DISA requires renaming and disabling the guest account. I understand the
logic, rename the account from the get-go and then if you use it (not that I
know anyone that does), it is not the default name. This is easily done with
a GPO.
DISA has guidelines about seriously restricting access to the
I think renaming of accounts is seriously outdated now, personally. The SID
can just as easily be used to identify the account anyway. I'm surprised MS
still maintain the Guest account - I've never known anyone use it, as you
say.
On 11 May 2011 11:05, Robert Cato cato.rob...@gmail.com wrote:
I think there are still some facilities that can make use of it, but it's
probably there more for backwards compatibility at this point.
Easy enough to keep disabled.
*ASB *(Professional Bio http://about.me/Andrew.S.Baker/bio)
*Harnessing the Advantages of Technology for the SMB market...
How would knowing the SID help, assuming you are able to get some malicious
code onto the network, and wanted to attack something?
Guest can easily be disabled, but needs to be kept disabled: does anyone
monitor this in most environments? Probably not...
But then again, if something can enable
Egnyte looks like it would do the trick. I going to talk it over and show it
to the medical powers that be over here.
Thanks,
James
On Tue, May 10, 2011 at 3:16 PM, Paul Hutchings
paul.hutchi...@mira.co.ukwrote:
Egnyte, accellion, allardsoft, quite a few options depending on budget,
Yeah, its similar to educational rates. For example, server 2008 costs us
$108.
On Tue, May 10, 2011 at 4:41 PM, William Robbins dangerw...@gmail.comwrote:
Depending on whether you want internal vs. external support of this file
transfer, SP is worth looking into. Especially if it's internal
I'd never heard of this till I stumbled across an article at The Register
about it, but apparently it is a security vulnerability of sorts
http://isc.sans.edu/diary/Time+to+disable+WebGL+/10867
--
On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong
Local Security Policy?
Carl Houseman c.house...@gmail.com 5/9/2011 6:46 PM
Want to set a logoff script on 7-HomePremium. It's the ONLY feature I need
from 7-Pro and not enough of a need to buy a 7-Pro upgrade.
I know about \windows\system32\grouppolicy\User\Scripts\Logon. But just
How do you explode?
How have you modified the default unattend?
childish moment
And just because you brought it up: ID-10-T!
:-)
/childish moment
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
From: itli...@imcu.com [mailto:itli...@imcu.com]
Sent:
Couldn't you do some funkiness with a scheduled task? You can set logon
scripts in the user properties, but logoffI can't think of a way around
that. Do you get startup and shutdown scripts on Home Premium (I know they
aren't the same, but)
On 10 May 2011 02:46, Carl Houseman
Secpol.msc does not come with Home Premium.
I've found a registry location that contains the script information
(HKCU\Software\Microsoft\Windows\CurrentVersion\Group
Policy\Scripts\Logoff\...), but simply writing the keys and values isn't
enough to make the script execute. Using Pro for testing,
ImageX ? not sure what explode means?? And I feel it, dumb, so dumb...
From: Michael B. Smith [mailto:mich...@smithcons.com]
Posted At: Wednesday, May 11, 2011 10:51 AM
Posted To: itli...@imcu.com
Conversation: sysprep remedial class
Subject: RE: sysprep remedial class
How do you
You said Then on the mini setup I explode - how do you explode?
By how did you modify the default unattend I mean which options did you
change and what did you change them to?
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
From: itli...@imcu.com
Yep, logoff is not a trigger for a scheduled task.
Some auto-starting thing could simply lie in wait until told to shut down by
logoff and then do it's thing, but if it took too long doing that thing,
then the system would put up warnings about a task not stopping etc. And I
would bet that
Are you able to see where it's writing to with process explorer?
-Original Message-
From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Wednesday, May 11, 2011 7:56 AM
To: NT System Admin Issues
Subject: RE: Where are local group policy user logon/logoff scripts
configured/stored?
I have no idea where the auditor was coming from. I'm hoping to get
additional, more formal information.
- Sean
On Tue, May 10, 2011 at 11:46 AM, Andrew S. Baker asbz...@gmail.com wrote:
Encrypt them from who?
They're not accessible unless the machine is off and one has physical
access...
