http://support.microsoft.com/kb/942564
From: VIPCS [mailto:vi...@stny.rr.com]
Sent: Sunday, November 28, 2010 4:04 PM
To: NT System Admin Issues
Subject: RE: Issue with Service and Login Account on NT 4.0 SP6a machine, ideas?
Did you check to see if the account password has expired, or the
Others have answered the main point of your question. Just thought I'd
throw in a quick beware with moving up the SP tree in Office 2k ...
you'll introduce the Outlook protection that stops other applications
from accessing the address book/mail functionality without prompt.
Non-issue in a simple
Domain has been at Windows 2008 R2 FFL/DFL for some time now, more than
2-3 months.
I am not sure we reset the NTLMV2 requirement but I have a few other NT
boxes that can communicate with the domain, without issues.
I believe the NTLMV2 requirement was a setting in the default Domain
NT 4.0 will not obey GPO's to my knowledge, since it has no knowledge of
them. Account in question is a Domain Account. I am not assuming that
the account was deleted and re-created accordingly. There is only two
possibilities I can see at the moment ( either BAD password) or
something else
Thanks Greg, I am going to look into that one now, I found it in my
searches also and it looks promising. I doubt we reset this setting to
allow NT 4.0 crypto accordingly.
Z
Edward E. Ziots
CISSP, Network +, Security +
Network Engineer
Lifespan Organization
Email:ezi...@lifespan.org
I think we have a winner here! I cleared everything from the browser and
tried it again at a random time, and no phone call this time. Thanks for the
tip! I was getting a bit worried.
On Fri, Nov 26, 2010 at 2:59 PM, VIPCS vi...@stny.rr.com wrote:
But back to the original question – how did
NO dice this was already checked. Removed and re-added the server to the
Domain and still can't contact the domain.
Z
Edward E. Ziots
CISSP, Network +, Security +
Network Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505
From: Ziots, Edward
Did you reboot the DC's after you made this change?
Greg Sweers
CEO
ACTS360.comhttp://www.acts360.com/
P.O. Box 1193
Brandon, FL 33509
813-657-0849 Office
813-758-6850 Cell
813-341-1270 Fax
From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Monday, November 29, 2010 10:05 AM
To: NT System
Change was already there, when we upgraded to the Domain to Windows 2008
R2 accordingly. I am thinking this is the first time these Windows NT
4.0 Server was rebooted after the domain was upgraded to Windows 2008 R2
DFL/FFL.
So basically we can login to the server ( means Netlogon and the
I have a server in a DMZ I am troubleshooting, for fun I tried Windows's
Troubleshoot and repair and it said found the problem, let us fix it and it
simply flipped it from a statically assigned IP to a DHCP one.
Not quite what I was looking for, but interesting nonetheless.
David Lum // SYSTEMS
You sure that's all it did?
David Lum david@nwea.org 11/29/2010 7:38 AM
I have a server in a DMZ I am troubleshooting, for fun I tried Windows's
Troubleshoot and repair and it said found the problem, let us fix it and it
simply flipped it from a statically assigned IP to a DHCP one.
Not
I'm sure it did other stuff like clear the ARP and DNS caches etc, was just
interesting that it flipped the IP addressing mode. Make sense though, if you
don't know what you're doing that tool could be a lifesaver.
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk)
If you didn't know what you were doing, you really shouldn't be logged on to
a server in the DMZ.
That's one of the bad things about Windows Server - clueless users in small
enterprises think they know how to work it. They'd be less trigger-happy on
the console of a Unix system, I'm sure.
On 29
Hey list,
I have a couple fiber networking questions. I should start out by asking if
there is a mailing list or a good online resource for this kind of question, as
this is not exactly on topic for this list. If somebody can point me that way,
I'll take my question there.
If I have existing
All I can tell you is that when I wanted to upgrade my bandwidth between
buildings I utilized the existing fiber to go from 10Mbit to 1000Mbit simply
by ditching the media converters and going with mini-GBICs on both sides
plugged into switches. Worked like a charm for me. I suspect you're correct
Agreed!
From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Monday, November 29, 2010 8:07 AM
To: NT System Admin Issues
Subject: Re: W2K8 R2 Troubleshoot and repair
If you didn't know what you were doing, you really shouldn't be logged on to a
server in the DMZ.
That's one of the bad
Hi,
I don't know of a mailing list, but the best online resource for this
information is your switch vendor.
Whether you can use your existing fiber depends on what kind of fiber it
is. It also depends on how many connections exist between your core
switch and the endpoint. Each connection
The speeds supported by a fiber link depend on length and core size.
I know for a fact if you put in 50 micron multimode your existing 1G
GBICs, SFPs and other transceivers will continue to work just fine.
If you're going to pull new fiber you should consider running 9 micron
singlemode instead.
