Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Endpoint Management Community Blog
Showing posts in English
SK | 04 Jun 2007 | 2 comments

When the Global Assembly Catalog (GAC) is viewed with Windows Explorer, only part of it is exposed, as most of it is hidden (protected) by the Operating System. How can Windows Explorer access these other areas?

Either create the following registry DWORD file and then merge it with your registry, or simply create the DWORD directly in your registry.


Windows Registry Editor Version 5.00



WiseUser | 04 Jun 2007 | 0 comments

Just in case you forgot exactly what page of the documentation details the Wise switches, here's a list (from user kv17675) that you can bookmark.

Wise Setup.exe Switches

/T test mode
/X pathname extracts files into pathname
/Z pathname extracts files into pathname and reboots
/S silent install
/M prompts for windows, system, temp dirs
/M=filename specifies a value file similar to /d above,
but for standard variables
/M1 same as /m plus it prompts before any file that is self-registered
/M2 reserved for internal use by Wise during debugger sessions

Uninstall (Unwise.exe switches)

/Z remove empty directories, including one with unwise itself in it.
/A automatic mode, no user choices other than cancel.
/S silent mode, automatic mode with no user choices...

jasoncordell | 04 Jun 2007 | 1 comment

Hey Everyone,

I am trying to automate some menial tasks and need some help. The final task for a DS imaging or PCT job is a vb script that will send an email to This will cause an incident to be automatically created. Since we have bunches of these per day, I don't really want to have someone have to go into each incident and change a couple fields and close it.

I was given a tip on Altirigos to use {HelpdeskValue} in the email to set the values in the incident, but I can't seem to make it work yet.

I did some poking around on the web and I was able to find the DataIsland info in the formats.xml file and found that I should be able to use the following fields.


ccole | 01 Jun 2007 | 0 comments

PCI DSS is tough on wireless LANs. I suppose wireless LANs have earned this reputation, deservingly so. Too many retailers operate open wireless networks without any encryption or they have used WEP, which can be broken in about 6 minutes of sampling.

PCI DSS requires the following of wireless LANs:

  1. 1. Firewall separation of wireless LANs from the wired network
  2. 2. If WEP is used, keys must be rotated at least quarterly
  3. 3. No default Admin IDs and passwords.
  4. 4. SNMP agents can't have community strings of "public"
  5. 5. Disable SSID broadcasts
  6. 6. Preferably use WPA or WPA2
  7. 7. Disable FTP
  8. 8. Save AP logs

Manually auditing wireless APs is time-consuming. If you are in the middle of wireless audits, is looking for beta testers with Cisco APs to audit and satisfy for requirements 2.1.1, 4.1.1, 10.5...

BRING | 31 May 2007 | 0 comments

No one likes to see too much fat anywhere. It is great when it lightly surrounds a New York strip steak, or slowly tenderizes a roast, but not in too many other places. It definitely does not belong in SQL transaction logs.

Unfortunately, some transaction logs get bigger and bigger, some by gigabytes a day, or even in hours. This is usually indicative of a problem.

The Altiris KB article entitled "Why is the SQL Transaction Log growing by Gigabytes Daily?" and found at
outlines one way that this can happen, and how to keep it from happening in the future.

Joel Smith | 31 May 2007 | 0 comments

How does Inventory Forwarding affect Inventory Solution Licensing?

The short answer is that each forwarded resource will use a license node for Inventory Solution.

Inventory Forwarding sends data that creates a Managed Resource on the destination Notification Server. This consumes a license for Inventory Solution. Thus a combined license containing enough nodes for all forwarded Resources (equaling the number of nodes managed from all the lower tier Notification Servers) should be applied to the top-level Notification Server so licensing will not be exceeded.

If separate licenses have been purchased for different lower-tiered Notification Servers, they need to be combined to apply to the top-level Notfication Server. You can manage your licensed through the Altiris (now a part of Symantec) License Management Portal, or LMP.


Joel Smith | 30 May 2007 | 0 comments

In a secure network environment, it's important to know what Ports are accessed and utilized by your management applications. Network Discovery is an agentless discovery tool that allows the Notification Server to go out on the wire and discover what devices exist. This tech tip covers what ports are used by Network Discovery, including their corresponding protocol.

The following Ports are Required by Network Discovery:

  • SNMP : 161
  • HTTP : 80

The following Ports are Optional, but are used by Default:

  • FTP : 21
  • SSH : 22
  • Telnet : 23
  • SMTP : 25
  • Sun RPC : 111
  • Terminal Services : 3389

The following Ports are used If AMT is Enabled:

  • Small Business Mode : 16992
  • Enterprise : 16993

SNMP uses UDP, and the rest are defaulted at TCP.

*Many of the above items can be configured within the Scan Policy for Network Disocovery. See this...

tech9 | 29 May 2007 | 3 comments

An alternate tool - when PXE is busted or down. It's worked for us a couple of times. We've learned through past experience that it never hurts to have a plan "B".

Include rdeploy in your ISO.

riva11 | 29 May 2007 | 4 comments

There are some very nice Microsoft tools available for Active Directory management, Active Directory User management, and Group Policy Management Console (GPMC). These MS tool are designed to manage organizational units, groups, users and all other AD objects.

The only limit in these tools is the limited reporting on AD objects. Some reports are partially produced by the GPMC. Some other information can be extracted and collected from your AD environment using manual scripts.

For this reason I use an interesting third-party tool called ManageEngine ADManager Plus. ADManager Plus is available in two editions, Freeware and Professional. The free edition allows you to manage users, view reports, and delegate security roles for a single domain. The professional edition can be used to manage all the domains for which it is licensed.

There are many advanced features for a...

riva11 | 29 May 2007 | 1 comment

Sono numerosi i tool Microsoft per la gestione di Active Directory , utente e gruppi utente , Group Policy, uno tra i più importanti è Group Policy Management Console (GPMC). Questi tool sono stati creati per consentire una agevole gestione di tutti gli oggetti di AD, unità organizzative ( OU ) , gruppi, utenti e altri oggetti .
L'unico limite di questi tool sono la limitata capacità di reporting e di stampa degli oggetti contenuti nella strutturaAD. Qualche report pò essere parzialmente prodotto utilizzando GPMC. Altre informazioni possono essere inoltre ottenute con la estrazione manuale dall'ambiente AD usando delle script.

Per superare questa limitazione , utilizzo da tempo un tool di terze parti denominato ManageEngine ADManager Plus. ADManager Plus è disponibile in due versioni, Freeware e Professional.
L'edizione freeware consente di gestire utenti, gruppi, creare report e delegare la gestione della sicurezza per un singolo dominio. L'edizione Professional...