Vol. 20, #1 - January 5, 2015 - Issue #1011
Blame the software!
- Editor's Corner
- From the Mailbag
- Blame the software
- Tip of the Week - To dedup or not to dedup?
- Free White Paper: Office 365 for the Enterprise - How to Strengthen Security, Compliance and Control
- Recommended for Learning
- Microsoft Virtual Academy
- Quote of the Week
- Admin Toolbox
- Admin Tools We Think You Shouldn't Be Without
- Events Calendar
- Webcast Calendar
- Register for Webcasts
- Tech Briefing
- Cloud computing
- Enterprise IT
- Microsoft Azure
- Security and Privacy
- Recommended TechGenix Articles
- Recommended articles from websites in TechGenix Network
- Windows Server News
- Get equipped with the right cloud tools
- No background activity boosts Hyper-V host performance
- Testing updates for virtual desktop images
- How to update VMs with minimal downtime
- WServerNews FAVE Links
- Worlds Narrowest Ski Descent
- Jetman Formation Flight With Aerobatics Champion
- Timelapse Of A Jetliner Landing At Night In Chicago
- Best of Web 2014 by Zapatou - 213 Viral Videos in 7 Minutes
- WServerNews - Product of the Week
- Deep Packet Inspection for Quality of Experience Monitoring
- SAVE THIS NEWSLETTER so you can refer back to it later for helpful tips, tools and resources!
- FORWARD THIS NEWSLETTER to a colleague who you think might find it useful!
- SEND YOUR FEEDBACK to [email protected] if you have any comments or suggestions!
This week's newsletter is all about who gets blamed when a security breach happens at an organization. Usually when fingers start getting pointed the first culprit that gets blamed is the software running on the system that was compromised. But is this justified? That's what we'll explore in this week's issue of WServerNews, but before we do let's take a look at this classic Dilbert comic about who to blame when your computer locks up:
Well somebody has to be at fault, right?
Hotfix - Printing Preferences windows appears behind a RemoteApp
Microsoft has released a fix for an annoying issue that arises when you have Windows 7 SP1 client computers running RemoteApp programs on a Remote Desktop Services (RDS) server running Windows Server 2008 R2. The issue was then when you opened the printing preferences dialog it displayed behind the RemoteApp window instead of on top of it, which forced you to drag the RemoteApp window aside to access the printing preferences dialog. The hotfix that resolves this issue can be found here:
Note that if you have already applied the Remote Desktop Protocol (RDP) version 8.0 or 8.1 package to the Windows 7 SP1 computer then the above hotfix does not apply.
From the Mailbag - Prepping laptops and Tech Predictions
In the Mailbag of Issue #1010 WServerNews Crystal Ball - December 2014 Edition, a reader named John described OEM agreements that laptop manufacturers offer whereby they "produce a custom image, a .WIM file, ready for deployment from the OEM hidden partition on the hard drive. When it comes time to install, the machine is powered up the first time, just like any OOB setup, and the install process begins." Another reader named Antonio from Sydney, Australia commented on this as follows:
Here we don't have an OEM agreement with the laptop manufacturers who will then produce a custom image, but the other way round. We have agreement with the vendor for both notebook and desktop machines that we will supply them a corporate image with all the software (including Microsoft Office, Adobe Suite etc) for all the support models, and they will load the image to all new machines to us. The same image is also used by their support technicians for on-site replacement of hard drives. Once they replaced the hard drives, they are also responsible to load the correct image to the new drive and make sure that the machine(s) is running properly. This same image is also being used in-house to internal support to reimage the machine if the Operating System itself is corrupted.
We also received some feedback concerning our 10 predictions in that issue on where Windows Server and cloud computing are heading in the coming years, so we're including a short sampling here. First a reader name Joe from St. Louis, Missouri, USA, said:
You really struck a chord with me on HP imploding. I couldn't agree more. As an electrical engineer, I still use my HP41C with RPN as my daily calculator. My vintage HP test equipment still works as well as it did when it was made, and some of it is more than 50 years old. HP pioneered the plotter and laserjet printer industries, and I still have an old parallel-port 6P that gets used.
