without errors the installation of NT is Corrupt. This is another
reason we need to move the system its been like this for some "years"
:-(
 
THanks 
Nigel 
 



From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: 04 November 2010 13:37
To: NT System Admin Issues
Subject: Re: Question about VMWARE- virtualisation


What are the errors from the VMWare P2V tool?

Can you view the disks through IBM's native tools (is it
ServeRAID Manager?) to try and ascertain if any are failed or degraded?


On 4 November 2010 13:33, Nigel Parker
 wrote:


We are in the process of Trailing one of our NT
4 Servers and converting
it to a Virtual machine
I tried the Vm ware converter but the machine
fails to convert - various
errors

The end file is a single processor machine (the
original machine has 2
processors) and the 2 network cards although
detected on the image
theonly 1 can bhave properties set the other
errors and ipconfig shows
only 1 card!

Question
Is there some software that you could recommend
to virtualizes this nt4
system
I its an old I'm server (Cant be upgraded as the
software runs on nt4
only!) as we don't have the funds

The server has an ibm raid card setup as raid 5
Its an old p3 system with 1gb memory

Any help or links or help on converting this
would be appreciated, as
the hardware supports is now very high

The system has some disc corruption but check
disk doesn't finish even
when left to run for 1 week!
So its in a bad state

What would you recommend to virtualise the
system?
Thanks

Nigel Parker

Systems Engineer
Ultraframe (UK) Ltd
Tel:   01200 452329
Fax:   01200 452201
Web:   http://www.ultraframe.com/> >
Email: <mailto:nigel.par...@ultraframe.co.uk>

RE: Question about VMWARE- virtualisation

[Eldridge, Dave]

If it's that important maybe a $$ call to Vmware support?

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, November 04, 2010 9:24 AM
To: NT System Admin Issues
Subject: Re: Question about VMWARE- virtualisation

 

Do you have a backup of this system?

On 4 November 2010 15:15, Nigel Parker 
wrote:

Cant upgrade as the system works on NT4 only 

the developer and company are BUST so we have no support

 

REgards

Nigel 

 



From: Jonathan Link [mailto:jonathan.l...@gmail.com] 
Sent: 04 November 2010 14:17


To: NT System Admin Issues
Subject: Re: Question about VMWARE- virtualisation

 

And if you're going to go through all that trouble, might as well
upgrade the OS, unless there's an application need to stay at NT4.

On Thu, Nov 4, 2010 at 10:14 AM, Cameron 
wrote:

Rather than P2Ving the machine (esp if you know it has issues),
why not just do a fresh install? Chances are you will save yourself a
lot of time and grief.



 

On Thu, Nov 4, 2010 at 10:06 AM, James Rankin
 wrote:

If the installation is "corrupt", P2V'ing it is going to
replicate that corruption in your new virtual server

How do you come to the conclusion the installation is "corrupt"?
Can you repair the OS install? 

 

On 4 November 2010 14:02, Nigel Parker
 wrote:

Hi 

the erros are different each time the P2V

Yep its server raid , although this reports the disks are ok
without errors the installation of NT is Corrupt. This is another reason
we need to move the system its been like this for some "years" :-(

 

THanks 

Nigel 

 

 



From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: 04 November 2010 13:37
        To: NT System Admin Issues
Subject: Re: Question about VMWARE- virtualisation

What are the errors from the VMWare P2V tool?

Can you view the disks through IBM's native tools (is it
ServeRAID Manager?) to try and ascertain if any are failed or degraded?

On 4 November 2010 13:33, Nigel Parker
 wrote:

We are in the process of Trailing one of our NT 4 Servers and
converting
it to a Virtual machine
I tried the Vm ware converter but the machine fails to convert -
various
errors

The end file is a single processor machine (the original machine
has 2
processors) and the 2 network cards although detected on the
image
theonly 1 can bhave properties set the other  errors and
ipconfig shows
only 1 card!

Question
Is there some software that you could recommend to virtualizes
this nt4
system
I its an old I'm server (Cant be upgraded as the software runs
on nt4
only!) as we don't have the funds

The server has an ibm raid card setup as raid 5
Its an old p3 system with 1gb memory

Any help or links or help on converting this would be
appreciated, as
the hardware supports is now very high

The system has some disc corruption but check disk doesn't
finish even
when left to run for 1 week!
So its in a bad state

What would you recommend to virtualise the system?
Thanks

Nigel Parker

Systems Engineer
Ultraframe (UK) Ltd
Tel:   01200 452329
Fax:   01200 452201
Web:   http://www.ultraframe.com/> >
Email: <mailto:nigel.par...@ultraframe.co.uk>


Please consider the environment before printing this e-mail

The statements and opinions expressed in this email are my own
and may not represent those of Ultraframe (UK) Ltd.
This email is subject to copyright and the information contained
in it is confidential and may be legally privileged. It is sent out only
for intended recipient(s). Access to this email by anyone else is
unauthorised. If you are not an intended recipient, any disclosure,
copying, distribution or other use or any action taken or omitted to be
taken in reliance on it, is prohibited and unlawful.


~ Finally, powerful endpoint security that ISN'T a resource hog!
~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you
put into the machine wrong figures, will the right answers come out?' I
am not able rightly to apprehe

Re: Question about VMWARE- virtualisation

[James Rankin]

Do you have a backup of this system?

On 4 November 2010 15:15, Nigel Parker wrote:

>  Cant upgrade as the system works on NT4 only
> the developer and company are BUST so we have no support
>
> REgards
> Nigel
>
>  --
> *From:* Jonathan Link [mailto:jonathan.l...@gmail.com]
> *Sent:* 04 November 2010 14:17
>
> *To:* NT System Admin Issues
> *Subject:* Re: Question about VMWARE- virtualisation
>
> And if you're going to go through all that trouble, might as well upgrade
> the OS, unless there's an application need to stay at NT4.
>
> On Thu, Nov 4, 2010 at 10:14 AM, Cameron  wrote:
>
>> Rather than P2Ving the machine (esp if you know it has issues), why not
>> just do a fresh install? Chances are you will save yourself a lot of time
>> and grief.
>>
>>
>>
>> On Thu, Nov 4, 2010 at 10:06 AM, James Rankin wrote:
>>
>>> If the installation is "corrupt", P2V'ing it is going to replicate that
>>> corruption in your new virtual server
>>>
>>> How do you come to the conclusion the installation is "corrupt"? Can you
>>> repair the OS install?
>>>
>>>
>>> On 4 November 2010 14:02, Nigel Parker wrote:
>>>
>>>>  Hi
>>>> the erros are different each time the P2V
>>>> Yep its server raid , although this reports the disks are ok without
>>>> errors the installation of NT is Corrupt. This is another reason we need to
>>>> move the system its been like this for some "years" :-(
>>>>
>>>> THanks
>>>> Nigel
>>>>
>>>>
>>>>  --
>>>> *From:* James Rankin [mailto:kz2...@googlemail.com]
>>>> *Sent:* 04 November 2010 13:37
>>>> *To:* NT System Admin Issues
>>>> *Subject:* Re: Question about VMWARE- virtualisation
>>>>
>>>>   What are the errors from the VMWare P2V tool?
>>>>
>>>> Can you view the disks through IBM's native tools (is it ServeRAID
>>>> Manager?) to try and ascertain if any are failed or degraded?
>>>>
>>>> On 4 November 2010 13:33, Nigel Parker 
>>>> wrote:
>>>>
>>>>> We are in the process of Trailing one of our NT 4 Servers and
>>>>> converting
>>>>> it to a Virtual machine
>>>>> I tried the Vm ware converter but the machine fails to convert -
>>>>> various
>>>>> errors
>>>>>
>>>>> The end file is a single processor machine (the original machine has 2
>>>>> processors) and the 2 network cards although detected on the image
>>>>> theonly 1 can bhave properties set the other  errors and ipconfig shows
>>>>> only 1 card!
>>>>>
>>>>> Question
>>>>> Is there some software that you could recommend to virtualizes this nt4
>>>>> system
>>>>> I its an old I'm server (Cant be upgraded as the software runs on nt4
>>>>> only!) as we don't have the funds
>>>>>
>>>>> The server has an ibm raid card setup as raid 5
>>>>> Its an old p3 system with 1gb memory
>>>>>
>>>>> Any help or links or help on converting this would be appreciated, as
>>>>> the hardware supports is now very high
>>>>>
>>>>> The system has some disc corruption but check disk doesn't finish even
>>>>> when left to run for 1 week!
>>>>> So its in a bad state
>>>>>
>>>>> What would you recommend to virtualise the system?
>>>>> Thanks
>>>>>
>>>>> Nigel Parker
>>>>>
>>>>> Systems Engineer
>>>>> Ultraframe (UK) Ltd
>>>>> Tel:   01200 452329
>>>>> Fax:   01200 452201
>>>>> Web:   
>>>>> Email: <mailto:nigel.par...@ultraframe.co.uk>
>>>>>
>>>>>
>>>>> Please consider the environment before printing this e-mail
>>>>>
>>>>> The statements and opinions expressed in this email are my own and may
>>>>> not represent those of Ultraframe (UK) Ltd.
>>>>> This email is subject to copyright and the information contained in it
>>>>> is confidential and may be legally privileged. It is sent out only for
>>>>> intended recipient(s). Access to this email by anyone

Re: Question about VMWARE- virtualisation

[Jonathan Link]

Ouch!
I'm sorry I can't be more helpful.  While the P2V issues might be technical,
your underlying issue is not.

That being said, can you access identical hardware, install NT4 fresh and
see if the behavior of the converter is the same?

On Thu, Nov 4, 2010 at 11:15 AM, Nigel Parker  wrote:

>  Cant upgrade as the system works on NT4 only
> the developer and company are BUST so we have no support
>
> REgards
> Nigel
>
>  --
> *From:* Jonathan Link [mailto:jonathan.l...@gmail.com]
> *Sent:* 04 November 2010 14:17
>
> *To:* NT System Admin Issues
> *Subject:* Re: Question about VMWARE- virtualisation
>
>  And if you're going to go through all that trouble, might as well upgrade
> the OS, unless there's an application need to stay at NT4.
>
>  On Thu, Nov 4, 2010 at 10:14 AM, Cameron wrote:
>
>> Rather than P2Ving the machine (esp if you know it has issues), why not
>> just do a fresh install? Chances are you will save yourself a lot of time
>> and grief.
>>
>>
>>
>> On Thu, Nov 4, 2010 at 10:06 AM, James Rankin wrote:
>>
>>> If the installation is "corrupt", P2V'ing it is going to replicate that
>>> corruption in your new virtual server
>>>
>>> How do you come to the conclusion the installation is "corrupt"? Can you
>>> repair the OS install?
>>>
>>>
>>> On 4 November 2010 14:02, Nigel Parker wrote:
>>>
>>>>  Hi
>>>> the erros are different each time the P2V
>>>> Yep its server raid , although this reports the disks are ok without
>>>> errors the installation of NT is Corrupt. This is another reason we need to
>>>> move the system its been like this for some "years" :-(
>>>>
>>>> THanks
>>>> Nigel
>>>>
>>>>
>>>>  --
>>>> *From:* James Rankin [mailto:kz2...@googlemail.com]
>>>> *Sent:* 04 November 2010 13:37
>>>> *To:* NT System Admin Issues
>>>> *Subject:* Re: Question about VMWARE- virtualisation
>>>>
>>>>   What are the errors from the VMWare P2V tool?
>>>>
>>>> Can you view the disks through IBM's native tools (is it ServeRAID
>>>> Manager?) to try and ascertain if any are failed or degraded?
>>>>
>>>> On 4 November 2010 13:33, Nigel Parker 
>>>> wrote:
>>>>
>>>>> We are in the process of Trailing one of our NT 4 Servers and
>>>>> converting
>>>>> it to a Virtual machine
>>>>> I tried the Vm ware converter but the machine fails to convert -
>>>>> various
>>>>> errors
>>>>>
>>>>> The end file is a single processor machine (the original machine has 2
>>>>> processors) and the 2 network cards although detected on the image
>>>>> theonly 1 can bhave properties set the other  errors and ipconfig shows
>>>>> only 1 card!
>>>>>
>>>>> Question
>>>>> Is there some software that you could recommend to virtualizes this nt4
>>>>> system
>>>>> I its an old I'm server (Cant be upgraded as the software runs on nt4
>>>>> only!) as we don't have the funds
>>>>>
>>>>> The server has an ibm raid card setup as raid 5
>>>>> Its an old p3 system with 1gb memory
>>>>>
>>>>> Any help or links or help on converting this would be appreciated, as
>>>>> the hardware supports is now very high
>>>>>
>>>>> The system has some disc corruption but check disk doesn't finish even
>>>>> when left to run for 1 week!
>>>>> So its in a bad state
>>>>>
>>>>> What would you recommend to virtualise the system?
>>>>> Thanks
>>>>>
>>>>> Nigel Parker
>>>>>
>>>>> Systems Engineer
>>>>> Ultraframe (UK) Ltd
>>>>> Tel:   01200 452329
>>>>> Fax:   01200 452201
>>>>> Web:   
>>>>> Email: <mailto:nigel.par...@ultraframe.co.uk>
>>>>>
>>>>>
>>>>> Please consider the environment before printing this e-mail
>>>>>
>>>>> The statements and opinions expressed in this email are my own and may
>>>>> not represent those of Ultraframe (UK) Ltd.
>>>>> This email is subject to copyright and t

RE: Question about VMWARE- virtualisation

[Nigel Parker]

Cant upgrade as the system works on NT4 only 
the developer and company are BUST so we have no support
 
REgards
Nigel 



From: Jonathan Link [mailto:jonathan.l...@gmail.com] 
Sent: 04 November 2010 14:17
To: NT System Admin Issues
Subject: Re: Question about VMWARE- virtualisation


And if you're going to go through all that trouble, might as well
upgrade the OS, unless there's an application need to stay at NT4.


