Vol. 19, #38 - September 22, 2014 - Issue #998


Shadow IT Revisited

  1. Editor's Corner
    • Shadow IT revisited
    • Tip of the Week - Passwords that never expire
    • Recommended for Learning
    • Microsoft Virtual Academy
    • Quote of the Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. Events Calendar
    • Americas
    • Europe
    • Asia Pacific
  4. Webcast Calendar
    • Register for Webcasts
  5. Tech Briefing
    • Cloud Computing
    • Microsoft Azure
    • Windows Server
    • Windows client
  6. Recommended TechGenix Articles
    • Recommended articles from websites in TechGenix Network
  7. Windows Server News
    • Botnets creating security bugaboos for cloud users
    • Three ways to use GPUs to improve VDI
    • Defining user roles in your private cloud
    • VMware's network virtualization certification track made official
  8. WServerNews FAVE Links
    • Amazing Dominoes In A French Supermarket
    • A Brave Woman Teases Wild Cheetahs
    • Anything Is Possible With Teamwork
    • Girl On A Motorcycle Against Littering
  9. WServerNews - Product of the Week
    • Customer Webcast: AIG Pioneers User-Centric Security Strategy


Customer Webcast: AIG Pioneers User-Centric Security Strategy

AIG stands out as one of the world’s largest insurance organization with over 88 million customer and 64,000 employees worldwide. AIG Israel, a fully owned subsidiary, supports the company’s intense focus on building the most secure systems possible. AIG Israel is leading the way when it comes to adapting its security needs to modern expectations of keeping their sensitive information, customer data and systems safe. Sign-up for this webinar on September 23 at 11am with Sir Hoffman, an Infrastructure Architect, to learn how AIG Israel utilizes User Activity Monitoring to monitor privileged users with access to sensitive servers as well as meet compliance requirements.

Register now for the ObserveIT Customer Webcast!


Editor's Corner

This week's newsletter returns to the subject of "shadow IT" which we covered previously in Issue #995, Beneath the Shadow of the Cloud. We welcome Tony Gore, an independent consultant based in the UK, who has contributed this week's guest editorial.

You may recall that the phrase "shadow IT" refers to when an employee or department secretly uses cloud services without first getting permission from management to do so. Those who do such things in effect are hiding in the shadows so they can't get caught by management. Of course, as this Dilbert comic strip illustrates, employees often wish they could become invisible to hide from their bosses:


And now on to our guest editorial by Tony Gore...

Shadow IT revisited

Shadow IT has many more problems than just security, especially for small companies. Take, for example, OneDrive (the consumer version, which is subtly different to OneDrive for Business), Dropbox and Google Drive. In their bid to gain customers, you will find that when the client software is installed on phones, it offers to save your photos to their cloud storage. This sounds good until you realize that when someone sits down in the office and connects their PC/laptop/tablet that is also connected to those accounts, a number of hidden potential problems arise:

  1. New content is synchronized. That may sound OK, but when 10 people switch their PCs on at roughly the same time on Monday morning with each having taken 200 MB of photos over the weekend, there is an immediate attempt to synchronize 2 GB downloaded. This is much worse if there are any devices that have new content to upload for any offices using any form of asymmetric connection (where upload is typically 10% of download speeds). This is not far off from a DoS attack at the start of the day.
  2. All these "cloud" storage services also provide decent performance by caching locally. This is probably not a problem if your PCs use traditional spinning hard drives, but if for power and performance you have moved to SSDs, then you have probably sized for Windows with the assumption that storage is on a server or in the cloud. That 128 GB SSD soon fills up if there is 10 GB of locally cached emails and 20-50 GB of cached photos. (Office 365 which includes OneDrive for Business allows 50 GB if email with cached Exchange mode if you use Outlook, and 1 TB of OneDrive cloud storage for each user, and this is before you start sharing OneDrive storage). Of course, you can manually configure the OneDrive storage to be on another disk, but there is a catch as we'll see next.
  3. This is all OK until you have a problem. There are tools to repair your cloud storage when it fails to synchronize. What do you think these tools do? They (a) backup the cached content you have to be on the safe side (a lot more of that SSD bites the dust) and then (b) download all the "cloud" content to ensure that you have a correct copy, checking for any differences with the local backup (a lot of your bandwidth temporarily bites the dust). Has anyone spotted another snag here? Well, if the content has been put on another drive, things go wrong, and the user then does a repair on the installation, the client software might reset itself to the default storage location, which of course does not have any of the content on it, so the entire "cloud" content is re-downloaded.

Now things might not be quite as bad as this IFF (IF and only iF) you know what you are doing. OneDrive for instance has some settings where you can check which folders it synchronizes so you can stop OneDrive from copying all your pictures that your phone automatically uploaded to the cloud by unchecking those folders. But how many normal users know this or how to do it?

And there is another nice little trap for system administrators. All those synchronized photos from phones that end up on the office machines are OK if they are photos of innocent things like flowers and trees, but the photos of the baby in the bath, not to mention some other photos that people might take, how should I put it...should really remain private? And what if you have an interest in bridges or buildings? A few years ago in the UK people were being flagged as potential terrorists for taking photos like that.

While on the phones and the office PCs such photos are effectively behind closed doors. But in between, they are sitting in the cloud, and some clouds are more public than others and may well have image crawlers working their way through them, not necessarily to publish but rather to check content. And if the authorities take an interest in these photos, how long before they turn up at the office to take a look at what else their might be on the office computers?

I have ignored here all the easy ways in which data might leak out since people expect that to be a risk. It is the way in which simple things can expose you to problems that you might not have thought of that we're exploring here.

Don't get me wrong however, cloud storage and synchronized content are very useful tools, and I have slowly been using them more and more over the last two years, looking to see what the strengths and weaknesses are. But that is how I have come across some of these hidden gotchas.

For me, the greatest benefit has been from using OneNote with notebooks stored in the cloud (they can also be stored locally or on local servers). I have one very specific use for this: I often have to take meeting minutes whilst travelling. Breakdown and theft of my laptop is a high risk because the meeting cannot be reconvened. Not only would loss of this material have security implications, but at the very least it could result in me not fulfilling a contract and not getting paid, and I might have significant travel expenses as well as days of time at risk. So I take my notes directly into OneNote and if at all possible with an Internet connection so it is continually synchronized to the cloud. Before leaving the meeting, I then check it in OneNote on my phone. If it is there, I know it has been replicated through the cloud and back down to my phone. And yes, all my devices can be tracked in case of loss/theft and remotely wiped by a number of different methods. While this still poses some risk, we should remember that you cannot remotely wipe notes written down on paper, so let us keep things in perspective.

In conclusion, shadow IT brings both new risks and new benefits, and at the end of the day we all need to make the best we can of the benefits while minimizing the risks. This poses challenges for IT administration, but the IT world has never stood still, and if many of us are honest, it is this challenge that gets us out of bed in the morning most of the time.

About Tony Gore

Tony Gore is an independent consultant, with a range of expertise from IT support to small businesses to managing EU funded R&D projects such as ARM based cloud servers and high speed real time networking. He is also a founder of Risk Reasoning which provides collaborative risk assessment and risk management tools. For more information, see here:


Send us feedback

Do you store your OneNote notebooks in the cloud? Does your IT department know about this or even care? How do you balance between total IT lockdown and the freedom to use public cloud services in your company? Do you have a policy in place? Is it working? Share your stories with us at [email protected]

Tip of the Week - Passwords that never expire

This week's tip is by Roan Daley, a Premier Field Engineer at Microsoft.

Finding Active Directory objects that have Password Never Expires

As an Active Directory PFE, one of the issues I typically address with administrators is to identify objects (computers or users) that have Password Never Expires. From security perspective, this is considered a risk. For most environments, the easiest way to do this is to use the DS query command:

For Users:

dsquery * domainroot -filter "(&(objectClass=user)(UserAccountControl:1.2.840.113556.1.4.803:=65536))" -attr sAMAccountName userPrincipalName userAccountControl -d contoso.com

For Computers:

dsquery * domainroot -filter "(&(objectClass=computer)(UserAccountControl:1.2.840.113556.1.4.803:=65536))" -attr cn userAccountControl -d contoso.com

For Window 2008 R2 and above this is even easier with the advent of the Active Directory PowerShell Modules:

For Users:

Search-ADAccount -PasswordNeverExpires | FT Name,ObjectClass -A

For Computers:

Search-ADAccount –PasswordNeverExpires - ComputersOnly | FT Name,ObjectClass –A

Hope these tips help with keeping you AD Clean!

About Roan Daley

Roan Daley is an Active Directory Premier Field Engineer (PFE) working at Microsoft.

GOT TIPS you'd like to share with other readers? Email us at [email protected]

Recommended for Learning

This week we have some newly released books about various aspects of cloud computing:

Cloud Computing and ROI: A New Framework for IT Strategy

Service Orchestration as Organization: Building Multi-Tenant Service Applications in the Cloud

Service-Oriented and Cloud Computing: Third European Conference, ESOCC 2014, Manchester, UK, September 2-4, 2014, Proceedings

Cloud Computing and Electronic Discovery

The Practice of Cloud System Administration: Designing and Operating Large Distributed Systems, Volume 2

Cloud Computing using Windows Azure for Beginners

Microsoft Virtual Academy

Check out these on-demand webcasts from the Microsoft Virtual Academy:

On-demand:  The Modern Web Platform Jump Start

Developers, get a fast-paced primer on the latest capabilities and features available in HTML, CSS, and JavaScript, in this recorded version of a recent MVA live event. You'll discover the basics you need to create websites, web apps, and even native Windows Apps.  Watch here:

On-demand:  VMware to Hyper-V Migration

Are you interested in the benefits of Microsoft virtualization with Windows Server 2012 R2 and System Center 2012 R2, and how they compare to VMware virtualization with vCenter 5.5? Watch Microsoft's Matt McSpirit, as he provides an overview of several solutions that can convert VMware virtual machines to Hyper-V (or Microsoft Azure) virtual machines.  Watch here:

Quote of the Week

"There is surely nothing quite so useless as doing with great efficiency what should not be done at all." --Peter Drucker

Until next week,
Mitch Tulloch

Note to subscribers: If for some reason you don’t receive your weekly issue of this newsletter, please notify us at [email protected] and we’ll try to troubleshoot things from our end.

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

AIG Pioneers User-Centric Security Strategy - Join AIG’s Snir Hoffman and ObserveIT for a webinar on Sept. 23 at 11am to learn how AIG Israel, utilizes user activity monitoring to monitor privileged users with access to sensitive servers.

Total Network Inventory 3 now features comprehensive license management.

Free tool for real-time Hyper-V performance monitoring - Veeam Task Manager for Hyper-V provides live performance monitoring metrics for CPU and memory for both host and guest VMs. Get it for free.

SolarWinds VM Monitor is a free desktop tool that continuously monitors a VMware or Microsoft Hyper-V host and associated virtual machines in real time. Download your free tool today.

Splunk is a general-purpose analytics tool. In this post, you'll learn how to leverage Splunk for analyzing system logs.

Events Calendar


Microsoft SQL Server PASS Summit 2014 on November 4-7, 2014 in Seattle, Washington, USA

Convergence 2014 on March 16-19 in Atlanta, Georgia, USA

Microsoft will be hosting an inaugural, unified Microsoft commercial technology conference the week of May 4, 2015 in Chicago, Illinois, USA


TechEd Europe on October 27-31, 2014 in Barcelona, Spain

Convergence 2014 Europe on November 4-6, 2014 in Barcelona, Spain

Asia Pacific

TechEd New Zealand on September 9-12, 2014 in Auckland, New Zealand

Add your event

PLANNING A CONFERENCE OR OTHER EVENT you'd like to tell our 95,000 subscribers about? Contact [email protected]


Webcast Calendar

Register for Webcasts

Add your Webcast

PLANNING A WEBCAST you'd like to tell our subscribers about? Contact [email protected]


Tech Briefing

Cloud computing

VMware Launches Second UK Data Center for Cloud Services (Data Center Knowledge)

Is utilizing a single cloud service provider safe? (CloudComputingAdmin.com)

Microsoft Azure

ExpressRoute: An overview (Azure Blog)

Backup Windows Server 2012 R2 with Microsoft Azure Recovery Services (CloudComputingAdmin.com)


Windows Server

TSconfig Removed from Windows Server 2012 R2 Remote Desktop Services (Andrew Seeliger's Blog)

Four ways to search for Group Policy settings (4sysops)


Windows client

Share WiFi in Windows 8.1 (4sysops)

Creating a Portable Windows 8 Environment with Windows To Go (Microsoft Download Center)

Recommended TechGenix Articles

Azure Virtual Networks and Cloud Services (Part 2): Defining a Cloud Service
Windows Server 2012 R2 Deduplication
PowerShell Essentials (Part 2)
E-mail Forensics in a Corporate Exchange Environment (Part 3)
Cisco Application Centric Infrastructure Overview


Windows Server News

Botnets creating security bugaboos for cloud users

Lots of cloud users are unaware of botnets, and many of those who have heard the term don't actually know what a botnet really is. As such, they are inadvertently allowing for opportunities for botnet cloud attacks – and thus becoming cyber attackers themselves. Educate yourself on the risks and behaviors of botnets, and minimize the risk of them striking through your systems.

Three ways to use GPUs to improve VDI

Providing adequate performance on virtual desktops while delivering demanding applications can be extremely challenging – fortunately, graphic processing units can help.  Learn about the three different ways GPUs can improve your VDI; GPU sharing, GPU pass-through, and vGPUs, and learn which one aligns best with your applications, users, budget, and your VDI needs.

Defining user roles in your private cloud

With the enormous and recent spread of the private and public cloud, organizations have been forced to rethink their administrative models and balance user demands and security, so they've turned to the System Center Virtual Machine Manager.  Learn how to use SCVMM to define private cloud user roles and how it can help you prevent unwanted changes.

VMware's network virtualization certification track made official

VMware recently introduced its new network virtualization certification track, which is tied to the NSX platform, but is very different than other previous tracks. Learn about the track's three certification levels and find out what makes this particular certification track so unique from other VMware Certified Professional certifications.

WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff

GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at [email protected]


Amazing Dominoes In A French Supermarket

Amazing things happen when store employees have nothing to do at night at the Cora Supermarket in Rennes, France:

A Brave Woman Teases Wild Cheetahs

Marlice Van Der Merwen teases wild cheetahs in the grassland of Namibia:

Anything Is Possible With Teamwork

Ants form a 'daisy chain' to haul dinner back to their home:

Girl On A Motorcycle Against Littering

This Russian girl decided to do something about littering and give it back to those who left it behind:

WServerNews - Product of the Week

Customer Webcast: AIG Pioneers User-Centric Security Strategy

AIG stands out as one of the world’s largest insurance organization with over 88 million customer and 64,000 employees worldwide. AIG Israel, a fully owned subsidiary, supports the company’s intense focus on building the most secure systems possible. AIG Israel is leading the way when it comes to adapting its security needs to modern expectations of keeping their sensitive information, customer data and systems safe. Sign-up for this webinar on September 23 at 11am with Sir Hoffman, an Infrastructure Architect, to learn how AIG Israel utilizes User Activity Monitoring to monitor privileged users with access to sensitive servers as well as meet compliance requirements.

Register now for the ObserveIT Customer Webcast!


WServerNews - Editors

Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit and has been author or series editor for almost fifty books mostly published by Microsoft Press. Mitch is also a ten-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com.

Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also manages research and marketing for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.