The beginning of the end was when HP bought Compaq and decided to split itself from its roots as a high-end equipment manufacturer. Now they're just a "me-too" computer company, and not a great one. The Hewlett-Packard name has been reduced to a consumer brand with nothing to set them apart. I wouldn't own anything they put their name on today.
It makes me sad.
Keep up the good work on the newsletter. I really like how diverse it is. It's one of the very few I actually read every week, and I'm not an IT pro. I'm one of the few who still integrates computers into manufacturing environments, and I use the tidbits and utilities you list in your newsletter to make my job easier. Plus I like the faves.
Thanks very much for your comments. Next, a reader named Erik said:
My take on some of your predictions:
Two: I totally agree and can't wait until it is released.
Four: I disagree that the Surface will go away. Maybe MS's version of it, but at a recent conference where two years earlier 100% of attendees had laptops and Ipads, now 25% or more had just a Surface. I agree though the price needs to come down.
Five: I think MS is already doing that.
Seven: I totally agree unfortunately.
You might need to refer back to our last issue to match Erik's comments with our predictions.
And now on to the main topic of this week's newsletter...
Blame the software!
Recently a colleague pointed me to a story on National Public Radio (NPR) titled "Snowden's Document Leaks Shocked The NSA, And More May Be On The Way". In this story the program host interviews a correspondent who "has covering the Snowden leaks since they became known in June" and the following comment by this correspondent caught my eye right away:
First of all, he was a systems administrator. And anyone who's dealt with an IT helpdesk knows the systems administrator in a network can basically get into any computer in that network.
Now, in this case, Snowden had even more access than a normal systems administrator would have, because the NSA was running a software program called SharePoint that's for file sharing. The idea was that analysts working on a task could see all the documents that might be relevant to that task. Edward Snowden, working in Hawaii, was actually administering that SharePoint program. He actually had the job of working with those documents, moving them around, downloading them if necessary. That's how he had access. Not surprisingly, the NSA is not using that program anymore.
Here's a link to the story if you want to read more:
I kinda groaned when I read this as it sounds like the NSA was blaming Microsoft SharePoint for the massive information leakage that resulted from Snowden's actions. If so then this is a typical example of the kind of reaction that the leadership of an organization has whenever a security breach is discovered: blame the software!
In my view this kind of reaction is almost always shown to be wrong once a full internal audit of the situation has been completed. Usually as the audit proceeds the assignment of blame gets progressively shifted as follows:
- Bam--you're hacked!!!
- Blame the software!!
- We also need to confiscate the server that software is running on!
- It looks like the admin is really the one we should blame--he went rogue.
- Wait--who hired this guy in the first place? What kind of controls did we have over him and why weren't they applied consistently?
- I think we all failed here, it's clearly a failure of our corporate culture. We need to do a full review of our security policies and processes for applying them.
- Let's move on, what's done is done. We just need to make sure it never happens again.
Notice the progression here from blaming tools (software and systems) to placing the blame on individuals (usually an administrator) to recognizing that inadequate businesses processes (security policies and controls) are the true culprit. Unfortunately as the blame gets shifted around its energy also dissipates, and while the end result is typically a tightening of security controls the issue of how those controls got weakened in the first place is usually not addressed.
The slippery slope of convenience
How does an organization that has developed a carefully crafted security policy, effective controls and clearly defined processes end up getting hacked? Often it happens for reasons of convenience, for example when an administrator needs to "bend the rules" in order to "get the job done". But the initiative behind such rule-bending is often not from the administrators themselves but from someone in corporate management above who informs the administrator that such-in-such is "high priority" and "don't tell me about proper process" but "just do it" etc.
