Vol. 24, #23 - June 10, 2019 - Issue #1235
Free Tool for Monitoring Exchange Server Status & Performance
The Factoid in last week's newsletter drew some length comments from some of our readers so we're devoting this issue to sharing some of the feedback we received. For those who might have missed it or forgotten, here is the factoid and question from the previous issue:
Fact: PCs running Windows XP and Windows Vista are still around, but XP machines are about 15 times more common than machines running Vista.
Question: How many of our readers actually deployed Windows Vista at their workplace?
If any other readers have comments they'd like to make on this subject you can send them to us and we'll share them in the Mailbag of our next newsletter. Email me at [email protected]
And the Mailbag in this week's newsletter has some thoughtful feedback from our readers about the guest editorial in last week's newsletter titled "AI, insuretech and cybersecurity" and also a comment about the issue two weeks ago which was titled "An infosec horror story." Be sure to read these comments from our readers if the topics of the last two newsletters interested you.
In the meantime enjoy this week's newsletter and don't forget, if you have a question or problem with anything IT related you can send it to us and we'll make it an Ask Our Readers item to tap into the collective expertise of our subscribership of 500k IT pros around the world who hopefully can help you solve the issue you've been facing.
Mitch Tulloch, Senior Editor
I used Windows Vista. Honest.
Murat Yıldırımoğlu from Reading, UK says:
When Vista was released, the reaction was far from promising. Everybody criticised it. But Mark Russinovich wrote highly about it and I decided to try it.
I have never regretted.
Vista has been an underrated OS. I installed it on my computer, on my sons' computers and on my clients' computers. Nobody regretted it. Because Vista was a great product contrary to popular belief.
And people who appreciate Windows 7 but despise Vista do not know what they are talking about.
First, aside from names of the operating systems, they have numerical version Ids:
It means there is a huge jump from XP to Vista. And almost nothing is changed from Vista to Windows 7, except some cosmetic changes which make unwise crowds happy.
Let's see the novelties coming with Vista:
These features were more than enough for me.
Sure, we deployed it.
Mark Van Noy from the University of Colorado Boulder says:
We had Vista running on just over 1,000 computers in the labs alone by the end of the summer the year it was released. Vista worked great for us and I would argue that the UAC settings were much better than they are out of the box from Windows 7 and later. But really, Vista is still being run by all of us given that it was the last major update to the Windows NT line. Vista was NT 6.0, Windows 7 was NT 6.1, Windows 8 was NT 6.2 and Windows 8.1 was NT 6.3 much like Windows 2000 was NT 5.0 and Windows XP was NT 5.1 then NT 5.2. Microsoft jumped Windows 10 up to NT 10.0, but from what I can tell Windows 10 did not actually make any major changes to the kernel or anything else that would warrant a major version revision so it is realistically probably NT 6.4 or 6.5.
I went to the launch event.
Jeffrey Harris says:
I never worked for any companies that deployed Windows Vista, but I did go to a Microsoft launch event for Vista, SQL Server 2008 and Windows Server 2008 (the original 2008), and they gave me a promotional copy of Vista. I did install that on one of my personal computers for a while, and I still have my official Microsoft Windows Vista Client Training Kit.
Are you serious?
Perry Wallace from Montana, USA says:
The first thought I had when you asked the question was, "Are you serious?" :-)
I wrote the book!
And finally Your Editor says, "I wrote the book!" And it's still available if you want to deploy, use and maintain Vista in your environment:
We also had almost 100 experts inside Microsoft contributing technical insights for this book and also for its even more popular successor:
Although Vista has been EOL'd for a while now and the wheels are about to come off Win7 soon too, if enough readers buy the remainder copies of these books maybe the royalties will help me be able to retire to Florida.
So buy my books!
