Vol. 22, #33 - August 14, 2017 - Issue #1144


WServerNews: Security Briefs

Free Tool: Permissions Analyzer for Active Directory 

Image

SolarWinds® Permissions Analyzer for Active Directory™ gives you instant visibility into user and group permissions and a complete hierarchical view of the effective permissions and access rights for a specific NTFS file folder or share drive – all from a user friendly desktop dashboard.  Browse permissions by group or individual user, and analyze user permissions based on group membership combined with specific permissions.  Unravel a tangled mess of file permissions: network share, folder, Active Directory, inherent, explicit, calculated and more.

Download the Free Permissions Analyzer Tool Today. 


Editor's Corner


In this week's newsletter we'll catch up on what's new, interesting, and scary in the world of IT security. We also have some tips and tools for you and some SHOCKING videos for your viewing entertainment. And an reader shares his success story in losing weight with the help of an iPhone app in the IT Pro Fitness Corner section of our newsletter. All this and more in this week's issue of WServerNews!

"There's an app for that" has become a commonplace answer in response to asking someone for help with something. I'm always amazed at how Scott Adams the creator of Dilbert manages to stay on the crest of technological developments in our fast-paced world. Here are a few samples of Dilbert comics that have to do with "apps" in some form or other:

http://www.wservernews.com/go/lhn7g16q/

http://www.wservernews.com/go/t0hfl3ua/

http://www.wservernews.com/go/p8arm011/

 

Ask Our Readers - Sharing files between Hyper-V host and Windows client (another response)

Way back in Issue #1134 Bad day for BA we put forth the following question from a reader named Geoff:

Thanks for your article:

http://www.wservernews.com/go/tt4k46fk/

Followed it and it worked -- have a Windows 10 Host and a Windows XP client. But after applying ransomware patch, the shared folders in the Windows 10 Host cannot be seen anymore by the virtual Windows XP, any advice you can give me to make this work again? tried recreating the shared folders but didn't work, Virtual WinXP can ping Windows 10 host, but when opening \\hostname of host\ or \\ip address of host\ , nothing. Would appreciate your advice.

In the following week's Issue #1135 Privacy briefs we included a response to this question sent in by Chuck Timon, a Senior Premier Field Engineer (PFE) at Microsoft. Last week in Issue #1143 Long term data storage we reopened this topic with an email from a reader named Hal who is a Managing Partner for a cloud services company based in Pennsylvania, USA and who said:


Hello... I don't think its a Hyper-V issue. In addition to Windows 10 and XP issues I also have found another possible related issue between with Windows 7 and Server 2016. As we know both Windows 10 and Server 2016 share a lot of the same "core" code. Windows 7 no longer is able to create File Locks when using Office 2010 to access Server 2016 File Shares. File locks using PowerShell seem to work just fine. When I set this up in my lab I was able to perform a SMB packet capture on the Windows 7 side and Server 2016 returned a file lock creation failure. It appears that Office is using a older API to implement file locking.

I guess Microsoft is no longer back testing against Windows XP nor Windows 7 so it appears that maybe we should not assume File Sharing compatibility with these older OS is guaranteed any more. Maybe if you had one of those special extended support contracts with MSFT then you might have access to patches that would correct these issues. I've searched the web several times looking for any blog or other posting on this issue and can't find any articles on this -- all the articles seems to be focused on locks that do get removed upon file close. Would appreciate any help.

A reader named Peter responded to our reopening of this topic with a question of his own:

Re the Geoff, Chuck and Hal conversation. I am not using this configuration but I wondered whether this might be that the folder sharing is working though SMB v1 APIs. Of course SMB v1 functionality has been disabled by Microsoft updates following the "Wannacry" outbeak. There is some advice around SMBv1 disabling and enabling which I have used to fix access to a NAS at:

http://www.wservernews.com/go/q8e5oziz/

http://www.wservernews.com/go/agb20q86/

http://www.wservernews.com/go/sjkxgrku/

It is possible the advice in these might help or trigger some thoughts on what to do?

If any other readers have observations or experience with this issue you can email us at wsn@mtit.com


Ask Our Readers: WServerNews has almost 100,000 subscribers worldwide. That's a lot of expertise to tap into. Do you need help with some issue or need advice on something IT-related? Got a question you'd like us to toss out to our readers to try and answer? Email us at wsn@mtit.com

And now let's look at what's new, exciting, and weird in the field of IT security…


Protect your cloud resources from DDoS attacks

AWS Shield Advanced from Amazon Web Services (AWS) looks like something that might be worth spending some extra money on if you host your organization's web apps and services in Amazon's cloud. I think the key benefit of the Advanced offering over the Standard one that's turned on by default for all AWS customers is that it gives you access to their 24x7 DDoS Response Team (DRT) who can be engaged before, during, or after a DDoS attack. For more information on AWS Shield see here:

http://www.wservernews.com/go/y6a4hkjb/

Microsoft Azure seems to provide some level of DDoS protection for all of their customers by default:

http://www.wservernews.com/go/50lnr4s9/

But as usual Amazon seems to be the innovator in this area while Microsoft keeps playing catch-up.

