Vol. 20, #9 - March 2, 2015 - Issue #1019

Making hardware last

  1. Editor's Corner
    • From the Mailbag
    • URGENT - Group Policy hardening
    • Latest on the Lenovo fiasco
    • Latest on the Outlook app for iOS
    • Making hardware last
    • Recommended for Learning
    • Microsoft Virtual Academy
    • Quote of the Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. This Week's Tips
    • Upgrading disks in a storage pool using PowerShell
    • Displaying the privileges for your account
    • More on effective ad blocking using HOSTS file
  4. Events Calendar
    • Americas
  5. Webcast Calendar
    • WindowsNetworking.com Webinar: Preventing High Cost Security Breaches
    • Register for Webcasts
  6. Tech Briefing
    • Amazon AWS
    • Hyper-V
    • System Center
    • Windows client
    • Windows Server
  7. Recommended TechGenix Articles
    • Recommended articles from websites in TechGenix Network
  8. Windows Server News
    • Hammering out a cloud security action plan
    • Should you virtualize high performance computers?
    • Six considerations for free application virtualization software
    • Options abound for running Windows on Mac machines
  9. WServerNews FAVE Links
    • Do Not Believe Everything You See On Video Or Film
    • Instant WiFi For The Internet Baby
    • Stadium Webcam Surprise Visitor
    • How To Remove Wrinkles Without An Iron
  10. WServerNews - Product of the Week
    • Deep Packet Inspection for Quality of Experience Monitoring


Deep Packet Inspection for Quality of Experience Monitoring

Read this whitepaper to get a detailed description of packet analysis techniques to measure high network response times, network delay, server processing times, client processing time, traffic distribution, and overall quality of experience.

Download Now>>


Editor's Corner

In this week's newsletter we examine what you should look for when you buy computers, servers and other hardware for your business and how to make them last. We're pleased to include a guest editorial on this subject by Tracy Hardin, President and Owner of IT consulting firm Next Century Technologies. We'll also alert you to an urgent fix for a Group Policy vulnerability and bring you up to date on the latest concerning both the Lenovo fiasco and the Outlook app for iOS and how Microsoft is dealing with these issues. And we have a couple of tips for IT pros who work with the Windows Server platform and another tip on ad blocking. All this in more in this week's issue of WServerNews.

But first here's our weekly Dilbert comic. This one is about the challenges of getting approval from management for any proposed hardware purchases you want to make:


Sound familiar?

Ask Our Readers: WServerNews has almost 100,000 subscribers worldwide. That's a lot of expertise to tap into. Do you need help with some issue or need advice on something IT-related? Got a question you'd like us to toss out to our readers to try and answer? Email us at [email protected]

From the Mailbag

Way back in Issue #1014 Key Considerations for Upgrades, we included a tip on how to avoid getting cheated by a vendor when you RMA defective hardware back to them. A reader named Nathan who is a Principal Consultant for a company based in Upton, Massachusetts USA, sent us another great suggestion on this topic:

When I diagnose a hardware problem with 100% confidence that requires a replacement component, my conversation when requesting an RMA is always the same: "Doesn't boot up.  No lights, no nothing." This saves the hour(s) of forced testing and diagnostics to get the tech on the other end of the phone to agree with you.  Also avoids the default response (in the case of a workstation/server) of: "You will need to reinstall Windows to fix the problem."

Great tip, thanks! P.S. Vendors will hate you for suggesting this ;-)

URGENT - Group Policy hardening

The Microsoft Security Research and Defense Blog recently posted a bulletin concerning two recent Microsoft Security bulletins that resolve critical vulnerabilities in Group Policy that could bypass some security features and allow remote code execution. You can read more about the problem and how Microsoft is addressing this issue in their blog post here:


Latest on the Lenovo fiasco

The first I heard of this was when a colleague alerted me to an Engadget article titled "New Lenovo PCs shipped with factory-installed adware":


My colleague snarked "Anyone who buys OEM PCs and doesn't flatten and rebuild them is a fool".

Later someone pointed me to a more technical article where the exploit (let's call it that) was explained as "a tiny TLS/SSL man in the middle proxy that attacks secure connections by making them insecure so that the proxy can insert ads in order to... [in the words of Lenovo] help users find and discover products visually":


But sorry, I'm not going to start using Chrome to circumvent this problem, someone needs to fix it.

