RSS | MY PROFILE | PRIVACY 

Vol. 19, #33 - August 18, 2014 - Issue #993

Image

Securing Boot Volumes

  1. Editor's Corner
    • Ask our Readers - Vipre firewall and 3CX Phone System
    • Ask our Readers - Help for Windows 8.1 noobs
    • From the Mailbag
    • Securing Boot Volumes
    • Tip of the Week - Update rollups for Microsoft products
    • Recommended for Learning
    • Microsoft Virtual Academy
    • Quote of the Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. Events Calendar
    • Americas
    • Europe
    • Asia Pacific
  4. Webcast Calendar
    • MSExchange.org Ask the Expert Webinar: MS Office 365, Azure, and More
    • Register for Webcasts
  5. Tech Briefing
    • Cloud Computing
    • Enterprise IT
    • Small Business IT
    • Windows Server
  6. Recommended TechGenix Articles
    • Recommended articles from websites in TechGenix Network
  7. Windows Server News
    • Private cloud is private, but security is no guarantee
    • Get your VDI for free
    • You can’t avoid hardware failure entirely, so plan for it
    • How to modify a vApp for smoother deployments
  8. WServerNews FAVE Links
    • The Difference Between Time Lapse And Hyper-Lapse
    • Hot Crazy Matrix - A Man's Guide to Women
    • Budapest Airshow 2014 Highlights
    • A Different Way To Cut A Watermelon
  9. WServerNews - Product of the Week
    • SolarWinds® Permissions Analyzer for Active Directory™ - Identify Misconfigured Permissions in Active Directory for Free

 

Identify Misconfigured Permissions in Active Directory for Free

The SolarWinds® Permissions Analyzer for Active Directory™ makes it easy to get a complete hierarchical view of the effective permissions & access rights for a specific file folder or share drive all from one dashboard on your desktop. With this free tool you get complete visibility into the effective permissions & access rights for a specific file folder (NTFS) or share drive. Easily see which permissions a user has for an object and why (group membership or direct permissions). Browse permissions by group or individual user, and analyze user permissions based on group membership combined with specific permissions. Permissions Analyzer is quick to deploy and easy to use.

Download the Free Permissions Analyzer Tool Today!

 

Editor's Corner

This week's newsletter is all about safeguarding the boot volume of your Windows servers and workstations. Unfortunately I searched in vain for a Dilbert comic that might have something humorous to say about the word "boot" so instead of the usual comic strip here's a joke about boots I found on JokeBuddha.com:
http://www.wservernews.com/go/1408018848097

Awww, kids are so cute, aren't they?

Ask our Readers - Vipre firewall and 3CX Phone System

In the previous Issue #992 Troubleshooting Strategies, a reader named Paul asked:

Does any reader use the 3CX Phone System? I have been unable to configure the Vipre firewall to allow 3CX software for UDP/TCP port forwarding. If anybody has succeeded doing this, I would appreciate some help.

A reader named JanChris from the Netherlands had the following suggtestion:

Is he sure the port is available from his provider? I had a 4 month row with my provider because they keep the designated port for SIP for themselves and do not allow the user to use 5060. Remedy: configure sip on 5061 and document well for all equipment.

Ask Our Readers - Help for Windows 8.1 noobs

In Issue #990 The Importance of Roadmaps, we included the following request from a reader named Marguerite:

Is there a newsletter for non-server ordinary win8.1 users?

In the two issues that followed that one several readers identified the following as useful resources:

Windows Secrets
http://www.wservernews.com/go/1408018861456

7Tutorials
http://www.wservernews.com/go/1408018866112

This week a reader named Mark who is a Technical Architect in the UK suggested one additional resource:

We're in the middle of deploying 1300 Windows 8.1 Tablets and have found [this] invaluable:

Windows EightForums
http://www.wservernews.com/go/1408018870144

Ask Our Readers: WServerNews has 100,000 subscribers worldwide. That's a lot of expertise to tap into. Do you need help with some issue or need advice on something IT-related? Got a question you'd like us to toss out to our readers to try and answer? Email us at wsn@mtit.com

From the Mailbag

In Issue #992 Troubleshooting Strategies, we talked about strategies for troubleshooting problems with PCs and servers running Windows. Several readers shared their feedback concerning this topic, and here's a short sampling:

And now on to the main topic of this issue...