On Thu, Nov 4, 2010 at 10:14 AM, Cameron 
wrote:


Rather than P2Ving the machine (esp if you know it has issues),
why not just do a fresh install? Chances are you will save yourself a
lot of time and grief.


 
On Thu, Nov 4, 2010 at 10:06 AM, James Rankin
 wrote:


If the installation is "corrupt", P2V'ing it is going to
replicate that corruption in your new virtual server

How do you come to the conclusion the installation is
"corrupt"? Can you repair the OS install? 


On 4 November 2010 14:02, Nigel Parker
 wrote:


Hi 
the erros are different each time the P2V
Yep its server raid , although this reports the
disks are ok without errors the installation of NT is Corrupt. This is
another reason we need to move the system its been like this for some
"years" :-(
 
THanks 
Nigel 
 



From: James Rankin
[mailto:kz2...@googlemail.com] 
Sent: 04 November 2010 13:37
To: NT System Admin Issues
Subject: Re: Question about VMWARE-
virtualisation


What are the errors from the VMWare P2V tool?

Can you view the disks through IBM's native
tools (is it ServeRAID Manager?) to try and ascertain if any are failed
or degraded?


On 4 November 2010 13:33, Nigel Parker
 wrote:


We are in the process of Trailing one of
our NT 4 Servers and converting
it to a Virtual machine
I tried the Vm ware converter but the
machine fails to convert - various
errors

The end file is a single processor
machine (the original machine has 2
processors) and the 2 network cards
although detected on the image
theonly 1 can bhave properties set the
other  errors and ipconfig shows
only 1 card!

Question
Is there some software that you could
recommend to virtualizes this nt4
system
I its an old I'm server (Cant be
upgraded as the software runs on nt4
only!) as we don't have the funds

The server has an ibm raid card setup as
raid 5
Its an old p3 system with 1gb memory

Any help or links or help on converting
this would be appreciated, as
the hardware supports is now very high

The system has some disc corruption but
check disk doesn't finish even
when left to run for 1 week!
So its in a bad state

What would you recommend to virtualise
the system?
Thanks

Nigel Parker

Systems Engineer
Ultraframe (UK) Ltd
Tel:   01200 452329
Fax:   01200 452201
Web:   http://www.ultraframe.com/> >
Email:
<mailto:nigel.par...@ultraframe.co.uk>


Please consider the environment before
printing this e-mail

The statements and opinions expressed in
this email are my own and may not represent those of Ultraframe

RE: Question about VMWARE- virtualisation

[Nigel Parker]

Hi 
Cant do 
It has software configured by a 3rd pary (they have the disks) and they
have gone BUST 
Its a strange installation its not just running a file and clicking next
the thing had to be setup by the programmer who inserted the reg entries
by hand and customised it on the fly for our company 
 
Yep I know (why did we buy it)
regards
Nigel 



From: Cameron [mailto:cameron.orl...@gmail.com] 
Sent: 04 November 2010 14:15
To: NT System Admin Issues
Subject: Re: Question about VMWARE- virtualisation


Rather than P2Ving the machine (esp if you know it has issues), why not
just do a fresh install? Chances are you will save yourself a lot of
time and grief.


 
On Thu, Nov 4, 2010 at 10:06 AM, James Rankin 
wrote:


If the installation is "corrupt", P2V'ing it is going to
replicate that corruption in your new virtual server

How do you come to the conclusion the installation is "corrupt"?
Can you repair the OS install? 


On 4 November 2010 14:02, Nigel Parker
 wrote:


Hi 
the erros are different each time the P2V
Yep its server raid , although this reports the disks
are ok without errors the installation of NT is Corrupt. This is another
reason we need to move the system its been like this for some "years"
:-(
 
THanks 
Nigel 
 



From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: 04 November 2010 13:37
To: NT System Admin Issues
    Subject: Re: Question about VMWARE- virtualisation


What are the errors from the VMWare P2V tool?

Can you view the disks through IBM's native tools (is it
ServeRAID Manager?) to try and ascertain if any are failed or degraded?


On 4 November 2010 13:33, Nigel Parker
 wrote:


We are in the process of Trailing one of our NT
4 Servers and converting
it to a Virtual machine
I tried the Vm ware converter but the machine
fails to convert - various
errors

The end file is a single processor machine (the
original machine has 2
processors) and the 2 network cards although
detected on the image
theonly 1 can bhave properties set the other
errors and ipconfig shows
only 1 card!

Question
Is there some software that you could recommend
to virtualizes this nt4
system
I its an old I'm server (Cant be upgraded as the
software runs on nt4
only!) as we don't have the funds

The server has an ibm raid card setup as raid 5
Its an old p3 system with 1gb memory

Any help or links or help on converting this
would be appreciated, as
the hardware supports is now very high

The system has some disc corruption but check
disk doesn't finish even
when left to run for 1 week!
So its in a bad state

What would you recommend to virtualise the
system?
Thanks

Nigel Parker

Systems Engineer
Ultraframe (UK) Ltd
Tel:   01200 452329
Fax:   01200 452201
Web:   http://www.ultraframe.com/> >
Email: <mailto:nigel.par...@ultraframe.co.uk>


Please consider the environment before printing
this e-mail

The statements and opinions expressed in this
email are my own and may not represent those of Ultraframe (UK) Ltd.
This email is subject to copyright and the
information contained in it is confidential and may be legally
privileged. It is sent out only for intended recipient(s). Access to
this email by anyone else is unauthorised. If you are not an intended
recipient, any disclosure, copying, distribution or other use or any
action taken or omitted to be taken in reliance on it, is prohibited and
unlawful.


~ Finally, powerful endpoint se

Re: Question about VMWARE- virtualisation

[Jonathan Link]

What is on this disk that is so important?

On Thu, Nov 4, 2010 at 11:12 AM, Nigel Parker  wrote:

>  Hi
> Tried this but there are still errors and the machine still trys to run
> checkdisk on boot
> The conversion almost works but when the machine is booted although it
> reports 2 processors on the vm console the nt installation only says it has
> 1
> UPTO multi dosent work .. when the machine is rebooted it complains about
> various files being corrupt and crashes
>
> Just wondered if there was anything else (imaging software) to try and
> capture the machine as is
> then maybe try a repair on the virtualised system,
> Maybe it is a duff disk but the server manager reports the disks as ok
>
> Regards
> Nigel
>
>  --
>  *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* 04 November 2010 14:06
>
> *To:* NT System Admin Issues
> *Subject:* Re: Question about VMWARE- virtualisation
>
>   If the installation is "corrupt", P2V'ing it is going to replicate that
> corruption in your new virtual server
>
> How do you come to the conclusion the installation is "corrupt"? Can you
> repair the OS install?
>
> On 4 November 2010 14:02, Nigel Parker wrote:
>
>>  Hi
>> the erros are different each time the P2V
>> Yep its server raid , although this reports the disks are ok without
>> errors the installation of NT is Corrupt. This is another reason we need to
>> move the system its been like this for some "years" :-(
>>
>> THanks
>> Nigel
>>
>>
>>  --
>> *From:* James Rankin [mailto:kz2...@googlemail.com]
>> *Sent:* 04 November 2010 13:37
>> *To:* NT System Admin Issues
>> *Subject:* Re: Question about VMWARE- virtualisation
>>
>>   What are the errors from the VMWare P2V tool?
>>
>> Can you view the disks through IBM's native tools (is it ServeRAID
>> Manager?) to try and ascertain if any are failed or degraded?
>>
>> On 4 November 2010 13:33, Nigel Parker wrote:
>>
>>> We are in the process of Trailing one of our NT 4 Servers and converting
>>> it to a Virtual machine
>>> I tried the Vm ware converter but the machine fails to convert - various
>>> errors
>>>
>>> The end file is a single processor machine (the original machine has 2
>>> processors) and the 2 network cards although detected on the image
>>> theonly 1 can bhave properties set the other  errors and ipconfig shows
>>> only 1 card!
>>>
>>> Question
>>> Is there some software that you could recommend to virtualizes this nt4
>>> system
>>> I its an old I'm server (Cant be upgraded as the software runs on nt4
>>> only!) as we don't have the funds
>>>
>>> The server has an ibm raid card setup as raid 5
>>> Its an old p3 system with 1gb memory
>>>
>>> Any help or links or help on converting this would be appreciated, as
>>> the hardware supports is now very high
>>>
>>> The system has some disc corruption but check disk doesn't finish even
>>> when left to run for 1 week!
>>> So its in a bad state
>>>
>>> What would you recommend to virtualise the system?
>>> Thanks
>>>
>>> Nigel Parker
>>>
>>> Systems Engineer
>>> Ultraframe (UK) Ltd
>>> Tel:   01200 452329
>>> Fax:   01200 452201
>>> Web:   
>>> Email: <mailto:nigel.par...@ultraframe.co.uk>
>>>
>>>
>>> Please consider the environment before printing this e-mail
>>>
>>> The statements and opinions expressed in this email are my own and may
>>> not represent those of Ultraframe (UK) Ltd.
>>> This email is subject to copyright and the information contained in it is
>>> confidential and may be legally privileged. It is sent out only for intended
>>> recipient(s). Access to this email by anyone else is unauthorised. If you
>>> are not an intended recipient, any disclosure, copying, distribution or
>>> other use or any action taken or omitted to be taken in reliance on it, is
>>> prohibited and unlawful.
>>>
>>>
>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>>>
>>> ---
>>> To manage subscriptions click here:
>>> http://lyris.sunbelt-software.com/read/my_forums/
>>> or send an email to listmana...@lyris.sunbeltsoftware.com
>>> with the

RE: Question about VMWARE- virtualisation

[Nigel Parker]

Hi 
Tried this but there are still errors and the machine still trys to run
checkdisk on boot 
The conversion almost works but when the machine is booted although it
reports 2 processors on the vm console the nt installation only says it
has 1 
UPTO multi dosent work .. when the machine is rebooted it complains
about various files being corrupt and crashes 
 
Just wondered if there was anything else (imaging software) to try and
capture the machine as is 
then maybe try a repair on the virtualised system, 
Maybe it is a duff disk but the server manager reports the disks as ok 
 
Regards
Nigel 



From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: 04 November 2010 14:06
To: NT System Admin Issues
Subject: Re: Question about VMWARE- virtualisation


If the installation is "corrupt", P2V'ing it is going to replicate that
corruption in your new virtual server

How do you come to the conclusion the installation is "corrupt"? Can you
repair the OS install?


On 4 November 2010 14:02, Nigel Parker 
wrote:


Hi 
the erros are different each time the P2V
Yep its server raid , although this reports the disks are ok
without errors the installation of NT is Corrupt. This is another reason
we need to move the system its been like this for some "years" :-(
 
THanks 
Nigel 
 



From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: 04 November 2010 13:37
To: NT System Admin Issues
Subject: Re: Question about VMWARE- virtualisation


What are the errors from the VMWare P2V tool?