WServerNews goes out each week to more than 500,000 IT pro subscribers worldwide! That's a lot of expertise to tap into. Do you need help with some technical problem or are looking for expert advice on something IT-related? Ask Our Readers by emailing your problems and/or questions to us at [email protected]
Got any IT pro tips you'd like to share with other readers of our newsletter? Email us at [email protected]
In last week's newsletter we published the following tip from one of our readers named Ted:
Hi Mitch, the first line of defense that I use is to make sure the computer user's account does not have administrative permissions. That includes my own account for my day-to-day activities. That way, if any malware tries to install something the administrator authentication message pops up as an immediate warning. Some users are computer literate enough that I have provided them with a second account which does have administrative permissions. They are instructed that they must only use that if installing a program, or some other task that they have initiated. They must not use it for normal operations. Windows Defender is the second line of defense. It seems to work well without taking over the computer and slowing everything down.
I should emphasize that the administrator of a system should not give administrative permissions to his or her own account. There should be a separate administrative login (and not the default Administrator account) which is used to administer the system. This strategy helps protect the system because even the system administrators are checking their email and surfing the web using a restricted account. It's also useful because the administrator can say that his or her own account is restricted when explaining things to the other users.
When I give a user an administrative account, I use the same user name and password but add 'A_ to both the username and password. For example the user ImaUser with password LetMeIn2U would have a second account A_ImaUser with password A_LetMeIn2U. It's important that the password be different so that the user doesn't log in to the wrong account accidentally. These user administrative accounts usually have very limited permissions like only being able to administer only the user's own computer.
A quick question to ask your readers: Does your everyday account have administrative permissions?
This drew responses from several of our readers:
Does your everyday account have administrative permissions? No definitely not. I run my own user account strictly as a plain user. Myself and each other member of my team has his own administrative account and that is used separately from their user accounts. -- Charles who is VP for IT for a legal firm
While I agree with the concept of a different admin account from the standpoint of least privilege, I do not think running separate accounts is practical. I need my administrative credentials multiple times a day to access file shares. Even if I was logged in with a standard user account, as soon as I authenticate to a share with my required credentials I am in effect running as the admin account. The same thing applies to other resources; as soon as I authenticate to those resources I am accessing them as an administrator even if the account I log into the computer is a non-administrative user. This level of least privilege is was UAC/sudo were designed to accomplish. Just make sure UAC is turned all the way up instead of the lowered level it is set to by default and whatever account that is logged into the system will run as a non-administrative account until elevation is required and then it will prompt. On many of our computers we also use the GPO settings to push UAC to an even more restrictive setting that requires ctrl-alt-del to be pressed before your credentials are entered. This GPO setting with the highly restrictive UAC was Microsoft's original design and it prevents other software from spoofing information on top of the UAC prompt. Realistically, the need to run two different accounts ended with Windows XP if the built in security tools are fully utilized. (Don't even get me started on the awesomeness that is Integrity Levels that have been there since Vista.) --Mark who works in Endpoint Management Services
If any other readers want to continue discussing this topic you can email your thoughts to me at [email protected]
GOT ADMIN TOOLS or other software/hardware you'd like to recommend? Email us at [email protected]
Do you want to prevent the loss of emails and thus valuable information for your business? Then have a look at the email archiving solution MailStore Server. A free trial can be downloaded from the vendor's website:
Get the must-have FREE backup and recovery tool for any workload. It provides all the capabilities included in Veeam Backup & Replication Standard edition for FREE for up to 10 VMs.
Altaro VM Backup removes the complexities of backing up Hyper-V & VMware. Easy to use, sets up within just 15 mins & comes with the best deduplication in the industry. Download the free copy here
Sumatra PDF is a PDF, ePub, MOBI, CHM, XPS, DjVu, CBZ, CBR reader:
MailBird is an IMAP and POP3 email client, featuring customization, complete touch support and multiple language support:
AutoHotkey is the ultimate automation scripting language for Windows:
Last week in "AI, insuretech and cybersecurity" we featured a guest editorial by Brad Smith of #TurnOnVPN that examined the use of AI in the insurance industry, where are we today, and what's probably coming next. A reader named Jeffrey who works full time for a company that sells health insurance and provides health insurance services responded at length to Brad's article with the following comments which I've edited a bit for presentation purposes:
There are so many things about this article I can dissect. I will just mention a few.
