Forest trust transitivy limit?

I have an interesting conundrum that I’m pondering which has raised the question of just how transitive are forest trusts? With 2 forests, it’s quite straightforward; with a forest trust between them, the transitivity extends down the domain tree in each forest, eliminating the need for externa

R: Forest trust transitivy limit?

It is not transitive Mary loves John and John loves Mary . John loves Dad and Dad loves John. It doesn't mean that Dad loves Mary ! GuidoElia HELPPC _ Da: Paul Gordon [mailto:paul_gor...@hotmail.com] Inviato: venerdì 12 novembre 2010 11.24 A: NT System Admin Issues Oggetto: Forest

RE: Loooooong ping times

*what* are you PINGing to test ? Do you use a variety of endpoints ? What is your MTU ? Erik Goldoff IT Consultant Systems, Networks, & Security ' Security is an ongoing process, not a one time event ! ' From: Evan Brastow [mailto:ebras...@automatedemblem.com] Sent: Thursday, Novem

Aerohive Wireless

Does anyone have any experience with (or have you heard anything about) Aerohive's wireless solutions? I did a web conference with them this week, and they have an interesting model. They don't use controllers, so there's no central point of failure. But they do use a "HiveManager" to configure

RE: Freeware PDF creator?

Indeed it is. No matter how bad things get, it could *ALWAYS* be worse. :) Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians & Associates, PA jra...@eaglemds.commailto:%20jra...@eaglemds.com> www.eaglemds.comhttp://www.eaglemds.com/> From

Finding 64 bit Win 7 machines

Ok, so I have an OU full of Windows 7 machines. I need to split them into 64 bit and 32 bit for some group policies. Any suggestions/ideas for a quick way to find out which is which? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~

RE: Finding 64 bit Win 7 machines

Lansweeper, install it let it gather the info on your domain and look for the W7 OS Report From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Friday, November 12, 2010 10:12 AM To: NT System Admin Issues Subject: Finding 64 bit Win 7 machines Ok, so I have an OU full of Windows 7 mac

RE: Finding 64 bit Win 7 machines

Bah, I have that already. Yep that will do it. Tyvm. Going to get coffee first, lots more coffee. BTW I found a reg key that will give the info. Could also script the info to a text file... http://support.microsoft.com/kb/556009/en-us From: Garcia-Moran, Carlos [mailto:cgarciamo...@sprague

RE: Finding 64 bit Win 7 machines

WMI filter on the GPOs? DAMIEN SOLODOW Systems Engineer 317.447.6033 (office) 317.217.6851 (fax) HARRISON COLLEGE From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Friday, November 12, 2010 10:12 AM To: NT System Admin Issues Subject: Finding 64 bit Win 7 machines Ok,

RE: Terminal Server or VPN?

You don't understand how this org things, which is probably a good thing... We'd still use the TS machines post-move, the move just accelerated my (and thus their) thought processes From: Jacob [mailto:ja...@excaliburfilms.com] Sent: Thursday, November 11, 2010 10:53 AM To: NT System Admin Issue

Re: Finding 64 bit Win 7 machines

That was my thought as well. -Jeff Steward On Fri, Nov 12, 2010 at 10:14 AM, Damien Solodow < damien.solo...@harrison.edu> wrote: > WMI filter on the GPOs? > > > > DAMIEN SOLODOW > > Systems Engineer > > 317.447.6033 (office) > > 317.217.6851 (fax) > > HARRISON COLLEGE > > > > *From:* Kennedy, J

RE: Finding 64 bit Win 7 machines

Yea, I should have known all of this :) Skipping coffee and going straight to beer. Been a rough week. From: Jeff Steward [mailto:jstew...@gmail.com] Sent: Friday, November 12, 2010 10:38 AM To: NT System Admin Issues Subject: Re: Finding 64 bit Win 7 machines That was my thought as well. -Jef

RE: Loooooong ping times

+10 to Erik's questions below. Use tracert (as suggested by Mike Sullivan) from inside your LAN and from connected directly to your cable modem with a laptop (as suggested by Dennis Hoefer), and then you'll know where to point the finger. Example: C:\>tracert 4.2.2.2 Tracing route to vnsc-bak

Remote reboot W2K via remote PSSHUTDOWN

Is there a way to give someone permissions to reboot a Win2K pro system without them being a local admin? I want them to run a PSSHUTDOWN script remotely but they get access denied unless they're admin. Is there any reg hack I can do hokus pokus with? David Lum // SYSTEMS ENGINEER NORTHWEST EVAL

RE: Remote reboot W2K via remote PSSHUTDOWN

Did you grant them the user right to shutdown the system? From: David Lum [mailto:david@nwea.org] Sent: Friday, November 12, 2010 8:42 AM To: NT System Admin Issues Subject: Remote reboot W2K via remote PSSHUTDOWN Is there a way to give someone permissions to reboot a Win2K pro system