Can you view the disks through IBM's native tools (is it
ServeRAID Manager?) to try and ascertain if any are failed or degraded?


On 4 November 2010 13:33, Nigel Parker
 wrote:


We are in the process of Trailing one of our NT 4
Servers and converting
it to a Virtual machine
I tried the Vm ware converter but the machine fails to
convert - various
errors

The end file is a single processor machine (the original
machine has 2
processors) and the 2 network cards although detected on
the image
theonly 1 can bhave properties set the other  errors and
ipconfig shows
only 1 card!

Question
Is there some software that you could recommend to
virtualizes this nt4
system
I its an old I'm server (Cant be upgraded as the
software runs on nt4
only!) as we don't have the funds

The server has an ibm raid card setup as raid 5
Its an old p3 system with 1gb memory

Any help or links or help on converting this would be
appreciated, as
the hardware supports is now very high

The system has some disc corruption but check disk
doesn't finish even
when left to run for 1 week!
So its in a bad state

What would you recommend to virtualise the system?
Thanks

Nigel Parker

Systems Engineer
Ultraframe (UK) Ltd
Tel:   01200 452329
Fax:   01200 452201
Web:   
Email: <mailto:nigel.par...@ultraframe.co.uk>


Please consider the environment before printing this
e-mail

The statements and opinions expressed in this email are
my own and may not represent those of Ultraframe (UK) Ltd.
This email is subject to copyright and the information
contained in it is confidential and may be legally privileged. It is
sent out only for intended recipient(s). Access to this email by anyone
else is unauthorised. If you are not an intended recipient, any
disclosure, copying, distribution or other use or any action taken or
omitted to be taken in reliance on it, is prohibited and unlawful.


~ Finally, powerful endpoint security that ISN'T a
resource hog! ~
~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin






-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you
put into the machine wrong figures, will the

Re: Question about VMWARE- virtualisation

[Jonathan Link]

And if you're going to go through all that trouble, might as well upgrade
the OS, unless there's an application need to stay at NT4.

On Thu, Nov 4, 2010 at 10:14 AM, Cameron  wrote:

> Rather than P2Ving the machine (esp if you know it has issues), why not
> just do a fresh install? Chances are you will save yourself a lot of time
> and grief.
>
>
>
> On Thu, Nov 4, 2010 at 10:06 AM, James Rankin wrote:
>
>> If the installation is "corrupt", P2V'ing it is going to replicate that
>> corruption in your new virtual server
>>
>> How do you come to the conclusion the installation is "corrupt"? Can you
>> repair the OS install?
>>
>>
>> On 4 November 2010 14:02, Nigel Parker wrote:
>>
>>>  Hi
>>> the erros are different each time the P2V
>>> Yep its server raid , although this reports the disks are ok without
>>> errors the installation of NT is Corrupt. This is another reason we need to
>>> move the system its been like this for some "years" :-(
>>>
>>> THanks
>>> Nigel
>>>
>>>
>>>  --
>>> *From:* James Rankin [mailto:kz2...@googlemail.com]
>>> *Sent:* 04 November 2010 13:37
>>> *To:* NT System Admin Issues
>>> *Subject:* Re: Question about VMWARE- virtualisation
>>>
>>>   What are the errors from the VMWare P2V tool?
>>>
>>> Can you view the disks through IBM's native tools (is it ServeRAID
>>> Manager?) to try and ascertain if any are failed or degraded?
>>>
>>> On 4 November 2010 13:33, Nigel Parker wrote:
>>>
>>>> We are in the process of Trailing one of our NT 4 Servers and converting
>>>> it to a Virtual machine
>>>> I tried the Vm ware converter but the machine fails to convert - various
>>>> errors
>>>>
>>>> The end file is a single processor machine (the original machine has 2
>>>> processors) and the 2 network cards although detected on the image
>>>> theonly 1 can bhave properties set the other  errors and ipconfig shows
>>>> only 1 card!
>>>>
>>>> Question
>>>> Is there some software that you could recommend to virtualizes this nt4
>>>> system
>>>> I its an old I'm server (Cant be upgraded as the software runs on nt4
>>>> only!) as we don't have the funds
>>>>
>>>> The server has an ibm raid card setup as raid 5
>>>> Its an old p3 system with 1gb memory
>>>>
>>>> Any help or links or help on converting this would be appreciated, as
>>>> the hardware supports is now very high
>>>>
>>>> The system has some disc corruption but check disk doesn't finish even
>>>> when left to run for 1 week!
>>>> So its in a bad state
>>>>
>>>> What would you recommend to virtualise the system?
>>>> Thanks
>>>>
>>>> Nigel Parker
>>>>
>>>> Systems Engineer
>>>> Ultraframe (UK) Ltd
>>>> Tel:   01200 452329
>>>> Fax:   01200 452201
>>>> Web:   
>>>> Email: <mailto:nigel.par...@ultraframe.co.uk>
>>>>
>>>>
>>>> Please consider the environment before printing this e-mail
>>>>
>>>> The statements and opinions expressed in this email are my own and may
>>>> not represent those of Ultraframe (UK) Ltd.
>>>> This email is subject to copyright and the information contained in it
>>>> is confidential and may be legally privileged. It is sent out only for
>>>> intended recipient(s). Access to this email by anyone else is unauthorised.
>>>> If you are not an intended recipient, any disclosure, copying, distribution
>>>> or other use or any action taken or omitted to be taken in reliance on it,
>>>> is prohibited and unlawful.
>>>>
>>>>
>>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>>>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>>>>
>>>> ---
>>>> To manage subscriptions click here:
>>>> http://lyris.sunbelt-software.com/read/my_forums/
>>>> or send an email to listmana...@lyris.sunbeltsoftware.com
>>>> with the body: unsubscribe ntsysadmin
>>>>
>>>>
>>>
>>>
>>> --
>>> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you p

RE: Question about VMWARE- virtualisation

[Raper, Jonathan - Eagle]

I know it would be a pain, but can you just spin up a fresh VM of NT4, install 
your app, and then port your data?


Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.commailto:%20jra...@eaglemds.com>
www.eaglemds.comhttp://www.eaglemds.com/>


From: Nigel Parker [mailto:nigel.par...@ultraframe.co.uk]
Sent: Thursday, November 04, 2010 10:03 AM
To: NT System Admin Issues
Subject: RE: Question about VMWARE- virtualisation

Hi
the erros are different each time the P2V
Yep its server raid , although this reports the disks are ok without errors the 
installation of NT is Corrupt. This is another reason we need to move the 
system its been like this for some "years" :-(

THanks
Nigel



From: James Rankin [mailto:kz2...@googlemail.com]
Sent: 04 November 2010 13:37
To: NT System Admin Issues
Subject: Re: Question about VMWARE- virtualisation
What are the errors from the VMWare P2V tool?

Can you view the disks through IBM's native tools (is it ServeRAID Manager?) to 
try and ascertain if any are failed or degraded?
On 4 November 2010 13:33, Nigel Parker 
mailto:nigel.par...@ultraframe.co.uk>> wrote:
We are in the process of Trailing one of our NT 4 Servers and converting
it to a Virtual machine
I tried the Vm ware converter but the machine fails to convert - various
errors

The end file is a single processor machine (the original machine has 2
processors) and the 2 network cards although detected on the image
theonly 1 can bhave properties set the other  errors and ipconfig shows
only 1 card!

Question
Is there some software that you could recommend to virtualizes this nt4
system
I its an old I'm server (Cant be upgraded as the software runs on nt4
only!) as we don't have the funds

The server has an ibm raid card setup as raid 5
Its an old p3 system with 1gb memory

Any help or links or help on converting this would be appreciated, as
the hardware supports is now very high

The system has some disc corruption but check disk doesn't finish even
when left to run for 1 week!
So its in a bad state

What would you recommend to virtualise the system?
Thanks

Nigel Parker

Systems Engineer
Ultraframe (UK) Ltd
Tel:   01200 452329
Fax:   01200 452201
Web:   http://www.ultraframe.com>>
Email: 
<mailto:nigel.par...@ultraframe.co.uk<mailto:nigel.par...@ultraframe.co.uk>>


Please consider the environment before printing this e-mail

The statements and opinions expressed in this email are my own and may not 
represent those of Ultraframe (UK) Ltd.
This email is subject to copyright and the information contained in it is 
confidential and may be legally privileged. It is sent out only for intended 
recipient(s). Access to this email by anyone else is unauthorised. If you are 
not an intended recipient, any disclosure, copying, distribution or other use 
or any action taken or omitted to be taken in reliance on it, is prohibited and 
unlawful.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin



--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin



Please consider the environment before printing this e-mail

The statements and opinions expressed in this email are my own and may not 
represent those of Ultraframe (UK) Ltd.
This email is subject to copyright and the information contained in it is 
confidential and may be legally privileged. It is sent out only for intended 
recipient(s). Access to this email by anyone else is unauthorised. If you are 
not an intended recipient, any disclosure, copying, distribution or other use 
or any action taken or omitted to be taken in reliance on it, is prohibited and 
unlawful.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@

Re: Question about VMWARE- virtualisation

[Cameron]

Rather than P2Ving the machine (esp if you know it has issues), why not just
do a fresh install? Chances are you will save yourself a lot of time and
grief.



On Thu, Nov 4, 2010 at 10:06 AM, James Rankin  wrote:

> If the installation is "corrupt", P2V'ing it is going to replicate that
> corruption in your new virtual server
>
> How do you come to the conclusion the installation is "corrupt"? Can you
> repair the OS install?
>
>
> On 4 November 2010 14:02, Nigel Parker wrote:
>
>>  Hi
>> the erros are different each time the P2V
>> Yep its server raid , although this reports the disks are ok without
>> errors the installation of NT is Corrupt. This is another reason we need to
>> move the system its been like this for some "years" :-(
>>
>> THanks
>> Nigel
>>
>>
>>  --
>> *From:* James Rankin [mailto:kz2...@googlemail.com]
>> *Sent:* 04 November 2010 13:37
>> *To:* NT System Admin Issues
>> *Subject:* Re: Question about VMWARE- virtualisation
>>
>>   What are the errors from the VMWare P2V tool?
>>
>> Can you view the disks through IBM's native tools (is it ServeRAID
>> Manager?) to try and ascertain if any are failed or degraded?
>>
>> On 4 November 2010 13:33, Nigel Parker wrote:
>>
>>> We are in the process of Trailing one of our NT 4 Servers and converting
>>> it to a Virtual machine
>>> I tried the Vm ware converter but the machine fails to convert - various
>>> errors
>>>
>>> The end file is a single processor machine (the original machine has 2
>>> processors) and the 2 network cards although detected on the image
>>> theonly 1 can bhave properties set the other  errors and ipconfig shows
>>> only 1 card!
>>>
>>> Question
>>> Is there some software that you could recommend to virtualizes this nt4
>>> system
>>> I its an old I'm server (Cant be upgraded as the software runs on nt4
>>> only!) as we don't have the funds
>>>
>>> The server has an ibm raid card setup as raid 5
>>> Its an old p3 system with 1gb memory
>>>
>>> Any help or links or help on converting this would be appreciated, as
>>> the hardware supports is now very high
>>>
>>> The system has some disc corruption but check disk doesn't finish even
>>> when left to run for 1 week!
>>> So its in a bad state
>>>
>>> What would you recommend to virtualise the system?
>>> Thanks
>>>
>>> Nigel Parker
>>>
>>> Systems Engineer
>>> Ultraframe (UK) Ltd
>>> Tel:   01200 452329
>>> Fax:   01200 452201
>>> Web:   
>>> Email: <mailto:nigel.par...@ultraframe.co.uk>
>>>
>>>
>>> Please consider the environment before printing this e-mail
>>>
>>> The statements and opinions expressed in this email are my own and may
>>> not represent those of Ultraframe (UK) Ltd.
>>> This email is subject to copyright and the information contained in it is
>>> confidential and may be legally privileged. It is sent out only for intended
>>> recipient(s). Access to this email by anyone else is unauthorised. If you
>>> are not an intended recipient, any disclosure, copying, distribution or
>>> other use or any action taken or omitted to be taken in reliance on it, is
>>> prohibited and unlawful.
>>>
>>>
>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>>>
>>> ---
>>> To manage subscriptions click here:
>>> http://lyris.sunbelt-software.com/read/my_forums/
>>> or send an email to listmana...@lyris.sunbeltsoftware.com
>>> with the body: unsubscribe ntsysadmin
>>>
>>>
>>
>>
>> --
>> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
>> the machine wrong figures, will the right answers come out?' I am not able
>> rightly to apprehend the kind of confusion of ideas that could provoke such
>> a question."
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscrib

Re: Question about VMWARE- virtualisation

[James Rankin]

If the installation is "corrupt", P2V'ing it is going to replicate that
corruption in your new virtual server

How do you come to the conclusion the installation is "corrupt"? Can you
repair the OS install?

