Vol. 22, #22 - May 29, 2017 - Issue #1133
Free Tool: Permissions Analyzer for Active Directory
In this week's issue of we share some helpful feedback from our readers concerning two Ask Our Readers items from last week's newsletter, namely, how to repair a broken CMOS battery holder and how to set up a second WiFi network that has Internet access but is isolated from your main WiFi network. We also have news about an URGENT issue regarding a recent Windows update that can affect certain systems running Windows Server 2012 R2. All this and more in this week's issue of WServerNews, your favorite IT pro newsletter!
Speaking of isolation, it's often helpful when troubleshooting a problem to try and isolate different aspects and conditions that may be involved. This classic Dilbert comic strip illustrates this useful troubleshooting principle:
Do you keep YOUR phone's battery charged?
Ask Our Readers: WServerNews has almost 100,000 subscribers worldwide. That's a lot of expertise to tap into. Do you need help with some issue or need advice on something IT-related? Got a question you'd like us to toss out to our readers to try and answer? Email us at email@example.com
An alert Microsoft MVP friend told me about a potential problem some users may encounter with the latest monthly rollup of updates from Microsoft. The monthly rollup was released on May 9th and is described in KB 4018217 which can be found here:
A reader named Fritz from Alberta, Canada sent me the following interesting email recently:
I have just found this little jewel, to mount the reader as a folder. Thanks so much for this bit of advice. One of the new card readers wants 12 drives. I only have 4 letters available. So this is welcome news.
I do have a question. It is in regards to flushing the write buffer. If a drive letter is assigned, the card needs to be ejected to make sure all files are closed prior to removing the card. But there is no such function available for a folder. Have you found any problems with just pulling the card when done, or do you at least close the folder (as in going elsewhere). What are your thoughts on this issue?
I was a bit puzzled so I responded by asking Fritz what "little jewel" he was referring to and he replied:
It is your posting "Drive letters and USB multi-card readers" on WindowsNetworking.com here:
I have set up the mounted folders as you described, and they work great in Win 10, but I had the question regarding "ejecting" as it's used for removable drives. I understand that the reason for ejecting removable drives is to flush the write buffers before a card is removed. So my question is, how does the flushing of buffers work with mounted folders? If you have an answer I would appreciate it.
That tip was written by me way back in 2009 and I don't have any further insight into what Fritz is talking about. Perhaps some of our readers can offer some comments? Email me at firstname.lastname@example.org
In the previous issue a reader named Alain sent us some details of a wireless networking scenario he is trying to achieve:
Wireless is setup to have secure WIFI (for our staff to access servers / files /printer etc) as well as Guest access (for visitors in meetings, who can't access our servers etc). Guests cannot access the network. All working perfectly.
New TRAINING Network requirements:
WIFI to be set up with a separate SSID: "Training" with different passcode (to allow access to separate printer on that network), as well as a Separate Guest network which allows internet, but no access to network resources)
Would the settings I have suggested above work out? I need to ensure that there is absolutely no access to our main network connected to the first Router, from anything connected to the second router.
Several readers offered comments concerning Alain's question. We'll start off with the following suggestion by Bill from Illinois, USA:
Subnet Mask on training network needs to be 255.255.255.0, not 255.255.0.0.
Gateway on training network needs to be 192.168.192.1, not on the 67 network.
Public IP (NAT) address on training network router (which is the port connected to the main network) needs to be within the .67 subnet, such as 192.168.67.250.
However, this configuration will NOT work as expected, as anyone on the .192 subnet will have full access to the .67 subnet. This can be limited by setting up firewall rules on each machine to block the .67 subnet explicitly, but this is not very efficient.
A much better solution would be to replace the TPLink router with a 3-port router which supports a proper DMZ network. Then, the users on the training network can be piped into the DMZ, which can have connectivity to the Net without access to the LAN.
David from Michigan, USA made the following suggestion:
The reader named Alain states that the training network only needs access to the internet and not to the production network. There are a number of ways to do this.
The easiest way is to set up the training network on the Guest WIFI as long as the devices in the training network are wireless ready. The problem with this solution is the Guest WIFI, if properly setup, may be operating in AP Isolation mode (client isolation) preventing one wireless guest user from seeing another wireless guest user. The wireless printer, if placed in the Guest WIFI network may not be accessible from devices if the WIFI is operating in AP Isolation mode.