Ars Technica then provided a link to a PDF from Lenovo explaining how the malware can be removed from the certificate store your system:


That solution might work for advanced users, but what about ordinary Joe PC and his computer? Fortunately, Microsoft then pushed out a Windows Defender signature update that kills the Lenovo problem by removing the offending certificate from the affected computers. Here's what NeoWin reported concerning this:


What's the fallout from this fiasco? Lenovo to their credit was quick to apologize for their foolishness:


Microsoft can also be credited for quickly stepping up to the plate by enabling Windows Defender to remove the malware from affected PCs (or at least those OEM PCs that have Windows Defender installed on them). If you do have Windows Defender installed and own an OEM PC, you should manually initiate a scan now to make sure the Lenovo malware is removed.

But this whole affair raises some serious questions about who is culpable here. It's a complicated question considering the good business relationship Microsoft needs to maintain with large OEM PC makers, but it's a question that needs to be faced squarely and dealt with firmly. So let's see what happens next.

And now on to the main topic of this week's newsletter...

Latest on the Outlook app for iOS

In our previous issue we reported concerning a security vulnerability in Microsoft's Outlook app for iOS that has led many organizations from blocking users from using the app. Microsoft has now released new security features for their Outlook app for both iOS and Android that should resolve the concerns of most customers, see this post on their Office Blogs:


This solution might not satisfy everybody though as The Register reports here:


And now on to our guest editorial by Tracy Hardin...

Making hardware last

As an IT consulting firm, we serve small-business clients in a wide-variety of industries such as banking, medical, construction, retail, engineering, veterinary medicine, towing, and television/radio. Despite the disparity in these industries, all our clients want the same thing: good quality computer hardware at a fair price that fits their budget. My goal is to recommend servers that will meet their needs for 6+ years, and desktops for 5+ years. Why the disparity in years? Clients buy more desktops than servers, so they are more of a monetary investment. Rarely do clients want or need to spend money on the fastest desktops on the market.

We support over 400 desktops and servers. Ninety-nine percent of those are Dells. I love the HP products, especially the servers, but they run about 10-20% higher in cost. Also, most of my clients were already invested in Dell products when I walked in the door. When I make a proposal for new hardware, I evaluate the existing network infrastructure and study how the client utilizes technology. We may just replace a server with a server, or we may recommend a cloud solution or virtualization if it would benefit the client. I look at it from the perspective that if the client's company was my company, what computers would I buy?

Choosing computers for business

When I look at desktops (or laptops) for a client, I always recommend business-class computers for these reasons:

Quality - The vast majority of manufacturers, including Dell, HP and Lenovo, make cheap, poor quality computers, and you will get what your pay for. Business-class systems often come with 3 year warranties, so they usually have better quality components. If it doesn't, I add it. This is especially true for laptops!

Performance - With better quality comes better performance options. A slow hard drive will bottleneck any system. A SATA-6 drive with cache is good, hybrid is better, solid state is the best, and most expensive. Eight gigabytes of memory is preferred, nothing less than four is considered. I always make sure dual-monitors are supported. I start with an Intel quad-core i5 processor but prefer the Intel i7 if the client can afford it. Gigabit network cards are the norm, and most of my clients have gigabit switches. Fancy video cards are only needed for CAD systems.

Tool-Free Repairs - Dell's business-class desktops are made to be worked on with ease. The case can be opened up and all the major components can be swapped out without the need for any tools. All the release tabs for internal components are purple, making them easier to spot. It's rare that I swap out parts, but when I do, this feature makes my job easier!

Better Support - If there's an issue with a client's desktop, we will be the ones called in first to troubleshoot it. Before contacting Dell, we have a good idea of what part needs to be replaced. Dell support can be reached via phone, chat session or e-mail. We have found that chat sessions are easier than a call and there's rarely a wait. Dell will ship replacement parts quickly, and most of the time they will send a tech to install them as well.

Warranty & Driver Availability - I'm not sure about other manufacturers, but Dell makes it easy to check the age and warranty status of any piece of Dell equipment via its service tag number right from the Dell website. Once you enter the service tag, a link to your computer's drivers and software downloads will appear.

Restoration DVDs - Any business-class desktop should have an option to purchase the operating system and driver DVD along with the system. Who has time to sit and make a half-dozen recovery disks?

Bloatware - Most of the time, business-class desktops don't have all the extra junk software and games that come with consumer-grade products. Sometimes we have to remove a trial version of antivirus, but most of the time we can get the desktop shipped without it.

Customization - Your own drive image can be pre-installed on the deskop. I haven't done this for any clients so far, but I know it is available.

Docking Stations - Only business-class laptops support true docking stations. A true docking station will have a network jack, one (or more) display ports, USB ports and, most importantly, will charge your battery while your laptop is docked. Consumer-grade laptops will offer a USB-connected port expander. It won't charge your laptop and you have to fumble around with a USB cable.

