Yes, and I noticed that with default options doesn't clone proportionally as
Ghost did
Guido Elia
HELPPC - HELPPC SERVICE
-Messaggio originale-
Da: Ben Scott [mailto:mailvor...@gmail.com]
Inviato: martedì 14 agosto 2012 19.13
A: NT System Admin Issues
Oggetto: Re: Clonezilla compared
Just to help drive the point home, I have been asked by Directors in our
organization why we have such long passwords when their banks don't require
it or even prevent it. There is a perception in the laity, for lack of a
better word, that because banks deal with money that they are secure.
On
In some business perception is the truth, no matter what the real truth
might be. Just because banks, deal with money does not make them secure,
they are just bigger targets, which speaks to Ken's comment earlier
about the awareness of threats, because they are dealing with it 24x7
and a breach
Maybe banks need a Wall of Shame like us healthcare providers.
From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Wednesday, August 15, 2012 8:07 AM
To: NT System Admin Issues
Subject: RE: For your reading pleasure
In some business perception is the truth, no matter what the real truth
I use YUMI for setting up a USB Drive to self-boot with some utilities on
it, and Clonezilla being one of them.
I have had no issues with it. Clones a drive faster than Ghost and/or EASUS
Backup. There is anothet utility, in Linux, but can't remember it's name.
Something like 'Ghost Not for
Personal customer passwords for online banking are only a very small part of
the security systems a bank has. Just because passwords aren't as complex as
you would like, it doesn't follow that banks are not secure.
Additionally, forcing overly complex passwords can also, sometimes, decrease
Per the suggestions from the list, I put dig on my squirrely DNS server and ran
dig +trace www.studyisland.comhttp://www.studyisland.com. Results are:
===
; DiG 9.3.2 +trace www.studyisland.com
;; global options: printcmd
. 19740 IN NS b.root-servers.net.
.
Passwords are a part of security for everyone. It is likely that
administrative access to that customer system is also limited to an 8
character password. So as a hacker, I don't go after an individual
customer account, I go after the admin account. Woo hoo, I can now reset
passwords on all the
Oh, and to add... Each of my sites has its own DNS server. All other DNS
servers are resolving this address fine. All servers are behind the same
firewall.
Curiouser and curiouser.
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, August 15, 2012 8:50 AM
To: NT
Good point. Apple's. Seriously I *should* be excited about the new gadget
because intellectually I know it will be a boon, but I'm really not. Like
healthy food, just because I know it's better to have it than not, doesn't mean
I have to like the idea.
Having said that, I don't see it as an
I'm not saying that banks are secure
I'm stating that the contentions being put forward by others are not supported
by evidence we have before us. Namely my bank has password requirements less
than what I have at work - they allow only 8 characters and don't allow
Unicode. Therefore they are
PING (Partimage Is Not Ghost) is what you're thinking of. :)
On Wed, Aug 15, 2012 at 5:45 AM, Daniel Rodriguez drod...@gmail.com wrote:
I use YUMI for setting up a USB Drive to self-boot with some utilities on
it, and Clonezilla being one of them.
I have had no issues with it. Clones a
On 14 Aug 2012 at 22:04, Carl Houseman wrote:
Is this something new for you? It's not new to the rest of us. And if you
only get 2 - celebrate.
I post infrequently enough here I haven't noticed off-list OOO messages. Maybe
my spam filter trapped them.
Meanwhile, thanks for posting the
Because I'm an idiot.
On Wed, Aug 15, 2012 at 9:22 AM, Ken Schaefer k...@adopenstatic.com wrote:
I’m not saying that “banks are secure”
** **
I’m stating that the contentions being put forward by others are not
supported by evidence we have before us. Namely “my bank has password
Your DC has multiple IP addresses?
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, August 15, 2012 9:08 AM
To: NT System Admin Issues
Subject: RE: DNS Lookup Failing for One Address
Oh, and to add... Each of my sites has its own DNS server. All other DNS
servers
Are the root hints on that DNS correct, as compared to the other DNS
servers? Can you resolve the DNS roots? Because its trying to go to
.com on root first and them to studyisland but its not even getting to
.com DNS root, in your db2 switch debug.
Z
Edward E. Ziots, CISSP, Security +,
Honestly at one time or another everyone would be on that wall of
Shame.. just don't be on the wall of Sheep at Blackhat in Vegas.. That
is one list you don't want to be shown on...
