The whitelisted spammers are hammering my hotmail account so badly I can no longer use it. I'm getting spam in my inbox for viagra and all those other great keywords that obviously make the mail spam and these messages are immune to Hotmail's junkmail filters altogether.
As for Gmail, do you really trust a company to look after all of that data in your gmail account and not wrongly share it or give the wrong people access to it?
I like keeping all of my information as close to my chest as possible - on my server at my house.
No I am not sitting in a rocking chair on my front porch with a shotgun on my lap. But I'm seriously considering it.
Browsing through the comments I'm thinking people are missing the bigger picture here.
I know that Roadrunner blocks email from all of the static IP addresses from my local cable provider without even sending anyone a message, poof - the email just disappears into the ether without so much as a by your leave.
Maybe Comcast has crappy service and/or incompetant technicians but what they are doing amounts to the regulation of free speech. If we all just accept this then how can we trust that we are getting all of the email that is destined for our mailboxes? If we can't trust that all email sent to us through our ISP is getting to us then how can anyone depend on email at all? We might as well go back to using the telephone or physically meeting with people. And I hate dealing with people.
Is it possible that Comcast could be limiting our freedom to associate with whomever we want? I mean, I trust my phone company, I know they wouldn't limit my ability to call other people or give away all of my calling details to say the government despite it being a federal offense or expressly against my wishes. Maybe someone has asked Comcast to just stop emails from certain domains, like nytimes.com or truthout.org, iraq.com or nasa.com. Would we really know?
Can anyone here really tell me that an email they didn't know they were getting didn't get to their inbox? Maybe this has been happening for a while now? Maybe I'm a crazy conspiracy theorist, but if someone was censoring what email gets to people's inboxes wouldn't you think this was how it would start?
Yeah, I'm sure it's Comcast's incompetence and not a freedom of speech thing. Anyone seen where I left my shiny new hat?
What is the time frame for your servers to be restored in should servers and such completely fail?
If you don't know that answer to that question then how does your company know how much money to budget? Are you bound by HIPAA or Sarbanes-Oxley? You should know how much is your company's data worth prior to assigning a bidget.
Are some of your database servers supposed to be up 24x7? Maybe you should look at distributed transactions across databases located at different sites so if one server fails you still have everything live? Have you timed how long it takes to rebuild your servers to confirm your allotted time in your disaster recovery plan? Has your company considered imaging servers/ Is it possible to?
Have you consulted your disaster recovery plan? Have you checked with suppliers to see how long replacement parts will take to order? I can't tell you how many administrators get caught out by buying an expensive tape drive only to have it fail along woith the server and nothing can be restored until a new one can be sourced.
Without requirements, a disaster recovery time frame you will never be in control in the event of a disaster.
Your companies board of directors/owners will need this information. It's called operating under conditions of "due care and diligence".
If something goes wrong and you can't tell your boss exactly what is required and how long it will take to recover then you're working in the wrong job - a big part of being a network administrator is planning for ANY event.
Oh, most of the time my customers are happy with Robocopy. I hate paying for expensive hardware and backup software solutions when I can write something much simpler and document it properly rather than depending on someone else's buggy software. Of course this depends on the industry and their requirements.
Make sure that your boss completely understands these questions and issues. Ask him to see the current Business Continuity plan and Disaster Recovery documentation before you touch anything on those servers - can't stress that enough.
Hope that helps, sorry it's brief but if you're in charge of backups it's your job to be ANAL and PEDANTIC.
I moved to the US 5 years ago and have been running my own IT consultancy business for the past 4 years. I came from a largely socialist country and recently I have been trying to quantify my quality of life.
While I spend 12+ hours a day in front of my computers, I only have to leave my home/office for maybe 10 to 20 hours per week to maintain my income. I pay my mortgage and car note but am still not earning enough to cover my medical insurance costs - for me and the Mrs this is more than my mortgage and car note combined.
I worked for a small networking company when I got here. My experience taught me that working hard for someone else will simply not be rewarded in this capitalistic society. Sure I could get a better paying job with benefits but the costs associated include driving through rush hour traffic, getting up before 6am, workplace drug testing and missing all that computer time - which in my opinion is required just to maintain my level of expertise and aducation.
I consider myself more a procrastinator than a slacker but this is a trade off for the lifestyle which I obviously prefer.
Slacking in the workplace is not for entrepreneurs, it is for people that buy into the whole working 40+ hours a week for someone else. It's not that I don't have time for slacking off, but I get bored very easily and prefer to keep myself immersed in technology and anything I find interesting.