RE: Remote reboot W2K via remote PSSHUTDOWN

I have the very opposite question, if I revoke the rights ( shutdown and Shutdown system allow shutdown from remote systems, via user rights) then how is Psshutdown still working on my Windows 2003 systems. I would like to control access to shutdown the system either local or remotely via the

RE: Remote reboot W2K via remote PSSHUTDOWN

Ah,.that rings a bell, local policy thingy-doo I bet... From: Free, Bob [mailto:r...@pge.com] Sent: Friday, November 12, 2010 8:51 AM To: NT System Admin Issues Subject: RE: Remote reboot W2K via remote PSSHUTDOWN Did you grant them the user right to shutdown the system? From: David Lum [mai

RE: Remote reboot W2K via remote PSSHUTDOWN

I just answered my own question, the only way to do this is revoke local administrative privileges, to stop the psshutdown command accordingly, denying the shutdown system and remote system shutdown rights will n help accordingly. Z Edward E. Ziots CISSP, Network +, Security + Network En

RE: Remote reboot W2K via remote PSSHUTDOWN

Take that right away from the local admin group maybe?.. From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, November 12, 2010 12:23 PM To: NT System Admin Issues Subject: RE: Remote reboot W2K via remote PSSHUTDOWN I just answered my own question, the only way to do this is revoke

RE: Remote reboot W2K via remote PSSHUTDOWN

+1 Add the user's domain account to the local security policy. Administrative Tools --> Local Security Policy --> Security Settings --> local Policies --> User Rights Assignment --> "Shut down the system" (see screen shot below). Better yet, possibly, depending on your security & administrative

RE: Remote reboot W2K via remote PSSHUTDOWN

That didn't work, I already took away both shutdown rights ( local and remote), and tried my account that still had local admin rights and yep Psshutdown worked, I revoked my local administrative access and sure enough I was stopped cold. Z Edward E. Ziots CISSP, Network +, Security + Ne

RE: Remote reboot W2K via remote PSSHUTDOWN

Not 100% sure, but parts of this article may be of use to you: http://support.microsoft.com/kb/278295 HTH... Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians & Associates, PA jra...@eaglemds.commailto:%20jra...@eaglemds.com> www.eaglemds.comhttp://www.eaglemds.com/> ___

Questions on the Application of Restricted Groups to Local Groups on Servers, Workstations

For those that have worked with the Restricted Group Functionality in Windows 2003, Windows 2008 R2. I have the following questions. I am looking to create some group polices that will affect the local administrators, power users groups on a set of computer objects (servers) in particular OU'

Re: Questions on the Application of Restricted Groups to Local Groups on Servers, Workstations

It's fairly straightforward to use. We use it to make sure desktop support folks can access all domain workstations. This is handy depending on your client workstation OS: http://support.microsoft.com/kb/810076 Here is a forum post giving steps on specifying local accounts: http://social.techne

Re: Questions on the Application of Restricted Groups to Local Groups on Servers, Workstations

There are a few ways you can do this. One would be in the restricted group settings, create new group. The name would be the local group of the server so Administartors and "Power Users". Add the local admin account and whatever domain accounts in there. The other way would be to add a Domain Group

Re: Loooooong ping times

http://www.nanog.org/meetings/nanog47/abstracts.php?pt=MTQ0MiZuYW5vZzQ3&nm=nanog47 On Thu, Nov 11, 2010 at 15:47, Evan Brastow wrote: > Hi peoples, > > > > I have a weird issue, and I've had it for about 3 weeks (don't worry, it's > work related!) > > > > Our Internet connection has been really s

RE: Questions on the Application of Restricted Groups to Local Groups on Servers, Workstations

Thanks guys, Reviewing it now and testing out the OU to start ripping and removing the bloat in the local admins group, even though I lost my battle with further restrictions of those groups, and following the least privilege best practices. Z Edward E. Ziots CISSP, Network +, Secur

Re: Questions on the Application of Restricted Groups to Local Groups on Servers, Workstations

Keep trying and don't give up that fight it will be worth the effort in the long run as you know. Jon On Fri, Nov 12, 2010 at 1:54 PM, Ziots, Edward wrote: > Thanks guys, > > > > Reviewing it now and testing out the OU to start ripping and removing the > bloat in the local admins group, even t

Re: Cisco's Unified Computing System

Basically they are in the same ballpark with other Blade vendors. Depending how its setup it can cost more or less than a similarly configured HP blade From: James Rankin To: NT System Admin Issues Sent: Fri, November 12, 2010 2:18:20 AM Subject: Re: Cisco's U

RE: Questions on the Application of Restricted Groups to Local Groups on Servers, Workstations

Actually, not when the cards are stacked against you... Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Friday, November 12, 2010 1:57 PM To: NT S

RE: Questions on the Application of Restricted Groups to Local Groups on Servers, Workstations

You need a virus outbreak that hits every box in a whole building across the wire using the local admin credentials that are common between the boxes. That was what it took here. From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, November 12, 2010 2:37 PM To: NT System Admin Issues S

RE: Questions on the Application of Restricted Groups to Local Groups on Servers, Workstations

Well that has already been dealt with ( common admin credentials, no more) the real problem is permissions beyond ones job responsibilities, and the risk that it entails, and the politics that goes with it. I think every organization has that issue to some degree, but as we have seen in various ins

Re: Questions on the Application of Restricted Groups to Local Groups on Servers, Workstations

That is one diatribe that does not get old at least to me. Another thing that would get the powers to be to see the light is an audit of software by a vendor that cost the company big time for violation of agreement/copywrite. You know like someone in the company getting caught with unlicensed mu

Exchange 2003 printing of users emails for HR.