On 4 November 2010 14:02, Nigel Parker wrote:

>  Hi
> the erros are different each time the P2V
> Yep its server raid , although this reports the disks are ok without errors
> the installation of NT is Corrupt. This is another reason we need to move
> the system its been like this for some "years" :-(
>
> THanks
> Nigel
>
>
>  --
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* 04 November 2010 13:37
> *To:* NT System Admin Issues
> *Subject:* Re: Question about VMWARE- virtualisation
>
> What are the errors from the VMWare P2V tool?
>
> Can you view the disks through IBM's native tools (is it ServeRAID
> Manager?) to try and ascertain if any are failed or degraded?
>
> On 4 November 2010 13:33, Nigel Parker wrote:
>
>> We are in the process of Trailing one of our NT 4 Servers and converting
>> it to a Virtual machine
>> I tried the Vm ware converter but the machine fails to convert - various
>> errors
>>
>> The end file is a single processor machine (the original machine has 2
>> processors) and the 2 network cards although detected on the image
>> theonly 1 can bhave properties set the other  errors and ipconfig shows
>> only 1 card!
>>
>> Question
>> Is there some software that you could recommend to virtualizes this nt4
>> system
>> I its an old I'm server (Cant be upgraded as the software runs on nt4
>> only!) as we don't have the funds
>>
>> The server has an ibm raid card setup as raid 5
>> Its an old p3 system with 1gb memory
>>
>> Any help or links or help on converting this would be appreciated, as
>> the hardware supports is now very high
>>
>> The system has some disc corruption but check disk doesn't finish even
>> when left to run for 1 week!
>> So its in a bad state
>>
>> What would you recommend to virtualise the system?
>> Thanks
>>
>> Nigel Parker
>>
>> Systems Engineer
>> Ultraframe (UK) Ltd
>> Tel:   01200 452329
>> Fax:   01200 452201
>> Web:   
>> Email: <mailto:nigel.par...@ultraframe.co.uk>
>>
>>
>> Please consider the environment before printing this e-mail
>>
>> The statements and opinions expressed in this email are my own and may not
>> represent those of Ultraframe (UK) Ltd.
>> This email is subject to copyright and the information contained in it is
>> confidential and may be legally privileged. It is sent out only for intended
>> recipient(s). Access to this email by anyone else is unauthorised. If you
>> are not an intended recipient, any disclosure, copying, distribution or
>> other use or any action taken or omitted to be taken in reliance on it, is
>> prohibited and unlawful.
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>>
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
>
> Please consider the environment before printing this e-mail
>
>
> The statements and opinions expressed in this email are my own and may not 
> represent those of Ultraframe (UK) Ltd.
>
> This email is subject to copyright and the information contained in it is 
> confidential and may be legally privileged. It is sent out only for intended 
> recipient(s). Access to this email by anyone else is unauthorised. If you are 
> not an intended recipient, any disclosure, copying, distribution or other use 
> or any action taken or omitted to be taken in reliance on it, is prohibited 
> and unlawful.

RE: Question about VMWARE- virtualisation

[Nigel Parker]

Hi 
the erros are different each time the P2V
Yep its server raid , although this reports the disks are ok without
errors the installation of NT is Corrupt. This is another reason we need
to move the system its been like this for some "years" :-(
 
THanks 
Nigel 
 



From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: 04 November 2010 13:37
To: NT System Admin Issues
Subject: Re: Question about VMWARE- virtualisation


What are the errors from the VMWare P2V tool?

Can you view the disks through IBM's native tools (is it ServeRAID
Manager?) to try and ascertain if any are failed or degraded?


On 4 November 2010 13:33, Nigel Parker 
wrote:


We are in the process of Trailing one of our NT 4 Servers and
converting
it to a Virtual machine
I tried the Vm ware converter but the machine fails to convert -
various
errors

The end file is a single processor machine (the original machine
has 2
processors) and the 2 network cards although detected on the
image
theonly 1 can bhave properties set the other  errors and
ipconfig shows
only 1 card!

Question
Is there some software that you could recommend to virtualizes
this nt4
system
I its an old I'm server (Cant be upgraded as the software runs
on nt4
only!) as we don't have the funds

The server has an ibm raid card setup as raid 5
Its an old p3 system with 1gb memory

Any help or links or help on converting this would be
appreciated, as
the hardware supports is now very high

The system has some disc corruption but check disk doesn't
finish even
when left to run for 1 week!
So its in a bad state

What would you recommend to virtualise the system?
Thanks

Nigel Parker

Systems Engineer
Ultraframe (UK) Ltd
Tel:   01200 452329
Fax:   01200 452201
Web:   
Email: <mailto:nigel.par...@ultraframe.co.uk>


Please consider the environment before printing this e-mail

The statements and opinions expressed in this email are my own
and may not represent those of Ultraframe (UK) Ltd.
This email is subject to copyright and the information contained
in it is confidential and may be legally privileged. It is sent out only
for intended recipient(s). Access to this email by anyone else is
unauthorised. If you are not an intended recipient, any disclosure,
copying, distribution or other use or any action taken or omitted to be
taken in reliance on it, is prohibited and unlawful.


~ Finally, powerful endpoint security that ISN'T a resource hog!
~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin






-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
into the machine wrong figures, will the right answers come out?' I am
not able rightly to apprehend the kind of confusion of ideas that could
provoke such a question."



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


Please consider the environment before printing this e-mail

The statements and opinions expressed in this email are my own and may not 
represent those of Ultraframe (UK) Ltd.
This email is subject to copyright and the information contained in it is 
confidential and may be legally privileged. It is sent out only for intended 
recipient(s). Access to this email by anyone else is unauthorised. If you are 
not an intended recipient, any disclosure, copying, distribution or other use 
or any action taken or omitted to be taken in reliance on it, is prohibited and 
unlawful.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Question about VMWARE- virtualisation

[James Rankin]

What are the errors from the VMWare P2V tool?

Can you view the disks through IBM's native tools (is it ServeRAID Manager?)
to try and ascertain if any are failed or degraded?

On 4 November 2010 13:33, Nigel Parker wrote:

> We are in the process of Trailing one of our NT 4 Servers and converting
> it to a Virtual machine
> I tried the Vm ware converter but the machine fails to convert - various
> errors
>
> The end file is a single processor machine (the original machine has 2
> processors) and the 2 network cards although detected on the image
> theonly 1 can bhave properties set the other  errors and ipconfig shows
> only 1 card!
>
> Question
> Is there some software that you could recommend to virtualizes this nt4
> system
> I its an old I'm server (Cant be upgraded as the software runs on nt4
> only!) as we don't have the funds
>
> The server has an ibm raid card setup as raid 5
> Its an old p3 system with 1gb memory
>
> Any help or links or help on converting this would be appreciated, as
> the hardware supports is now very high
>
> The system has some disc corruption but check disk doesn't finish even
> when left to run for 1 week!
> So its in a bad state
>
> What would you recommend to virtualise the system?
> Thanks
>
> Nigel Parker
>
> Systems Engineer
> Ultraframe (UK) Ltd
> Tel:   01200 452329
> Fax:   01200 452201
> Web:   
> Email: 
>
>
> Please consider the environment before printing this e-mail
>
> The statements and opinions expressed in this email are my own and may not
> represent those of Ultraframe (UK) Ltd.
> This email is subject to copyright and the information contained in it is
> confidential and may be legally privileged. It is sent out only for intended
> recipient(s). Access to this email by anyone else is unauthorised. If you
> are not an intended recipient, any disclosure, copying, distribution or
> other use or any action taken or omitted to be taken in reliance on it, is
> prohibited and unlawful.
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>


-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Question on Granting service account read access to Domain Controller Eventlogs

[Brian Desmond]

But just look at the upsell opportunities. Now they're going to have to sell 
you something to manage that storage.

Thanks,
Brian Desmond
br...@briandesmond.com

c   - 312.731.3132

From: Sean Martin [mailto:seanmarti...@gmail.com]
Sent: Monday, November 01, 2010 6:27 PM
To: NT System Admin Issues
Subject: Re: Question on Granting service account read access to Domain 
Controller Eventlogs

Ugh, our Information Security team is implementing SSIM right now. I'm not 
directly involved, other than having to provide upwards of 10TB for expected 
storage requirements. I just shudder at anything branded Symantec anymore

- Sean
On Mon, Nov 1, 2010 at 3:02 PM, Free, Bob mailto:r...@pge.com>> 
wrote:
LOL. Leave it to Symantec to be different. I heard a rumor I may be getting 
first-hand experience with it so I may want to pick your brain :)

Rgds

--bob

From: Ken Schaefer [mailto:k...@adopenstatic.com<mailto:k...@adopenstatic.com>]
Sent: Sunday, October 31, 2010 12:36 AM

To: NT System Admin Issues
Subject: RE: Question on Granting service account read access to Domain 
Controller Eventlogs

Hi,

We're implementing SSIM (the Symantec product) and it pulls logs. Apparently it 
scales...

Cheers
Ken

From: Free, Bob [mailto:r...@pge.com<mailto:r...@pge.com>]
Sent: Friday, 29 October 2010 11:09 PM
To: NT System Admin Issues
Subject: RE: Question on Granting service account read access to Domain 
Controller Eventlogs

I have learned here over the years not to be overly presumptive hence the 
caveat about not understanding the requirements which were a little vague to 
me, particularly the fact that I didn't see an agent mentioned :)

That's also the opposite of the SIEM solutions and MSSPs I've ever worked with 
as well, IME the endpoints push to the collector/aggregator and as I said, I 
don't envision how an aggregator pulling logs scales worth a darn so I asked 
the question.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Question on Granting service account read access to Domain Controller Eventlogs

[Sean Martin]

Ugh, our Information Security team is implementing SSIM right now. I'm not
directly involved, other than having to provide upwards of 10TB for expected
storage requirements. I just shudder at anything branded Symantec
anymore

- Sean

On Mon, Nov 1, 2010 at 3:02 PM, Free, Bob  wrote:

>  LOL. Leave it to Symantec to be different. I heard a rumor I may be
> getting first-hand experience with it so I may want to pick your brain J
>
>
>
> Rgds
>
>
>
> --bob
>
>
>
> *From:* Ken Schaefer [mailto:k...@adopenstatic.com]
> *Sent:* Sunday, October 31, 2010 12:36 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Question on Granting service account read access to Domain
> Controller Eventlogs
>
>
>
> Hi,
>
>
>
> We’re implementing SSIM (the Symantec product) and it pulls logs.
> Apparently it scales…
>
>
>
> Cheers
>
> Ken
>
>
>
> *From:* Free, Bob [mailto:r...@pge.com]
> *Sent:* Friday, 29 October 2010 11:09 PM
> *To:* NT System Admin Issues
> *Subject:* RE: Question on Granting service account read access to Domain
> Controller Eventlogs
>
>
>
> I have learned here over the years not to be overly presumptive hence the
> caveat about not understanding the requirements which were a little vague to
> me, particularly the fact that I didn’t see an agent mentioned J
>
>
>
> That’s also the opposite of the SIEM solutions and MSSPs I’ve ever worked
> with as well, IME the endpoints push to the collector/aggregator and as I
> said, I don’t envision how an aggregator pulling logs scales worth a darn so
> I asked the question.
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Question on Granting service account read access to Domain Controller Eventlogs

[Free, Bob]

LOL. Leave it to Symantec to be different. I heard a rumor I may be
getting first-hand experience with it so I may want to pick your brain J

 

Rgds

 

--bob

 

From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Sunday, October 31, 2010 12:36 AM
To: NT System Admin Issues
Subject: RE: Question on Granting service account read access to Domain
Controller Eventlogs

 

Hi,

 

We're implementing SSIM (the Symantec product) and it pulls logs.
Apparently it scales...