So I guess my answer is that if you reach the point where you want or do slack off in the workplace then you're doing the wrong thing. Every day for me is spent on the daily challenges of making sure I can pay my bills and the careful balancing act of making sure my quality of life is consistent with what I expect to get out of life.
I've found the wikipedia article on the American Dream to be very helpful (http://en.wikipedia.org/wiki/American_dream), especially if you read the synopsis to the play "Death of a salesman" that's linked there (http://en.wikipedia.org/wiki/Death_of_a_Salesman) .
Every person has different motivations, dreams and goals in life. Mine don't really include slacking, although they don't include working for faceless companies that will try and screw me out of my benefits and retirement before making me redundant with nothing. Ask the employees of Enron, which I believe was nothing more than a way for a board of directors to steal all of the money that had been set aside for the employees?
I find my work very rewarding, I love eing a useful member of my community for the businesses that can't afford to maintain their own networks. I'm also very fortunate in the way I can support myself.
I use Cox cable and I'm not having any problems with Vonage yet. I'm so happy with it I'm going to use it as the main line for my home based business.
I haven't noticed any quality issues, however this may just be because my ISP isn't a telco. I wouldn't have bothered posting to the forum except that I am interested to know how many people are unhappy with Vonage and if those people's ISP's are all telcos.
This is probably the biggest network neutrality battle that there is today and I wouldn't be at all surprised to find out that the majority of people with complaints have all had their service screwed with by those telco based ISP's.
I haven't seen too many posts here talking about RIS but that's the only solution I have stuck with over the years and it has its merits and is still my preferred method.
For me Ghosting is not a good solution because of all of the driver issues, the old SID problems from the NT4 days (fool me once...) and the amount of additional work required every time you want to update the image - service packs or applications for example. Also be aware that for Microsoft based products you will want volume licenses so you can reuse the same keys, this requires buying through a reseller and creating an account with Microsoft on the https://eopen.microsoft.com/ web site (I hate passport!).
One solution I am fairly happy with is a bootable CD I created which will install Windows 2000, XP, 98, 2003 Server from an answer file. Obviously only one or two OSes per CD but I can install any of those by typing a name for the machine, pressing enter and waiting an hour for the OS to actually install. Unfortunately this requires a few non Microsoft tools, which is probably why the lack of documentation. I use a Windows 98 bootable disk image (proprietary), the DOS version of sed (to parse the computer name from my DOS script), AEFdisk (to script the formatting of the disk) and CD writing software capable of grabbing a floppy disk image.
I still need to install drivers and software and configure the network. The cd has to have a hard coded key. But for PC repair it sure beats entering everything manually and pressing enter to bypass the installation screens.
RIS is similar but made for companies with at least one Microsoft based server. You create your answer files and install the OS from a dedicated partition on your RIS server, this is a pain of a limitation if you don't plan well in advance before you install your server/s.
There are several other limitations with RIS the show stopper has always been support of the PXE boot protocol, but nowadays most motherboards support PXE boot, you may have to enable it in the BIOS of your machines though. Many newer network chipsets are just not supported by Windows XP or 2003 server and RIS specific drivers can be difficult if not impossible to track down - the Marvel Yukon network drivers spring to mind.
Microsoft provides a bootable floppy disk to boot off of that provides generic drivers for many older network cards, several of my customers mandate specific network cards for each of their workstations.
To install a computer you press F12 for the PXE boot, provide the credentials of a user that has permission to install, breeze through a few configuration screens (depending on your RIS setup) and then the workstation is installed for you.
In my opinion this is where the process of imaging finishes and the beginnings of workstation management begins. I say this despite the software not being installed because you should be installing and managing your software through Active Directory and the use of MSI files.
Some applications come with MSI files for installation such as Microsoft Office and Norton AntiVirus. These applications can be managed by user or computer or groups thereof in Active Directory. This is far more flexible than imaging.
Many applications can also be installed silently via script, this can be problematic if your users don't have local administrative access to their workstations but you can bypass this restriction.
Microsoft has really done a piss poor job of creating automated installation tools for third party products for creating MSI files for use with Active Directory, all of these tools are expensive and don't have demo versions so I've never used one. All of the tools I have seen require that you install your workstation, start some monitoring program, install the software, reboot and then the monitoring program compares the machine before and after and creates an MSI file based on the differences. Microsoft should try employing some of those malware writers
There are two big problems I have with Dell computers:
First they have random unneeded software such as Musicmatch jukebox, Quickbooks Demo, various useless Dell phone home software packages etc. There have been several reviews of Dell gaming machines where some games won't even start because of incompatibilities some games have with Dell's TSR's.
