Vol. 19, #40 - October 6, 2014 - Issue #1000
- Editor's Corner
- Shellshock Update
- Ask Our Readers - Is there an admin tasks repository
- From the Mailbag
- Issue #1000 - Interview with Stu Sjouwerman
- Tip of the Week - How to become a good troubleshooter
- Recommended for Learning
- Microsoft Virtual Academy
- Quote of the Week
- Admin Toolbox
- Admin Tools We Think You Shouldn't Be Without
- Events Calendar
- Webcast Calendar
- Register for Webcasts
- Tech Briefing
- Cloud computing
- Microsoft Azure
- Enterprise IT
- Security & Privacy
- Recommended TechGenix Articles
- Recommended articles from websites in TechGenix Network
- Windows Server News
- Searching for the elusive hybrid cloud
- Desktop virtualization advice from your peers
- Buying guide: Application virtualization tools
- Learn what vCPU states mean for VM performance
- WServerNews FAVE Links
- Amazing Trick With A Tennis Racket
- Quantum Mechanics Explained In 60 Seconds By Brian Cox
- Les Miserables Flash Mob - Orlando
- Acrobatic Trio - Three's a Charm
- WServerNews - Product of the Week
- Free Tool for Hyper-V Backup
- SAVE THIS NEWSLETTER so you can refer back to it later for helpful tips, tools and resources!
- FORWARD THIS NEWSLETTER to a colleague who you think might find it useful!
- SEND YOUR FEEDBACK to [email protected] if you have any comments or suggestions!
This week's newsletter is our ONE THOUSANDTH ISSUE of WServerNews. Our newsletter was started by Stu Sjouwerman way back in September of 1997 and in honor of Stu we've decided to interview him in this week's issue about why he started WServerNews and where he sees the IT profession headed in the coming years. But first we need to start with a cartoon, and not just any cartoon. After all, writing a weekly newsletter like this is a LOT OF WORK and we've often thought of outsourcing it to a team of IT monkeys. After all, if a thousand monkeys can type out the entire works of Shakespeare provided they're given a sufficient amount of time, how many monkeys and how much time would it take to write a simple newsletter like this?
Although the Shellshock BASH bug is primarily a UNIX/Linux problem, administrators of Windows Server-based infrastructures shouldn't just write it off as "not my problem" as it can indirectly impact them as well. Because of this we're going to devote the next issue (#1001) to steps you can take to protect your environment against ShellShock exploits.
Ask our Readers - Is there an admin tasks repository?
In last week's issue we posed the following question we received from Tom, an IT Consultant based in Wellington, New Zealand:
Have you heard of a website or other resource that lists administrative tasks that Sys Admins might come up against? I am thinking everything from the basics of setting up a user in AD to Lync / Exchange integration, SQL mirroring, SharePoint farm implementation, troubleshooting etc... Do you or any of your readers know of such a resource? And if not is there anyone out there who would like to work with me to set one up? I think it would be too big of a job to do by myself, but could be fun if we get a small team of us together.
We received a number of responses from readers concerning this. A reader named Steve pointed out Stack Exchange as a useful resource:
I'm sure you'll get this many times, but if a sys admin isn't using all the various Stack Exchange sites, they are missing out!!