Securing Boot Volumes

There was a big discussion on tech forums around two years ago about Microsoft's inclusion of UEFI Secure Boot technology in Windows 8. Linux gurus complained that Secure Boot would prevent users who purchased Windows 8 pre-installed on OEM PCs from wiping their machines and installing Linux should they want to do so. In the end the reality was a bit more prosaic since it's only on Windows RT machines that Secure Boot can't be disabled as this TechNet article explains:
http://www.wservernews.com/go/1408018879675

But this discussion does raise an important question: How can a PC be configured so it can only be booted from its boot volume?

There are lots of threat vectors in today's world where Windows PCs and other types of end-user computing devices are ubiquitous. One of those vectors is where an attacker who has access to a PC can boot it to a bootable Linux installation on CD or DVD media. Wikipedia has a good article on this topic:
http://www.wservernews.com/go/1408018884409

There are zillions of kinds of such live CDs available:
http://www.wservernews.com/go/1408018916378

Naturally, this can work with USB removable drives as well:
http://www.wservernews.com/go/1408018921003

Windows To Go, a technology introduced in Windows 8.1 that allows a portable Windows installation to be booted from a USB-connected external drive, has some of the capabilities of a live CD but in other ways it's different. For example, the internal hard disks of the host PC are offline when you boot the host into Windows To Go. This means you can't use Windows To Go to copy sensitive data from the internal drives of a PC. See this TechNet article for a good description of what Windows To Go can and can't do:
http://www.wservernews.com/go/1408018925253

But getting back to the live CD threat vector, it's tempting to say that if the PC secured then of course it's vulnerable to this kind of attack which circumvents the normal Windows boot process. But the reality however is that physical security isn't an absolute black-and-white form of protection. There is actually a spectrum of different levels of physical security ranging from not very secure to very secure indeed. For example:

The moral of course is that if you push too hard on ensuring security you're simply going to end up weakening security instead of strengthening it.

But let's get back to securing the boot volume to ensure that a PC can only be booted to its own Windows installation or be overwritten by installation of another operating system. This is a very big requirement in some environments. For example, an educational organization wants to prevent students from installing or booting from any other operating system on their PCs. How can they do this?

Basically, the good old two-step method is best:

  1. Configure a password in the BIOS of the machine
  2. Configure the BIOS so that it can only boot from (or boots first from) its internal hard drive.

Keep in mind however that:

Send us feedback

Do you configure the BIOS password on your organization's PCs to secure their boot volumes? Or do you have some other solution you can recommend on this issue? Let us know at wsn@mtit.com

Tip of the Week - Update rollups for Microsoft products

From time to time Microsoft releases "update rollups" that contain batches of fixes for some of their products. An example of this was the enterprise hotfix rollup available for Windows 7 SP1 and Windows Server 2008 R2 SP1 which is described in this KB article:
http://www.wservernews.com/go/1408018932112

Note that while applying a rollup is supposed to fix multiple problems at once, as you can see from reading the above article sometimes further fixes are released to fix new problems that were introduced by the earlier fix. Regardless of this, it's important to try to ensure that Microsoft products you're using in your environment are up to date with updates and hotfixes released for that product. A good place to find recent updates is on the Microsoft Download Center, and this link lists update rollups that have been released by their date of availability:
http://www.wservernews.com/go/1408018936003

GOT TIPS you'd like to share with other readers? Email us at wsn@mtit.com

Recommended for Learning

Want to test-drive Microsoft software without having to commit hardware from your lab? Explore the TechNet Virtual Labs at:
http://www.wservernews.com/go/1408018940190

Microsoft Virtual Academy

Two announcements from the Microsoft Virtual Academy:

August 26: The Modern Web Platform Jump Start

Devs, get up to speed on the latest capabilities and features available in HTML, CSS, and JavaScript, in this August 26 event! Join "The Modern Web Platform" Jump Start, discover the basics you need to create websites, web apps, and even native Windows Apps, and prepare for the "Developing Universal Windows Apps with JavaScript" Jump Start.  Register for the Modern Web Platform Jump Start here:
http://www.wservernews.com/go/1408018948144