Secondly, Dell's warranties aren't worth a crap. For example if a Dell computer has a bad hard drive it will take at least 3 hours of calls and diagnosis before you can get their helpdesk to send someone out to replace it. It's generally easier to go to (insert computer store here) and replace the drive yourself rather than wearing the cost of using Dell's helpdesk at all.
A lot of my customers use Dell computers. I support them a lot. If you do end up with one make sure to reinstal from scratch, try not to use the recovery CDs which will restore all the crappy Dell spyware with it.
For some time it has been easier to wipe and reinstall rather than repair an infection, of course this is dependant on knowing where your data is to begin with - hint: this is why we have servers. A reinstall (automated of course) will take less than 2 hours and everything is guaranteed to be working properly afterward. Properly eradicating most spyware takes a lot longer than this and doesn't guarantee that you or the program/s you use have gotten everything. Why even take the risk of repairing a spyware infection?
On Windows boxes I still see many spyware infections on computers where the users don't even have administrative access. This includes the adding and changing of system services that users don't (read as shouldn't) have access to change as well as totally screwing over the Windows system restore which I might add helps malicious software coders than the users actually trying to restore system files. All this from surfing a malicious site in IE.
It really is impossible to trust an infected machine even after every effort has been made to remove the spyware. This is something every Microsoft admin I know has known for some time, this should be a non story except that it's about a government branch that had 2000 spyware infected client machines and no disaster recovery plan - heads should be rolling.
You must be able to write very long reports that management and the board of directors will be reading. You will use terms like "Due Care and Diligence", "Disaster Recovery" and "Business Continuity Planning". Security professionals don't provide anything tangible to a business so to prove your value you must consider every potantial problem and document it in advance even if management doesn't even read your reports. This is the only way to cover your ass.
So many people consider Network Security to be about running sploits and such, but really its about risk management. Have a good look at certifications such as CISSP, read some of the self training books and if you don't get bored to tears reading them then think about what it would take to write them because thats what you'll be doing 90% of your time.
Where is the information? Where are the success stories with Howto's? What symbolic links should I mess with?
It's all very well to talk about AFS and ACLs and updating a bazillion desktops but you've given me nothing. Got any links to any of this? Bonus points for finding links and information that shows good ways to integrate this with Samba and CIFs to support current Windows based wiorkstations while we integrate Linux based desktops.
So thanks for your post, but unfortunately I have to rate it -1 uninformative.
I appreciate the reply. I've been using Linux on and off for upwards of 6 years now and while you've glossed over a solution you haven't pointed me to any useful information on how to achieve what you're saying.
Can I do a base install of Linux in 30 seconds like you say? What technologies would I use? How do you make sure the kernel is compiled with all of the appropriate drivers? What scripts should I be using to automate the copy from the CD or networked image?
I'm well aware that these things can be done, but I'm not aware of how. Where is the documentation? The Howto's? The sample code showing how to achieve these things?
Looking through this Slashdot article and the comments I'm seeing some people like yourself saying that these things can be done, but there is nothing showing or explaining how, which is the information the original poster was asking for and the reason why I made my post.
I've been trying to get Linux instaslled on the desktop for a few of my customers, but had problems finding a suitable model for deployment. Say what you will about Microsoft (and here most people do) but their deployment tools are pretty good. All of my new deployments utilise RIS (Remote Install Services) which greatly reduces client installation times.
Roaming Profiles and publishing applications via Active Directory also greatly reduces on site time. Workstations can be restored without anyone technical being required on site at all.
I've looked and looked and haven't been able to find any resources for doing similar tasks with Linux based desktops. The closest I've come up with is to use custom built CD Rom desktop OSes, but these are much slower than using a workstation with the OS installed on a local hard drive.
I'm sure it can be done, perhaps by remotely mounting common application and/home folders to a central server. But I've never seen any Howto's or even descriptions of anyone having done this in the enterprise before. Not to say it hasn't been done, just that noone's written how it's done (that I've been able to find).
Not much help I know, but it shows why my company is still an MS shop.
I've always wondered exactly how much Linux based knowlege a writer should have in order to write a report on the TCO of Linux based networks and software.