Stack Overflow - mainly developer questions, but also some sys admin:
Server Fault - designed for sys admins:
Super User - aimed at 'power' users:
Ask Ubuntu - great for other Linux flavors also:
Richard, a Systems Architect in Switzerland, sent us this suggestion:
Well, the ultimate (and very actively maintained) resource is, of course MS TechNet. But if you are not into flipping hamburgers and want chunks of PowerShell developed by lots of people better at it than I am, take a look at the PowerShell Script Browser, a repository of PS scripts:
Do any other readers have any recommendations that can answer Tom's question? Email us at [email protected]
Ask Our Readers: WServerNews has almost 100,000 subscribers worldwide. That's a lot of expertise to tap into. Do you need help with some issue or need advice on something IT-related? Got a question you'd like us to toss out to our readers to try and answer? Email us at [email protected]
From the Mailbag
In last week's Issue #999 When Microsoft calls YOU, we talked about a new scam that seems to be going around these days, namely someone who says they're from Microsoft Support and tells you your computer has been infected with malware and you need to follow their instructions and/or pay money immediately or the FBI or RCMP or Interpol or whatever will soon be pounding on your door. We received tons of reader feedback on this topic, mostly about how an IT pro might respond to such a blatantly obvious social engineering attack. Here's a sampling of some of the best responses from our readers:
- I had someone call me claiming my machine was infected. I played along and started asking questions as to how they knew and what the infection was. He avoided the questions and kept pressing me to go to a website. I asked him which PC as I have many at my house and I kept pressing him as to what it was and how he knew. I asked to speak to his supervisor for some clarification and he cursed me out and hung up. It's amazing what a little patience and knowledge can get you. --Michael
- Saw your note in the last newsletter about the call in scam when folks try to convince you that you are infected and need to do what they say. I actually got that call last week. More fun for me as I am an IT guy and used to work at Microsoft. Caller sounded Indian. But I cannot be sure. Unfortunately, they called at a not so great time for me, or I would have kept them on the phone messing with them. I listened to the initial pitch, basically laughed at them, told them as a former MSFT person, I knew they were full of cram and hung up. --Ian who works at Dell
- I actually do work for the Federal Government so when someone calls my home and says that I have a virus, need updates etc, I just say that I work for the Federal Government and let me get my cyber security specialist online to talk with them, ask for the name, phone number and address so in case the call is dropped we can call them back, and then they hang up. I've told my wife to say the same thing. --Tom from Portland, Oregon USA
- Well, they said they were 'Windows' support. It sounded like a call center, a lot of background noise and activity. The caller was male with a heavy Eastern/Pakistan type accent and said they were receiving errors from my windows computer and he wanted me to follow instructions to fix them. I made him repeat himself over and over, as I was having trouble understanding him, but I figured something was amiss. And that it was. After telling him not to call me anymore and hanging up without ever following any of his directions, I realized that he had referred to me by my user name that I use for banking sites. Upon checking, I found that my Discover Card 'Rewards' had been cashed in only a day or two prior, for a Dominos pizza certificate, no less! Also, my email address on the account had been changed from 'hotmail.com' to 'turbomail.us'. My caller id showed the scammer's number as 216-326-6861. Discover Card was quick to react, reinstated my rewards, and overnighted a new card. --Gary
- I received one of these calls, and after asking the caller to prove he was from Microsoft he was able to spell out all the characters of my operating system license. How did they know that, related to my phone number? They didn't seem to know my name, though. They pointed to all the error events in the event viewer and called them all viruses. I can see where most people would fall for that, since they were colored red. And I'm still getting calls from them after hanging up continuously! --Wayne
- I don't have the patience to mess with them and waste their and my time. I just say, 'Will your remote control software run on my Linux desktop?'. They hang up real fast at that point. --Lyle
- When I asked them for a billing account to bill my time to them - they hung up. Never fails! --Bobby
Previously in Issue #998 Shadow IT Revisited, we heard from reader Tony Gore how shadow IT brings both new risks and new benefits, and we need to make the best we can of the benefits while minimizing the risks. A reader named Nick who is a Sales & Marketing Director in Cammeray, Australia, sent us the following comment:
Thank you for the excellent article! It is exactly spot-on and I am experiencing this with so many clients currently that I have been looking for exactly this kind of article that I can use to explain the issues to them. Various other providers sign our clients up to Google Apps and other such cloud solutions and their small SSD drives are suddenly full in a matter of a few weeks (no one envisaged that their fast new networked office computers with 128GB SSD drives would get "abused" like this. So again thanks for the great article!
And now on to our interview with Stu Sjouwerman...
Issue #1000 - Interview with Stu Sjouwerman
We're talking with Stu Sjouwerman the guy who started this newsletter way, way back in September of 1997. Stu, 17 years is a long time in IT, isn't it? That's about 119 dog years, and for old dogs like ourselves who work in the IT profession it feels more like several centuries. What was the IT industry like when you started WServerNews--or W2Knews as it was actually called back then?
Yeah, it's been quite a ride! I started in IT in 1979 with VAX mini-computers from DEC. We started W2Knews in 1996 when Microsoft just came out with their enterprise operating system: Windows NT, soon followed by Windows 2000 which the first version of the newsletter was named after. The industry was jumping on the Redmond bandwagon in a major way, noticing that Bill Gates had "bought" DEC's Dave Cutler, the main VMS Operating System architect for a then astounding amount of a million bucks a year.
What was your goal in starting the newsletter back then? What did you hope to accomplish?
Help system administrators to keep their machines and networks up & running with information, news, hints & tips and system admin tools. And of course a few fave links at the end to provide a bit of levity. System admins are usually super busy putting fires out all day long, and do not get a lot of cooperation from other employees who do not understand the computer and network.
What did readers initially like best about your newsletter? Did you experiment with the format and range of topics you would cover?