Evaluating the state of Android platform security

Can the Android platform be trusted for performing security- and privacy-sensitive tasks like online banking and payments? The site cpbotha.net looks back on 2016 and evaluates this question and comes down on the negative side in this blog post:

Android security in 2016 is a mess

http://www.wservernews.com/go/rh1vt1c2/

How do IT pro readers of our newsletter feel about using Android phones for such tasks? Email your thoughts to us at wsn@mtit.com while I trek down to the bank and fill out a paper withdrawal slip I can exchange for some negotiable paper instruments I can carry around in my Louis Vuitton leather wallet…

Android of course is used on more than just mobile devices. On Christmas Day last year a software developer named Darren Cauthron tweeted that an Android vulnerability on a family member's smart TV had become infected with ransomware after the individual downloaded a movie-watching app. His full tweet read as follows:

Family member's tv is bricked by Android malware. #lg wont disclose factory reset. Avoid these "smart tvs" like the plague.

http://www.wservernews.com/go/65ck98sh/

The Register published a follow-up story on this incident to explain how one can recover from the intrusion:

http://www.wservernews.com/go/wtgmodo8/

So while we know that watching TV can be hazardous to your health:

http://www.wservernews.com/go/srytwcfi/

this seems to take the problem to a whole new level.


Should we ditch Windows Server for Linux?

Maybe not. There have been several reports over the last year of new malware that targets Linux systems, for example:

Destructive KillDisk malware encrypts Linux machines, ESET reseachers discover

http://www.wservernews.com/go/2qmu0qpf/

Linux is not as safe as you think

http://www.wservernews.com/go/wdnjrfj0/

Some of our enterprise readers of this newsletter probably have both Windows Server and Linux deployed in their organizations. What's your experience lately in terms of which platform is more secure and easier to protect? Email your comments to us at wsn@mtit.com

Junk email blocking for the Mac

Vlade Ivanov sent us this one which may benefit some of you Apple Mac users out there who use Microsoft Outlook for the Mac:

Block unwanted email on a Mac

http://www.wservernews.com/go/pj1jwest/

The Dishwasher That Ate New York


Well let's hope that never happens. But with IoT security being in the sorry state that it is these days, such an occurrence could enter the realm of possibility someday as the following article illustrates:

Dishwasher has directory traversal bug


http://www.wservernews.com/go/icdmscp7/

And if that's not enough for us culinary geeks to worry about, there's now the danger that our Aga cooking range could get hacked:

http://www.wservernews.com/go/v0tws97q/


Personally I'd rather get wiped clean by a rogue dishwasher than get fried by a malicious oven.

 

Send us your feedback

Got feedback about anything in this issue of WServerNews? Email us at wsn@mtit.com


Recommended for Learning

Windows Server Training and Tutorials

These courses on Lynda.com teach you to set up and manage Windows Server. They cover everything from Active Directory to networking and file storage. Start watching these tutorials to solve your Windows Server issues today!

http://www.wservernews.com/go/5zkp2v6g/

 

Microsoft Virtual Academy

Skype for Business: Infrastructure Planning and Design

Upgrading from Lync Server to Skype for Business Server? Or skilling up for Microsoft exam 70-334, Core Solutions of Microsoft Skype for Business 2015? Check out the practical help in this course, the first in a series on Skype for Business infrastructure.

http://www.wservernews.com/go/c34co77l/


IT Pro Fitness Corner

Free iPhone app to help you lose weight using the 5:2 eating plan (by Philip Craig)

Philip Craig is an IT professional based in Australia who works in Remote Health IT support:

http://www.wservernews.com/go/19hee7to/

Philip offers the following tip for readers of our newsletter who have been trying to lose weight:

G'day Mitch! The best thing that has worked for me is a free iPhone App called EasyDietDiary In conjunction with the 5:2 calorie eating plan:

http://www.wservernews.com/go/wch04ga9/

Essentially the 5:2 plan recommends you eat 2 non consecutive days at around 600 calories, then the other 5 at normal intake (though I set my 5 days limit at 1800 calories a day):

http://www.wservernews.com/go/sbhgrrk3/

It really changed my eating habits, especially when you realize a couple of sweet biscuits can be the energy equivalent of a healthy filling sandwich, and as I have lost weight I don't feel as hungry anymore.