Z
Edward E. Ziots, CISSP, Security +, Network +
Security Engineer
Lifespan Organization
I wasn't super jazzed when I got my iPhone (original one back in 2007). It
was a gift. I didn't think I needed it at the time. That changed rather
quickly. I use the phone in all sorts of ways I'd never expected I would
at the time. The phone part of it does suck, still, to be sure. But I
You aren't an idiot Jonathan,
Trust me if you digged deep enough there is going to be some
bank/webpage that will have an SQL Injection or XSS flaw, that might
allow bypass of the entire authentication process itself. But that
might be going too far down the rabbit whole of possibilities but
Yup. When we decommissioned the old server this server replaced, some devices
were still looking for it for DNS (they had static settings). So we assigned
the old server's address to the new one as a second address.
John
From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Wednesday,
I have a theory. Often when Mr. Smith asks a question he isn't looking for an
answer to that question, he is pointing you towards the answer for your problem.
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, August 15, 2012 10:33 AM
To: NT System Admin Issues
And I did consider that.
:)
However, (A.) this server's configuration hasn't changed in the years since it
was deployed, (B.) we've done the same thing at our other sites that aren't
having problems, and (C.) DNS is working 100% correctly at the site in question
except for the failure of
AKA fishing lesson :)
From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
Sent: Wednesday, August 15, 2012 7:36 AM
To: NT System Admin Issues
Subject: RE: DNS Lookup Failing for One Address
I have a theory. Often when Mr. Smith asks a question he isn't looking for an
answer to that
Yep, and I prefer it that way.
From: Free, Bob [mailto:r...@pge.com]
Sent: Wednesday, August 15, 2012 10:49 AM
To: NT System Admin Issues
Subject: RE: DNS Lookup Failing for One Address
AKA fishing lesson :)
From: Kennedy, Jim
Well, since you are desperate. :) Remove one of the addresses, bounce the DC
and retest.
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, August 15, 2012 10:44 AM
To: NT System Admin Issues
Subject: RE: DNS Lookup Failing for One Address
And I did consider that.
While officially supported, having multiple IP addresses on a single DC is not
recommended and has caused problems all the way back to NT 3.5.
If you just want to make this work - host the domain locally. Create it in your
DNS servers. Probably the quickest way to fix the problem.
Meinolf
I did disable DNS on one of the two addresses and restarted the service. No
difference.
I haven't tried removing the whole address from the TCP/IP settings.
From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
Sent: Wednesday, August 15, 2012 10:55 AM
To: NT System Admin Issues
Subject:
Another option is to set up conditional forwarding on the 'bad' dns server to
one of your 'good' dns servers for just studyisland.com
That way you will be out of the business of manually working on that zone as
studyisland moves or changes things.
From: Michael B. Smith
Alas, network traces are outside of my skillset. I may have to bring in outside
help for that. I'm a technology generalist-lots of breadth, less depth.
If I wanted to host the domain locally... I would just go to Forward Lookup
Zones, right-click, select New Zone, and go from there? With us
Wow, it would never, ever occur to me to give a DC multiple IP addresses.
Multiple NIC's, yes, but teamed. Amazing that's it's supported, but that just
may be my ignorance due to my SMB-scale focus.
I need to work with Ken and experience big environments!
Dave
From: Michael B. Smith
Thanks again. My ironport rep says that I will have to sub categorize
them myself when I determine they are this or that type of traffic.
I will just rely on the fact that the majority will be citrix or webex
based and send my team alerts on all of those class 'c' hosts. Enough
harassment of
I can look at a network trace for you, if you want to send it over, I
have done it for others on the list to help them out with problems, and
its good practice.
Z
Edward E. Ziots, CISSP, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org
From: John
To David's point - except when used in bonding (for failover) - most big
environments would avoid this with a 10-foot pole. The behavior can seem quite
non-deterministic and can be difficult to debug.
From: Webster [mailto:webs...@carlwebster.com]
Sent: Wednesday, August 15, 2012 11:34 AM
To:
And we have a winner!!!
So, I was totally unfamiliar with conditional forwarding. I just tried what you
suggested, and voila-it works.
I realize this is a workaround, and I still want to tackle the root of the
problem. But this at least buys me some time.
From: Kennedy, Jim
If you don't have any old equipment with static listings of the older
IP address of the DC, remove the older IP address.
If you do have older equipment with static listings, but don't have
any newer equipment with static listings, and want to preserve the old
address, then during off-hours remove
I'm going to remove the older address after hours--maybe this weekend--and see
what happens.
-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Wednesday, August 15, 2012 1:10 PM
To: NT System Admin Issues
Subject: Re: DNS Lookup Failing for One Address
If you don't
What's the best way to detect whether a user is offline or online (I.e.
