Re: Fake antivirus

Get autoruns out and find out where the entry point is Sent from my BlackBerry® wireless device -Original Message- From: "John Aldrich" Date: Thu, 16 Jun 2011 22:14:20 To: NT System Admin Issues Reply-To: "NT System Admin Issues" Subject: RE: Fake antivirus This came in handy today...

RE: file copying

Yah, maybe it was robocopy I ran through. It was odd, I did a whole shared folder that had dozens of sub folders with different ACLs. I watched it for a few minutes and then randomly spot checked a few files, it looked good. The next business day several people complained they couldn't get to fi

RE: Dear Dell

I would be curious to know the size of the companies. I will soon be building out 9 data centers and I need to decide if I want to go Dell or HP. Right now, I am thinking HP. From: Sam Cayze [mailto:sca...@gmail.com] Sent: Monday, June 06, 2011 5:33 PM To: NT System Admin Issues Subject: RE:

Re: file copying

XCOPY /O ROBOCOPY *ASB *(Professional Bio ) Harnessing the Advantages of Technology for the SMB market... On Thu, Jun 16, 2011 at 9:31 PM, Level 5 Lists wrote: > I have a client that we need to migrate about 2tb of data. I recently used > xcopy gui but

RE: Fake antivirus

This came in handy today... I got a call right after lunch today (Thursday) about a computer that was showing the symptoms. I used RKILL to get rid of the active process and then cleaned it with MBAM and followed the instructions in the link. However, this particular variant appears to have had a t

Re: file copying

robocopy /mir /r:1 /w:10 /sec As a scheduled task, too. Repeat as necessary until you're ready to switch everyone over. Retries once on a problem, and waits 10 seconds between retries. I used it to stage data that was being in use from direct storage to our SAN. dat store is only about 500 GB,

RE: file copying

I moved over 6TB for a client earlier this year with robocopy. We moved it in stages, but if you have got gigE between the servers, you can run multiple robocopies at once, up to the limits of your I/O subsystems. If you need file diffs, take a look at DeltaCopy and cwRsync. Regards, Michael B

RE: [Bulk] file copying

Tried Robocopy? From: Level 5 Lists [mailto:li...@levelfive.us] Sent: Thursday, June 16, 2011 9:32 PM To: NT System Admin Issues Subject: [Bulk] file copying I have a client that we need to migrate about 2tb of data. I recently used xcopy gui but it didn't seem to bring a lot of permissio

RE: computer password question

I think it depends on how long the VPN is connected. But in general, I agree with you (presuming we are not referring to single-factor DirectAccess). Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b.

Re: computer password question

It depends If the logon happens after the computer makes the connection to a DC, then the computer account password will update. Some VPN drivers will make a firewall and network connection before the user sees the logon prompt. Someone should correct me here, but I believe that if you're lau

Re: Proliant RAID config question

Since you have a *couple* of servers, you should be fine. (More precisely, you have 4 drives) Assuming you don't like the advice already provided (or it somehow fails to work, which I think will be very unlikely), you can try another exciting option: - Take 3 drives, and create your RAID1 wi

Re: Resetting Domain Administrator password - Server 2008 R2

I inherited this :) won't be like this going forward you can bet! On Thu, Jun 16, 2011 at 1:26 PM, Steven Peck wrote: > It may just be time to build and document it right as awful as that option > seems to be. You gain the long term benefit o fknow exactly what the > environment is now. > > > O

RE: [OT] SCOM cracks me up.

That's just an estimate. It might be slightly less than that. -sc > -Original Message- > From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] > Sent: Wednesday, June 15, 2011 9:42 AM > To: NT System Admin Issues > Subject: [OT] SCOM cracks me up. > > Sometimes these alerts just make

RE: [OT] Citibank worse at security than Sony

> But things always go wrong in large IT shops. True... but it's useful to try and limit those failures to new and fun events, as opposed to basic stuff that's in "Secure site design 101", because failures of that nature when you are as high profile as Citibak would likely indicate failures on mul

RE: [OT] Citibank worse at security than Sony

Egads. And oof. -sc > -Original Message- > From: Ben Scott [mailto:mailvor...@gmail.com] > Sent: Tuesday, June 14, 2011 11:36 PM > To: NT System Admin Issues > Subject: [OT] Citibank worse at security than Sony > > So... 200,000 or so Citigroup customers have had their person info sto

Re: Proliant RAID config question

Just as a thought...build one for grins & giggles and then try and add the hot spare (I seem to recall doing something similar in the past couple of years and didn't have any problems)...worst case...you're redoing one server Cheers, Cameron On Thu, Jun 16, 2011 at 3:55 PM, Eric Wittenberg wrote:

RE: Capturing video from YouTube?