On-demand insurance plans
I do not see how these can be cost effective for drivers. The whole point of insurance (both auto and health insurance) is to spread the risk so the insurance company can make money. It is the same reason the Affordable Care Act included an individual mandate -- Congress and insurance companies did not want people to only buy health insurance when they really needed it (such as just before expensive surgery) and drop it afterwards. If companies are offering on-demand insurance, there is no way to spread the risk for the days those people are not driving and someone else is -- except by increasing premiums either to those drivers, or other drivers. And for anyone with an auto loan, how do they satisfy the lending requirement to keep insurance in force (particularly damage insurance for the vehicle itself) if they can just drop it on demand? How can they satisfy states laws that require liability coverage while the vehicle is registered?
Insurance companies ARE already basing premiums on more factors than just previous claim history, age, driving record and marital status. A number of insurance companies offer discounts for utilizing data collection devices (for example, Progressive calls theirs Snapshot), but hidden in the fine print for the use of these devices is that insurance companies can raise rates based on driving behavior collected by the devices -- speeding, sudden breaking, swerving, etc. The use of expansive smartphone data is the holy grail of data mining, and thanks to poor phone security (both in apps and operating systems), badly written and ignored user agreements, and indifference or lack of understanding on the part of users, many apps are leaking data without users knowledge today. I only expect that to become worse as phones and apps continue to evolve.
VPNs and encryption
I did not understand the comment about "encrypting your entire network data traffic with a VPN". Last time I checked, firewalls were designed to protect networks from leaking data, and VPNs were created to protect snooping from the user's machine to the endpoint of the VPN connection, and to provide a measure of privacy while accessing sites on the Internet (to the extent the user does not compromise that "anonymity" through browser fingerprinting or authentication to specific sites). And the privacy and security of a VPN connection is only as good as the security, reputation and user agreement of the VPN provider.
The role of compliance in restricting AI is, in my opinion, overrated. Insurance companies use AI for a number of purposes today, and continue to expand their use, and other than perhaps some complaints about biases in AI models that may affect insurance pricing (which are correctable), regulators are not expressing any concerns in public that I have heard about regarding the use of AI for fraud, diagnostic purposes, or any other insurance function. I would like to hear of any sources to substantiate the idea that regulators are restricting the use of AI for insurance companies, or that compliance departments within insurance companies are affecting the deployment of AI.
Any more thoughts on this from our newsletter readers? Email me at [email protected]
And two weeks ago in the newsletter titled "An infosec horror story" we shared a series of tweets by Dr. Vesselin ("Vess") Bontchev, a Bulgarian information security researcher who described how an organization shot itself in the foot by using the kind of business IT process that was in common use two decades ago. Larry, a Senior Systems Analyst in Virginia, USA responded to this as follows:
There is a solution to Vess's problem. Buy the software needed to certify and sign the macros. Off the top of my head I do not know what that is, but I know it's available and probably very expensive.
I have been in the ladies position. I created macros in excel to analysis monthly data. Without the macros a 15 minute task would take about 2 days and would be nowhere near as accurate. Those excel files were shared among a small team of people. However nobody wanted to pay to get the macros certified and signed.
And there's the bottom line probably for most infosec horror stories -- being unwilling to budget the money necessary to use appropriate technology and instead just making do with what you have on hand :-(
Any more reader comments on this? Email me at [email protected]
We've already shared the reader feedback we received to last week's factoid and question, so let's move on now to this week's factoid:
Fact: "While some species of bamboo produce blossoms as often as once every three years, many of them flower at extremely long intervals, between 40 to 80 years… Perhaps even more surprising than the long intervals at which they flower is the fact that all plants of the same stock of bamboo will bloom at the same time, and then die, no matter where they are in the world."
Question: Does this mean the roots of all bamboo trees around the world are connected in some mysterious way? Or bamboo trees are imbued with some sort of primeval consciousness so they can communicate with one another to decide collectively when they're going to decide to flower?