How much Real World/In the Trenches experience do you have implementing and supporting large network and software applications that run Microsoft products compared to *nix based solutions?
Exactly how experienced are you with Linux? What is your favourite distro? How long have you been running Linux?
What is the best thing Windows does better than Linux?
What is the best thing Linux does better than Windows?
Have you ever contributed to an Open Source project or been part of an Open Source community?
So they fix the problem by allowing you to burn a cd that is full of WMA files with DRM that disables the CD to be burned again. Where's the provision for fair use? If I buy a regular CD I should be able to copy it at the original high quality of sound that will play in all CD devices without having to install DRM crippled WMA files on a CD that would be nothing better than a coaster.
What about people that don't run Microsoft Windows? Can Mac's play DRM'd WMA files yet?
I can't think of a more stupid solution. Luckily Sony et al seem to have no problems finding people full of stupid solutions.
On the plus side, you won't have to worry about these DRM schemes until Microsoft finally produces a secure Operating System.
I do a lot of consulting in the business continuity/security networking field and there is only one way to deal with a problem like this.
Every security policy comes straight from management, the IT staff configure the network based on the decisions that management has made. Your company is just revising their security policy and have tasked you with abiding to it. All you need to do is devise a budget for complying with their requirements.
Your company has decided they need more advanced security precautions taken, it really is not your position to question their decision. Just tell them exactly what solutions can be implemented to meet their requirements. If I were you I would be very excited, you have a perfect opportunity to prove your knowledge and value to your employers. You also have a plethora of Open Source solutions available to you - maybe I'm a zealot - but this kind of work is very rewarding.
If you can't provide this, then you are the wrong person for the job, or they need to outsource. It's that simple.
As for places to start, I would consider the pen-test mailing list at www.securityfocus.com, there are also several other lists that they host. The archives should give you some excellent references of where to start. You should also consider this to be the perfect time to request training and reference materials - books.
You shouldn't be surprised that your employers requirements have changed, you work in technology, technology reviews should be undertaken regularly and findings should be acted upon. Don't fear the change, use it as a chance to make your job easier and increase your value to your employer.
I sure wish I could find more clients like your company!
John the Kiwi
Just because technology changes and your job has chganged
I'm an independant contractor with an MCSE that supports a small customer base of companies that mostly run Windows software. I have four development and testing computers at my house, all of which run Linux and free software solutions, this is because I cannot afford to buy Windows 2003 server, Office 2003, dev studio and a lot of other recent releases.
With my cost free Open Source testing platform I have designed and implemented quite a few solutions with software such as Open Office, Open Exchange, Samba etc.
With online activation and licensing restrictions I am not able to run any Microsoft software in a test environment to ensure it is adequately tested and ensure I am able to support it.
This is driving my skill set and support abilities away from Microsoft and squarely into the arms of the Open Source camp. What (if anything) is Microsoft doing to combat this and ensure that the professionals in the field that sell and support your software have access to the resources they require?
I used to think like that too. Right up until I moved to the States and started to receive more than 15 requests for credit cards and other business services in my mail box once I registered a company.
Spam doesn't affect trees. And the truth is that spam will always be around as long as there's money to be made from it. It's an end user education problem. As soon as end users are educated enough to know not to buy the things in the spam emails then there's always gonna be someone sending it.
As soon as the financial incentives are removed there will be no more spam problem. But right now spammers are making money hand over fist because people click on the links and buy the crap the spammers are hawking.
I stick with Mozilla because I can hit F6, type in my search terms and use the down arrow to search google. I can't remembet the last time I went to google.com.
Mozilla has everything I need that Thunderbird does and more. Thunderbird is also a little cartoony looking to me, maybe to match the ugly Windows XP interface - I guess that's a fairly subjective opinion. I don't even use mozilla suite either. Just the browser.
I've even tried o switch. My Windows 2000 server has Firefox on it but I just prefer Mozilla.
Slashdot Mirror
The whitelisted spammers are hammering my hotmail account so badly I can no longer use it. I'm getting spam in my inbox for viagra and all those other great keywords that obviously make the mail spam and these messages are immune to Hotmail's junkmail filters altogether.
As for Gmail, do you really trust a company to look after all of that data in your gmail account and not wrongly share it or give the wrong people access to it?
I like keeping all of my information as close to my chest as possible - on my server at my house.
No I am not sitting in a rocking chair on my front porch with a shotgun on my lap. But I'm seriously considering it.