 

Cheers

Ken

 

From: Free, Bob [mailto:r...@pge.com] 
Sent: Friday, 29 October 2010 11:09 PM
To: NT System Admin Issues
Subject: RE: Question on Granting service account read access to Domain
Controller Eventlogs

 

I have learned here over the years not to be overly presumptive hence
the caveat about not understanding the requirements which were a little
vague to me, particularly the fact that I didn't see an agent mentioned
J

 

That's also the opposite of the SIEM solutions and MSSPs I've ever
worked with as well, IME the endpoints push to the collector/aggregator
and as I said, I don't envision how an aggregator pulling logs scales
worth a darn so I asked the question. 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Question on Granting service account read access to Domain Controller Eventlogs

[Ken Schaefer]

Hi,

We're implementing SSIM (the Symantec product) and it pulls logs. Apparently it 
scales...

Cheers
Ken

From: Free, Bob [mailto:r...@pge.com]
Sent: Friday, 29 October 2010 11:09 PM
To: NT System Admin Issues
Subject: RE: Question on Granting service account read access to Domain 
Controller Eventlogs

I have learned here over the years not to be overly presumptive hence the 
caveat about not understanding the requirements which were a little vague to 
me, particularly the fact that I didn't see an agent mentioned :)

That's also the opposite of the SIEM solutions and MSSPs I've ever worked with 
as well, IME the endpoints push to the collector/aggregator and as I said, I 
don't envision how an aggregator pulling logs scales worth a darn so I asked 
the question.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Question on Granting service account read access to Domain Controller Eventlogs

[Free, Bob]

You may want a peek at using wevtutil as outlined in
http://blogs.technet.com/b/janelewis/archive/2010/04/30/giving-non-admin
istrators-permission-to-read-event-logs-windows-2003-and-windows-2008.as
px

 

I know you got pointed to the old KB about SDDL elsewhere but this also
outlines a different approach for WS2008 and above.

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Friday, October 29, 2010 4:59 AM
To: NT System Admin Issues
Subject: RE: Question on Granting service account read access to Domain
Controller Eventlogs

 

It has a service that runs as an account that contacts the DC's to read
the logs, this service accounts doesn't run on the DC's but on the
Vericept Console itself. 

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Friday, October 29, 2010 12:57 AM
To: NT System Admin Issues
Subject: RE: Question on Granting service account read access to Domain
Controller Eventlogs

 

Presumably this product has an agent or uses WinRM or something to
read/pull in the logs in real time, back to a central location for
correlation. The service account that's being used requires permission
to read the logs.

 

Cheers

Ken

 

From: Free, Bob [mailto:r...@pge.com] 
Sent: Friday, 29 October 2010 3:06 AM
To: NT System Admin Issues
Subject: RE: Question on Granting service account read access to Domain
Controller Eventlogs

 

If your environment is that big how can they look at multiple DCs in
real time and correlate them? 

 

Maybe I don't understand your requirements but it seems like you want to
ship the logs real-time to a SIEM or log management tool managed by the
security team or MSSP, that is a far better way to do it than to grant
access to the logs directly. 

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Thursday, October 28, 2010 6:51 AM
To: NT System Admin Issues
Subject: RE: Question on Granting service account read access to Domain
Controller Eventlogs

 

Its for Vericept, and they need to read the logs in realtime to
correlate what is seen on the network with a user. 

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

From: Cameron [mailto:cameron.orl...@gmail.com] 
Sent: Thursday, October 28, 2010 9:32 AM
To: NT System Admin Issues
Subject: Re: Question on Granting service account read access to Domain
Controller Eventlogs

 

Could you not just setup a job to copy the security.evtx file to
somewhere else and let them access that?



 

On Thu, Oct 28, 2010 at 2:48 AM, James Rankin 
wrote:

Can you control this by NTFS access to the .evt file itself?

On 27 October 2010 16:31, Ziots, Edward  wrote:

Running a Windows 2008 R2 DFL/FFL domain, security team needs a service
account to have read only access to the Security Eventlog accordingly.
Is there a way via the Default Domain Controllers Policy to Grant this,
or maybe a users right in Windows 2008 R2 accordingly?

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org <mailto:email%3aezi...@lifespan.org> 

Cell:401-639-3505

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
into the machine wrong figures, will the right answers come out?' I am
not able rightly to apprehend the kind of confusion of ideas that could
provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ &l

RE: Question on Granting service account read access to Domain Controller Eventlogs

[Free, Bob]

I have learned here over the years not to be overly presumptive hence
the caveat about not understanding the requirements which were a little
vague to me, particularly the fact that I didn't see an agent mentioned
J

 

That's also the opposite of the SIEM solutions and MSSPs I've ever
worked with as well, IME the endpoints push to the collector/aggregator
and as I said, I don't envision how an aggregator pulling logs scales
worth a darn so I asked the question. 

 

From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Thursday, October 28, 2010 9:57 PM
To: NT System Admin Issues
Subject: RE: Question on Granting service account read access to Domain
Controller Eventlogs

 

Presumably this product has an agent or uses WinRM or something to
read/pull in the logs in real time, back to a central location for
correlation. The service account that's being used requires permission
to read the logs.

 

Cheers

Ken

 

From: Free, Bob [mailto:r...@pge.com] 
Sent: Friday, 29 October 2010 3:06 AM
To: NT System Admin Issues
Subject: RE: Question on Granting service account read access to Domain
Controller Eventlogs

 

If your environment is that big how can they look at multiple DCs in
real time and correlate them? 

 

Maybe I don't understand your requirements but it seems like you want to
ship the logs real-time to a SIEM or log management tool managed by the
security team or MSSP, that is a far better way to do it than to grant
access to the logs directly. 

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Thursday, October 28, 2010 6:51 AM
To: NT System Admin Issues
Subject: RE: Question on Granting service account read access to Domain
Controller Eventlogs

 

Its for Vericept, and they need to read the logs in realtime to
correlate what is seen on the network with a user. 

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

From: Cameron [mailto:cameron.orl...@gmail.com] 
Sent: Thursday, October 28, 2010 9:32 AM
To: NT System Admin Issues
Subject: Re: Question on Granting service account read access to Domain
Controller Eventlogs

 

Could you not just setup a job to copy the security.evtx file to
somewhere else and let them access that?



 

On Thu, Oct 28, 2010 at 2:48 AM, James Rankin 
wrote:

Can you control this by NTFS access to the .evt file itself?

On 27 October 2010 16:31, Ziots, Edward  wrote:

Running a Windows 2008 R2 DFL/FFL domain, security team needs a service
account to have read only access to the Security Eventlog accordingly.
Is there a way via the Default Domain Controllers Policy to Grant this,
or maybe a users right in Windows 2008 R2 accordingly?

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org <mailto:email%3aezi...@lifespan.org> 

Cell:401-639-3505

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
into the machine wrong figures, will the right answers come out?' I am
not able rightly to apprehend the kind of confusion of ideas that could
provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Ente

RE: Question on Granting service account read access to Domain Controller Eventlogs

[Ziots, Edward]

It has a service that runs as an account that contacts the DC's to read
the logs, this service accounts doesn't run on the DC's but on the
Vericept Console itself. 

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Friday, October 29, 2010 12:57 AM
To: NT System Admin Issues
Subject: RE: Question on Granting service account read access to Domain
Controller Eventlogs

 

Presumably this product has an agent or uses WinRM or something to
read/pull in the logs in real time, back to a central location for
correlation. The service account that's being used requires permission
to read the logs.

 

Cheers

Ken

 

From: Free, Bob [mailto:r...@pge.com] 
Sent: Friday, 29 October 2010 3:06 AM
To: NT System Admin Issues
Subject: RE: Question on Granting service account read access to Domain
Controller Eventlogs

 

If your environment is that big how can they look at multiple DCs in
real time and correlate them? 

 

Maybe I don't understand your requirements but it seems like you want to
ship the logs real-time to a SIEM or log management tool managed by the
security team or MSSP, that is a far better way to do it than to grant
access to the logs directly. 

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Thursday, October 28, 2010 6:51 AM
To: NT System Admin Issues
Subject: RE: Question on Granting service account read access to Domain
Controller Eventlogs

 

Its for Vericept, and they need to read the logs in realtime to
correlate what is seen on the network with a user. 

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

From: Cameron [mailto:cameron.orl...@gmail.com] 
Sent: Thursday, October 28, 2010 9:32 AM
To: NT System Admin Issues
Subject: Re: Question on Granting service account read access to Domain
Controller Eventlogs

 

Could you not just setup a job to copy the security.evtx file to
somewhere else and let them access that?



 

On Thu, Oct 28, 2010 at 2:48 AM, James Rankin 
wrote:

Can you control this by NTFS access to the .evt file itself?

On 27 October 2010 16:31, Ziots, Edward  wrote:

Running a Windows 2008 R2 DFL/FFL domain, security team needs a service
account to have read only access to the Security Eventlog accordingly.
Is there a way via the Default Domain Controllers Policy to Grant this,
or maybe a users right in Windows 2008 R2 accordingly?

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org <mailto:email%3aezi...@lifespan.org> 

Cell:401-639-3505

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
into the machine wrong figures, will the right answers come out?' I am
not able rightly to apprehend the kind of confusion of ideas that could
provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.c

RE: Question on Granting service account read access to Domain Controller Eventlogs

[Ken Schaefer]

Presumably this product has an agent or uses WinRM or something to read/pull in 
the logs in real time, back to a central location for correlation. The service 
account that's being used requires permission to read the logs.

Cheers
Ken

From: Free, Bob [mailto:r...@pge.com]
Sent: Friday, 29 October 2010 3:06 AM
To: NT System Admin Issues
Subject: RE: Question on Granting service account read access to Domain 
Controller Eventlogs

If your environment is that big how can they look at multiple DCs in real time 
and correlate them?

Maybe I don't understand your requirements but it seems like you want to ship 
the logs real-time to a SIEM or log management tool managed by the security 
team or MSSP, that is a far better way to do it than to grant access to the 
logs directly.

From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Thursday, October 28, 2010 6:51 AM
To: NT System Admin Issues
Subject: RE: Question on Granting service account read access to Domain 
Controller Eventlogs

Its for Vericept, and they need to read the logs in realtime to correlate what 
is seen on the network with a user.

Z

Edward E. Ziots
CISSP, Network +, Security +
Network Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505

From: Cameron [mailto:cameron.orl...@gmail.com]
Sent: Thursday, October 28, 2010 9:32 AM
To: NT System Admin Issues
Subject: Re: Question on Granting service account read access to Domain 
Controller Eventlogs

Could you not just setup a job to copy the security.evtx file to somewhere else 
and let them access that?



On Thu, Oct 28, 2010 at 2:48 AM, James Rankin 
mailto:kz2...@googlemail.com>> wrote:
Can you control this by NTFS access to the .evt file itself?
On 27 October 2010 16:31, Ziots, Edward 
mailto:ezi...@lifespan.org>> wrote:
Running a Windows 2008 R2 DFL/FFL domain, security team needs a service account 
to have read only access to the Security Eventlog accordingly. Is there a way 
via the Default Domain Controllers Policy to Grant this, or maybe a users right 
in Windows 2008 R2 accordingly?

Z

Edward E. Ziots
CISSP, Network +, Security +
Network Engineer
Lifespan Organization
Email:ezi...@lifespan.org<mailto:email%3aezi...@lifespan.org>
Cell:401-639-3505

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin



--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Question on Granting service account read access to Domain Controller Eventlogs

[Free, Bob]

If your environment is that big how can they look at multiple DCs in
real time and correlate them? 

 

Maybe I don't understand your requirements but it seems like you want to
ship the logs real-time to a SIEM or log management tool managed by the
security team or MSSP, that is a far better way to do it than to grant
access to the logs directly. 

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Thursday, October 28, 2010 6:51 AM
To: NT System Admin Issues
Subject: RE: Question on Granting service account read access to Domain
Controller Eventlogs

 

Its for Vericept, and they need to read the logs in realtime to
correlate what is seen on the network with a user. 

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

From: Cameron [mailto:cameron.orl...@gmail.com] 
Sent: Thursday, October 28, 2010 9:32 AM
To: NT System Admin Issues
Subject: Re: Question on Granting service account read access to Domain
Controller Eventlogs

 

Could you not just setup a job to copy the security.evtx file to
somewhere else and let them access that?



 

On Thu, Oct 28, 2010 at 2:48 AM, James Rankin 
wrote:

Can you control this by NTFS access to the .evt file itself?



On 27 October 2010 16:31, Ziots, Edward  wrote:

Running a Windows 2008 R2 DFL/FFL domain, security team needs a service
account to have read only access to the Security Eventlog accordingly.
Is there a way via the Default Domain Controllers Policy to Grant this,
or maybe a users right in Windows 2008 R2 accordingly?

