Re: Datadomain / Exagrid - Backup Times over Cat5

On Tue, Apr 9, 2013 at 10:55 AM, Jon D wrote: > I'm trying to wrap my head around the speed of backup appliances like Data > Domain and Exagrid. > The thing that doesn't make sense to me is the backups are going across > Cat5. > It seems like they would be really slow for a full backup. That de

Re: Datadomain / Exagrid - Backup Times over Cat5

Thanks everyone. It seems like it's as simple as the Cat5 cable is the bottle neck. I think DD does have a pre-backup dedupe, but only if it's talking to a server with a client loaded. Wouldn't help with backing up file shares on an EMC SAN. Somehow I need to figure out how to get data on 1 EMC SA

Re: GPOs back from the dead

Well, it looks like the answer to my problems was found here: http://support.microsoft.com/kb/840674 I had one DC that was a replication partner to all other DCs. It passed every replication diagnostic test I could throw at it except one: nothing would actually replicate... I did a non-authorit

RE: Blocking executables for the root of a share

Nice-I think they used to be only user-based. Haven't looked for them in the Computer config node. From: David Lum [mailto:david@nwea.org] Sent: Tuesday, April 09, 2013 11:38 AM To: NT System Admin Issues Subject: RE: Blocking executables for the root of a share The one I am looking at is a

Re: Blocking executables for the root of a share

Ah right gotcha now - path-based rules. Forgot about that bit :-) I'm just interested to see how modern SRPs stack up against the software I work with. Ta, JR Sent from my Blackberry, which may be an antique but delivers email RELIABLY -Original Message- From: Miller Bonnie L. Date

RE: Blocking executables for the root of a share

The one I am looking at is a computer policy: Computer..Policies...Windows Settings...Security SettingsSoftware Restriction policies From: kz2...@googlemail.com [mailto:kz2...@googlemail.com] Sent: Tuesday, April 09, 2013 11:26 AM To: NT System Admin Issues Subject: Re: Blocking executables f

RE: Blocking executables for the root of a share

They are user policies, so if it's SRPs, it would be for those users logging on, blocked via UNC or some other connection path. If these are the only accounts with access to the shared resources, it should do the trick. As someone else mentioned, you could use FSRM on the file server also to bl

Re: .ZIP file e-mail attachments

On Tue, Apr 9, 2013 at 7:51 AM, David Lum wrote: > Do any of you guys still allow this? I ask because at %formerjob% they were > blocked, but %dayjob% allows them, and last week and today we’ve received > infected .ZIP files. Last week was another autorun outbreak, today we caught > it before anyo

Re: Blocking executables for the root of a share

Can you make SRPs specific to a share? I thought they were user policies? (Long time since I used them though) Sent from my Blackberry, which may be an antique but delivers email RELIABLY -Original Message- From: Miller Bonnie L. Date: Tue, 9 Apr 2013 11:07:37 To: NT System Admin Issu

RE: Blocking executables for the root of a share

I can actually block the creation/execution with McAfee, but assuming a broken or unprotected endpoint, GPO can block execution should a file get there. From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu] Sent: Tuesday, April 09, 2013 11:08 AM To: NT System Admin Issues Subject: RE: Bloc

RE: Blocking executables for the root of a share

I would think David is referring to SRPs (Software Restriction Policies) for the GPO-based blocking. -Bonnie From: kz2...@googlemail.com [mailto:kz2...@googlemail.com] Sent: Tuesday, April 09, 2013 10:51 AM To: NT System Admin Issues Subject: Re: Blocking executables for the root of a share Wha

RE: Blocking executables for the root of a share

I wouldn't let any exe's on any user share anywhere. I block all of that and a host of others that we deemed unneeded with FSRM. From: David Lum [mailto:david@nwea.org] Sent: Tuesday, April 09, 2013 1:47 PM To: NT System Admin Issues Subject: Blocking executables for the root of a share Our

Re: AD Simple LDAP authentication question

+1 *ASB **http://XeeMe.com/AndrewBaker* * **Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market…*** On Tue, Apr 9, 2013 at 10:34 AM, Michael B. Smith wrote: > Absolutely nothing, unless you’ve done this: > > ** ** >

Re: Blocking executables for the root of a share

What GPO prevents execution from a specific folder? Is that a file server policy? I'm a little out of date in that area On the issue stated, I wouldn't let users have the permissions to drop files in the root of shared areas Sent from my Blackberry, which may be an antique but delivers email R