Browsing through the comments I'm thinking people are missing the bigger picture here.
I know that Roadrunner blocks email from all of the static IP addresses from my local cable provider without even sending anyone a message, poof - the email just disappears into the ether without so much as a by your leave.
Maybe Comcast has crappy service and/or incompetant technicians but what they are doing amounts to the regulation of free speech. If we all just accept this then how can we trust that we are getting all of the email that is destined for our mailboxes? If we can't trust that all email sent to us through our ISP is getting to us then how can anyone depend on email at all? We might as well go back to using the telephone or physically meeting with people. And I hate dealing with people.
Is it possible that Comcast could be limiting our freedom to associate with whomever we want? I mean, I trust my phone company, I know they wouldn't limit my ability to call other people or give away all of my calling details to say the government despite it being a federal offense or expressly against my wishes. Maybe someone has asked Comcast to just stop emails from certain domains, like nytimes.com or truthout.org, iraq.com or nasa.com. Would we really know?
Can anyone here really tell me that an email they didn't know they were getting didn't get to their inbox? Maybe this has been happening for a while now? Maybe I'm a crazy conspiracy theorist, but if someone was censoring what email gets to people's inboxes wouldn't you think this was how it would start?
Yeah, I'm sure it's Comcast's incompetence and not a freedom of speech thing. Anyone seen where I left my shiny new hat?
JtK
I think you're jumping the gun a little here.
The first question you need to ask is:
What is the time frame for your servers to be restored in should servers and such completely fail?
If you don't know that answer to that question then how does your company know how much money to budget? Are you bound by HIPAA or Sarbanes-Oxley? You should know how much is your company's data worth prior to assigning a bidget.
Are some of your database servers supposed to be up 24x7? Maybe you should look at distributed transactions across databases located at different sites so if one server fails you still have everything live? Have you timed how long it takes to rebuild your servers to confirm your allotted time in your disaster recovery plan? Has your company considered imaging servers/ Is it possible to?
Have you consulted your disaster recovery plan? Have you checked with suppliers to see how long replacement parts will take to order? I can't tell you how many administrators get caught out by buying an expensive tape drive only to have it fail along woith the server and nothing can be restored until a new one can be sourced.
Without requirements, a disaster recovery time frame you will never be in control in the event of a disaster.
Your companies board of directors/owners will need this information. It's called operating under conditions of "due care and diligence".
If something goes wrong and you can't tell your boss exactly what is required and how long it will take to recover then you're working in the wrong job - a big part of being a network administrator is planning for ANY event.
Oh, most of the time my customers are happy with Robocopy. I hate paying for expensive hardware and backup software solutions when I can write something much simpler and document it properly rather than depending on someone else's buggy software. Of course this depends on the industry and their requirements.
Make sure that your boss completely understands these questions and issues. Ask him to see the current Business Continuity plan and Disaster Recovery documentation before you touch anything on those servers - can't stress that enough.
Hope that helps, sorry it's brief but if you're in charge of backups it's your job to be ANAL and PEDANTIC.
I moved to the US 5 years ago and have been running my own IT consultancy business for the past 4 years. I came from a largely socialist country and recently I have been trying to quantify my quality of life.
) .
While I spend 12+ hours a day in front of my computers, I only have to leave my home/office for maybe 10 to 20 hours per week to maintain my income. I pay my mortgage and car note but am still not earning enough to cover my medical insurance costs - for me and the Mrs this is more than my mortgage and car note combined.
I worked for a small networking company when I got here. My experience taught me that working hard for someone else will simply not be rewarded in this capitalistic society. Sure I could get a better paying job with benefits but the costs associated include driving through rush hour traffic, getting up before 6am, workplace drug testing and missing all that computer time - which in my opinion is required just to maintain my level of expertise and aducation.
I consider myself more a procrastinator than a slacker but this is a trade off for the lifestyle which I obviously prefer.
Slacking in the workplace is not for entrepreneurs, it is for people that buy into the whole working 40+ hours a week for someone else. It's not that I don't have time for slacking off, but I get bored very easily and prefer to keep myself immersed in technology and anything I find interesting.
So I guess my answer is that if you reach the point where you want or do slack off in the workplace then you're doing the wrong thing. Every day for me is spent on the daily challenges of making sure I can pay my bills and the careful balancing act of making sure my quality of life is consistent with what I expect to get out of life.