I have a requirement by HR to print all emails from 3 individuals from the past month. I went to message tracking and I can see them for a user but I don't know how to print them? Am I in the right spot? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~

Re: Questions on the Application of Restricted Groups to Local Groups on Servers, Workstations

On Fri, Nov 12, 2010 at 2:53 PM, Ziots, Edward wrote: > the real problem is permissions beyond ones job responsibilities, and the > risk that it entails, and the politics that goes with it. Yah, we're currently struggling through that here at %WORK%. A huge chunk of the company's data is in a

RE: Questions on the Application of Restricted Groups to Local Groups on Servers, Workstations

Yep, the hole DCMA trick defintely is a eye-opener, but that has also been dealt with accordingly, and folks understand that risk quite well. That and the BSA stuff defintely will wake up folks accordingly. The part I get frustrated about is trying to do things by the best practices and apply

RE: Exchange 2003 printing of users emails for HR.

Message tracking just has delivery info and subject line. You'd need to actually go in the mailbox and print each one - assuming they haven't deleted any or anything. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Friday,

Re: Exchange 2003 printing of users emails for HR.

On Fri, Nov 12, 2010 at 3:34 PM, itli...@imcu.com wrote: > I have a requirement by HR to print all emails from 3 individuals from the > past month. Do you already have an email retention policy and solution in place? At the very least, do you have deleted item retention turned on? If not, y

RE: Exchange 2003 printing of users emails for HR.

I believe I turned Deleted items retention on per you guys' recommendation. I don't know how to check it and I don't know how to get the email if it is retained??? Does that make sense? -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Posted At: Friday, November 12, 2010 3

RE: Exchange 2003 printing of users emails for HR.

Ahha found it. I have it set to 30 and 90 days with the deletion box unchecked... Am I in better shape now? -Original Message- From: itli...@imcu.com [mailto:itli...@imcu.com] Posted At: Friday, November 12, 2010 3:50 PM Posted To: itli...@imcu.com Conversation: Exchange 2003 printing of

RE: Questions on the Application of Restricted Groups to Local Groups on Servers, Workstations

(1) Good luck on changing the "This is how its always been done, why change argument" ( Like Jim said, when they get burned they get burned) 2) Auditing and ABE (Access based Enumeration) is a great 1-2 punch to getting the data auditable and structured, just remember Authenticate, Authorization a

RE: Exchange 2003 printing of users emails for HR.

Exchange 2003 doesn't have the ability to enforce everything staying there. It also doesn't have the ability to store versions if someone edits a message in their mailbox. This was all added in Exchange 2010. You don't really have a way to provide a complete picture with the tools you have. Th

Re: Questions on the Application of Restricted Groups to Local Groups on Servers, Workstations

On Fri, Nov 12, 2010 at 4:01 PM, Ziots, Edward wrote: > (1) Good luck on changing the "This is how its always been done, why > change argument" ( Like Jim said, when they get burned they get burned) > > http://site.despair.com/blog/2007/10/18/2008-demotivator-tradition/ :-) Jeff ~ Finally, pow

RE: Questions on the Application of Restricted Groups to Local Groups on Servers, Workstations

We have similar problems, compounded by a whole lot of people that don't even have domain accounts but need to put stuff on servers. -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Friday, November 12, 2010 1:43 PM To: NT System Admin Issues Subject: Re: Questions

Re: Questions on the Application of Restricted Groups to Local Groups on Servers, Workstations

May be time to look for a new rope on a different ship. Been there done that got the scars to prove it. Sometimes you just have to move on. Jon On Fri, Nov 12, 2010 at 3:44 PM, Ziots, Edward wrote: > Yep, the hole DCMA trick defintely is a eye-opener, but that has also > been dealt with acco

Re: Questions on the Application of Restricted Groups to Local Groups on Servers, Workstations

You forgot the dyed in the wool Mac head that keeps repeating you don't need this with a Mac and Mac's can't get a virus and yes I know both are wrong but I heard that mantra for almost 10 years. Along with but I need to see what so and so is working on. Jon On Fri, Nov 12, 2010 at 4:01 PM, Ziot

RE: Forest trust transitivy limit?

Could easily be tested with three VMs in less time than it takes to get an answer from this list... Alternatively: http://technet.microsoft.com/en-us/library/cc755700(WS.10).aspx Forest trusts can only be created between two forests and cannot be implicitly extended to a third forest. This means