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org <mailto:email%3aezi...@lifespan.org> 

Cell:401-639-3505

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
into the machine wrong figures, will the right answers come out?' I am
not able rightly to apprehend the kind of confusion of ideas that could
provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Question on Granting service account read access to Domain Controller Eventlogs

[Ziots, Edward]

Cool appreciate it. 

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

From: Andrew S. Baker [mailto:asbz...@gmail.com] 
Sent: Thursday, October 28, 2010 10:19 AM
To: NT System Admin Issues
Subject: Re: Question on Granting service account read access to Domain
Controller Eventlogs

 

I had to do this a year or so ago.  It's not really too hard.  There is
a tool that I used to determine what the appropriate SDDL strings were.
If I can dig it up today, I'll pass it on.


 

ASB (My XeeSM Profile) <http://XeeSM.com/AndrewBaker>  
Exploiting Technology for Business Advantage...
 





On Thu, Oct 28, 2010 at 8:47 AM, Ziots, Edward 
wrote:

Yeah I saw that article, problem is one screw up and you could waste the
eventlogs on all the DC's and the DC's are in production, I rather not
have to play around trying to calculate the codes for SDDL and stuff.
With as many DC's as I have Id have to update the .INF file, register
it, on all the DC's and Id have to do this in a test environment first
to verify it works before doing change management in production. 

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org <mailto:email%3aezi...@lifespan.org> 

Cell:401-639-3505

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, October 28, 2010 8:27 AM


To: NT System Admin Issues
Subject: Re: Question on Granting service account read access to Domain
Controller Eventlogs

 

Maybe this? http://support.microsoft.com/kb/323076 

On 27 October 2010 16:31, Ziots, Edward  wrote:

Running a Windows 2008 R2 DFL/FFL domain, security team needs a service
account to have read only access to the Security Eventlog accordingly.
Is there a way via the Default Domain Controllers Policy to Grant this,
or maybe a users right in Windows 2008 R2 accordingly?

 

Z

 

Edward E. Ziots

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Question on Granting service account read access to Domain Controller Eventlogs

[Andrew S. Baker]

You're not going to have access to copy the eventlogs from a scripting
standpoint -- not while the system is running, anyway.


*ASB *(My XeeSM Profile) 
*Exploiting Technology for Business Advantage...*
* *



On Thu, Oct 28, 2010 at 9:32 AM, Cameron  wrote:

> Could you not just setup a job to copy the security.evtx file to somewhere
> else and let them access that?
>
>
>
> On Thu, Oct 28, 2010 at 2:48 AM, James Rankin wrote:
>
>> Can you control this by NTFS access to the .evt file itself?
>>
>>
>>
>> On 27 October 2010 16:31, Ziots, Edward  wrote:
>>
>>>  Running a Windows 2008 R2 DFL/FFL domain, security team needs a service
>>> account to have read only access to the Security Eventlog accordingly. Is
>>> there a way via the Default Domain Controllers Policy to Grant this, or
>>> maybe a users right in Windows 2008 R2 accordingly?
>>>
>>>
>>>
>>> Z
>>>
>>>
>>>
>>> Edward E. Ziots
>>>
>>>
>>>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Question on Granting service account read access to Domain Controller Eventlogs

[Andrew S. Baker]

I had to do this a year or so ago.  It's not really too hard.  There is a
tool that I used to determine what the appropriate SDDL strings were.  If I
can dig it up today, I'll pass it on.


*ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker>
*Exploiting Technology for Business Advantage...*
* *



On Thu, Oct 28, 2010 at 8:47 AM, Ziots, Edward  wrote:

>  Yeah I saw that article, problem is one screw up and you could waste the
> eventlogs on all the DC’s and the DC’s are in production, I rather not have
> to play around trying to calculate the codes for SDDL and stuff.  With as
> many DC’s as I have Id have to update the .INF file, register it, on all the
> DC’s and Id have to do this in a test environment first to verify it works
> before doing change management in production.
>
>
>
> Z
>
>
>
> Edward E. Ziots
>
> CISSP, Network +, Security +
>
> Network Engineer
>
> Lifespan Organization
>
> Email:ezi...@lifespan.org 
>
> Cell:401-639-3505
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* Thursday, October 28, 2010 8:27 AM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Question on Granting service account read access to Domain
> Controller Eventlogs
>
>
>
> Maybe this? http://support.microsoft.com/kb/323076
>
> On 27 October 2010 16:31, Ziots, Edward  wrote:
>
> Running a Windows 2008 R2 DFL/FFL domain, security team needs a service
> account to have read only access to the Security Eventlog accordingly. Is
> there a way via the Default Domain Controllers Policy to Grant this, or
> maybe a users right in Windows 2008 R2 accordingly?
>
>
>
> Z
>
>
>
> Edward E. Ziots
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Question on Granting service account read access to Domain Controller Eventlogs

[Ziots, Edward]

Its for Vericept, and they need to read the logs in realtime to
correlate what is seen on the network with a user. 

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

From: Cameron [mailto:cameron.orl...@gmail.com] 
Sent: Thursday, October 28, 2010 9:32 AM
To: NT System Admin Issues
Subject: Re: Question on Granting service account read access to Domain
Controller Eventlogs

 

Could you not just setup a job to copy the security.evtx file to
somewhere else and let them access that?



 

On Thu, Oct 28, 2010 at 2:48 AM, James Rankin 
wrote:

Can you control this by NTFS access to the .evt file itself?




On 27 October 2010 16:31, Ziots, Edward  wrote:

Running a Windows 2008 R2 DFL/FFL domain, security team needs a service
account to have read only access to the Security Eventlog accordingly.
Is there a way via the Default Domain Controllers Policy to Grant this,
or maybe a users right in Windows 2008 R2 accordingly?

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org <mailto:email%3aezi...@lifespan.org> 

Cell:401-639-3505

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
into the machine wrong figures, will the right answers come out?' I am
not able rightly to apprehend the kind of confusion of ideas that could
provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Question on Granting service account read access to Domain Controller Eventlogs

[Cameron]

Could you not just setup a job to copy the security.evtx file to somewhere
else and let them access that?



On Thu, Oct 28, 2010 at 2:48 AM, James Rankin  wrote:

> Can you control this by NTFS access to the .evt file itself?
>
>
>
> On 27 October 2010 16:31, Ziots, Edward  wrote:
>
>>  Running a Windows 2008 R2 DFL/FFL domain, security team needs a service
>> account to have read only access to the Security Eventlog accordingly. Is
>> there a way via the Default Domain Controllers Policy to Grant this, or
>> maybe a users right in Windows 2008 R2 accordingly?
>>
>>
>>
>> Z
>>
>>
>>
>> Edward E. Ziots
>>
>> CISSP, Network +, Security +
>>
>> Network Engineer
>>
>> Lifespan Organization
>>
>> Email:ezi...@lifespan.org 
>>
>> Cell:401-639-3505
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Question on Granting service account read access to Domain Controller Eventlogs

[Ziots, Edward]

Yep, dully noted, but again with workload, and not that much familiarity
with the SDDL and the GPO set, I will go with user rights/Eventlog
Reader group and call it a day.  

 

Sometimes hate not knowing GPO's and stuff better, would help out on the
workload. 

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Thursday, October 28, 2010 9:16 AM
To: NT System Admin Issues
Subject: RE: Question on Granting service account read access to Domain
Controller Eventlogs

 

That option enables the user to manage the logs - including clearing
events. If read access only is required, then using the "log access" GPO
setting is preferable.

 

Cheers

Ken

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, 28 October 2010 9:09 PM
To: NT System Admin Issues
Subject: Re: Question on Granting service account read access to Domain
Controller Eventlogs

 

I would have thought that user right should do it, to be fair

On 28 October 2010 13:55, Ziots, Edward  wrote:

Yep, DC access is strictly limited, especially with the new Win2k8R2
Domain. 

 

If Manage Audit and Security Logs user right along with EventLog Readers
group access doesn't cut it for them, then ohh well. 

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org <mailto:email%3aezi...@lifespan.org> 

Cell:401-639-3505

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, October 28, 2010 8:51 AM


To: NT System Admin Issues
Subject: Re: Question on Granting service account read access to Domain
Controller Eventlogs

 

I take it giving the service account admin access to the DCs is a big
no-no as well :-) or, I suppose, rather defeats the object

On 28 October 2010 13:47, Ziots, Edward  wrote:

Yeah I saw that article, problem is one screw up and you could waste the
eventlogs on all the DC's and the DC's are in production, I rather not
have to play around trying to calculate the codes for SDDL and stuff.
With as many DC's as I have Id have to update the .INF file, register
it, on all the DC's and Id have to do this in a test environment first
to verify it works before doing change management in production. 

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org <mailto:email%3aezi...@lifespan.org> 

Cell:401-639-3505

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, October 28, 2010 8:27 AM


To: NT System Admin Issues
Subject: Re: Question on Granting service account read access to Domain
Controller Eventlogs

 

Maybe this? http://support.microsoft.com/kb/323076 

On 27 October 2010 16:31, Ziots, Edward  wrote:

Running a Windows 2008 R2 DFL/FFL domain, security team needs a service
account to have read only access to the Security Eventlog accordingly.
Is there a way via the Default Domain Controllers Policy to Grant this,
or maybe a users right in Windows 2008 R2 accordingly?

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org <mailto:email%3aezi...@lifespan.org> 

Cell:401-639-3505

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
into the machine wrong figures, will the right answers come out?' I am
not able rightly to apprehend the kind of confusion of ideas that could
provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
into the machine wrong figures, will the right answers come out?' I am
not able rightly to apprehend the kind of confusion of ideas that could
provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com

RE: Question on Granting service account read access to Domain Controller Eventlogs

[Ken Schaefer]

That option enables the user to manage the logs - including clearing events. If 
read access only is required, then using the "log access" GPO setting is 
preferable.

Cheers
Ken

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Thursday, 28 October 2010 9:09 PM
To: NT System Admin Issues
Subject: Re: Question on Granting service account read access to Domain 
Controller Eventlogs

I would have thought that user right should do it, to be fair
On 28 October 2010 13:55, Ziots, Edward 
mailto:ezi...@lifespan.org>> wrote:
Yep, DC access is strictly limited, especially with the new Win2k8R2 Domain.

If Manage Audit and Security Logs user right along with EventLog Readers group 
access doesn't cut it for them, then ohh well.

Z

Edward E. Ziots
CISSP, Network +, Security +
Network Engineer
Lifespan Organization
Email:ezi...@lifespan.org<mailto:email%3aezi...@lifespan.org>
Cell:401-639-3505

From: James Rankin [mailto:kz2...@googlemail.com<mailto:kz2...@googlemail.com>]
Sent: Thursday, October 28, 2010 8:51 AM

To: NT System Admin Issues
Subject: Re: Question on Granting service account read access to Domain 
Controller Eventlogs

I take it giving the service account admin access to the DCs is a big no-no as 
well :-) or, I suppose, rather defeats the object
On 28 October 2010 13:47, Ziots, Edward 
mailto:ezi...@lifespan.org>> wrote:
Yeah I saw that article, problem is one screw up and you could waste the 
eventlogs on all the DC's and the DC's are in production, I rather not have to 
play around trying to calculate the codes for SDDL and stuff.  With as many 
DC's as I have Id have to update the .INF file, register it, on all the DC's 
and Id have to do this in a test environment first to verify it works before 
doing change management in production.

Z

Edward E. Ziots
CISSP, Network +, Security +
Network Engineer
Lifespan Organization
Email:ezi...@lifespan.org<mailto:email%3aezi...@lifespan.org>
Cell:401-639-3505

From: James Rankin [mailto:kz2...@googlemail.com<mailto:kz2...@googlemail.com>]
Sent: Thursday, October 28, 2010 8:27 AM

To: NT System Admin Issues
Subject: Re: Question on Granting service account read access to Domain 
Controller Eventlogs

Maybe this? http://support.microsoft.com/kb/323076
On 27 October 2010 16:31, Ziots, Edward 
mailto:ezi...@lifespan.org>> wrote:
Running a Windows 2008 R2 DFL/FFL domain, security team needs a service account 
to have read only access to the Security Eventlog accordingly. Is there a way 
via the Default Domain Controllers Policy to Grant this, or maybe a users right 
in Windows 2008 R2 accordingly?