We are about to lease a new space for a WAN site. This location will be a base
for our nomadic users as well as a training center. I plan to provide wireless
access for our nomadic staff as well as guest. For those of you doing this,
what is your vendor of choice? I recall Aruba networks
So, it sounds like you would prefer the SM solution. This brings costs up...
alot. Those darn SM transceivers are expensive, and the MM ones aren't exactly
cheap either.
We've been using the MM fibers between buildings, and SM between sites. Some of
these cables are circa 1995, so I'm sure
We use Aruba. It will do all you need.
I've had ours for 3 years and not one minute of unplanned downtime.
From: Tom Miller [mailto:tmil...@hnncsb.org]
Sent: Monday, November 29, 2010 9:40 AM
To: NT System Admin Issues
Subject: Wireless Question
We are about to lease a new space for a
I think most multi-mode fiber can handle the 10G you are looking for.
What you need to know for sure is to get the technical specifications of
the fiber you have (length, core size in microns, etc.) and compare that
against the requirements from your hardware (transceiver) vendor.
Bill Mayo
snarky question
How much planned downtime? Sm:)e.
/snarky question
--Matt Ross
Ephrata School District
- Original Message -
From: Martin Blackstone
[mailto:mblackst...@gmail.com]
To: NT System Admin Issues
[mailto:ntsysad...@lyris.sunbelt-software.com]
Sent: Mon, 29 Nov 2010
09:50:48
I have a 2008 R2 server in a DMZ and I need it to authenticate it with our AD
but it tells me domain is not available.
Per this article:
http://blogs.msdn.com/b/rds/archive/2009/07/31/rd-gateway-deployment-in-a-perimeter-network-firewall-rules.aspx
I have the following firewall ruled from the
Snark away ... but 'planned downtime' = 'maintenance window' to me
Erik Goldoff
IT Consultant
Systems, Networks, Security
' Security is an ongoing process, not a one time event ! '
-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
Sent: Monday, November
Not maintained by me, but our Network Group loves their Arubas.
Don Guyer
Systems Engineer - Information Services
Prudential, Fox Roach/Trident Group
431 W. Lancaster Avenue
Devon, PA 19333
Direct: (610) 993-3299
Fax: (610) 650-5306
don.gu...@prufoxroach.com
-Original Message-
From:
Only for occasional software upgrades. Maybe once a year
-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
Sent: Monday, November 29, 2010 10:01 AM
To: NT System Admin Issues
Subject: RE: Wireless Question
snarky question
How much planned downtime? Sm:)e.
I was hoping to hear a response of very little, but I also wanted to be aware
if there was a need for big maintenance windows with the Aruba system.
The Snarks were just a failed attempt at humor.
--Matt Ross
Ephrata School District
- Original Message -
From: Erik Goldoff
It doesn't take long...
-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
Sent: Monday, November 29, 2010 11:04 AM
To: NT System Admin Issues
Subject: RE: Wireless Question
I was hoping to hear a response of very little, but I also wanted to be
aware if there
It is my understanding that you should be able to “ping [domain name]”
from the domain controller. I am receiving this message: “Ping
request could not find host [domain name]. Please check the name and
try again.” Where do I start to troubleshoot?
Sharie
~ Finally, powerful endpoint
Additional Information: Windows Server 2003 R2 Standard Edition SP2
On Mon, Nov 29, 2010 at 2:34 PM, Sharie Breaux sharielbre...@gmail.com wrote:
It is my understanding that you should be able to “ping [domain name]”
from the domain controller. I am receiving this message: “Ping
request
Dcdiag and netdiag.
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
-Original Message-
From: Sharie Breaux [mailto:sharielbre...@gmail.com]
Sent: Monday, November 29, 2010 2:36 PM
To: NT System Admin Issues
Subject: Re: Domain Controller can’t
Thanks - have downloaded and will look into.
On Mon, Nov 29, 2010 at 2:38 PM, Michael B. Smith mich...@smithcons.com wrote:
Dcdiag and netdiag.
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
-Original Message-
From: Sharie Breaux
Wouldn't it be simpler (and more secure) to put IPSec in place? Far
fewer holes to poke in the firewall, for a start.
I'm ignoring for a moment that it's sinful to have a machine in the
DMZ auth (or start *any* conversation beyond perhaps DNS or SMTP) with
a machine in the production network.
+1
The OP should consider putting a RODC (read-only domain controller) in
the DMZ.
On 11/29/2010 2:49 PM, Kurt Buff wrote:
I'm ignoring for a moment that it's sinful to have a machine in the
DMZ auth (or start *any* conversation beyond perhaps DNS or SMTP) with
a machine in the production
I'm simply following what is being preached but the Terminal Server / Remote
Desktop Services guides and documentation. Machines hit the gateway (the only
open port between it and the Internet is 443) and users have to be
authenticated before running only of the approved applications.
IPSec
Wow.
MSFT actually says you should put domain members in a DMZ and allow
them to initiate traffic back into the production network?
That's all fscked-up.