For file format support VLC is good. For accuracy and quality, Media Player Classic - Home Cinema edition is hard to beat (especially with the madVR renderer), and nearly as flexible for file formats. -sc > -Original Message- > From: John Cook [mailto:john.c...@pfsf.org] > Sent: Monday,

RE: Resetting Domain Administrator password - Server 2008 R2

DaRT and ERD should both be able to handle this. That being said, I've used the DSRM/service-account and DSRM/at-cmd solutions both before, with success. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Steven Peck [mailto:sep...@gmail.com] Sent: Thur

Re: Resetting Domain Administrator password - Server 2008 R2

It may just be time to build and document it right as awful as that option seems to be. You gain the long term benefit o fknow exactly what the environment is now. On Thu, Jun 16, 2011 at 12:31 PM, Ben N wrote: > No this is like a onsite user demo environment, but on a bigger scale. 2 > Physica

help with unresponding esx host

I am fighting a hung esx host. Question, I have my view connection server on this esx host. We are at the point of hitting the power button on the host. Anyone know if this will disrupt the vdi clients running? Thanks in advance. dave This email and any attached files are confiden

Re: Proliant RAID config question

Of all the RAID controllers I've worked with (Proliant server and Dell PowerEdge) there has never been a problem adding a hotspare. Most will even allow you to migrate the hotspare into the array (raid 1) and migrate it to raid 5 while it is live without data loss. Eric Wittenberg On Thu, Jun 16

RE: Fake antivirus

Looks like Sept 1 2011. http://clearclouddns.com/ If using - may want to set a secondary DNS before anyone forgets. (OpenDNS might be a decent alternative) Cheers! Tammy _ From: David [mailto:blazer...@gmail.com] Sent: Thursday, June 16, 2011 2:46 PM To: NT System Admi

Re: Resetting Domain Administrator password - Server 2008 R2

No this is like a onsite user demo environment, but on a bigger scale. 2 Physical hosts and about a dozen VMs.. it is no way a copy of our production AD. On Thu, Jun 16, 2011 at 12:29 PM, Guyer, Don wrote: > If this is going to be a copy of your live AD environment, any way you can > back the li

Proliant RAID config question

I'm building a couple of DL360's that have been delivered with 1 hard drive too few... - each should have 3 drives, for a RAID1 plus 1 hot-spare config.. - only two drives per server are currently available... I'm thinking that I Can go ahead & build the RAID1 array, then come back & add a hot spa

RE: Resetting Domain Administrator password - Server 2008 R2

If this is going to be a copy of your live AD environment, any way you can back the live up to a DVD (or other media) and restore it into this environment? I know, not a "quick" solution... J Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed - A Team, Tier 2 E

Re: Resetting Domain Administrator password - Server 2008 R2

No one else that works here still was a DA. These servers have been off for almost a year. I don't want to have to rebuilt AD.+ -Ben On Thu, Jun 16, 2011 at 12:18 PM, wrote: > No one else was a DA ? >-- > > > > > > > > From:Ben N > To:"NT System

Re: Hiding Outlook 2003 Icon

I would use NTFS perms or a redirected Start Menu GPO Sent from my BlackBerry® wireless device -Original Message- From: "Ralph Smith" Date: Thu, 16 Jun 2011 14:56:57 To: NT System Admin Issues Reply-To: "NT System Admin Issues" Subject: RE: Hiding Outlook 2003 Icon That should work.