Shades of the Twilight Zone -- ack!
Seriously though, does anyone here remember watching the original Twilight Zone series on TV when they were young? Or how about The Outer Limits? What was your favorite (or scariest) episode of either series? Email your answer to [email protected]
>> Got an IT conference happening in North America that you'd like to promote in our newsletter? Email us at [email protected]
Nov 4-8, 2019 in Orlando, Florida
Microsoft Business Applications Summit - June 10-11 in Atlanta, Georgia USA
Microsoft DevDays - June 17-21 in Redmond, Washington USA
Microsoft Inspire - July 14-18 in Las Vegas, Nevada USA
Microsoft Ignite - Nov. 4-8 in Orlando, Florida USA
Gartner Security & Risk Management Summit - June 17-20 in National Harbor, Maryland USA
Cyber Security Summit - June 27 in Washington D.C. USA
RSA Conference 2019 - July 16-18 in Singapore
Cyber Security Summit - July 18 in Seattle, Washington USA
Black Hat USA - August 3-8 in Las Vegas, Nevada USA
Cyber Security Summit - August 27 in Chicago, Illinois USA
Cyber Security Summit - Sept. 25 in Charlotte, North Carolina USA
Cloud & DevOps World - June 12-13 in London, England
Microsoft Inspire - July 14-18 in Las Vegas, Nevada USA
SPTechCon - August 25-28 in Boston, Massachusetts USA
VMworld - August 25-29 in San Francisco, California USA
Creating failover clusters in System Center Virtual Machine Manager
While there is technically nothing wrong with creating failover clusters from within the Failover Cluster Manager, here's what we believe is a better way.
Password management best practices every SMB must follow
Hacks and data breaches cost the global economy dearly in 2018. The losses are estimated to reach a staggering $6 trillion by 2021 if the hacking trends continue.
Make the right call: How to choose the perfect VoIP service provider
VoIP is a no-brainer for businesses. But choosing the right VoIP service provider can cause headaches. This guide will point you in the right direction.
Recovering your root password in a Red Hat OS base Linux
Can't remember your root password in a Red Hat OS base Linux? No worries. Here's how to recover it quickly in a few easy steps.
A win for privacy: Tor Project releases Android browser full version
Privacy-minded Android users have a lot to be excited about with the new Tor browser release. Here's more about the browser with a link to download it.
Table Tennis World Champion Epic Final
Former Table Tennis World Champion Jean-Michel Saive ends his career with this epic final point against Julien Meurant:
Magician Eric Chien's Amazing Performance
Eric Chien, the current world champion for close-up magic, performs some of the most beautiful magic we have ever seen:
Orangutan's Amazing Reaction To An Amazing Magic Trick
Watch this amazing magic trick and see the equally amazing reaction of the orangutan:
Dancing At The Mall And Making Money
Sven Otten dancing at the mall and taking money to the song 'Delight' by Jamie Berry featuring Octavia Rose:
Web Browser Comparison: How Chrome, Firefox, IE, Edge Stack Up
Google Chrome dominates the web browser market, but Firefox, IE and Edge all have a presence in the enterprise. Each comes with different management capabilities and features. Learn more here.
KVM Troubleshooting in Six Simple Steps
KVM is a well-known hypervisor that is free to use and works well. However, being able to do some basic KVM troubleshooting is a key skill that will help when things go a bit awry.
Evaluate Each Side in the VDI vs. RDS Debate
The difference between a VDI and an RDS desktop may be small for users, but for IT, the decision of how to host its virtual desktops is extremely important.
Understanding What Azure AD Federation Really Means
A company that adopts SaaS apps to get work done can ease the transition by implementing a single sign-on method. Learn how to set up this arrangement in a secure manner.
Got feedback about anything in this issue of WServerNews? Email us at [email protected]
Free Tool for Monitoring Exchange Server Status & Performance
Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7www.mtit.com.Resource Kit and has been author or series editor for almost fifty books mostly published by Microsoft Press. Mitch is also a ten-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see
Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also manages research and marketing for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.