Vol. 21, #26 - June 27, 2016 - Issue #1086


Remote management security and more

  1. Editor's Corner
    • From the Mailbag
    • Possible security concerns with Intel AMT
    • Warning about MS16-072
    • HP laptop battery concerns
    • SharePoint app for iOS is now available
    • Send us your feedback
    • Recommended for Learning
    • Microsoft Virtual Academy
    • Quote of the Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. This Week's Tips
    • Azure - How to run Windows 10 in Azure
    • OpsMgr - Top support solutions
    • Hyper-V - Quick live storage migration
  4. Events Calendar
    • North America
    • Add Your Event
  5. Tech Briefing
    • Enterprise IT
    • Exchange Server
    • Networking
    • PowerShell
    • Windows 10
  6. Recommended TechGenix Articles
    • Recommended articles from websites in TechGenix Network
  7. Other Articles of Interest
    • Getting a grip on Azure Resource Manager and templates
    • Avoid network traffic jams with Hyper-V Port Mirroring
    • VMware Integrated OpenStack 2.5 brings a bevy of new features
    • Comparing Citrix Workspace Cloud to XenApp and XenDesktop
  8. WServerNews FAVE Links
    • Who Says Women Can't Park?
    • Trunk Monkey Theft Retrieval System
    • Amazing Teamwork By Raccoon Family To Climb Over A Wall
    • Mat Franco Returns With New Magic Trick
  9. WServerNews - Product of the Week
    • Deep Packet Inspection for Quality of Experience Monitoring

 

 

Editor's Corner

This week's newsletter kicks off with an article that made us pause for thought when we read it. The article digs into Intel's Active Management Technology (AMT) firmware and asks whether the underlying hardware that supports this useful remote management technology could become a vector for attackers to compromise Intel-based systems. We will also take a look at some other interesting news that busy IT professionals need to know about, plus we have the usual tips, tools and other stuff to keep you informed and entertained.
In the world of IT having one of your systems get compromised is usually a disaster. In the world of personal relationships however, compromise is often a fact life as this Dilbert comic illustrates:

http://www.wservernews.com/go/0f9sofdn/

Ask Our Readers: WServerNews has almost 100,000 subscribers worldwide. That's a lot of expertise to tap into. Do you need help with some issue or need advice on something IT-related? Got a question you'd like us to toss out to our readers to try and answer? Email us at [email protected]

From the Mailbag

Last week in Issue #1085 Ad blocking for businesses  we asked our readers what technology or solution they use to block online ads in their office and corporate environments. We've received a bunch of helpful recommendations from you on this topic but they're still trickling in so we'll collect some of the best and publish them in next week's issue of WServerNews. Meanwhile let's look at some other interesting stuff starting with what some consider a possible security issue associated with chipsets running Intel AMT...

Possible security concerns with Intel AMT

Intel AMT is a powerful proprietary remote management technology included with systems that have Intel CPUs on their motherboards that were produced in the last seven or eight years. The technology uses hardware-based out-of-band management built into the chipset itself that lets you perform remote troubleshooting and recovery of systems experiencing problems. Management software can even use this technology to discover and audit assets on your network when those assets are powered off. For more information on Intel AMT you can read this page on Intel's website:

http://www.wservernews.com/go/e55z2pln/

This Wikipedia article also gives a good overview of the technology:

http://www.wservernews.com/go/hwwaojk2/


All this is good and fine, but then last week a colleague pointed me to the following article by Damien Zammit on BoingBoing:

Intel x86s hide another CPU that can take over your machine (you can't audit it)

http://www.wservernews.com/go/h6fnqai3/

Damien's article starts off with the following arresting paragraph:

"Recent Intel x86 processors implement a secret, powerful control mechanism that runs on a separate chip that no one is allowed to audit or examine. When these are eventually compromised, they'll expose all affected systems to nearly unkillable, undetectable rootkit attacks. I've made it my mission to open up this system and make free, open replacements, before it's too late."

The key issue as I understand it from Damien's article is that anyone who obtains (or is provided with) the key Intel uses to sign the firmware supporting this technology will automatically have full access to remotely auditing and managing your computers. In other words, he seems to assert that this technology provides a backdoor to any computers you have that have Intel CPUs. Of course we have to assume that Intel must be taking appropriate steps to safeguard their firmware encryption keys, but...