Re: .ZIP file e-mail attachments

On Tue, Apr 9, 2013 at 10:51 AM, David Lum wrote: > Do any of you guys still allow this? I ask because at %formerjob% they were > blocked, but %dayjob% allows them, and last week and today we’ve received > infected .ZIP files. Our plan: An email containing any dangerous file is quarantined. Tha

Re: Datadomain / Exagrid - Backup Times over Cat5

Can't speak to Exagrid, but think of the DD boxes as if they are NAS devices. My (older model) 530 can ingest data as fast as I can throw information at it. Regarding speed, I suppose too slow is as too slow does. GigE is fast enough for my backups given their size. Here are some statistics abo

RE: .ZIP file e-mail attachments

Same here. -Paul From: John Cook [mailto:john.c...@pfsf.org] Sent: Tuesday, April 09, 2013 9:54 AM To: NT System Admin Issues Subject: Re: .ZIP file e-mail attachments We quarantine all zip files. They have to request release so we have a chance to see what it is. John W. Cook Network Operation

RE: .ZIP file e-mail attachments

My policy is to block zip files by size. If you block all zips smaller than 500k you'll stop all the viruses. Allow zips larger than 500k and those will be the legit files. Sounds sort of silly but it absolutely works. Obviously I have scanners and such running too but that is my attachment

Re: .ZIP file e-mail attachments

We quarantine all zip files. They have to request release so we have a chance to see what it is. John W. Cook Network Operations Manager Partnership for Strong Families From: David Lum [mailto:david@nwea.org] Sent: Tuesday, April 09, 2013 10:51 AM To: NT System Admin Issues Subject: .ZIP fil

Re: .ZIP file e-mail attachments

Goes to the unsustainable nature of reactive antivirus. Your signatures can barely keep up with new variants. Proactive application management FTW On 9 April 2013 15:51, David Lum wrote: > Do any of you guys still allow this? I ask because at %formerjob% they > were blocked, but %dayjob% allow

RE: .ZIP file e-mail attachments

We mostly rely on our appliance (IronPort) to catch them, but we do have a special rule that quarantines any password-protected ZIP files (because the appliance can't inspect those). From: David Lum [mailto:david@nwea.org] Sent: Tuesday, April 09, 2013 10:51 AM To: NT System Admin Issues Sub

RE: AD Simple LDAP authentication question

Absolutely nothing, unless you've done this: http://support.microsoft.com/kb/935834 But if that third party application is running in your forest already, it doesn't even need that. From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Tuesday, April 9, 2013 10:28 AM To: NT System

RE: AD Simple LDAP authentication question

I'm looking into this: http://technet.microsoft.com/en-us/library/cc778124(v=ws.10).aspx Which I wasn't aware of before. Looks like what I was interested in, but then I read this: "This setting does not have any impact on ldap_simple_bind or ldap_simple_bind_s. No Microsoft LDAP clients that

Trimming stale cookies

I often get profiles bloated out with stale cookies. The Citrix User Profile Management tool can actually scan your index.dat file at logoff and remove references to stale cookies, before mirroring the folder to ensure consistency (see this article http://blogs.citrix.com/2011/01/25/notes-on-synchr

Re: POSH PtH - this is...

Must be good. MSFT has acquired them. Kurt On Tue, Apr 9, 2013 at 6:09 AM, Andrew S. Baker wrote: > Check out PhoneFactor... > > > > > > *ASB > **http://XeeMe.com/AndrewBaker* * > **Providing Virtual CIO Services (IT Operations & Information Security) > for the SMB

RE: AD Simple LDAP authentication question

+1 My question was directed more to the fact that any "Authenticated User" has pretty much full read-access to AD anyway. -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Monday, April 8, 2013 7:14 PM To: NT System Admin Issues Subject: Re: AD Simple LDAP authentic

Re: POSH PtH - this is...

Check out PhoneFactor... *ASB **http://XeeMe.com/AndrewBaker* * **Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market…*** On Tue, Apr 9, 2013 at 12:20 AM, Kurt Buff wrote: > If I had one, I would. > > We're a small org,

Re: RESOLVED: Excel 2010 problem - can't quite figure it out

Social/Professional networking is key to mobility (upward or even sideways)... Start using it judiciously. :) *ASB **http://XeeMe.com/AndrewBaker* * **Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market…*** On Mon, Apr