If I put a machine in the DMZ, it's a member of a workgroup, and the
production network talks to it, not the other way around (except for
And I don't think anything says to put a domain member (of an internal forest)
in the DMZ. If that is what the OP is suggesting, I think he misunderstands
Otherwise, let me know exactly where you read that, and I'll contact a PM on
the RDS team and get it corrected.
Regards,
Michael B.
Well, I just went back and read the blog post.
That's a buncha-bull-hocky.
Use ISA/TMG/UAG instead.
Or just open port 443 to a broker inside the LAN. I'm not sold that MITM
attacks are realistic with current SSL certificate strengths.
I'll contact a RDS PM and ask WTF?
Regards,
Michael B.
Had to see the doc for myself.
http://blogs.msdn.com/b/rds/archive/2009/07/31/rd-gateway-deployment-in-a-perimeter-network-firewall-rules.aspx
Still can't believe my eyes.
It says:
When there is no AD DS in the perimeter network, ideally the servers in the
perimeter network should be in a
I must be misunderstanding the page, bullet point 1:
Following are the possible AD DS
modelshttp://technet.microsoft.com/en-us/library/dd728030%28WS.10%29.aspx
that are suitable for RD Gateway:
•
No AD DS in perimeter network: There is no AD in the perimeter network and RD
Gateway (in the
Does it not matter that there are two firewalls involved? Or is the assumption
here that an attacker can easily get past 443 and compromise the box in the DMZ?
We can't use ISA and what is TMG/UAG?
Dave
-Original Message-
From: Webster [mailto:carlwebs...@gmail.com]
Sent: Monday,
Ok, I fired off a quick email and got a quick response. That blog applies to
'server 2008' but not 'server 2008 r2'. I'm awaiting details regarding 'server
2008 r2' and how it differs. Apparently they fixed it in R2. I'll follow up
when I have more details (and time).
TMG/UAG are the
BTW the 2008 R2 RDS Resource Kit is RTM.
Webster
-Original Message-
From: Michael B. Smith [mailto:mich...@smithcons.com]
Subject: RE: 2008 R2 RDS (was Terminal Server)in DMZ to 2K3 DC in LAN
Ok, I fired off a quick email and got a quick response. That blog applies to
'server
http://technet.microsoft.com/en-us/library/dd560672(WS.10).aspx
Welcome to my world. I have a 2008 Terminal Server Resource kit but am finding
a lot that was changed with R2 (not the least of which is the name change from
Terminal Server to Remote Desktop Services).
Dave
-Original
Sidestepping the follow-on questions of whether a domain is appropriate in
the first place, port 445 seems to be missing (it is used for some RPC
functions), and possibly ports 137-139 (for NetBIOS). You should do a
netstat -a -b -n to see what ports are open on the internal AD server, and
also
But yet SR-3 is still downloadable, as are a whole list of individual
security updates, and there are pages and pages of documentation on SR-1 and
SR-3.
Go figure
Sincerely,
Jeffrey and Mary Jane Harris
VIPCS
_
From: Micheal Espinola Jr
Greetings:
How do disable users from download any software from the internet other than
windows updates and files like .pdf, .xls, .doc, etc.
TIA,
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
---
To manage
Keep these guys in your shortlist..
http://www.ruckussecurity.com/
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or
It's called take away local Admin rights.
On Mon, Nov 29, 2010 at 8:45 PM, Juned Shaikh jsha...@gmail.com wrote:
Greetings:
How do disable users from download any software from the internet other
than windows updates and files like .pdf, .xls, .doc, etc.
TIA,
~ Finally, powerful endpoint
Hire a competent sysadmin.
--Original Message--
From: Juned Shaikh
To: NT System Admin Issues
ReplyTo: NT System Admin Issues
Subject: Blocking files from being downloaded
Sent: Nov 29, 2010 23:45
Greetings:
How do disable users from download any software from the internet other than
How does taking admin rights away stops them to download softwares from i.e.
Softpedia?
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
---
To manage subscriptions click here:
Hold on..
NLB is just dumb load balancing. No different than an F5, CoyotePoint,
whatever. It's just dumber because it has no application awareness.
When was the last time you tried F5?
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~
When was the last time you phrased a question with more specificity than this
abomination:
How do disable users from download any software from the internet other than
windows updates and files like .pdf, .xls, .doc, etc.
?
You want to provide any info on what infrastructure you're running
If they can't install it, what good is downloading it then?
On Mon, Nov 29, 2010 at 9:05 PM, Juned Shaikh jsha...@gmail.com wrote:
How does taking admin rights away stops them to download softwares from
i.e. Softpedia?
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~
They can still run no-install-needed software and software that installs
itself into the user profile e.g. Chrome.
The answers to the original question are any or all of the following.
a) use a gateway or proxy server that blocks the unwanted downloads.
b) use WSUS to distribute Microsoft
56 matches
Mail list logo