Anyways, I recommend that administrators who use Intel AMT for remote management (or who simply have systems that support Intel AMT even if they don't actually use the technology) read the entirety of Damien's article and let me know what you think about Damien's concerns with this technology by emailing me at [email protected]

And if you want YMR (yet more reading) on this subject you might want to take a look at the following:

The Trouble With Intel's Management Engine (Hackaday)

http://www.wservernews.com/go/6fflfnz9/

"Active Management Technology": The obscure remote control in some Intel hardware (Free Software Foundation)

http://www.wservernews.com/go/dl6ql60t/

And in case you thought you could avoid this problem by using AMD CPUs instead, read this on GNU Libreboot:

http://www.wservernews.com/go/e8ck4z5q/

So the only way of avoiding this as a potential security problem may be to either keep using ten-year old x86 hardware, avoid using any x86 hardware, or using ARM systems.
Or you could unplug your PC when you don't need to remotely manage it because simply flipping the power switch to Off doesn't cut off power to the chipset used for providing remote management capabilities.
Ugh. Am I getting paranoid here? Email your thoughts to me at [email protected]

Warning about MS16-072

Our friend and colleague Jeremy Moskowitz, Group Policy MVP and Founder of PolicyPak Software has pointed us to the following article on his site GPAnswers.com that alerts Active Directory and Group Policy administrators to a potential problem involving MS16-072, a patch that was recently released on June 16th:

Never a dull moment with Group Policy (or what to do about MS16-072)

http://www.wservernews.com/go/3quewlnf/

If any of our readers have further insights concerning this patch, feel free to email us at [email protected]

HP laptop battery concerns

HP has announced a recall of batteries for some of their laptops made between March 2013 and August 2015:

http://www.wservernews.com/go/3z0cwlma/

There's a button on that page that's labeled Download Utility which lets you download an EXE you can run on your HP laptop to see whether yours is one of the affected machines. I tried this just now on the 17 inch HP Envy Notebook I recently bought that had Windows 8.1 preinstalled and which I successfully (but tediously) upgraded to Windows 10 (see Issue #1049 3 am tech support for the full story on that upgrade).

SharePoint app for iOS is now available

Microsoft has just released their promised SharePoint app for the Apple iOS platform. Read more about it here:

http://www.wservernews.com/go/zhdwlgmx/

Similar UMP and Android apps are promised for later this year. It's interesting that Microsoft seems to be prioritizing iOS over UMP (Universal Windows Platform) apps, but maybe that's not surprising considering how the Windows Mobile platform has been tanking lately.
BTW if you hear of any similar alerts or recalls that you feel our readership might be interested in being notified about, feel free to email us the info at [email protected]

Send us your feedback

Got feedback about anything in this issue of WServerNews? Email us at [email protected]

Recommended for Learning

Migrating, Managing and More: Real IT Pros. Real Advice
This e-book is based on a joint study by IDG and Microsoft, looking at the experience of IT pros who have already moved enterprise business apps to the cloud. It is designed to help you improve business performance and position for the future. To download and read this ebook, register here:

http://www.wservernews.com/go/j4500c1p/

Microsoft Virtual Academy

Power Tools for Windows 10
Watch this course as award-winning journalist and Windows Expert Ed Bott, along with Microsoft Technical Evangelist Jennelle Crothers, dives into Windows 10, covering tips, shortcuts, and top utilities. In the seven modules, you'll get advice and hands-on training on Windows 10 tools that can help you work faster and smarter, including File Explorer, Event Viewer, Task Manager, and more.

http://www.wservernews.com/go/ma9ud9f1/

 Quote of the Week

"The impact of big projects can sometimes be short-lived. I think it's more powerful to do small things consistently."

--Atsuo Otsuka, founder of web design and branding company Owan which is based in the Togoshi neighborhood of Tokyo


Until next week,
Mitch Tulloch

Note to subscribers: If for some reason you don't receive your weekly issue of this newsletter, please notify us at [email protected] and we'll try to troubleshoot things from our end.

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

GOT ADMIN TOOLS or other software/hardware you'd like to recommend? Email us at [email protected]

Get your DRaaS basics with Veeam and For Dummies. The book aims to teach you about DR best practices, DRaaS implementation tips and several key benefits of DRaaS that your business can take advantage of.

http://www.wservernews.com/go/2gl74yu4/

Seq is the fastest way for development teams to carry the benefits of  structured logging from development through to production:

http://www.wservernews.com/go/4b40uoml/

IIS Crypto is a free tool that gives administrators the ability to enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows Server 2003, 2008 and 2012:

http://www.wservernews.com/go/htazol4y/

http://www.wservernews.com/go/op3ikchr/

This Week's Tips

GOT TIPS you'd like to share with other readers? Email us at [email protected]

Azure - How to run Windows 10 in Azure

The following ZDNet article by Mary Jo Foley describes how Microsoft and Citrix are planning on allowing organizations to run Windows 10 Enterprise for their users in the cloud on Microsoft Azure:

http://www.wservernews.com/go/eage371r/

Organizations looking for new ways of deploying and managing client OS infrastructures may want to hold off on their deployment plans until more details concerning this solution become available from Citrix and Microsoft.