My exercise level is still pretty abysmal -- and I am sure I could significantly improve the results below if I got off my @rse!

Philp also sent us these screenshots to illustrate his success in weightloss with this plan:

Image

Image


Disclaimer: I'm not a certified fitness professional or nutritionist so take any suggestions made here "as is" with a grain of salt and a heaping supply of your own judgment. Help other readers of this newsletter lose weight and get fit by sending your own weightloss and/or fitness tips to us at wsn@mtit.com
  

Factoid of the Week

Last week's factoid and question was this:

A scientist from the University of Southern Denmark has developed a method of turning humble jellyfish into a potato chip-like food. What was the most "interesting" seafood *you* have ever eaten?

It looks like most of our newsletter readers either don't like or can't afford seafood because the only response we received to the above question was this:

Not an answer, but rather a sarcastic question: "humble jellyfish"??? How can they tell which jellyfish are humble? What about the jellyfish that are braggarts? Too salty? --Steve who works in IT for New York government

Speaking of salty, it seems that most movies portray hackers (i.e. the consummate IT professional) as living off pizza and potato chips. Maybe it's the salt in these foods that attracts them/us? Anyways, maybe the following "Hacker's Kitchen Guide" can guide you towards more healthy nutrition:

http://www.wservernews.com/go/keluqgdg/


Now let's move on to this week's factoid:

Fact
: LED light bulbs may cause headaches in some individuals.

Source: http://www.wservernews.com/go/zsfzi8tw/

Question: What are your own feelings about LED lighting? Have you experienced anything negative when using LED light bulbs instead of incandescent ones? Do you have any health concerns about using them in your home or workplace?

Email your answer to us at: wsn@mtit.com

Until next week, 

Mitch Tulloch

 

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

GOT ADMIN TOOLS or other software/hardware you'd like to recommend? Email us at wsn@mtit.com

Download the beta of Veeam Backup for Microsoft Office 365 1.5. Increased scalability and a new multi-repository, multi-tenant architecture for large Office 365 deployments and service providers.

http://www.wservernews.com/go/l4601458/

Outlook PST Password recovery tool is a proven and cost effective solution to recover all passwords which are applied to MS Outlook PST files:

http://www.wservernews.com/go/h1spv0d6/

Get-ComputerHardwareSpecification gets the hardware specifications of a Windows computer including CPU, memory, and storage:

http://www.wservernews.com/go/7888fxge/

Exchange Disaster Recovery Tool gets backup mailboxes and Recover Exchange Server Database after Disaster of Exchange Server:

http://www.wservernews.com/go/snvaiigx/

 

This Week's Tips

Windows 10 - Multiple Ways to Retrieve the Windows 10 Build and Version Number

Rod Trent's myITforum has a helpful tip you can use if you need to learn the Windows 10 Build and Version number of an installed PC (or set of PCs):

http://www.wservernews.com/go/6w0f68bo/

Hyper-V - Set up nested virtualization

Virtualization & Cloud Review has a walkthrough on how you can set up nested virtualization in Windows Server 2016 and in Windows 10 Professional or higher:

http://www.wservernews.com/go/vu12fjup/


SCOM - Enable Agent Proxy using PowerShell

Mitch Garvis explains how to enable the System Center Operations Manager (SCOM) Agent Proxy using PowerShell in a way that you won't need to ever do it again:

http://www.wservernews.com/go/naioysnp/


Events Calendar


Do you know of any other IT conferences or events that you think readers of this newsletter might be interested in knowing about? Email us at wsn@mtit.com with the name, date, and location of the event along with the event URL.

Experts Live Europe on August 23-25, 2017 in Berlin, Germany

http://www.wservernews.com/go/tf49as0b/

Microsoft Ignite on September 25-29, 2017 in Orlando, Florida

http://www.wservernews.com/go/e055shs3/

IT/Dev Connections on October 23-26, 2017 in San Francisco, California

http://www.wservernews.com/go/x6bwr38a/

SharePoint Unite on October 24-26, 2017 in Haarlem, Netherlands

http://www.wservernews.com/go/9y19lpow/

DEVintersection on October 31 - November 2, 2017 in Las Vegas, Nevada

http://www.wservernews.com/go/37n16qm7/

European SharePoint, Office 365 & Azure Conference on November 13-16, 2017 in Dublin, Ireland

http://www.wservernews.com/go/vadl74v5/

SharePoint Fest on December 609, 2017 in Chicago, Illinois

http://www.wservernews.com/go/ryz088re/

Add Your Event

PLANNING A CONFERENCE OR OTHER EVENT you'd like to tell our 100,000 subscribers about? Contact info@techgenix.com


New on TechGenix.com

11 networking commands every Windows admin should use

Windows is jam-packed with networking utilities that can be accessed only at the command line. Many are past relics, but you can feast on these leftovers.