August 27-28: Developing Universal Windows Apps with JavaScript Jump Start

Here's a fast paced course for developers who want to use HTML, CSS, and JavaScript to build rich, native apps on a new and exciting platform You'll get the details from Microsoft experts in the "Developing Universal Windows Apps with JavaScript" Jump Start, August 27‒28. (For an introduction to these technologies, be sure to attend the "Modern Web Platform" Jump Start.)  Register today!
http://www.wservernews.com/go/1408018952675

Quote of the Week

"If you don't know where you are going, you'll end up someplace else." -- Yogi Berra

Until next week,
Mitch Tulloch

Note to subscribers: If for some reason you don’t receive your weekly issue of this newsletter, please notify us at wsn@mtit.com and we’ll try to troubleshoot things from our end.

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

Do you know which users have access to sensitive files or directories? Using Permissions Analyzer, you’ll be able to easily see what permissions a user or group of users has for an object and why.
http://www.wservernews.com/go/1408019793472

Veeam Task Manager for Hyper-V is a portable, standalone performance monitoring tool. Improve troubleshooting in your Hyper-V environment by seeing what Windows Task Manager doesn’t show you.
http://www.wservernews.com/go/1408359828932

Amazon Web Services and Metalogix Virtual Private Cloud provide organizations with a highly secure and scalable Exchange and Files archive solution. Take it for an Instant Test Drive Today.
http://www.wservernews.com/go/1408359853650

The PUREX Technology tablet multi-flex tablet mount lets you adjust to any position you like and just enjoy using your tablet comfortably.
http://www.wservernews.com/go/1408359892698

ExifToolGUI for Windows lets you view and edit metadata inside image files.
http://www.wservernews.com/go/1408359903276


Events Calendar

Americas

Microsoft SQL Server PASS Summit 2014 on November 4-7, 2014 in Seattle, Washington
http://www.wservernews.com/go/1408018958862

Europe

TechEd Europe on October 27-31, 2014 in Barcelona, Spain
http://www.wservernews.com/go/1408018960862

Asia Pacific

TechEd New Zealand on September 9-12, 2014 in Auckland, New Zealand
http://www.wservernews.com/go/1408018963628

Add your event

PLANNING A CONFERENCE OR OTHER EVENT you'd like to tell our 95,000 subscribers about? Contact michaelv@techgenix.com

 

Webcast Calendar

MSExchange.org Ask the Expert Webinar: MS Office 365, Azure, and More

Join our expert panel of Exchange MVPs to benefit from their insights into Office 365, Azure and other top issues and questions facing Exchange Administrators, as obtained by a July 2014 survey of the TechGenix audience.

This live online event, sponsored by Kemp Technologies and hosted by  MSExchange.org, takes place on Wednesday, August 20, 2014, at 12N EDT | 9AM PDT. You'll hear a wide range of topics discussed by this panel of experts which includes MS Exchange MVP Steve Goodman, MS Exchange MVP Michael Van Horenbeeck, and MVP and MCM Bhargav Shukla of KEMP Technologies.

Register here

Just a few examples include:

You'll also be able to get your live questions answered by the experts. Don't miss this unique opportunity.

Only two days remaining to sign up for this informative online event!

Register for Webcasts

Add your Webcast

PLANNING A WEBCAST you'd like to tell our subscribers about? Contact michaelv@techgenix.com

 

Tech Briefing

Cloud computing

Cloud Computing Guide for Legal (Microsoft Download Center)
http://www.wservernews.com/go/1408019061065

Oracle Becomes Data-as-a-Service Provider (Data Center Knowledge)
http://www.wservernews.com/go/1408019065628

Enabling Hybrid Cloud Today with Microsoft Technologies whitepaper (Microsoft Download Center)
http://www.wservernews.com/go/1408019069269

 

Enterprise IT

Configuring AD users and managers with PowerShell (4sysops)
http://www.wservernews.com/go/1408019073284

Explore enterprise social scenarios (Microsoft Download Center)
http://www.wservernews.com/go/1408019076706

How to Register for Dell Firmware Updates (Dell TechCenter Blog)
http://www.wservernews.com/go/1408019080144

 

Small business IT

Save and share files in the cloud by using OneDrive for Business (Microsoft Download Center)
http://www.wservernews.com/go/1408019084628