Choosing computers for home

People often ask me what kind of computer to buy for home. If I can talk them into it, I recommend a business-class desktop. We have repaired a lot of cheap consumer-grade laptops. A quality business class laptop can cost a lot more than the ones at Best Buy or Costco. So I always recommend that if you do buy a consumer-grade laptop, go ahead and buy the 3 year warranty from the store. With just one claim, the warranty will pay for itself. And chances are pretty good you will use it.

Choosing servers for business

There are several key features I look for in file servers. Why buy servers and not go "cloud"? Lots of reasons. First, cloud is not a one-size-fits-all solution. It is simply another option. Local servers provide:

Most importantly, if your on-site server goes down, I can usually pinpoint the reason within 30 minutes, and no waiting on hold with someone in another state (or country), wondering what happened.

Despite the wide-array of industries we support, the servers I recommend and sell are all very similar. That's because I stick with proven hardware. Regardless of the brand of server, I look for these features:

I put more money in disk I/O and memory before I do the processor(s). This is a broad statement that applies to the vast majority of the servers I have sold. Virtualization and certain server application requirements can be exceptions to that rule.

There are a lot of other great options if money is available like redundant power supplies, rack-mount chassis, management cards, and hot-swap drives. In my opinion, paying extra for hot-swap drives is a waste of money. There are situations where it is a must, but given a choice, I am going to power down a server before I pull a drive, even if it's a hot-swap.

Most of the servers I sell don't have redundant power supplies, but they all are plugged into a quality UPS with the appropriate load rating and run-time. The UPS is configured to shut down the server automatically, and, in every case, the UPS will shut itself down as well. I was called into a new client to rescue an Exchange server after an ice storm kept the office closed for 5 days. The brand new UPS was never configured correctly, so repeated extended power failures crashed the server multiple times over that 5 day period. Surprisingly, the server still booted, but even with Microsoft's help, I could only recover about 80% of the data in the Exchange server. To this day, I configure a UPS to shut itself off after it shuts down the server, or, in the very least, configure the UPS to not bring the server up if power is restored. I also configure the UPS to email me if there is a power issue so I can notify the client that the server and UPS have been shut down.

Making servers last

Key points to making a server last 6+ years:

Don't forget, all servers need a good, reliable off-site backup. Monitor backup reports and do a test restore every year. You should not have a problem keeping your server hardware running 6, 7 or maybe even 8 years.

About Tracy Hardin

Tracy Hardin is President and Owner of Next Century Technologies, an IT consulting firm located in Lexington, Kentucky. She has a Bachelor's Degree in Computer Science, various certifications and over 25 years of experience in the field of IT.

You can find Tracy's website here:


You can also find out more about Tracey on LinkedIn:


Send us feedback

Got feedback on anything in this newsletter? Let us know at [email protected]

Recommended for Learning

My colleague and fellow IT pro fitness buff Yuri Diogenes informs us that his new book Enterprise Mobility Suite: Managing BYOD and Company-Owned Devices (Microsoft Press, 2015) which he co-authored with Jeff Gilbert will be published shortly and is now available for pre-order from the Microsoft Press Store here:


It's bound to be a terrific book for companies seeking MDM/BYOD solutions that are secure and manageable, so pre-order it today!

Microsoft Virtual Academy

One new announcement from the Microsoft Virtual Academy:

March 9:  Microsoft Virtual Academy Meets Reddit: Ask Us Anything!

Some of MVA's finest are teaming up to answer your questions, straight from the source! Join us for Microsoft Virtual Academy's first-ever Reddit Ask Me Anything (AMA) on March 9. Meet some of the minds behind the magic & ask us anything you've ever wanted to know about MVA, from the instructors and personalities who help make MVA happen!  Register here.


Also be sure to check out these on-demand courses from the Microsoft Virtual Academy:

Using PowerShell for Active Directory

IT Pros, want to automate redundant tasks and do it right the first time? Learn how to turn your real-time management and automation scripts into useful reusable tools and cmdlets. Use PowerShell to better create, query, update, delete, and manage your Active Directory"


Surface Pro 3 Deployment

If you're looking into Surface Pro 3 deployment and you'd like to learn why automation is important (plus how to automate using PowerShell), check out this course. Determine the correct version of System Center Configuration Manager (SCCM) for you, and learn which tools you need:


Deploying Office 2013 with App-V

If you'd like to learn about strategies for testing, deploying, and updating Office 2013 using App-V 5.0, including rollback options, explore the modules in this course. In addition, get a look at pitfalls and problems that can occur when deploying Office 2013 using App-V 5.0 to Windows 7 and Windows 8.1 clients:


Quote of the Week

""Comedy is tragedy plus time." --Carol Burnett

Until next week,
Mitch Tulloch

BTW feel free to follow me on Twitter and connect with me on LinkedIn

Note to subscribers: If for some reason you don't receive your weekly issue of this newsletter, please notify us at [email protected] and we'll try to troubleshoot things from our end.