The best solution is to place the Training Network's router on its own public IP address but this means that Alain's ISP connection must have more than one static IP. This way the traffic from the Training Network never needs access to the Production Network's IP space. All the features of the Training Network's router can then be utilized as needed.
The worse solution is to place the Training Network behind the Production Network. This allows the Training Network to access the Production Network devices as if the Production Network is the DMZ to the Training network. You could always put the Production Network behind the Training Network but this creates a single point of failure for the Production Network if the Training Router fails.
When I layout Networks for my clients, I adhere to the KISS principle -- Keep it Simple Stupid. The fewer pieces of equipment the better. By daisy chaining a router behind a router, you are creating dependencies and single points of failure in addition to possible unwanted security holes.
I recommend getting a block of static IP addresses from your ISP and isolate the traffic of the Production Network, the Training Network, and the Guest Network with each network on their own Routers.
Of course, there are other ways involving vLans, layer 3 switches, and better routers…
It's been many years but I was involved in a number of these scenarios in an education environment. In every case the student network was completely physically separate from the work / teacher network. Separate LAN, separate switches, separate routers, separate internet connection, separate everything. We did not want some precocious child accessing the admin network. I hope that helps.
Got feedback about anything in this issue of WServerNews? Email us at email@example.com
Watch Microsoft Build sessions on-demand on Channel 9
Certification Exam Overview: 70-532: Developing Microsoft Azure Solutions
IT pros who program, implement, automate, and monitor Microsoft Azure solutions, and are prepping for Microsoft Certification Exam 70-532 (part of the Azure Certification series), will find this a practical training course. Microsoft Certified Trainer Brian Swiger reviews exam concepts, explores specific topics and details, develops a study strategy, and provides exam tips and additional resources. Watch here.
Last week's factoid and question was this:
In the intro to this week's newsletter I reported that I had experienced a "snafu" updating a Win10 machine to Creators' Update. Not immediately remembering the origin of this word "snafu" I tried searching for a Dilbert comic strip that used it but my search came up empty. So I googled the word and of course I remembered then its military origin. Do you know any more, er…interesting acronym of military origin? Nothing too raunchy please ;-)
A number of readers commented with the totally obvious suggestion (which I should have seen coming) of FUBAR which several readers explained in detail:
The acronym that first came to mind for me was FUBAR -- "fouled" up beyond all recognition (F-word changed for G-rated newsletter) --David from Florida, USA
FUBAR is the Vietnam era version of SNAFU. --Maury from the Netherlands
FUBAR -- f**ed up beyond repair. It was cleaned up in Digtal's Equipment's VAX WMS as Foobar -- the error registrator. -- Ted from Illinois, USA
I am sure others have suggested, "fubar". As I remember it , "fouled up beyond all recognition", or something like that. I heard it a lot during my years at the US Military Academy at West Point, since I seemed to be "he who fouled up", apparently a lot, spending many hours marching punishment tours... But that was almost fifty years ago, so my memory may have forgotten some. --Bob, a retired Major in the USAF
Who can forget FUBAR? It's attributed to the same time period as the other example, SNAFU. Let's just say it stands for, how should we put it… Fussed Up Beyond All Recognition. Both of these acronyms were a more colorful way of stating the truism that, as a Prussian general (Helmuth von Moltke) put it, "No plan of operations extends with any certainty beyond the first contact with the main hostile force." Or more simply: no plan survives first contact with the enemy. Perhaps those in the trenches felt that NPSFCWTE didn't roll off the tongue quite so well. One a side note, not related to acronyms: the people crafting these sayings were actually quite good at figuring out ways to deal with situations that were, well, FUBAR. A number of texts talk about how American GIs would use their own initiative in situations, where other soldiers might sit and wait for orders. --Thomas from San Diego, USA
Well that sure as heck beats Six Sigma ;-)
Don from Iowa sent us this one:
BOHICA: Bend Over Here It Comes Again!
Ouch!! And finally Frank from Germany point us to the following resource:
I think „fubar" (or „foobar") is the most well known acronym of military origin - at least in the IT space… but there are a lot of others as this
Wikipedia site lists:
I'm sure this list can't be complete given the inventiveness (foobarishness) of the G.I. Joe's in the US Army. Maybe some of our readers with military experience can offer some more?
Anyways, let's move on to this week's factoid:
Fact: he last words of Henry Royce, co-founder of Rolls-Royce, were: "I wish I’d spent more time, in the office."
Source: The Financial Times (paywalled)
Question: What are some other notable last words of famous people that have inspired, amused, or infuriated you?