Re: Resetting Domain Administrator password - Server 2008 R2

No one else was a DA ? From: Ben N To: "NT System Admin Issues" Date: 06/16/2011 03:17 PM Subject:Resetting Domain Administrator password - Server 2008 R2 So i have an old set of servers as VMs. They had their own AD servers as well, but no one remembers the logon o

Resetting Domain Administrator password - Server 2008 R2

So i have an old set of servers as VMs. They had their own AD servers as well, but no one remembers the logon or work here anymore. I am trying to go through and reset the the domain administrator account password. I have already blanked out the machine useraccount, so i can reboot, F8, pick direc

RE: Hiding Outlook 2003 Icon

That should work. From: Webster [mailto:carlwebs...@gmail.com] Sent: Thursday, June 16, 2011 12:14 PM To: NT System Admin Issues Subject: RE: Hiding Outlook 2003 Icon Change the permission on the icon. Carl Webster Consultant and Citrix Tech

Re: Fake antivirus

I heard Sunbelt is going to discontinue the ClearCloud service -- anyone know if/when that's going to happen? David On Thu, Jun 16, 2011 at 6:53 AM, Jonathan wrote: > I've run into a nice variant of this just this morningthe window is > titled, "Windows Vista Restore" and the caption at th

Re: Determine who has VPN access?

Dude. You are awesome! Thanks so much for this. HUGE help. And thanks for the other feedback as well. As always, much appreciated. On Thu, Jun 16, 2011 at 11:05 AM, Mike Wiebke wrote: > You can do this with a saved query in ADUC.  Just create a new query and > select > "Custom Search" for t

Re: Default C: drive permissions

On Wed, Jun 15, 2011 at 11:28 AM, James Rankin wrote: > I agree, particularly in a Terminal Services environment. But I have just > checked a 2003 R2 server and found the same thing. Indeed. The permissions you see have been the default since Win 2000, IIRC (basically "forever"). We have long

Re: Hiding Outlook 2003 Icon

If you set the Start menu item for Outlook to hidden it will not show up when you display the Start Menu. Eric Wittenberg On Thu, Jun 16, 2011 at 10:03 AM, Robert Jackson wrote: > I have setup an x64 Windows 2003 Server (Standard Edition) running Terminal > Services and have installed M$ Office

RE: Hiding Outlook 2003 Icon

How about an explicit deny on the folder/exe? John W. Cook System Administrator Partnership For Strong Families 5950 NW 1st Place Gainesville, Fl 32607 Office (352) 244-1610 Cell (352) 215-6944 MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4 From: Robert Jackson [mailto:r...@walkermartyn.co.u

RE: Hiding Outlook 2003 Icon

Just delete the Shortcut in the All Users Start Menu folder? From: Robert Jackson [mailto:r...@walkermartyn.co.uk] Sent: Thursday, June 16, 2011 11:04 AM To: NT System Admin Issues Subject: Hiding Outlook 2003 Icon I have setup an x64 Windows 2003 Server (Standard Edition) running Terminal

RE: Hiding Outlook 2003 Icon

Change the permission on the icon. Carl Webster Consultant and Citrix Technology Professional http://dabcc.com/Webster From: Robert Jackson [mailto:r...@walkermartyn.co.uk] Subject: Hiding Outlook 2003 Icon I have setup an x64 Windows 2003 Serv

RE: Hiding Outlook 2003 Icon

I don't have an answer on hiding the icon, but how about a gpo software restriction policy that does not let them run outlook.exe? They will click the icon and get a deny message. From: Robert Jackson [mailto:r...@walkermartyn.co.uk] Sent: Thursday, June 16, 2011 12:04 PM To: NT System Admin Iss

RE: Fake antivirus

Good to hear Mike, Just in case some others missed it - http://supportforums.sunbeltsoftware.com/messageview.aspx?catid=76 &threadid=7944&enterthread=y If still getting redirects after the rog

Hiding Outlook 2003 Icon

I have setup an x64 Windows 2003 Server (Standard Edition) running Terminal Services and have installed M$ Office 2003. What I now want to do is stop a group of users on this server from seeing and therefore being able to run the MS Outlook 2003 icon in the Start Menu. Anyone know of a way? Is

Re: Fake antivirus

TrueBut on another note... THAT my friend, is one AWESOME disclaimer! JR On Thu, Jun 16, 2011 at 10:14 AM, James Rankin wrote: > Application whitelisting saves me from annoyances like this, generally > > > On 16 June 2011 15:11, Mike Sullivan wrote: > >> I ran into this on Monday, at least

RE: Image Editing software

+1. And built it myself[1] from a kit. -sc [1] Well, with my Dad. > -Original Message- > From: Rankin, James R [mailto:kz2...@googlemail.com] > Sent: Thursday, June 09, 2011 6:54 PM > To: NT System Admin Issues > Subject: Re: Image Editing software > > I used to live a fulfilled elec