This would fall under NCUA standards. I believe they mirror most of the CIS
standards.
I would understand if they came in and said we should have full drive
encryption on certain servers. It was the statement indicating that our
event logs should be encrypted that threw me.
- Sean
On Tue, May
Haven't gotten that far yet, was hoping to find someone else who'd already
solved this before inventing this wheel.
-Original Message-
From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu]
Sent: Wednesday, May 11, 2011 11:13 AM
To: NT System Admin Issues
Subject: RE: Where are
No, I'm pretty sure they aren't even much help providing examples of
solutions.
- Sean
On Tue, May 10, 2011 at 12:08 PM, Jonathan Link jonathan.l...@gmail.comwrote:
Are they shilling for a company that provides a product?
On Tue, May 10, 2011 at 3:43 PM, Sean Martin
On 10 May 2011 at 11:04, Erik Goldoff wrote:
I agree with you, the percentage will be tiny ... but I personally stopped
buying anything Sony years ago with the DRM/Rootkit events.
+1
--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
Security Blog: http://geoapps.com/
~
On 10 May 2011 at 7:40, Jonathan wrote:
I know it has been less than 24 hours since I posed the question, and
i'm usually a pretty patient guy when it comes to this list, but the guy is
probably going to begin the format/reinstall process today if I don't have a
solution for him. Any ideas?
On 11 May 2011 at 14:39, James Rankin wrote:
I'd never heard of this till I stumbled across an article at The
Register about it, but apparently it is a security vulnerability of
sorts
http://isc.sans.edu/diary/Time+to+disable+WebGL+/10867
The issue with WebGL isn't a vulnerability
We do syslog the event logs to Symantec SIM but I haven't been given any
information that leads me to believe that transmission is what the auditor
wants encrypted. I believe once the logs are at rest in SSIM they are
encrypted.
- Sean
On Tue, May 10, 2011 at 6:58 PM, Level 5 Lists
On 10 May 2011 at 13:58, James Kerr wrote:
I need to setup some kind of server that folks can access easily through a
browser to upload, create folders and or download files. Basically I'm looking
for an FTP type server with a nice easy to use GUI for our medical staff to be
able to upload
I think the confusion with that auditor may be revolving around taking
protected as implying encrypted.
There is a generic audit concept that system logs should be protected, I have
had to explain on occasion to big 3 auditors how the windows security logs on
DCs are protected from prying eyes
Then they need to provide the source documentation on the log encryption
requirement.
We had a similar type of issue (not logs, but something else) finding once,
turns out the auditor was familar with a UNIX audit standard and was trying
to apply things that weren't relavant. We challanged on
On Tue, May 10, 2011 at 2:30 PM, Jonathan ncm...@gmail.com wrote:
Rule #1 - end users LIE!
Indeed. One guy calls it rule #7, but I think it's misplaced:
http://trioptimum.com/truth/
-- Ben
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~
On Tue, May 10, 2011 at 5:13 PM, jimmy...@comcast.net wrote:
I've been searching all over but haven't had a fix. I just setup a new
2k8dc but the sysvol folder has not replicated from my primary DC. Don't
really see any thing in the logs. The route is open between sites. Anyone
have any
I've been running dcdiag and it does report a few errors that I can't seem to
resolve. I have not tried repldiag so I'll give that a shot. This is the only
error I get with dcdiag but still have not found the solution.
Starting test: NetLogons
Unable to connect to the NETLOGON
REPLDIAG is for advanced troubleshooting of particular intricacies of AD
replication, e.g lingering objects. Not generally needed in AD troubleshooting.
Very helpful if you are dealing with lingering objects but not really germane
here.
Sysvol is replicated by FRS unless it's at 2008 forest FL
it does report a few errors that I can't seem to resolve
Stop and resolve them. Or at least determine if they are relevant. DCDIAG is
you friend here. What it tells you determines where to go next.