In the early days, any news was welcome as NT was a whole new platform and there were hardly any 3rd party tools available. We started with a disk quota management tool, and Octopus, which was real-time backup and failover. We surveyed regularly about which sections in the newsletter were needed, wanted or redundant and finally settled on a format we stuck with for more than 10 years.
How did you come up with fresh ideas for your editorials? As I can testify myself, writing a newsletter every week can be challenging even in an industry like IT where things change very rapidly!
Sunbelt was hosting several forums, one of which was the popular NTSYSADMIN list. Topics discussed there were a never ending source of story ideas and interviews. We also had forums about Exchange, Security and other topics that came up over time.
What changes in the IT profession did you see during your long tenure as Editor of WServerNews?
Wow, interesting question. Overall, over the decades, I would think it's fragmented into more and more specializations. 30 years ago you could know pretty much everything about PCs for instance. Today, you need to be a malware reverse engineering specialist to be able to protect endpoints. The same has happened in many other areas. Your only choice is to become a "serial specialist" if you want to keep up, compare it to a triple major in college, and study never ends. But that is also the attraction, never a dull moment!!
That's a good point Stu, there seem to be so many different areas of IT specialization nowadays. It's interesting also that the newsletter has attracted such a wide range of readers over the years. TechGenix did a reader survey shortly after my wife and took over as editors in 2012 and they found that about one-sixth of those who had subscribed to WServerNews were sysadmins, about one-sixth IT managers, about one-sixth consultants, and the remainder split between senior IT staff, network admins, owner-operators, CEOs, CIOs, security analysts, specialists, developers…wow. Congratulations on creating a newsletter that has attracted such a wide range of readers! Any trick how you did it?
That was 15 years of hard work in both the areas of marketing and writing newsletters I'm afraid. In the early days of the Internet when opt-in and opt-out simply did not exist, software developers gave me their customer databases and gave me the OK to send the newsletter to them weekly. And I am still writing a weekly newsletter called Cyberheist News that you can subscribe here:
I'm sure our readers have appreciated all of your hard work over the years! Let's move on though and talk about the future. What do you think are the most significant trends in coming in business computing over the next few years? And how do you think these trends will impact the IT profession as we know it today and especially IT pros who work with the Windows Server platform? Feel free to be wordy here and let us know what you see in your crystal ball...
Hah, I used to do a crystal ball issue once a year, first week of January. That was the shortest newsletter but it was the most work!! First of all, cybercrime and cyberwar are escalating. Many people in large companies, the government and nationwide infrastructure IT are now in the front lines of international hacking attacks sponsored by nation-states. And the rest of us are under constant attack by a very well-funded eastern European cyber mafia.
The irony is that the Windows platform has become the standard, and thus is also the most attacked. Both cybercrime and spy agencies are hoarding hundreds of 0-day threats that they can pluck out of their black bag when they need to get into a network. The biggest change for IT pros that I predict is the change of perspective from: "We can defend against an attack" to "We already have been penetrated; we need to protect the data and get the hackers out". This is a sea change in the way you approach the hacking problem.
What sort of things can IT do if their organization's systems and data has been penetrated? I thought the only answer was to "nuke and pave"?
You need next-generation breach detection. These tools solve, in essence, a classic big-data problem. To be effective, these tools need to analyze a great variety of data in high volume, and at great velocity, to determine potential breaches. Most important, the tools must be precise; too many false positives and their reports will quickly be ignored, which is what happened at Target. A new crop of next-generation startups are working on this, for example:
Fascinating, I'll have to check those out. Let's finish off by letting you tell us about some of the ventures you've been involved with since you stepped down from editing WServerNews. What are you up to these days?
During the 2007-2010 period when we built VIPRE Antivirus, we found out that most malware infections ware caused by the end-user being social engineered. So when Sunbelt was acquired by GFI in 2010, I already had an idea for a new company that would provide "new school" security awareness training, built from the IT security perspective instead of just being checkbox compliant. That was why I started KnowBe4:
and teamed up with former hacker (The World's Most Wanted) Kevin Mitnick to create a brand new way for system admins to keep their users on their toes with security top of mind. Things have gone great with KnowBe4, we are in our third year with almost 20 employees and over 700 enterprise accounts using the training.
Sounds great Steve and good luck on all your future endeavors!
Thanks very much Mitch!
About Stu Sjouwerman
Stu Sjouwerman (pronounced "shower-man") is the founder and CEO ofKnowBe4, LLC, which provides web-based Security Awareness Training (employee security education and behavior management) to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. KnowBe4 services hundreds of customers in a variety of industries, including highly-regulated fields such as healthcare, finance and insurance and is experiencing explosive growth with a surge of 427% in 2013 alone. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses.