Z

Edward E. Ziots
CISSP, Network +, Security +
Network Engineer
Lifespan Organization
Email:ezi...@lifespan.org<mailto:email%3aezi...@lifespan.org>
Cell:401-639-3505

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin



--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin



--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resour

RE: Question on Granting service account read access to Domain Controller Eventlogs

[Ziots, Edward]

It should, but it gives a bit more access than is needed ( it also
allows you to clear the logs)

 

Checking in Miansi Windows 2008 R2 book and Moskowitz GPO book to see if
I can find anymore nuggets of knowledge on this. 

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, October 28, 2010 9:09 AM
To: NT System Admin Issues
Subject: Re: Question on Granting service account read access to Domain
Controller Eventlogs

 

I would have thought that user right should do it, to be fair

On 28 October 2010 13:55, Ziots, Edward  wrote:

Yep, DC access is strictly limited, especially with the new Win2k8R2
Domain. 

 

If Manage Audit and Security Logs user right along with EventLog Readers
group access doesn't cut it for them, then ohh well. 

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org <mailto:email%3aezi...@lifespan.org> 

Cell:401-639-3505

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, October 28, 2010 8:51 AM


To: NT System Admin Issues
Subject: Re: Question on Granting service account read access to Domain
Controller Eventlogs

 

I take it giving the service account admin access to the DCs is a big
no-no as well :-) or, I suppose, rather defeats the object

On 28 October 2010 13:47, Ziots, Edward  wrote:

Yeah I saw that article, problem is one screw up and you could waste the
eventlogs on all the DC's and the DC's are in production, I rather not
have to play around trying to calculate the codes for SDDL and stuff.
With as many DC's as I have Id have to update the .INF file, register
it, on all the DC's and Id have to do this in a test environment first
to verify it works before doing change management in production. 

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org <mailto:email%3aezi...@lifespan.org> 

Cell:401-639-3505

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, October 28, 2010 8:27 AM


To: NT System Admin Issues
Subject: Re: Question on Granting service account read access to Domain
Controller Eventlogs

 

Maybe this? http://support.microsoft.com/kb/323076 

On 27 October 2010 16:31, Ziots, Edward  wrote:

Running a Windows 2008 R2 DFL/FFL domain, security team needs a service
account to have read only access to the Security Eventlog accordingly.
Is there a way via the Default Domain Controllers Policy to Grant this,
or maybe a users right in Windows 2008 R2 accordingly?

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org <mailto:email%3aezi...@lifespan.org> 

Cell:401-639-3505

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
into the machine wrong figures, will the right answers come out?' I am
not able rightly to apprehend the kind of confusion of ideas that could
provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
into the machine wrong figures, will the right answers come out?' I am
not able rightly to apprehend the kind of confusion of ideas that could
provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forum

Re: Question on Granting service account read access to Domain Controller Eventlogs

[James Rankin]

I would have thought that user right should do it, to be fair

On 28 October 2010 13:55, Ziots, Edward  wrote:

>  Yep, DC access is strictly limited, especially with the new Win2k8R2
> Domain.
>
>
>
> If Manage Audit and Security Logs user right along with EventLog Readers
> group access doesn’t cut it for them, then ohh well.
>
>
>
> Z
>
>
>
> Edward E. Ziots
>
> CISSP, Network +, Security +
>
> Network Engineer
>
> Lifespan Organization
>
> Email:ezi...@lifespan.org 
>
> Cell:401-639-3505
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* Thursday, October 28, 2010 8:51 AM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Question on Granting service account read access to Domain
> Controller Eventlogs
>
>
>
> I take it giving the service account admin access to the DCs is a big no-no
> as well :-) or, I suppose, rather defeats the object
>
> On 28 October 2010 13:47, Ziots, Edward  wrote:
>
> Yeah I saw that article, problem is one screw up and you could waste the
> eventlogs on all the DC’s and the DC’s are in production, I rather not have
> to play around trying to calculate the codes for SDDL and stuff.  With as
> many DC’s as I have Id have to update the .INF file, register it, on all the
> DC’s and Id have to do this in a test environment first to verify it works
> before doing change management in production.
>
>
>
> Z
>
>
>
> Edward E. Ziots
>
> CISSP, Network +, Security +
>
> Network Engineer
>
> Lifespan Organization
>
> Email:ezi...@lifespan.org 
>
> Cell:401-639-3505
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* Thursday, October 28, 2010 8:27 AM
>
>
> *To:* NT System Admin Issues
> *Subject:* Re: Question on Granting service account read access to Domain
> Controller Eventlogs
>
>
>
> Maybe this? http://support.microsoft.com/kb/323076
>
> On 27 October 2010 16:31, Ziots, Edward  wrote:
>
> Running a Windows 2008 R2 DFL/FFL domain, security team needs a service
> account to have read only access to the Security Eventlog accordingly. Is
> there a way via the Default Domain Controllers Policy to Grant this, or
> maybe a users right in Windows 2008 R2 accordingly?
>
>
>
> Z
>
>
>
> Edward E. Ziots
>
> CISSP, Network +, Security +
>
> Network Engineer
>
> Lifespan Organization
>
> Email:ezi...@lifespan.org 
>
> Cell:401-639-3505
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.c

RE: Question on Granting service account read access to Domain Controller Eventlogs

[Ken Schaefer]

You can set the SDDL using a GPO: 
http://blogs.technet.com/b/askds/archive/2008/08/12/event-logging-policy-settings-in-windows-server-2008-and-vista.aspx

And testing something before implementing it is what IT admins do. You'd have 
to test and implement this first in your Dev/Test/UAT environments anyway.

Link above also has info on SDDL.

Cheers
Ken

From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Thursday, 28 October 2010 8:48 PM
To: NT System Admin Issues
Subject: RE: Question on Granting service account read access to Domain 
Controller Eventlogs

Yeah I saw that article, problem is one screw up and you could waste the 
eventlogs on all the DC's and the DC's are in production, I rather not have to 
play around trying to calculate the codes for SDDL and stuff.  With as many 
DC's as I have Id have to update the .INF file, register it, on all the DC's 
and Id have to do this in a test environment first to verify it works before 
doing change management in production.

Z

Edward E. Ziots
CISSP, Network +, Security +
Network Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Thursday, October 28, 2010 8:27 AM
To: NT System Admin Issues
Subject: Re: Question on Granting service account read access to Domain 
Controller Eventlogs

Maybe this? http://support.microsoft.com/kb/323076
On 27 October 2010 16:31, Ziots, Edward 
mailto:ezi...@lifespan.org>> wrote:
Running a Windows 2008 R2 DFL/FFL domain, security team needs a service account 
to have read only access to the Security Eventlog accordingly. Is there a way 
via the Default Domain Controllers Policy to Grant this, or maybe a users right 
in Windows 2008 R2 accordingly?

Z



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Question on Granting service account read access to Domain Controller Eventlogs

[Ziots, Edward]

Yep, DC access is strictly limited, especially with the new Win2k8R2
Domain. 

 

If Manage Audit and Security Logs user right along with EventLog Readers
group access doesn't cut it for them, then ohh well. 

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, October 28, 2010 8:51 AM
To: NT System Admin Issues
Subject: Re: Question on Granting service account read access to Domain
Controller Eventlogs

 

I take it giving the service account admin access to the DCs is a big
no-no as well :-) or, I suppose, rather defeats the object

On 28 October 2010 13:47, Ziots, Edward  wrote:

Yeah I saw that article, problem is one screw up and you could waste the
eventlogs on all the DC's and the DC's are in production, I rather not
have to play around trying to calculate the codes for SDDL and stuff.
With as many DC's as I have Id have to update the .INF file, register
it, on all the DC's and Id have to do this in a test environment first
to verify it works before doing change management in production. 

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org <mailto:email%3aezi...@lifespan.org> 

Cell:401-639-3505

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, October 28, 2010 8:27 AM


To: NT System Admin Issues
Subject: Re: Question on Granting service account read access to Domain
Controller Eventlogs

 

Maybe this? http://support.microsoft.com/kb/323076 

On 27 October 2010 16:31, Ziots, Edward  wrote:

Running a Windows 2008 R2 DFL/FFL domain, security team needs a service
account to have read only access to the Security Eventlog accordingly.
Is there a way via the Default Domain Controllers Policy to Grant this,
or maybe a users right in Windows 2008 R2 accordingly?

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org <mailto:email%3aezi...@lifespan.org> 

Cell:401-639-3505

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
into the machine wrong figures, will the right answers come out?' I am
not able rightly to apprehend the kind of confusion of ideas that could
provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
into the machine wrong figures, will the right answers come out?' I am
not able rightly to apprehend the kind of confusion of ideas that could
provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Question on Granting service account read access to Domain Controller Eventlogs

[James Rankin]

I take it giving the service account admin access to the DCs is a big no-no
as well :-) or, I suppose, rather defeats the object

On 28 October 2010 13:47, Ziots, Edward  wrote:

>  Yeah I saw that article, problem is one screw up and you could waste the
> eventlogs on all the DC’s and the DC’s are in production, I rather not have
> to play around trying to calculate the codes for SDDL and stuff.  With as
> many DC’s as I have Id have to update the .INF file, register it, on all the
> DC’s and Id have to do this in a test environment first to verify it works
> before doing change management in production.
>
>
>
> Z
>
>
>
> Edward E. Ziots
>
> CISSP, Network +, Security +
>
> Network Engineer
>
> Lifespan Organization
>
> Email:ezi...@lifespan.org 
>
> Cell:401-639-3505
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* Thursday, October 28, 2010 8:27 AM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Question on Granting service account read access to Domain
> Controller Eventlogs
>
>
>
> Maybe this? http://support.microsoft.com/kb/323076
>
> On 27 October 2010 16:31, Ziots, Edward  wrote:
>
> Running a Windows 2008 R2 DFL/FFL domain, security team needs a service
> account to have read only access to the Security Eventlog accordingly. Is
> there a way via the Default Domain Controllers Policy to Grant this, or
> maybe a users right in Windows 2008 R2 accordingly?
>
>
>
> Z
>
>
>
> Edward E. Ziots
>
> CISSP, Network +, Security +
>
> Network Engineer
>
> Lifespan Organization
>
> Email:ezi...@lifespan.org 
>
> Cell:401-639-3505
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>



-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Question on Granting service account read access to Domain Controller Eventlogs

[Ziots, Edward]

Yeah I saw that article, problem is one screw up and you could waste the
eventlogs on all the DC's and the DC's are in production, I rather not
have to play around trying to calculate the codes for SDDL and stuff.
With as many DC's as I have Id have to update the .INF file, register
it, on all the DC's and Id have to do this in a test environment first
to verify it works before doing change management in production. 

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, October 28, 2010 8:27 AM
To: NT System Admin Issues
Subject: Re: Question on Granting service account read access to Domain
Controller Eventlogs

 

Maybe this? http://support.microsoft.com/kb/323076 

On 27 October 2010 16:31, Ziots, Edward  wrote:

Running a Windows 2008 R2 DFL/FFL domain, security team needs a service
account to have read only access to the Security Eventlog accordingly.
Is there a way via the Default Domain Controllers Policy to Grant this,
or maybe a users right in Windows 2008 R2 accordingly?

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org <mailto:email%3aezi...@lifespan.org> 

Cell:401-639-3505

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
into the machine wrong figures, will the right answers come out?' I am
not able rightly to apprehend the kind of confusion of ideas that could
provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Question on Granting service account read access to Domain Controller Eventlogs

[James Rankin]

Maybe this? http://support.microsoft.com/kb/323076

On 27 October 2010 16:31, Ziots, Edward  wrote:

>  Running a Windows 2008 R2 DFL/FFL domain, security team needs a service
> account to have read only access to the Security Eventlog accordingly. Is
> there a way via the Default Domain Controllers Policy to Grant this, or
> maybe a users right in Windows 2008 R2 accordingly?
>
>
>
> Z
>
>
>
> Edward E. Ziots
>
> CISSP, Network +, Security +
>
> Network Engineer
>
> Lifespan Organization
>
> Email:ezi...@lifespan.org 
>
> Cell:401-639-3505
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>



-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Question on Granting service account read access to Domain Controller Eventlogs

[Ziots, Edward]

I don't believe so, since a service basically has the .EXTX files open
by default. 

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, October 28, 2010 2:49 AM
To: NT System Admin Issues
Subject: Re: Question on Granting service account read access to Domain
Controller Eventlogs

 

Can you control this by NTFS access to the .evt file itself?