OpsMgr - Top support solutions

Richard Hay has a slide show on Windows Supersite that shows how you can set up and use DropBox on Windows 10 instead of the less friendly (in my opinion) OneDrive cloud storage that comes by default when you use your Microsoft Account to log onto your Windows 10 machine:

http://www.wservernews.com/go/nxw5eff2/

Hyper-V - Quick live storage migration

Windows ITpro has a useful article on how to perform a quick live storage migration of all your virtual machines to another location:

http://www.wservernews.com/go/ltrbf2b9/

Events Calendar

North America

2016 Microsoft Worldwide Partner Conference on July 10-14, 2016 in Toronto Canada

http://www.wservernews.com/go/s1hv2esa/

Ignite on September 26-30, 2016 in Atlanta USA

http://www.wservernews.com/go/3u3k3at3/

Add Your Event

PLANNING A CONFERENCE OR OTHER EVENT you'd like to tell our 100,000 subscribers about? Contact [email protected]

Tech Briefing

Enterprise IT

Deploying Azure Stack Technical Preview 1 Proof of Concept (Part 1) (VirtualizationAdmin.com)

http://www.wservernews.com/go/nu07xlfg/

Interview: Maintaining Legacy Software (Part 2) (WindowsNetworking.com)

http://www.wservernews.com/go/h35rrvsa/

Exchange Server

Microsoft FindTime (Part 2) (MSExchange.org)

http://www.wservernews.com/go/udw2es3r/

Using the Office 365 Hybrid Configuration Wizard (Part 3) (MSExchange.org)

http://www.wservernews.com/go/2z58ujvw/

Networking

Troubleshooting Wi-Fi Issues (WindowsNetworking.com)

http://www.wservernews.com/go/i0ykv2ab/

Product Review: SolarWinds Network Performance Monitor Version 12.0 (WindowsNetworking.com)

http://www.wservernews.com/go/148l6eu6/

PowerShell

Taking Control of VM Sprawl (Part 17) (VirtualizationAdmin.com)

http://www.wservernews.com/go/388tlfpn/

PowerShell for Storage and File System Management (Part 12) (WindowsNetworking.com)

http://www.wservernews.com/go/apaepncl/

Windows 10

Tracking Windows 10 Release Information (Windows ITPro)

http://www.wservernews.com/go/qd7msaym/

ICYMI: Windows 10 Servicing with Language Packs Using SCCM (current branch) (myITforum)

http://www.wservernews.com/go/e9u192r4/

Recommended TechGenix Articles

Using PowerShell to create Azure NSGs

http://www.wservernews.com/go/vmgyymgd/

Email Security with Digital Certificates (Part 3)

http://www.wservernews.com/go/8kbwnrow/

Trend Micro InterScan Messaging Security Suite - Voted WindowSecurity.com Readers' Choice Award Winner - Email Anti Virus

http://www.wservernews.com/go/40rimvyz/

Citrix XenApp - Voted VirtualizationAdmin.com Readers' Choice Award Winner - Application Servers

http://www.wservernews.com/go/v52s0bz2/

Other Articles of Interest

Getting a grip on Azure Resource Manager and templates

Azure Resource Manager, the primary tool for service and application management in Azure is one of the most critical tools for IT pros to design, configure and deploy multi-tier applications that use multiple cloud services. Discover how you can make the most out of this tool with this tip from our editors.

http://www.wservernews.com/go/w7icqnsm/

Avoid network traffic jams with Hyper-V Port Mirroring

Worried about network performance in your multilayered virtual networking architecture? Microsoft is making network traffic monitoring easier with Hyper-V Port Mirroring. Find out how you can configure Hyper-V Port mirroring as well as specific scenarios in which it can be useful.

http://www.wservernews.com/go/4iimkiei/

VMware Integrated OpenStack 2.5 brings a bevy of new features

The next version of OpenStack is here: OpenStack 2.5. Find out the array of new features it brings—such as granular support and a focus on automation— in this overview of the changes expected in its release.

http://www.wservernews.com/go/49ef7qs7/

Comparing Citrix Workspace Cloud to XenApp and XenDesktop

"Citrix Workspace Cloud offers much more than XenApp and XenDesktop alone, but just because it's a newer product doesn't mean it's a better fit than the platforms organizations already have in place." Discover in-depth how Citrix Workspace Cloud compares to XenApp and XenDesktop in this exclusive tip from our editors.

http://www.wservernews.com/go/omvorckb/

WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff

GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at [email protected]

Who Says Women Can't Park?

To all those who say women can't park, here is your answer...

http://www.wservernews.com/go/j4sko1zj/

Trunk Monkey Theft Retrieval System

A funny ad about the latest innovation in car security by the Suburban Auto Group of Sandy, Oregon:

http://www.wservernews.com/go/73c5qq2c/

Amazing Teamwork By Raccoon Family To Climb Over A Wall

Mother raccoon and her two babies must scale a wall. Baby raccoon holds onto mommy's tail while mother hangs down to pick up the little one:

http://www.wservernews.com/go/1xtqhg5y/

Mat Franco Returns With New Magic Trick

The winner of the ninth season of America’s Got Talent returns for a magical performance at Radio City Music Hall and receives a standing ovation:

http://www.wservernews.com/go/2k3itaae/

WServerNews - Product of the Week

 

WServerNews - Editors

Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit and has been author or series editor for almost fifty books mostly published by Microsoft Press. Mitch is also a ten-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com.

Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also manages research and marketing for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.