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

Spiceworks provides a Network Map tool with their free IT and help desktop management solution:

Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor:

Enterprise Random Password Manager (ERPM) is a privilege management platform that helps protect organizations against advanced persistent threats (APTs) and other sophisticated cyber attacks:

This Week's Tips

This week we have a PowerShell script submitted by Chris Smith that demonstrates how to upgrade the disks in a storage pool provisioned with Storage Spaces on Windows Server 2012 R2. We also have a tip about how you can determine the privileges of a logged on user. And reader Jeffrey Harris sent us a tip concerning the tip Effective Ad Blocking which was in Issue #1015 Active Directory Change Matrix.

Upgrading disks in a storage pool using PowerShell

I have a Dell PowerEdge T110 with a H200 and Dell 6GB SAS adapter (external LSI 9211 equivalent).  Connected to a SGI 3U OMNISTOR SE3016 SAS SATA EXPANDER DAS 16 TRAYS with 8 * 2 TB HSGT disks and 8 * 3 TB WD RED.   Also attached are 6 SSD's used for Boot and SSD journaling and Write Back Cache for the VDisks. I used this script to automate the rebuilds of my spaces pools when I needed to upgrade 8 * 1.5 TB Seagate Disks to WD Reds.  It worked flawlessly!

$MissingDisk = $Null
$ReplacementDisk = $null

#Find Missing disk
$MissingDisk = Get-PhysicalDisk | Where-Object { $_.OperationalStatus -eq 'Lost Communication' }

#retire Missing disk from storagepool
$MissingDisk | Set-PhysicalDisk -Usage Retired

#find replacement disk - assumes that any free disk will get added to the pool.
while ($ReplacementDisk -eq $null) {

                $ReplacementDisk = Get-PhysicalDisk | where {$_.canpool -eq $true}


                if ($ReplacementDisk -eq $null) {sleep -seconds 10}


 #add the replacement disk(s) to the pool
Add-PhysicalDisk -PhysicalDisks $ReplacementDisk -StoragePoolFriendlyName StoragePool01

 #look at the health of the virtual disks
$VDisk = get-virtualdisk

#rebuild the virtual disks - smallest to largest
foreach ($vd in $VDisk | sort allocatedsize ) {repair-virtualdisk $vd.friendlyname}

#remove the failed disk form the pool - manual confirmation
remove-physicaldisk -PhysicalDisks $MissingDisk -StoragePoolFriendlyName StoragePool01 -confirm:$false

--Chris Smith is a Senior SE working at Microsoft who deals mainly with Storage. He manages 10+ PB of storage and is a hardware geek at heart.

Displaying the privileges for your account

Privileges define the kind of system operations your user account can perform. Privileges are displayed in the UI in the form of user rights. For example, the user right Generate Security Audits maps to the privilege SeAuditPrivilege. Privileges are assigned to an account during logon and reside in the access token assigned to the account. A list of the various privileges available for users in Windows environments can be found on MSDN:


Most of us are familiar with the whoami command which when typed without parameters displays the current domain and user name of the logged on user. But whoami also has a command-line switch /priv  that can be used to read the access token of the logged on user and display the privileges currently assigned to the user:

C:\Windows\System32>whoami /priv


Privilege NameDescriptionState
SeShutdownPrivilege Shut down the system Disabled
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeUndockPrivilege Remove computer from docking station Disabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
SeTimeZonePrivilege Change the time zone Disabled

And if /priv is too much for you to remember, you can simply type whoami /all and look at the last portion of the command output.

More on effective ad blocking using HOSTS file

Concerning the hosts list (see the tip Effective Ad Blocking which was in Issue #1015 Active Directory Change Matrix) I go one further by adding a blank zone for each domain to my local DNS servers.  I have literally collected hundreds of domains over the years.  As with the MVP, we occasionally experience strange effects:  for example, one zone entry blocked access to a VMware registration site; even though the VMware site itself was not blocked, it redirected to a site in one of the domains that was blocked, and I created an A-record to access the site in question (whether other VMware sites will be redirected to other host names which will need A-records or the zone to be deleted remains to be seen).