Run dcdiag /test:frssysvol /s:servername and dcdiag /test:frsevent
/s:servername
What do
Bob,
dcdiag /test:frssysvol comes back good.
dcdiag /test:frsevent comes back with the message, there are warning or error
events withing the last 24 hours after the sysvol has been shared
I'm convinced I have a FRS issue. I tried this:
I'm not going to say that it can't be done - I don't consider myself a
master-developer. But the interfaces don't match. A CDO.Message attachment is
(under-the-hood) an IBodyParts enumerated collection of IBodyPart. A Net.Mail
attachment is either a URI (which may be a filename) or an IStream
Michael B. Smith mich...@smithcons.com wrote:
I don’t consider myself a master-developer.
Well crap, that lowers my opinion of my own limited PowerShell skills even
further.. :)
On Wed, May 11, 2011 at 10:19 AM, Michael B. Smith mich...@smithcons.comwrote:
I’m not going to say
Thanks Michael,
Is this how I accomplish that:
PS D:\ $adTypeText = 2
PS D:\ $objMail = New-Object -comobject CDO.Message
PS D:\ $objStream = $objMail.GetStream()
PS D:\ $objStream.type = $adTypeText
PS D:\ $objStream.LoadFromFile( D:\...\0bfcb7ff01cbf3a50007.eml )
PS D:\ $objStream.Flush()
PS
Ahh, explode means I get an error that I don't remember the verbage to
and can't resolve without a reboot and fail again.
I had changed the local user password but I am in the process of getting
a virgin image and unattend right now to try again.
From: Michael B. Smith
Yes, it does look promising. To clean up (good for you, so few people bother in
PowerShell to clean up) I think this should do it:
$mailer = new-object Net.Mail.SMTPclient($SMTPserver, $SMTPserverport)
$msg = new-object Net.Mail.MailMessage($from, $to, $subject, $emailbody)
$attachment =
Dude, you would be AMAZED (well, I am, but I'm geeky that way) at some of the
stuff some of the PowerShell MVPs have done...it makes me feel like I'm drawing
in large block letters with crayons.
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
From: Steven
I call this House Rule #1 - Everybody lies.
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: Wednesday, May 11, 2011 11:40 AM
To: NT System Admin Issues
Subject: Re: Win 7 IE
I chat occasionally with Joel Bennet ... I understand 1 word in 5. He's
using the English language I think, but still... :)
On Wed, May 11, 2011 at 10:44 AM, Michael B. Smith mich...@smithcons.comwrote:
Dude, you would be AMAZED (well, I am, but I’m geeky that way) at some of
the stuff some
Ain't that the truth! :D
-Original Message-
From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Wednesday, May 11, 2011 2:04 PM
To: NT System Admin Issues
Subject: RE: Win 7 IE Temp Environment variable woes Outlook cannot create
the work file
I call this House Rule #1 -
Ok Explode=
Windows could not parse or process the unattend answer file for pass
[specialize]. The settings specified in the answer file cannot be
applied. The error was detected while processing settings for component
[Microsoft-Windows-Shell-Setup]. OK
From: Michael B. Smith
Have you visually examined the XML file in WISM?
Have you looked at the errorlog file?
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
From: itli...@imcu.com [mailto:itli...@imcu.com]
Sent: Wednesday, May 11, 2011 2:33 PM
To: NT System Admin Issues
The XML for that key is the ProductKey for KMS. I am removing the whole
XML key and see if the will Sysprep properly. I'll get it ... sooner
than later.
From: Michael B. Smith [mailto:mich...@smithcons.com]
Posted At: Wednesday, May 11, 2011 2:44 PM
Posted To: itli...@imcu.com
Who is NOT going? I will be there.
On Wed, May 11, 2011 at 2:04 PM, Rod Trent rodtr...@myitforum.com wrote:
Who is going?
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
---
To manage subscriptions click
Cool. Nice to narrow it down.
So the sysvol share is present and netlogon share is not?
Safe to assume that there is content in
\Windows\SYSVOL\domain\DO_NOT_REMOVE_NtFrs_PreInstall_Directory and
\Windows\SYSVOL\domain\scripts does not exist?
You flipped SysvolReady to 0 and back to 1 per the
IF you are going, hook up with us on Monday at 12:30pm in the Microsoft
Server Cloud Platform Booth.
http://myitforum.com/cs2/blogs/rtrent/archive/2011/05/07/twitter-army-ii-tec
hed-edition-the-details-msteched.aspx
From: Steve Ens [mailto:stevey...@gmail.com]
Sent: Wednesday, May
I'm interested in the Exchange event that always happens...anyone know
details on that or any other informal gathering?