Email your answer to us at: firstname.lastname@example.org
Until next week,
GOT ADMIN TOOLS or other software/hardware you'd like to recommend? Email us at email@example.com
Challenger lets you encrypt at a data and directory level:
Hushmail is a hosted web-based service that provides enhanced email security to keep your data safe:
PuTTY is a free implementation of SSH and Telnet for Windows and Unix platforms, along with an xterm terminal emulator:
GOT TIPS you'd like to share with other readers? Email us at firstname.lastname@example.org
Moti Bani has a post on how you can secure your Bitlocker-enabled devices against a common attack vector, namely a Direct Memory Access/Side channel attack:
Nathan Gau explains how you can use System Center Operations Manager (SCOM) to various PowerShell Exploits that are commercially available for download and use:
Lee Stevens explains how to use PowerShell to successfully remove a RemoteApp server from a server pool:
Microsoft Worldwide Partner Conference (WPC) on July 9-13, 2017 in Washington, D.C.
Microsoft Ignite on September 25-29, 2017 in Orlando, Florida
PLANNING A CONFERENCE OR OTHER EVENT you'd like to tell our 100,000 subscribers about? Contact email@example.com
The enterprise’s shift toward storage virtualization -- explained
Storage virtualization makes it deceptively simple to allocate space. You gain the ability to affect more systems, and you are free to do whatever you want.
Comparing VSTO and Office Web add-ins [Video]
Microsoft Office is a great tool that can be made even better with add-ins. Here we compare the differences between VSTO and Office Web add-ins.
Office 365 vs. Hosted Exchange: Which should you be using?
When it comes to business email hosting, most companies must choose between Hosted Exchange and Office 365. Which one is better? Let’s find out.
Keep attackers out: Introduction to Azure web application firewall
Azure web application firewall can help IT administers protect their web applications from a wide range of malicious attacks.
More the merrier? Why you should consider a multicloud strategy
The cloud is here to stay. Now the question is, should you stick with one cloud provider or take a multicloud approach? Here are some facts to consider.
Weekend Reading: Amazon Aurora: Design Considerations for High Throughput Cloud-Native Relational Databases (All Things Distributed)
Thoughts On The AWS Outage (Cloud Architect Musings)
WannaCrypt attacks: guidance for Azure customers (Microsoft Azure Blog)
Azure Blueprint illustrates the clear path to meet the Cybersecurity Executive Order (Azure Government Cloud)
Managing network settings on Red Hat Enterprise Linux (IT Pro Central)
Mysteriously Disappearing Start Menu Tiles and Roaming User Profiles (Ask PFE)
Getting the number of mailboxes per database in your Exchange Organization (IT Pro Central)
Exchange 2016 RecoverServer (250 Hello)
Thoughts on Citrix's potential sale: 2017 Edition. This time it feels different.
Each year there are rumors about Citrix being acquired, but this time it might actually happen. But, who would buy Citrix? And, why would they be for sale? Find out the latest news surrounding the potential sale of Citrix.
Why the desktop-as-a-service model hasn't taken off
DaaS has a presence in the market, but adoption hasn't skyrocketed like some expected. Experts pondered the reasons in a roundtable discussion at IDC Directions. Find out what they discussed.
Samsung Knox gives IT control over Android OS updates
A common problem in organizations is users being able to update the operating system on their mobile devices without IT having any control. As a result, some business apps may not work, because they don't support the new version of the OS. Knox's E-FOTA feature lets IT test Android OS updates before users install them on their Samsung devices, preventing apps from breaking.
Windows 10 migration plans hit a wall
Microsoft's free Windows 10 upgrade offer boosted adoption last year. But now, without that incentive, businesses are holding onto Windows 7 for as long as they can. For some, the Windows 10 new features just aren’t worth the cost of new hardware. So, is the switch from Windows 7 to Windows 10 really worth the trouble?
GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at firstname.lastname@example.org
Dave from Australia sent us the following link to a cool video of a Lego train running through someone's house all done up:
10 MOST AMAZING Lego Machines
10 Most Incredible LEGO Creations
Lego Art 2017 Amazing Lego sculptures ever made 2017
Personally I was a fan of Meccano when I was a kid.
WServerNews - Editors
Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7www.mtit.com.Resource Kit and has been author or series editor for almost fifty books mostly published by Microsoft Press. Mitch is also a ten-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see
Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also manages research and marketing for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.