Connected to the corporate network)? I thought maybe query the %logonserver%
variable but that might also apply to online situations where a DC cannot be
contacted for whatever reason. I'm sure there must be a way,
Just install MOC! :p
You might use lastlogon from the DCs. I remember the scripting guy blog
having something on it.
Ahh found it:
http://blogs.technet.com/b/heyscriptingguy/archive/2010/01/27/dandelions-vcr-clocks-and-last-logon-times-these-are-a-few-of-our-least-favorite-things.aspx
Not sure if this is what you are asking but I track logons with a logon script
that writes to a csv file on a server share. You could modify it a bit and add
a second script to track logoffs. It is the only thing I have found to be
reliable. Then I have a scheduled task each night to rename
What I am looking for is something - file, variable, reg key, etc. - that would
indicate a computer wasn't (or was) logged on to the corporate network. You
could use some sort of ping, but that would be no good if ping was blocked or
the target that determines the online status was offline or
You can do that with Twitter list, too. So, instead of getting the RSS feed
for a single profile at a time, you can get a single feed for a group of
profiles. You have to set up your own lists, though.
From: Sam Cayze [mailto:sca...@gmail.com]
Sent: Wednesday, August 15, 2012 4:15 PM
To:
The problem is that it's hard to define logged on. You don't really log on
to the network. You log on to a *computer* by authenticating against a domain
controller. You probably want some way to check if you're connected to a
network and can reach a domain controller.
-Original
On Wed, Aug 15, 2012 at 2:25 PM, Rankin, James R kz2...@googlemail.com wrote:
What's the best way to detect whether a user is offline or online (I.e.
Connected to the corporate network)?
I suspect we need more context.
What are you trying to accomplish? What's the end goal? What
problem
Or maybe some way to check if logged on with cached credentials? Maybe checking
for an event with logon type 11 might be a way forward here I'm thinking
---Blackberried
-Original Message-
From: Crawford, Scott crawfo...@evangel.edu
Date: Wed, 15 Aug 2012 20:59:11
To: NT System Admin
Of course. But, Twitter is the safest login token so it's useful to have
anyway.
From: Sam Cayze [mailto:sca...@gmail.com]
Sent: Wednesday, August 15, 2012 4:47 PM
To: NT System Admin Issues
Subject: RE: Twitter via RSS
I imagine you could, but you'd need a Twitter account.
From:
I've got someone using a program and they want to alter its behaviour based on
whether the user is connected to the corporate network or not - specifically,
whether the apps they will be using are XenApp offline streamed apps or
delivered via the online plugin. Basically, is there any way to
I imagine you could, but you'd need a Twitter account.
From: Rod Trent [mailto:rodtr...@myitforum.com]
Sent: Wednesday, August 15, 2012 3:37 PM
To: NT System Admin Issues
Subject: RE: Twitter via RSS
You can do that with Twitter list, too. So, instead of getting the RSS feed
for a single
via ADSI attempt to open LDAP://domain.name
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://theessentialexchange.com/
From: Rankin, James R [kz2...@googlemail.com]
Sent: Wednesday, August 15, 2012 5:42 PM
To: NT System Admin Issues
Subject:
Yeah, even if they logged in with cached credentials, they may be connected to
the network now. You basically need to just check the availability of the
service you want to use before using it. I have no idea how to do that with
XenApp, but that's where I would look. Even if the DC is ping-able
On Wed, Aug 15, 2012 at 5:42 PM, Rankin, James R kz2...@googlemail.com wrote:
I've got someone using a program and they want to alter its behaviour based
on whether the user
is connected to the corporate network or not - specifically, whether the apps
they will be using are
XenApp offline
Here's what MSFT uses to determine if the user is connected to the
corporate network.
Have an external host (web site, ftp site, whatever site, as long as
it has a name) that can't be pinged from the inside. Also have an
internal host that can't be pinged from the outside. Run a client on
the
I'm still running my pilot of DA/UAG on an old Dell PE 1950. Since
we're not ready to purchase the hardware and take the pilot to a real
rollout, I'm thinking I might wait until Server2012 comes out and
migrate to the new hardware with that.
Kurt
On Wed, Aug 15, 2012 at 5:17 PM, Rod Trent
Have a small customer that wants to allow VPN access through their
Smoothwall filter/firewall (Smoothwall, NOT Sonicwall). Routing and Remote
Access (RRAS) is setup and enabled on the Windows 2008 R2 DC. I was able to
connect through VPN to the RRAS server's IP when INSIDE their network
I didn't call them idiots, even though you quoted that. Someone else may
have, but you were responding to me. I find the patchwork method of
securing bank systems to be poorly thought out and far too limiting to me
as an end user. I want and like having my password be of some size in
excess of 15
54 matches
Mail list logo