On Wed, May 11, 2011 at 2:26 PM, Rod Trent rodtr...@myitforum.com wrote:
IF you are going, hook up with us on Monday at 12:30pm in the Microsoft
Server Cloud Platform Booth.
I am not going but I remember my first TechEd back in 2004. If I hadn't met
Jim Holmgren through this list and then met him in person at TechEd 2004, I
would have been lost. I was new to Exchange and Jim had to keep explaining
things to me in all the Exchange sessions.
Webster
From:
My first one was 2005 in Orlando...
Second was Sun City in 2007
Third will be Atlanta.
On Wed, May 11, 2011 at 2:30 PM, Webster carlwebs...@gmail.com wrote:
I am not going but I remember my first TechEd back in 2004. If I hadn’t
met Jim Holmgren through this list and then met him in person at
TheKrewe tends to capture most of the informal events. Have you looked at
their web site or Twitter profile?
From: Steve Ens [mailto:stevey...@gmail.com]
Sent: Wednesday, May 11, 2011 3:30 PM
To: NT System Admin Issues
Subject: Re: OT: TechEd 2011...
I'm interested in the Exchange event
I'll be working the AD and FIM booths in the TLC all week
Thanks,
Brian Desmond
br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: Rod Trent [mailto:rodtr...@myitforum.com]
Sent: Wednesday, May 11, 2011 12:05 PM
To: NT System Admin Issues
Subject: OT: TechEd 2011...
Who is
Yes that is correct, the netlogon share is not available when entering net
share. There is no content in the \Windows\SYSVOL\domain folder. I did
restart netlogon and rebooted the machine after chaing the flag to 0 and back
to 1 but that didn't work.
The errors in the FRS event log just
Ah memories... I do really miss hanging out at TechEd. I haven't been
since...2005 or 2006, I forget which it was. I believe it was in Boston
- so probably '06.
You long ago snatched the Exchange pebble from my hand, grasshopper.
Jim Holmgren
Senior Manager, Infrastructure Services
Done.
On Wed, May 11, 2011 at 2:35 PM, Rod Trent rodtr...@myitforum.com wrote:
TheKrewe tends to capture most of the “informal” events. Have you looked
at their web site or Twitter profile?
*From:* Steve Ens [mailto:stevey...@gmail.com]
*Sent:* Wednesday, May 11, 2011 3:30 PM
*To:* NT
SOLUTION FOUND
VIPRE Email Security has what's called Attachment Filter [was right under
our noses]. We are *now* able to prevent specific documents from being
attached and emailed by specific users [or department]. All Policy features
in the Attachment Filter tabs worked quite well, with minor
Come see me at booth 1905 and see GFI at booth 1915
There is a free signed book (hardcopy) give-away. Monday night at 6.
Stu
From: Steve Ens [mailto:stevey...@gmail.com]
Sent: Wednesday, May 11, 2011 3:20 PM
To: NT System Admin Issues
Subject: Re: OT: TechEd
I had a similar problem a couple weeks ago... ended up calling in a specialist.
He said he opened a case with Microsoft and they told him how to fix it. If
you'd like I can ask him to send me the details on how he fixed it (since we're
paying for it! *grin*) and forward those on.
From:
John,
That would be awesome if you can do that for me. I'm hoping the fix will work
for us.
Thanks!
- Original Message -
From: John Aldrich jaldr...@blueridgecarpet.com
To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com
Sent: Wednesday, May 11, 2011
This needs to be enabled in the NIC itself in its firmware.
From: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
Sent: Wednesday, May 11, 2011 10:47 AM
To: NT System Admin Issues
Subject: Remotely configuring WOL in Win7
I have several wkst's that have a version of a driver that by default
Hey Scott,
Yes, the bios has the setting enabled, but unless windows has the power
manglement settings configured they still don't wake.
At least that been my experience on every wkst I have seen. I have also come
about some drivers that don't enable it properly, where updating them and then
You said below to not install WAIK 3.0 if I am using MDT. What about
installing the WAIK supplement for Windows 7 SP1? It seems at the very
least I should extract Win PE 3.1 from it for compatibility with
Advanced Format (4K) Drives (or patch PE 3.0 with 982018)?