--Jeffrey Harris

GOT TIPS you'd like to share with other readers? Email us at [email protected]

Events Calendar


Convergence 2014 on March 16-19 in Atlanta, Georgia, USA

Microsoft Ignite on May 4-8, 2015 in Chicago, Illinois, USA

Add Your Event

PLANNING A CONFERENCE OR OTHER EVENT you'd like to tell our 100,000 subscribers about? Contact [email protected]


Webcast Calendar

WindowsNetworking.com Webinar: Preventing High Cost Security Breaches

Join experts Brien Posey, Microsoft MVP, and Roy Lopez, Netwrix Sales Engineer, as they discuss the increasing frequency of data breaches and real-life lessons learned by organizations, including recent examples such as the Anthem breach. Brien and Roy will also discuss future trends based on recent data breach investigation and address a  range of important, timely topics, including:

You'll also learn how change and configuration auditing can help organizations enable complete visibility into what is happening across the entire IT infrastructure to successfully deal with security challenges.

The webinar includes a Q&A session with our expert presenters to answer your top questions!

Sign up for this informative event!

Register for Webcasts

Add your Webcast

PLANNING A WEBCAST you'd like to tell our subscribers about? Contact [email protected]


Tech Briefing

Amazon AWS

AWS Free Tier Services (InsideAWS.com)

Getting Started with AWS (Part 3) (InsideAWS.com)


Configuring Hyper-V hosts using PowerShell (VirtualizationAdmin.com)

Why Choosing a Dedicated Hyper-V Backup Product is a perfect choice (Part 2) (VirtualizationAdmin.com)

System Center

System Center Virtual Machine Manager for Beginners (Part 7) (VirtualizationAdmin.com)

Step-By-Step: Building A System Center Virtual Machine Manager Lab Part 1 (CanITPro)

Windows client

Step-By-Step: Windows 10 Start Menu Customization via PowerShell (CanITPro)

Windows 10 - Privacy and Security Features at a Glance (Part 2) (WindowSecurity.com)

Windows Server

Video: Configuring, Verifying, and Removing Active Directory Delegations (Part 2) (WindowSecurity.com)

Step-By-Step: Migrating a 2003 file server with Microsoft File Server Migration Toolkit (CanITPro)

Recommended TechGenix Articles

Controlling Network Traffic Distribution with Microsoft Azure Traffic Manager

Getting Started with AWS (Part 4)

Taking Control of VM Sprawl (Part 1)

Learning from 2014 Threats to Better Equip Enterprise for the Security Challenges of 2015

Azure Networking and Security (Part 1)

Windows Server News

Hammering out a cloud security action plan

Application and data security is imperative in the cloud. As a result, IT must come up with a cloud security strategy that outlines specific compliance policies for the rest of the organization to follow to lessen these security concerns. Learn how to devise such a cloud security strategy for your governance needs today.

Should you virtualize high performance computers?

Recent findings have shown that virtualization is a viable option for today's high performance computers as it increases utilization and lessens costs, but many organizations today have resisted this strategy. So, should you virtualize your high performance computers? Find out the pros and cons today.

Six considerations for free application virtualization software

While free application virtualization software may sound like the perfect solution at first, it can come with unforeseen complications – and without some of the features you might really need.  So, before you choose a product, here are the six important questions you need to ask yourself first to ensure you pick the right free application virtualization software for your enterprise.

Options abound for running Windows on Mac machines

The best way to run Windows on your Mac OS device depends on what is most important to you. Are you looking for open source support? Performance? Centralized management?  Check out your options for running Windows on Mac machines today in this exclusive tip.

WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff

GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at [email protected]

Do Not Believe Everything You See On Video Or Film

Here is why you should not believe everything you see on video or film:

Instant WiFi For The Internet Baby

MTS, a mobile telecom provider in India, launched this commercial, featuring a baby that does not want to be born, unless God makes sure his future family has Wi-Fi:

Stadium Webcam Surprise Visitor

A curious raven gets his 15 seconds of fame when he stops by the National Hockey League Stadium in Santa Clara, California:

How To Remove Wrinkles Without An Iron

Just because something's wrinkled doesn't mean you have to take out the ironing board:

WServerNews - Product of the Week

Deep Packet Inspection for Quality of Experience Monitoring

Read this whitepaper to get a detailed description of packet analysis techniques to measure high network response times, network delay, server processing times, client processing time, traffic distribution, and overall quality of experience.

Download Now>>



WServerNews - Editors

Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit and has been author or series editor for almost fifty books mostly published by Microsoft Press. Mitch is also a ten-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com.

Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also manages research and marketing for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.