Because of this the administrator has to violate the organization's own carefully crafted security policies and bypass those effective controls and jump over some of those clearly defined processes to satisfy the demands of his or her superiors. And so a firewall exception is made for that one corporate machine, or the permissions on those sensitive documents are relaxed so they can be copied, or an inexperienced person is added to a global security group, or...you get the picture.
Is there a solution?
Here indeed is the crux of the problem as far as IT is concerned: is there a solution that can prevent such things from happening? What makes this difficult is that it's not really an IT problem at all, it's an issue of corporate governance and responsibility. When it comes to options on how IT can respond to such demands, they can choose to:
- Complain loudly. Unfortunately you might get fired if you do this.
- Complain in writing. Now you're giving management even more ammunition in case they want to fire you.
- Shut up and obey. You'll still get fired if the requested action results in the organization getting hacked.
Or you can try the Fourth Protocol and simply try and be reasonable. Explain in a relaxed voice why the requested action can endanger not just the organization but the career of the individual who originally requested the action. Describe how your IT systems work and why the security controls you'd need to circumvent have been established in the first place. Ask the individual making the request to carefully weigh the risks of the action with the apparent urgency of its need. Seek understanding concerning why the requested action is viewed as high priority and urgent, and then suggest some possible alternatives to the requested action that might be performed but which would not circumvent the organization's security policy, controls and processes.Have any of you in IT ever been in a situation where you've been asked by management to perform some action that would require that you circumvent the security controls of your organization? How did you respond? Share your stories with us so the IT pro community can learn more by emailing us at [email protected]
Tip of the Week - To dedup or not to dedup?
If you're running Windows Server 2012 or Windows Server 2012 R2 and you're trying to decide on whether or not you should make use of the Data Deduplication feature of these platforms, make sure your first check out this TechNet page:
The key info you should review can be found in Step 2 point number 3 where the article summarizes which scenarios are great candidates for using deduplication, which ones you first need to evaluate based on their content, and which ones are bad scenarios for using deduplication.
GOT TIPS you'd like to share with other readers? Email us at [email protected]
Free White Paper: Office 365 for the Enterprise - How to Strengthen Security, Compliance and Control
Despite the range of functionality offered in Office 365, like any cloud-based offering, it cannot be all things to all customers. There are features missing in Office 365 that will prompt some customers to consider the use of third-party, cloud-based, or on-premise tools to enhance Office 365’s native capabilities with a particular focus on the security, archiving, and encryption capabilities. An analysis of the use of these O365 enhancement tools is the focus of this Osterman White Paper, based on a recent Osterman survey of IT professionals.
Recommended for Learning
Microsoft Press has just released another FREE EBOOK in their System Center series. The book is titled Microsoft System Center Introduction to Microsoft Automation Solutions and it was authored by Rob Costello and Richard Maunsell with myself (Mitch Tulloch) as Series Editor.
You can download the book in PDF, Mobi and ePub format here:
Get more free ebooks from Microsoft Press from this page on the Microsoft Virtual Academy:
Microsoft Virtual Academy
Here are several Microsoft Virtual Academy courses on security that you might want to check out:
What's New in Windows 8.1 Security
Defense in Depth: Windows 8.1 Security
Quote of the Week
"The best way to relieve stress is to do what needs to be done." --Your Editor
Until next week,
Note to subscribers: If for some reason you don’t receive your weekly issue of this newsletter, please notify us at [email protected] and we’ll try to troubleshoot things from our end.
Used by tens of thousands of system administrators worldwide for over 17 years, Hyena is known throughout the industry as one of the top AD and Windows management utilities available...at any price.
Automate Office 365 message tracking log generation for free with Promodag StoreLog v4. Archive the logs and easily use the data to analyze email traffic for reporting whenever you want.