Thanks for your help.
If you have a newer level of WAIK (which the WAIK supplement is) that's fine.
Originally, we just had WINPE 3.1 without anything else.
However - that still isn't safe to use with SCCM 2007 R3. But with MDT, I
understand it's OK (I haven't tested it personally).
Regards,
Michael B. Smith
Thanks for the super-fast response!
From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Wednesday, May 11, 2011 3:29 PM
To: NT System Admin Issues
Subject: RE: Windows 7 Imaging
If you have a newer level of WAIK (which the WAIK supplement is) that's
fine.
Originally, we just
Cool. I'm not familiar with the WOL settings within windows. I guess I don't
understand why an OS setting would matter though. To me, its kinda like saying
the power button doesn't work until I enable it in the OS. Is this related to
recovering from suspend or hibernation?
I've only had
Your card was deducted accordingly...
-ASB: http://about.me/Andrew.S.Baker
Sent from my Motorola Droid
On May 11, 2011 6:34 PM, Jim Dandy jda...@asmail.ucdavis.edu wrote:
Thanks for the super-fast response!
From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Wednesday, May 11,
Yeah, trust me I thought it was stupid to. I presume the OS sets something at a
firmware level in the NIC to override it.
I'll have yet to update the drivers on a few, I'll try that and see if the
netsh cmd works after that otherwise I will resolve to doing it manually...
Thanks!
jlc
From:
All,
I'm still in the process of learning this PKI stuff, so I can roll out DA/UAG.
I picked up a copy of Brian Komar's Windows Server 2008 PKI and
Certificate Security [1], and in reading it I've come up with a buncha
(TM) questions. I'm starting on my second time through the book, and
am also
So
o - Don't put your Enterprise Certificate Authority on a DC. The tombstone
lifetime of the DC can expire long before you want to bring out the Enterprise
root.
o - Placing a CA root on a DC is fine in a test environment, but not in the
real world. IMO.
o - Use at least a two-tier
2006 was Boston - that was my only US Tech.Ed - I was presenting a session on
monitoring IIS with MOM, and met Mark Russinovich in the speaker room.
Cheers
Ken
From: Jim Holmgren [mailto:jholmg...@xlhealth.com]
Sent: Thursday, 12 May 2011 3:59 AM
To: NT System Admin Issues
Subject: RE: OT:
I am not Mr. Komar - and my consulting fees are about 1/3 of his (per hour).
:-) But I feel pretty good about my answers above.
One of my old bosses used to quip that Brian had a PhD in PKI.
You have a MBS in PKI, hence the 1/3 fee.
But despite that, I feel pretty good about your answers
I'm not Mr. Komar either, but you are absolutely correct in your
assessments...
On Wed, May 11, 2011 at 5:19 PM, Michael B. Smith mich...@smithcons.comwrote:
So
o - Don't put your Enterprise Certificate Authority on a DC. The tombstone
lifetime of the DC can expire long before you want
LOL - Well, given that you've answered the bulk of my questions, and
that Mr. Komar isn't available, I feel pretty good about them as well.
If I were a betting man, I'd bet that V2/V3 certs are a Good Thing
(TM). I'll probably recommend a couple of Enterprise licenses to take
care of the Root and
V2/V3 are definitely the way to go... Allows you more flexibility... Buy
one Enterprise license and you can run four VMs...
On Wed, May 11, 2011 at 5:32 PM, Kurt Buff kurt.b...@gmail.com wrote:
LOL - Well, given that you've answered the bulk of my questions, and
that Mr. Komar isn't
The question comes to my mind: Do I need Enterprise for both the Root
CA and the Issuing CA, and if not, do I need it just for the Root, or
just Issuing?
I'm also not sure of the value proposition in running Enterprise for
one of the CAs, and then some VMs on that host. Seems, well, weird
Just looking for some thoughts/feedback on what others are doing.
We have a number of home workers who have remote access capability based
around Oracle's Secure Global Desktop (a Tarantella WebTop derivative)
and RSA SecurID token technology. The setup is ideal: we give the users
a SecurID
76 matches
Mail list logo