I've found the wikipedia article on the American Dream to be very helpful (http://en.wikipedia.org/wiki/American_dream), especially if you read the synopsis to the play "Death of a salesman" that's linked there (http://en.wikipedia.org/wiki/Death_of_a_Salesman
Every person has different motivations, dreams and goals in life. Mine don't really include slacking, although they don't include working for faceless companies that will try and screw me out of my benefits and retirement before making me redundant with nothing. Ask the employees of Enron, which I believe was nothing more than a way for a board of directors to steal all of the money that had been set aside for the employees?
I find my work very rewarding, I love eing a useful member of my community for the businesses that can't afford to maintain their own networks. I'm also very fortunate in the way I can support myself.
YMMV
I use Cox cable and I'm not having any problems with Vonage yet. I'm so happy with it I'm going to use it as the main line for my home based business.
I haven't noticed any quality issues, however this may just be because my ISP isn't a telco. I wouldn't have bothered posting to the forum except that I am interested to know how many people are unhappy with Vonage and if those people's ISP's are all telcos.
This is probably the biggest network neutrality battle that there is today and I wouldn't be at all surprised to find out that the majority of people with complaints have all had their service screwed with by those telco based ISP's.
John the Kiwi
I haven't seen too many posts here talking about RIS but that's the only solution I have stuck with over the years and it has its merits and is still my preferred method.
For me Ghosting is not a good solution because of all of the driver issues, the old SID problems from the NT4 days (fool me once...) and the amount of additional work required every time you want to update the image - service packs or applications for example. Also be aware that for Microsoft based products you will want volume licenses so you can reuse the same keys, this requires buying through a reseller and creating an account with Microsoft on the https://eopen.microsoft.com/ web site (I hate passport!).
One solution I am fairly happy with is a bootable CD I created which will install Windows 2000, XP, 98, 2003 Server from an answer file. Obviously only one or two OSes per CD but I can install any of those by typing a name for the machine, pressing enter and waiting an hour for the OS to actually install. Unfortunately this requires a few non Microsoft tools, which is probably why the lack of documentation. I use a Windows 98 bootable disk image (proprietary), the DOS version of sed (to parse the computer name from my DOS script), AEFdisk (to script the formatting of the disk) and CD writing software capable of grabbing a floppy disk image.
I still need to install drivers and software and configure the network. The cd has to have a hard coded key. But for PC repair it sure beats entering everything manually and pressing enter to bypass the installation screens.
RIS is similar but made for companies with at least one Microsoft based server. You create your answer files and install the OS from a dedicated partition on your RIS server, this is a pain of a limitation if you don't plan well in advance before you install your server/s.
There are several other limitations with RIS the show stopper has always been support of the PXE boot protocol, but nowadays most motherboards support PXE boot, you may have to enable it in the BIOS of your machines though. Many newer network chipsets are just not supported by Windows XP or 2003 server and RIS specific drivers can be difficult if not impossible to track down - the Marvel Yukon network drivers spring to mind.
Microsoft provides a bootable floppy disk to boot off of that provides generic drivers for many older network cards, several of my customers mandate specific network cards for each of their workstations.
To install a computer you press F12 for the PXE boot, provide the credentials of a user that has permission to install, breeze through a few configuration screens (depending on your RIS setup) and then the workstation is installed for you.
In my opinion this is where the process of imaging finishes and the beginnings of workstation management begins. I say this despite the software not being installed because you should be installing and managing your software through Active Directory and the use of MSI files.
Some applications come with MSI files for installation such as Microsoft Office and Norton AntiVirus. These applications can be managed by user or computer or groups thereof in Active Directory. This is far more flexible than imaging.
Many applications can also be installed silently via script, this can be problematic if your users don't have local administrative access to their workstations but you can bypass this restriction.
Microsoft has really done a piss poor job of creating automated installation tools for third party products for creating MSI files for use with Active Directory, all of these tools are expensive and don't have demo versions so I've never used one. All of the tools I have seen require that you install your workstation, start some monitoring program, install the software, reboot and then the monitoring program compares the machine before and after and creates an MSI file based on the differences. Microsoft should try employing some of those malware writers
Are you calling me a liar?
/ 084237
http://games.slashdot.org/article.pl?sid=05/12/19
There are two big problems I have with Dell computers:
First they have random unneeded software such as Musicmatch jukebox, Quickbooks Demo, various useless Dell phone home software packages etc. There have been several reviews of Dell gaming machines where some games won't even start because of incompatibilities some games have with Dell's TSR's.