Send us feedback
What do you readers think have been the biggest changes in IT over the last 15 years? And what do you think your job will look like in the years to come? Share your predictions and reflections with us at [email protected]
Tip of the Week - How to become a good troubleshooter
This week's tip is about how you can improve your troubleshooting skills. But before I explain how you can do this, let me start off by telling you what happened to me this morning...
Being a "server guy" doesn't mean I'm a brilliant nerd with all kinds of technology. One area where I'm definitely behind the times is digital music. I own a nice CD collection comprised mostly of classical music and cool jazz, but until now I haven't spent a penny downloading digital music for my smartphone or tablet. But today I had to bite the bullet and buy some songs as MP3 files as the original CDs they were taken from are no longer available. The catch is, once I downloaded these MP3s, I wanted to burn them as an audio CD so I can listen to them on my home stereo or in my car. Windows Media Player seemed the obvious choice here, and after a brief check of the online help I confirmed it could convert MP3s to CDA files to burn them onto recordable CD media to make an audio CD.
So I burned myself a CD. Then I tried it out on my stereo and it wouldn't play--ack. So I checked the help again and discovered I needed to select Audio CD instead of Data CD as the burn format in Windows Media Player. In fact, help said Audio CD was the default burn format, but for some reason the default was Data CD when I opened WMP, so I changed the burn option to Audio CD and burned another CD. But once again it wouldn't play in my stereo.
I was now frustrated as I had other work to do. But I'm also stubborn like a bulldog sometimes, so I determined that I must figure this out. I consulted various threads on Microsoft Answers but found no specific thread relating to my problem. So I tried one more time--and then I realized that when I selected Audio CD as the burn option in WMP and created my burn list and clicked Start Burn, for some reason WMP automatically flipped back to the Data CD option before starting the burn. Whaaat? Why is that happening?? Once again, I searched for help online but couldn't find a discussion thread that related to my specific issue i.e. why doesn't the Audio CD burn option "stick" when I select it? Why does it keep flipping back to Data CD?
So then I thought maybe I could download some free utility to convert MP3s to CDA files so I can burn them to CD media. Bad idea. The first program I downloaded installed some additional crapware on my computer that I had some trouble uninstalling. So I went back to WMP again but after playing around some more I still couldn't figure out why the Audio CD burn option kept reverting to Data CD whenever I tried to start a burn.
So then I searched for another free MP3-to-CDA utility, one without the added crapware, and finally sound something that looked lean and usable. I installed the utility and thought "This is finally going to work" and added my MP3 files to the burn list and clicked Start Burn and got an error message:
This utility only works with CD media.
"It couldn't be," I thought. So I checked, and yes it was. I had mistakenly been using blank recordable DVD media instead of recordable CD media, and you can't burn DVD media as an audio CD. Slaps forehead...
What's the moral here? I think it's this: You become a good troubleshooter by realizing through experience how amazingly stupid you can be sometimes.
GOT TIPS you'd like to share with other readers? Email us at [email protected]
Looking for books and/or ebooks from Microsoft Press? Buy them direct from the Microsoft Press store!
Microsoft Virtual Academy
Some announcements from the Microsoft Virtual Academy:
October 8: Single Page Applications with jQuery or AngularJS
Next up in MVA's Web Wednesdays series is "Single Page Applications with jQuery or AngularJS," which explores single page apps and looks at Visual Studio and Internet Explorer tools to add structure to your projects. Join popular presenters Stacey Mulcahy and Dave Voyles and learn how to enable your content within Windows 8 and Windows Phone 8 apps, and deploy your apps to Azure. Register now!
October 9: Azure Resource Manager DevOps Jump Start
Don't miss this Jump Start on October 9. Hear how to manage your Azure resources more efficiently, and find out how to get want faster and more repeatable application deployments across all of your Azure environments. Experience the new declarative model at work, complete with templates to define and deploy your infrastructure resources. Register now!
Save 15% on All Microsoft Certified Professional Exams
Do you have goals to pass an MCP exam before the end of 2014? For a limited time, you can save 15% on your next exam! Just use promo code "15OFF" by December 31, 2014 to book and take an exam! Find all the details here:
Quote of the Week
Last week we shared this quote from a Jason Statham movie which we thought was a useful pearl of wisdom:
"Good judgment comes from experience, and a lot of that comes from bad judgment." --Jason Statham in The Mechanic
A reader named Lance was quick to point out to us that this quote actually predates Jason Statham a bit:
One of my favorite quotes from Will Rogers, the famous American humorist, born in 1879, and who, unfortunately, died in a plane piloted by Wiley Post that crashed in 1935.