Re: Fake antivirus

+100 for Tammy's instructions! JR On Thu, Jun 16, 2011 at 10:11 AM, Mike Sullivan wrote: > I ran into this on Monday, at least I have my users locked down and they > only saw the message that the hard drive was failing and their shortcuts > disappeared. I followed Tammy's instructions and had i

Fake order receipts

Just a heads-up... several of my users have received emails over the past few days allegedly containing a link to an order confirmation page or receipt for something they never ordered. I tried to go to one of these sites today on my Linux box using Google Chrome and got a warning that the page I w

Re: Determine who has VPN access?

You can do this with a saved query in ADUC. Just create a new query and select "Custom Search" for the query type. Click on the Advanced tab and enter msNPAllowDialIn=TRUE for the query. I think this is case sensitive . Mike W. - Original Message From: Eric Brouwer To: NT System

RE: Determine who has VPN access?

Try this: adfind -s subtree -f "msNPAllowDialIn=TRUE" username note that the "TRUE" is case sensitive... Don't have ADFind? Get it from joeware.net... *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** > -Original Message- > From: Eri

RE: Determine who has VPN access?

You could write a script to go through all the accounts in AD and check for a "true" value for "msNPAllowDialIn". If you are not a scripter, there are a lot of examples out there about making a VBScript that parses through user accounts; just modify it to look for this value. -Original Messag

Determine who has VPN access?

Greetings! I have a Windows 2003 Server configured for VPN access. Is there a way to determine what users/groups have the Dial-In/VPN right outside of going through each user in Active Directory? Thank you, Eric ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~

Re: [OT] Citibank worse at security than Sony

On Wed, Jun 15, 2011 at 10:55 AM, Free, Bob wrote: > If recent history is any indicator, they will get a big bailout for their > malfeasance, any indiscretions will be ignored by regulators, they will pat > themselves on the back with huge bonuses for weathering the storm, and the > consumer will

Re: [OT] Citibank worse at security than Sony

On Wed, Jun 15, 2011 at 10:52 AM, Andrew S. Baker wrote: > Well, we (collective we) have to stop giving them easy outs. > > They find ways to make sure that they can use hot-off-the-presses technology > to get order entry or other more-direct-to-revenue projects done, and heads > roll appropriatel

Re: Fake antivirus

Application whitelisting saves me from annoyances like this, generally On 16 June 2011 15:11, Mike Sullivan wrote: > I ran into this on Monday, at least I have my users locked down and they > only saw the message that the hard drive was failing and their shortcuts > disappeared. I followed Tammy

Re: [OT] Citibank worse at security than Sony

On Wed, Jun 15, 2011 at 10:46 AM, Ken Schaefer wrote: > ... 10 years ago. If that’s when the app was developed, the programmers > probably > didn’t know better ... That excuse gets tossed around a lot -- "we weren't being attacked then", or "this is a new threat". I consider it bull. Compu

Re: Fake antivirus

I ran into this on Monday, at least I have my users locked down and they only saw the message that the hard drive was failing and their shortcuts disappeared. I followed Tammy's instructions and had it cleaned up pronto! On Thu, Jun 16, 2011 at 6:53 AM, Jonathan wrote: > I've run into a nice var

Re: Fake antivirus

I've run into a nice variant of this just this morningthe window is titled, "Windows Vista Restore" and the caption at the top of the window says, "PC Performance & Stability analysis report". It is telling me hat the hard drive is failing and that private data is at risk. When I went into the

Re: [OT] Citibank worse at security than Sony

On Wed, Jun 15, 2011 at 8:17 AM, Ken Schaefer wrote: > You can push all you like. But it's not your area of expertise. So you rely > on other people to tell you that the app works well. Things will always still > slip through the cracks. This isn't something that "slipped through the cracks".

Re: windows 7 forensics

On Wed, Jun 15, 2011 at 5:14 PM, Jonathan wrote: > As for creating a forensically sound image, the "best" are supposedly FTK > Imager, from Access Data Products, and EnCase (mentioned by Art DeKneef > earlier in this thread) from Guidance Software ... The classic *nix tool "dd" will do a perfec