Quick Start to Office 365 for Small to Medium Businesses (Microsoft Download Center)
http://www.wservernews.com/go/1408019088394

Migrating Windows SBS 2003 to Windows SBS 2011 Essentials (Microsoft Download Center)
http://www.wservernews.com/go/1408019092315

 

Windows Server

Easy Print Anomaly (Third Tier)
http://www.wservernews.com/go/1408019096315

Cluster-Aware Update Runs: How Long? (Third Tier)
http://www.wservernews.com/go/1408019100065

Allowing Expired or Forced Password Changes on RDWeb (Third Tier)
http://www.wservernews.com/go/1408019103550


Recommended TechGenix Articles

Introduction to SQL Database Options in Microsoft
http://www.wservernews.com/go/1408363091396

Windows Networking Tricks and Tips
http://www.wservernews.com/go/1408363102334

Getting started with SaltStack
http://www.wservernews.com/go/1408363129474

Planning Considerations for BYOD and Consumerization of IT (Part 1)
http://www.wservernews.com/go/1408363131615

Managing mailbox features with corporate profiles (Part 1)
http://www.wservernews.com/go/1408363133428

 

Windows Server News

Private cloud is private, but security is no guarantee

It’s easy to associate private cloud with security and privacy, but it’s not always the case. To ensure your private cloud is secure and really private, you need a well-crafted and carefully monitored plan to avoid a potential disaster. Find out what steps to take inside.
http://www.wservernews.com/go/1408019112769

Get your VDI for free

As surprising as it sounds, free VDI is not a joke. Though VDI has a costly reputation, free VDI products do exist for specific environments. Learn how to evaluate your options and choose the one that will best match your current and future needs by understanding and comparing their features, limitations, and capabilities.
http://www.wservernews.com/go/1408019116269

You can’t avoid hardware failure entirely, so plan for it

In a perfect world, hardware failure wouldn’t be a concern, but unfortunately, planning for recovery is an absolute must. Learn about several different and easy-to-implement ways you can start to plan for hardware failure to ensure you’re prepared for unexpected interruptions.
http://www.wservernews.com/go/1408019120378

How to modify a vApp for smoother deployments

With OVA and OVF files, you can deploy and create multiple complex and useful vApps, or a collection of VMs to make up an appliance group. Doing so can save you time and reduce a variety of potential problems. Learn how to start building VMware vApps today so you can ward off potential problems tomorrow.
http://www.wservernews.com/go/1408019124737


WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff

GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at wsn@mtit.com

Image

The Difference Between Time Lapse And Hyper-Lapse

Microsoft has developed a new way to condense long, often boring first-person videos into a ultra-smooth 'hyperlapse':
http://www.wservernews.com/go/1408019128878

Hot Crazy Matrix - A Man's Guide to Women

The 'Hot - Crazy Matrix' - a funny guide to dating women. Also includes the 'Cute vs Rich Matrix' for women dating men:
http://www.wservernews.com/go/1408019132565

Budapest Airshow 2014 Highlights

Highlights from the Budapest Airshow 2014 featuring planes flying through the beautiful city and taking off from and flying under the bridges of the Danube river:
http://www.wservernews.com/go/1408019137081

A Different Way To Cut A Watermelon

Taking 'How to slice up a watermelon into bite-size chunks' to the next level:
http://www.wservernews.com/go/1408019141097


WServerNews - Product of the Week

Identify Misconfigured Permissions in Active Directory for Free

The SolarWinds® Permissions Analyzer for Active Directory™ makes it easy to get a complete hierarchical view of the effective permissions & access rights for a specific file folder or share drive all from one dashboard on your desktop. With this free tool you get complete visibility into the effective permissions & access rights for a specific file folder (NTFS) or share drive. Easily see which permissions a user has for an object and why (group membership or direct permissions). Browse permissions by group or individual user, and analyze user permissions based on group membership combined with specific permissions. Permissions Analyzer is quick to deploy and easy to use.

Download the Free Permissions Analyzer Tool Today!

 

WServerNews - Editors

Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit and has been author or series editor for almost fifty books mostly published by Microsoft Press. Mitch is also a ten-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com.

Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also manages research and marketing for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.