We stand corrected. But we still like Jason Statham's movies a lot ;-)
Until next week,
Note to subscribers: If for some reason you don’t receive your weekly issue of this newsletter, please notify us at [email protected] and we’ll try to troubleshoot things from our end.
Veeam Task Manager for Hyper-V provides live performance monitoring metrics for CPU and memory for both host and guest VMs. Get it for free!
Start observing your users and vendors that have access to sensitive data in minutes. Know exactly who is doing what on your critical servers. Try it now.
Do you know which users have access to sensitive files or directories? Using Permissions Analyzer, you’ll be able to easily see what permissions a user or group of users has for an object and why.
Need to mount a tablet under a cabinet or shelf? Try this from Belkin:
AutoAdministrator is a free tool that allows you to automate all kinds of system administration tasks with an easy-to-use GUI:
Microsoft SQL Server PASS Summit 2014 on November 4-7, 2014 in Seattle, Washington, USA
Convergence 2014 on March 16-19 in Atlanta, Georgia, USA
Microsoft will be hosting an inaugural, unified Microsoft commercial technology conference the week of May 4, 2015 in Chicago, Illinois, USA
TechEd Europe on October 27-31, 2014 in Barcelona, Spain
Convergence 2014 Europe on November 4-6, 2014 in Barcelona, Spain
Add your event
PLANNING A CONFERENCE OR OTHER EVENT you'd like to tell our 95,000 subscribers about? Contact [email protected]
Register for Webcasts
Add your Webcast
PLANNING A WEBCAST you'd like to tell our subscribers about? Contact [email protected]
All Clouds are not Created Equal: The Personal Cloud in the Corporate World (Part 1) (CloudComputingAdmin.com)
Managing Contractual Risk in Cloud Contracts (Part 1) (CloudComputingAdmin.com)
Windows Client images for MSDN subscribers (Azure Blog)
Deploying a WordPress Blog on Microsoft Azure (CloudComputingAdmin.com)
Prevent Windows password reset hacks (4sysops)
Some Mandatory Reading for Sys Admins (Third Tier)
Security and Privacy
Enterprise Web Proxy Performance Optimization Tips for Forefront Threat Management Gateway (TMG) 2010 (ISAserver.org)
Securing the cloud in 2014 (CloudComputingAdmin.com)
E-mail Forensics in a Corporate Exchange Environment (Part 4)
Tips for Assigning Wi-Fi Channels
Back to Basics: Groups vs. Organizational Units in Active Directory
System Center Virtual Machine Manager for Beginners (Part 5)
Searching for the elusive hybrid cloud
There's a lot of hype around what a hybrid cloud really is. Many companies claim they're using the hybrid model, when instead; they're really just using both public and private cloud. Find out what makes up a true hybrid cloud and how to distinguish it from of a pairing of public and private cloud.
Desktop virtualization advice from your peers
Your peers have completed post-project reports detailing their desktop virtualization experiences, including challenges faced, costs incurred, and benefits gained. Access this report by weighing in on your own VDI priorities and projects.
Buying guide: Application virtualization tools
Virtualization techniques and tools can improve application deployment and management. XenApp, ThinApp and App-V are all very similar tools for application virtualization. Find out which one can meet your needs and work compatibly with your existing infrastructure in this exclusive buyer's guide.
Learn what vCPU states mean for VM performance
Having a good understanding of vCPU run, wait, and ready, can help you deliver more responsive VMs. Get an in-depth look at these three basic states, and find out how this knowledge will build to your understanding of your CPU performance in VMs and get the most out of it.
This Week's Links We Like. Tips, Hints And Fun Stuff
GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at [email protected]
Amazing Trick With A Tennis Racket
Unbelievable trick by Japanese tennis player Kei Nishikori during the US Open tennis match against Novak Djokovic from Serbia:
Quantum Mechanics Explained In 60 Seconds By Brian Cox
Do you understand quantum mechanics? Physicist Brian Cox explains the most basic rule of quantum physics in under a minute:
Les Miserables Flash Mob - Orlando
The cast of 'Les Miserables' had an amazing pop-up performance of 'One Day More' at the Mall of Millenia in Orlando, Florida:
Acrobatic Trio - Three's a Charm
The acrobatic trio 'Three's a Charm' with their amazing performance at the French television show The Worlds's Greatest Cabaret:
WServerNews - Editors
Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit and has been author or series editor for almost fifty books mostly published by Microsoft Press. Mitch is also a ten-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com.
Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also manages research and marketing for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.