Network Notepad is a network diagramming and flow chart tool offered as both freeware and professional editions:
VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware:
CADE is available in both freeware and professional editions lets you create network diagrams, flowcharts, schemas, maps and more:
Convergence 2015 on March 16-19 in Atlanta, Georgia, USA
Add your event
PLANNING A CONFERENCE OR OTHER EVENT you'd like to tell our 95,000 subscribers about? Contact [email protected]
Register for Webcasts
Add your Webcast
PLANNING A WEBCAST you'd like to tell our subscribers about? Contact [email protected]
Desktop in the Cloud: Will Cloud-based VDI ever get out of the Gate? (Part 1) (CloudComputingAdmin.com)
Top 7 New Improvements Now Found in Microsoft Intune (CanITPro)
Group Policy: Creating A Standard Local Admin Account (CanITPro)
Active Directory Migration Considerations (Part 5) (WindowsNetworking.com)
Migrate a Virtual Machine from On-Premise to Microsoft Azure (CanITPro)
Taking a Fresh Look at Hyper-V Clusters (Part 6) (VirtualizationAdmin.com)
Step-By-Step: Creating a VM Snapshot in Azure (CanITPro)
Configuring Unstructured File Storage in Microsoft Azure (CloudComputingAdmin.com)
Security and Privacy
Deconstructing Forefront Threat Management Gateway (TMG) 2010 Firewall Client Operation and Communication (ISAserver.org)
Is Microsoft Windows Security Essentials Enough for Enterprise Security? (WindowSecurity.com)
Core Informatics Uses AWS to Target Life Sciences
InsideAWS.com - New Amazon AWS site added to growing TechGenix Network!
Why Choosing a Dedicated Hyper-V Backup Product is a perfect choice (Part 1)
Video: Configuring, Verifying, and Removing Active Directory Delegations (Part 1)
Get equipped with the right cloud tools
No doubt you already know cloud management is complex. Fortunately, using the right cloud management tools can alleviate a lot of the stress and complications associated with the cloud. Start planning ahead by accessing this exclusive guide, which details how to choose the right tools for your cloud's needs.
No background activity boosts Hyper-V host performance
If you're experiencing a Hyper-V slowdown, you're not alone. With so much happening surrounding Hyper-V performance, it is crucial to understand what is going on behind the scenes to keep your Hyper-V in check. Find out how to boost Hyper-V performance by dialing back on background activities, and learn how you can efficiently achieve this goal.
Testing updates for virtual desktop images
To ensure employee productivity and avoid other disasters, you must test updates before they are deployed to virtual desktops and have a rollback strategy prepared. But is this easier said than done? Discover for yourself by learning what testing you should do, how much testing you should do, and what time frame you should complete the testing in, before you get started.
How to update VMs with minimal downtime
For VMware administrators to gain efficiency and lower costs, it is crucial physical and virtual machines are up-to-date – and to ensure that, you must migrate off legacy infrastructure. Access this expert guide to updating VMs with minimal downtime to ensure your VM migration is both easy and successful.
This Week's Links We Like. Tips, Hints And Fun Stuff
GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at [email protected]
Worlds Narrowest Ski Descent
Professional skier Cody Townsend descends 2,000 feet through a vertical chute in Alaska's Tordrillo mountain range:
Jetman Formation Flight With Aerobatics Champion
Jetman Yves Rossy, the first man to fly with a jet-propelled wing, flies in formation with aerobatics champion Zoltán Veres:
Timelapse Of A Jetliner Landing At Night In Chicago
Cockpit view from an American Airlines MD-80 aircraft landing at night at Chicago O'Hare International Airport:
Best of Web 2014 by Zapatou - 213 Viral Videos in 7 Minutes
This you must see: 213 viral YouTube clips perfectly edited by Luc Bergeron, aka. Zapatou, to the music of 'Elea.'
WServerNews - Product of the Week
WServerNews - Editors
Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit and has been author or series editor for almost fifty books mostly published by Microsoft Press. Mitch is also a ten-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com.
Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also manages research and marketing for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.