Information about joeware mixed with wild and crazy opinions...
As the Government of the United States is not, in any sense, founded on the Christian religion; as it has in itself no character of enmity against the law, religion or tranquility of Musselmen; and as the states never have entered into any war or act of hostility against any Mohometan nation, it is declared by the parties that no pretext arising from religious opinion shall ever produce an interruption of harmony existing between the two countries.
– 1797 Treaty of Tripoli Article 11
“The United States of America should have a foundation free from the influence of clergy.”
-George Washington
“In no instance have the churches been guardians of the liberties of the people.”
-James Madison
“Lighthouses are more helpful then churches.”
-Benjamin Franklin
While suturing a cut on the hand of a 75 year old Texas rancher, whose hand was caught in a gate while working cattle, the doctor struck up a conversation with the old man. Eventually the topic got around to former Texas Governor, George W. Bush, and his elevation to the White House.
The old Texan said, “Well, ya know, Bush is a ‘post turtle.'” Not being familiar with the term, the doctor asked him what a “post turtle” was.
The old rancher said, “When you’re driving down a country road, and you come across a fence post with a turtle balanced on top, that’s a post turtle.”
The old man saw a puzzled look on the doctor’s face, so he continued to explain . . “You know he didn’t get there by himself, he doesn’t belong there, he doesn’t know what to do while he’s up there, and you just want to help the dumb shit get down
Ever hear that one? Of course the problem is that some user was granted admin on their laptop and they went and did something silly with that power and then when they try to hook back up to work they realize they don’t have the necessary rights to fix it…
That seems to be a common issue in the newsgroups and my response to those folks if I respond at all is that they need to contact their admins and hopefully they learned a valuable lesson. And if admins ask how they can stop that behaviour I usually say “stop giving out admin rights!”. Of course we all know that latter item is MUCH easier to say than do with the plethora of poorly behaving apps, etc out there.
Well I was chatting with some very bright IT people this week and one of them pointed out another solution that they implemented at their company and I thought it was so slick I wanted to share it… It doesn’t block everything that could be used but it blocks the main front door that is used by most folks who hurt themselves…
Normally most folks are CLI challenged so always use the GUI to change their domain. They do this by right clicking My Computer and selecting Properties and then you get a nice dialog something like…
Then you click on the tab labeled Computer Name and see this…
Well… You can stop that dead in its tracks… The DLL that controls that tab is called c:\windows\system32\netid.dll, something I never personally had to go figure out as I am not a client person. The interesting thing is that if you lock that DLL down, you can make it so that tab doesn’t show up. So say you do something like set an ACE on the ACL of that DLL to DENY Everyone Full Control. What happens?
This is what happens
Cool huh? Front door closed. If you have a script or other process that handles all of the domain join stuff then you are all set. If you still want to let some people be able to muck with that dialog then you need to get a little more creative with the ACLing and allow some group but disallow everyone else. That is done with more intrusive ACL modifications and using passive deny instead of explicit deny.
In the location I was at, they were doing this lockdown with a GPO so it will be put back if someone figures out a way around it.
I was impressed with how simple the solution was and the fact that I hadn’t ever heard of it before.
joe
My sister asked me if I recognized this font and knew its name. I didn’t recognize it and don’t have it on my machine. Does anyone else recognize it? It was something she made previously some time ago but she can’t find the font and original document anymore.
Received an email today from someone who loved AdFind, to paraphrase the note
AdFind rocks! How the heck do I do Tab Delimited CSV output?
Err duh. My bad… I thought I put that in the usage and didn’t or must have commented it or must have been dreaming of all of the above. You can use the CSV Delimiter (-csvdelim) switch to specify a tab by entering \t. Those with a c or perl background understand this one, others should just write it down. This only works with \n (newline) and \t (tab), not all escaped characters supported by c/perl.
You ever hear that statement? If it seems too good to be true, it probably is? Well it is such a popular expression for a reason. Sure, you will occasionally find good deals but you really need to be careful of the deals, especially around the holidays like now.
Firmly in the too good to be true column is a company out there allegedly selling XBOX 360 Premium Bundles with like 8 games for $266. You just have to buy 5 bundles in order to get the price… The website is
http://discountgameconsole.com/index.php?productID=14
While this may NOT be a scam, I don’t know for sure as I refuse to send them any money, I full believe it is a scam. The company is out of Indonesia and just look at the shipping and payment web page at
http://discountgameconsole.com/index.php?show_aux_page=2
And you see that shipping is $160 regardless of what you order be it 5 XBOX 360 Premium Bundles, 5 XBOX 360 Core Systems, or 5 Gameboys…. Odd shipping costs there don’t you think? Plus… payment is via wire transfer…
If someone has ordered one of these bundles and actually found it isn’t a hoax, ripoff, scam, whatever, you name it, let me know. I think it just has too many things adding up against it at the moment to be considered legitimate.
Oh and if you did… how do you handle the warranty?
joe
Just one reason I tell people that virtualization of Domain Controllers in production scares me… This is a post from one of the Microsoft newsgroups. As more and more people move to virtualizing their DCs I expect to see more and more of this.
Newsgroups: microsoft.public.windows.server.active_directory
Hi,
Due to a VMWare problem the local time of one of my remote site DCs was set
back to July 2006. So the other DC in the same site believes that there are
lingering objects and stopped replication.
Is there any way to safely enable replication again without demoting the DC
?Thanks
Mario
Really this goes back to reason #1 which is that most Windows admins really aren’t up to the task of understanding Active Directory well enough to properly run Domain Controllers (or ADAM) in a virtualized environment safely.
joe
[joeware – never stop exploring… :) is proudly powered by WordPress.]