http://www.wservernews.com/go/lr68daru/


Querying and identifying static DNS records with PowerShell

We explain how you can use a simple PowerShell script to get a list of static DNS records and identify the entries that are no longer needed.

http://www.wservernews.com/go/ekwe8ehk/


Microsoft announces deeper integrations for Intune and Azure AD

New enhancements to Intune and Azure AD make it easier for users to access the web apps and resources they need from anywhere without disregarding security.

http://www.wservernews.com/go/6bjuw2f3/


Step-by-step guide: Azure portal dashboards

In this second part of our three-part series on administering your Azure environment, we take an in-depth look at creating a using Azure portal dashboards.

http://www.wservernews.com/go/reo3qk0z/


Azure Service Health offers new health dashboard in Azure portal

Azure Service Health is a new dashboard within the Azure portal that can help you keep track of changes that might impact your Azure resources.

http://www.wservernews.com/go/o74jljrh/

 

Tech Briefing - Governance and Compliance

 

Evaluating Risk with the NIST Cybersecurity Framework Risk Assessment Checklist

From Azure Government Cloud

http://www.wservernews.com/go/5y7f9255/


Data breaches are more damaging than many natural disasters

From the IT Governance Blog (UK edition)

http://www.wservernews.com/go/1c8beufl/

Getting Beyond Lift-and-Shift on Azure Government Video -- Part 2

From Azure Government Cloud 

http://www.wservernews.com/go/psqiceuc/

4 out of 5 organizations don't know where their sensitive data is located

From the IT Governance Blog (USA edition)

http://www.wservernews.com/go/aj6gfazz/


Ireland sets digital age of consent to 13 ahead of the GDPR

From the IT Governance Blog (EU edition)

http://www.wservernews.com/go/0r67p9fp/


Other Articles of Interest

Digital transformation projects cry out for a human touch

Don't do digital for digital's sake, CIOs and industry observers say -- solve a business problem. Access this article to learn more about what digital transformation really means, and what it should look like for you. Also: SoftBank grabs Boston Dynamics; Apple launches Siri-powered HomePod.

http://www.wservernews.com/go/m49vqdnk/

When to use Docker alternatives rkt and LXD

Docker can't meet the needs of every IT scenario. LXD and CoreOS rkt are additional container formats to try out when Docker doesn't make sense. Access now to find out some of their most appropriate use cases.

http://www.wservernews.com/go/i04cnir0/


How should you use containers in your virtual environment?

Container technology is good for workloads that require fast iteration and portability, but management, resilience and security are important challenges to take into account.

http://www.wservernews.com/go/37rsw85s/


Securing Privileged Access program builds wall against attacks

Administrative privileges are perhaps the biggest target for attackers. Microsoft's Securing Privileged Access program helps admins and security teams decrease that threat level.

http://www.wservernews.com/go/5dmhqumd/

 

WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff

GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at wsn@mtit.com

Lightning is dangerous, but it can be fun too. Here are some videos that will shock you!

What Happens When Lightning Hits A River?

Check out this controlled explosion by an Engineering company:

http://www.wservernews.com/go/idyh78b0/


Close Call of the Day - Spectacular Lightning Strike

Storm-chaser William Phuoc happened to be in the right place at the right time to capture footage of a spectacular cloud-to-ground lightning strike:

http://www.wservernews.com/go/g7pggipf/


Very Close Lightning Strike

A lightning strike hits a tree 20 feet from the camera. Whew!

http://www.wservernews.com/go/9yump3ya/


Top Gear: Car Lightning

What would it be like, if you were struck by lightning while in your car?

http://www.wservernews.com/go/2gisyie6/

Hilarious Stove Repair Electric Shock

Turns out there's a reason you're supposed to turn off the breaker before messing with wires:

http://www.wservernews.com/go/luexpxw9/

WServerNews - Product of the Week

Free Tool: Permissions Analyzer for Active Directory 

Image

SolarWinds® Permissions Analyzer for Active Directory™ gives you instant visibility into user and group permissions and a complete hierarchical view of the effective permissions and access rights for a specific NTFS file folder or share drive – all from a user friendly desktop dashboard.  Browse permissions by group or individual user, and analyze user permissions based on group membership combined with specific permissions.  Unravel a tangled mess of file permissions: network share, folder, Active Directory, inherent, explicit, calculated and more.

Download the Free Permissions Analyzer Tool Today. 

WServerNews - Editors

Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit and has been author or series editor for almost fifty books mostly published by Microsoft Press. Mitch is also a ten-time recipient of Microsoft's Most Valuable Professional (MVP) award for his  outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com.

Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also manages research and marketing for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.