Secondly, Dell's warranties aren't worth a crap. For example if a Dell computer has a bad hard drive it will take at least 3 hours of calls and diagnosis before you can get their helpdesk to send someone out to replace it. It's generally easier to go to (insert computer store here) and replace the drive yourself rather than wearing the cost of using Dell's helpdesk at all.
A lot of my customers use Dell computers. I support them a lot. If you do end up with one make sure to reinstal from scratch, try not to use the recovery CDs which will restore all the crappy Dell spyware with it.
That's my 2c.
Kiwi
I loved all the Monkey Island adventure games.
Great win for Intellectual Property rights, now the public will have more expensive PVR's.
:(
Shame there always has to be a trade off
For some time it has been easier to wipe and reinstall rather than repair an infection, of course this is dependant on knowing where your data is to begin with - hint: this is why we have servers. A reinstall (automated of course) will take less than 2 hours and everything is guaranteed to be working properly afterward. Properly eradicating most spyware takes a lot longer than this and doesn't guarantee that you or the program/s you use have gotten everything. Why even take the risk of repairing a spyware infection?
On Windows boxes I still see many spyware infections on computers where the users don't even have administrative access. This includes the adding and changing of system services that users don't (read as shouldn't) have access to change as well as totally screwing over the Windows system restore which I might add helps malicious software coders than the users actually trying to restore system files. All this from surfing a malicious site in IE.
It really is impossible to trust an infected machine even after every effort has been made to remove the spyware. This is something every Microsoft admin I know has known for some time, this should be a non story except that it's about a government branch that had 2000 spyware infected client machines and no disaster recovery plan - heads should be rolling.
You must be able to write very long reports that management and the board of directors will be reading. You will use terms like "Due Care and Diligence", "Disaster Recovery" and "Business Continuity Planning". Security professionals don't provide anything tangible to a business so to prove your value you must consider every potantial problem and document it in advance even if management doesn't even read your reports. This is the only way to cover your ass.
So many people consider Network Security to be about running sploits and such, but really its about risk management. Have a good look at certifications such as CISSP, read some of the self training books and if you don't get bored to tears reading them then think about what it would take to write them because thats what you'll be doing 90% of your time.
I know this can be done. My question is how?
Where is the information? Where are the success stories with Howto's? What symbolic links should I mess with?
It's all very well to talk about AFS and ACLs and updating a bazillion desktops but you've given me nothing. Got any links to any of this? Bonus points for finding links and information that shows good ways to integrate this with Samba and CIFs to support current Windows based wiorkstations while we integrate Linux based desktops.
So thanks for your post, but unfortunately I have to rate it -1 uninformative.
John the Kiwi
I appreciate the reply. I've been using Linux on and off for upwards of 6 years now and while you've glossed over a solution you haven't pointed me to any useful information on how to achieve what you're saying.
l oyment%22&sourceid=mozilla-search&start=0&start=0& ie=utf-8&oe=utf-8
Can I do a base install of Linux in 30 seconds like you say? What technologies would I use? How do you make sure the kernel is compiled with all of the appropriate drivers? What scripts should I be using to automate the copy from the CD or networked image?
I'm well aware that these things can be done, but I'm not aware of how. Where is the documentation? The Howto's? The sample code showing how to achieve these things?
Looking through this Slashdot article and the comments I'm seeing some people like yourself saying that these things can be done, but there is nothing showing or explaining how, which is the information the original poster was asking for and the reason why I made my post.
http://www.google.com/search?q=%22rapid+linux+dep
John the Kiwi
I've been trying to get Linux instaslled on the desktop for a few of my customers, but had problems finding a suitable model for deployment. Say what you will about Microsoft (and here most people do) but their deployment tools are pretty good. All of my new deployments utilise RIS (Remote Install Services) which greatly reduces client installation times.
/home folders to a central server. But I've never seen any Howto's or even descriptions of anyone having done this in the enterprise before. Not to say it hasn't been done, just that noone's written how it's done (that I've been able to find).
Roaming Profiles and publishing applications via Active Directory also greatly reduces on site time. Workstations can be restored without anyone technical being required on site at all.
I've looked and looked and haven't been able to find any resources for doing similar tasks with Linux based desktops. The closest I've come up with is to use custom built CD Rom desktop OSes, but these are much slower than using a workstation with the OS installed on a local hard drive.
I'm sure it can be done, perhaps by remotely mounting common application and
Not much help I know, but it shows why my company is still an MS shop.
John the Kiwi
Since when have tabloids or television claimed to be educational and or informational?
You must be new here.
Mr Thompson
I've always wondered exactly how much Linux based knowlege a writer should have in order to write a report on the TCO of Linux based networks and software.
How much Real World/In the Trenches experience do you have implementing and supporting large network and software applications that run Microsoft products compared to *nix based solutions?
Exactly how experienced are you with Linux? What is your favourite distro? How long have you been running Linux?
What is the best thing Windows does better than Linux?
What is the best thing Linux does better than Windows?
Have you ever contributed to an Open Source project or been part of an Open Source community?
Thanks
John the Kiwi
Am I the only one that thinks this could be the funniest ever thread on slashdot?
So they fix the problem by allowing you to burn a cd that is full of WMA files with DRM that disables the CD to be burned again. Where's the provision for fair use? If I buy a regular CD I should be able to copy it at the original high quality of sound that will play in all CD devices without having to install DRM crippled WMA files on a CD that would be nothing better than a coaster.
What about people that don't run Microsoft Windows? Can Mac's play DRM'd WMA files yet?
I can't think of a more stupid solution. Luckily Sony et al seem to have no problems finding people full of stupid solutions.
On the plus side, you won't have to worry about these DRM schemes until Microsoft finally produces a secure Operating System.
Hahahaha
John the Kiwi
I do a lot of consulting in the business continuity/security networking field and there is only one way to deal with a problem like this.
Every security policy comes straight from management, the IT staff configure the network based on the decisions that management has made. Your company is just revising their security policy and have tasked you with abiding to it. All you need to do is devise a budget for complying with their requirements.
Your company has decided they need more advanced security precautions taken, it really is not your position to question their decision. Just tell them exactly what solutions can be implemented to meet their requirements. If I were you I would be very excited, you have a perfect opportunity to prove your knowledge and value to your employers. You also have a plethora of Open Source solutions available to you - maybe I'm a zealot - but this kind of work is very rewarding.
If you can't provide this, then you are the wrong person for the job, or they need to outsource. It's that simple.
As for places to start, I would consider the pen-test mailing list at www.securityfocus.com, there are also several other lists that they host. The archives should give you some excellent references of where to start. You should also consider this to be the perfect time to request training and reference materials - books.
You shouldn't be surprised that your employers requirements have changed, you work in technology, technology reviews should be undertaken regularly and findings should be acted upon. Don't fear the change, use it as a chance to make your job easier and increase your value to your employer.
I sure wish I could find more clients like your company!
John the Kiwi
Just because technology changes and your job has chganged
Hi Martin
I'm an independant contractor with an MCSE that supports a small customer base of companies that mostly run Windows software. I have four development and testing computers at my house, all of which run Linux and free software solutions, this is because I cannot afford to buy Windows 2003 server, Office 2003, dev studio and a lot of other recent releases.
With my cost free Open Source testing platform I have designed and implemented quite a few solutions with software such as Open Office, Open Exchange, Samba etc.
With online activation and licensing restrictions I am not able to run any Microsoft software in a test environment to ensure it is adequately tested and ensure I am able to support it.
This is driving my skill set and support abilities away from Microsoft and squarely into the arms of the Open Source camp. What (if anything) is Microsoft doing to combat this and ensure that the professionals in the field that sell and support your software have access to the resources they require?
Thanks
John the Kiwi
I used to think like that too. Right up until I moved to the States and started to receive more than 15 requests for credit cards and other business services in my mail box once I registered a company.
Spam doesn't affect trees. And the truth is that spam will always be around as long as there's money to be made from it. It's an end user education problem. As soon as end users are educated enough to know not to buy the things in the spam emails then there's always gonna be someone sending it.
As soon as the financial incentives are removed there will be no more spam problem. But right now spammers are making money hand over fist because people click on the links and buy the crap the spammers are hawking.
What could be more capitalistic than spam?
Kiwi
I stick with Mozilla because I can hit F6, type in my search terms and use the down arrow to search google. I can't remembet the last time I went to google.com.
Mozilla has everything I need that Thunderbird does and more. Thunderbird is also a little cartoony looking to me, maybe to match the ugly Windows XP interface - I guess that's a fairly subjective opinion. I don't even use mozilla suite either. Just the browser.
I've even tried o switch. My Windows 2000 server has Firefox on it but I just prefer Mozilla.
John the Kiwi
What are the odds the new mail server he is using put spam filters on there for him and he just didn't notice?