On 27 October 2010 16:31, Ziots, Edward  wrote:

Running a Windows 2008 R2 DFL/FFL domain, security team needs a service
account to have read only access to the Security Eventlog accordingly.
Is there a way via the Default Domain Controllers Policy to Grant this,
or maybe a users right in Windows 2008 R2 accordingly?

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org <mailto:email%3aezi...@lifespan.org> 

Cell:401-639-3505

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
into the machine wrong figures, will the right answers come out?' I am
not able rightly to apprehend the kind of confusion of ideas that could
provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Question on Granting service account read access to Domain Controller Eventlogs

[James Rankin]

Can you control this by NTFS access to the .evt file itself?



On 27 October 2010 16:31, Ziots, Edward  wrote:

>  Running a Windows 2008 R2 DFL/FFL domain, security team needs a service
> account to have read only access to the Security Eventlog accordingly. Is
> there a way via the Default Domain Controllers Policy to Grant this, or
> maybe a users right in Windows 2008 R2 accordingly?
>
>
>
> Z
>
>
>
> Edward E. Ziots
>
> CISSP, Network +, Security +
>
> Network Engineer
>
> Lifespan Organization
>
> Email:ezi...@lifespan.org 
>
> Cell:401-639-3505
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>



-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Question on Windows Firewall Settings cant be changed on WIndows 2008 R2 Dc

[Ziots, Edward]

Yep, looked like the enforcement at the root of the old Disable Windows
Updates policy from Windows 2003 was the problem, weird problem it was
at the root of my accounts domain, didn't think right off the bat it
cause the issue with the DC OU's but yep, it did, now I got to recreate
it accordingly. 

Z

Edward E. Ziots
CISSP, Network +, Security +
Network Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505


-Original Message-
From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Wednesday, October 06, 2010 12:46 PM
To: NT System Admin Issues
Subject: RE: Question on Windows Firewall Settings cant be changed on
WIndows 2008 R2 Dc

Gpresult /r

Sounds like GPO to me - so make certain with the above command...

Editing the registry is easy enough; but if it's a GPO, it'll just get
refreshed at the next update interval..

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com


-Original Message-
From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Wednesday, October 06, 2010 12:42 PM
To: NT System Admin Issues
Subject: Question on Windows Firewall Settings cant be changed on
WIndows 2008 R2 Dc

Logging in as a Domain Admin, on Windows 2008 R2 DC and checking out the
automatic updates settings, and its not allowing us to change anything,
its basically greyed out. 

Any Idea accordingly? We had a GPO from the Windows 2003 domain which
disabled automatic updates at the ROOT of the Child domain. This isnt a
problem in the root domain. 

ALL DC's are virtual except for one.

Any ideas? 

Z

Edward E. Ziots
CISSP, Network +, Security +
Network Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Question on Windows Firewall Settings cant be changed on WIndows 2008 R2 Dc

[Michael B. Smith]

Gpresult /r

Sounds like GPO to me - so make certain with the above command...

Editing the registry is easy enough; but if it's a GPO, it'll just get 
refreshed at the next update interval..

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com


-Original Message-
From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Wednesday, October 06, 2010 12:42 PM
To: NT System Admin Issues
Subject: Question on Windows Firewall Settings cant be changed on WIndows 2008 
R2 Dc

Logging in as a Domain Admin, on Windows 2008 R2 DC and checking out the 
automatic updates settings, and its not allowing us to change anything, its 
basically greyed out. 

Any Idea accordingly? We had a GPO from the Windows 2003 domain which disabled 
automatic updates at the ROOT of the Child domain. This isnt a problem in the 
root domain. 

ALL DC's are virtual except for one.

Any ideas? 

Z

Edward E. Ziots
CISSP, Network +, Security +
Network Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Question on "Users" folder on Windows 2008 server

[Kim Longenbaugh]

I think the secret lies in the new way permissions are being handled to
"improve" security.

Try accessing the real Users folder from within "Documents and
Settings".  One of my associates found several ways to gain permissions
to the "Users" folder on Google.

 

From: Tom Miller [mailto:tmil...@hnncsb.org] 
Sent: Monday, October 04, 2010 2:13 PM
To: NT System Admin Issues
Subject: Re: Question on "Users" folder on Windows 2008 server

 

Correct, I cannot.  This is the "Users" folder on Windows 2008 servers.
However Windows won't let you change perms on the Users folder.  At
least it refuses to do so for me.  Is it me or is it sorta dumb that
administrators can't administer a server's profiles?

 

Tom

>>> William Robbins  10/4/2010 2:41 PM >>>
Ah, gotcha. In that case you will have to either take ownership or add
DA to the security on the profiles you wish to access. I'm guessing
presently you cannot even view the security tab to verify permissions?

- WJR



On Mon, Oct 4, 2010 at 13:37, Tom Miller  wrote:

Thanks. I can access the remote profile path, it's just the local
profiles that I cannot access. Administrators are already in the GPO to
have perms to the profile path. 

>>> William Robbins  10/4/2010 2:29 PM >>> 


I've had similar behavior with our profiles. Tell me, when you look at
the folders do you see the lock icon on the folders?

What we did was change the GPO settings to add the Administrators
security group to the roaming user profile share. as mentioned in this
article:
http://technet.microsoft.com/en-us/library/cc781862%28WS.10%29.aspx

I also found this article useful specifically for 2008:
http://social.technet.microsoft.com/forums/en-US/winservergen/thread/2e3
d27cf-38ec-433d-8bee-2a69a73871a5/


- WJR



On Mon, Oct 4, 2010 at 13:23, Tom Miller  wrote:

Folks,

A few of my XenApp users are having profile issues. I use roaming
profiles, and they seem to work, although the local size is always
larger than the network profile size (temp files, etc).

Anyway I need to access a few of the local profilese on these XenApp
(2008 not R2) servers. I get the "access denied" message of course. So I
add my domain admin account to the local adminstrators group on the
server, but I still can't access the profiles. Do I need to take
ownership of the folder? Or am I missing something? 

Tom Miller
Engineer, Information Technology
Hampton-Newport News Community Services Board
757-788-0528

Confidentiality Notice: This e-mail message, including attachments, is
for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure, or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message. 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

Confidentiality Notice: This e-mail message, including attachments, is
for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure, or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message. 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

Confidentiality Notice: This e-mail message, including attachments, is
for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure, or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail a

Re: Question on "Users" folder on Windows 2008 server

[William Robbins]

No, I've found it to be quite a PITA.

So if you go to C:\ and select Properties on the "Users" folder you still
can't see permissions?  I just looked on my server, but it's R2, I wouldn't
think that would make a difference...but it might.

If you can access the "Users" folder you could take ownership at that level
and have it applied to all subfolders.

 - WJR


On Mon, Oct 4, 2010 at 14:12, Tom Miller  wrote:

>  Correct, I cannot.  This is the "Users" folder on Windows 2008 servers.
> However Windows won't let you change perms on the Users folder.  At least it
> refuses to do so for me.  Is it me or is it sorta dumb that administrators
> can't administer a server's profiles?
>
> Tom
>
> >>> William Robbins  10/4/2010 2:41 PM >>>
>
> Ah, gotcha. In that case you will have to either take ownership or add DA
> to the security on the profiles you wish to access. I'm guessing presently
> you cannot even view the security tab to verify permissions?
>
> - WJR
>
>
> On Mon, Oct 4, 2010 at 13:37, Tom Miller  wrote:
>
>> Thanks. I can access the remote profile path, it's just the local profiles
>> that I cannot access. Administrators are already in the GPO to have perms to
>> the profile path.
>>
>> >>> William Robbins  10/4/2010 2:29 PM >>>
>>
>> I've had similar behavior with our profiles. Tell me, when you look at the
>> folders do you see the lock icon on the folders?
>>
>> What we did was change the GPO settings to add the Administrators security
>> group to the roaming user profile share. as mentioned in this article:
>> http://technet.microsoft.com/en-us/library/cc781862%28WS.10%29.aspx
>>
>> I also found this article useful specifically for 2008:
>> http://social.technet.microsoft.com/forums/en-US/winservergen/thread/2e3d27cf-38ec-433d-8bee-2a69a73871a5/
>>
>>
>> - WJR
>>
>>
>> On Mon, Oct 4, 2010 at 13:23, Tom Miller  wrote:
>>
>>>  Folks,
>>>  A few of my XenApp users are having profile issues. I use roaming
>>> profiles, and they seem to work, although the local size is always larger
>>> than the network profile size (temp files, etc).
>>>  Anyway I need to access a few of the local profilese on these XenApp
>>> (2008 not R2) servers. I get the "access denied" message of course. So I add
>>> my domain admin account to the local adminstrators group on the server, but
>>> I still can't access the profiles. Do I need to take ownership of the
>>> folder? Or am I missing something?
>>>  Tom Miller
>>> Engineer, Information Technology
>>> Hampton-Newport News Community Services Board
>>> 757-788-0528
>>>
>>> Confidentiality Notice: This e-mail message, including attachments, is
>>> for the sole use of the intended recipient(s) and may contain confidential
>>> and privileged information. Any unauthorized review, use, disclosure, or
>>> distribution is prohibited. If you are not the intended recipient, please
>>> contact the sender by reply e-mail and destroy all copies of the original
>>> message.
>>>
>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>>> ~  ~
>>>
>>> ---
>>> To manage subscriptions click here:
>>> http://lyris.sunbelt-software.com/read/my_forums/
>>> or send an email to listmana...@lyris.sunbeltsoftware.com
>>> with the body: unsubscribe ntsysadmin
>>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~  ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>> Confidentiality Notice: This e-mail message, including attachments, is for
>> the sole use of the intended recipient(s) and may contain confidential and
>> privileged information. Any unauthorized review, use, disclosure, or
>> distribution is prohibited. If you are not the intended recipient, please
>> contact the sender by reply e-mail and destroy all copies of the original
>> message.
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~  ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>  Confidentiality Notice: This e-mail message, including attachments, is
> for the sole use of the intended recipient(s) and may contain confidential
> and privileged information. Any unauthorized review, use, disclosure, or
> distribution is prohibited. If you are n

Re: Question on "Users" folder on Windows 2008 server

[Tom Miller]

Correct, I cannot.  This is the "Users" folder on Windows 2008 servers. However 
Windows won't let you change perms on the Users folder.  At least it refuses to 
do so for me.  Is it me or is it sorta dumb that administrators can't 
administer a server's profiles?
 
Tom

>>> William Robbins  10/4/2010 2:41 PM >>>
Ah, gotcha. In that case you will have to either take ownership or add DA to 
the security on the profiles you wish to access. I'm guessing presently you 
cannot even view the security tab to verify permissions?

- WJR


On Mon, Oct 4, 2010 at 13:37, Tom Miller  wrote:


Thanks. I can access the remote profile path, it's just the local profiles that 
I cannot access. Administrators are already in the GPO to have perms to the 
profile path. 

>>> William Robbins  10/4/2010 2:29 PM >>>

I've had similar behavior with our profiles. Tell me, when you look at the 
folders do you see the lock icon on the folders?

What we did was change the GPO settings to add the Administrators security 
group to the roaming user profile share. as mentioned in this article: 
http://technet.microsoft.com/en-us/library/cc781862%28WS.10%29.aspx

I also found this article useful specifically for 2008: 
http://social.technet.microsoft.com/forums/en-US/winservergen/thread/2e3d27cf-38ec-433d-8bee-2a69a73871a5/


- WJR


On Mon, Oct 4, 2010 at 13:23, Tom Miller  wrote:


Folks,
A few of my XenApp users are having profile issues. I use roaming profiles, and 
they seem to work, although the local size is always larger than the network 
profile size (temp files, etc).
Anyway I need to access a few of the local profilese on these XenApp (2008 not 
R2) servers. I get the "access denied" message of course. So I add my domain 
admin account to the local adminstrators group on the server, but I still can't 
access the profiles. Do I need to take ownership of the folder? Or am I missing 
something? 
Tom Miller
Engineer, Information Technology
Hampton-Newport News Community Services Board
757-788-0528

Confidentiality Notice: This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information. Any unauthorized review, use, disclosure, or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message. 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Confidentiality Notice: This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information. Any unauthorized review, use, disclosure, or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message. 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
Confidentiality Notice:  This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information.  Any unauthorized review, use, disclosure, or 
distribution is prohibited.  If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin