Vol. 23, #3 - January 22, 2018 - Issue #1165

WServerNews: Protecting Active Directory from ransomware with Azure Backup

Free Tool for Monitoring Exchange Server Status & Performance 


SolarWinds® Exchange Monitor is a free tool that allows users to monitor Microsoft® Exchange™ Server 2013 and 2016. Get basic information about the server’s metrics, services, and database availability group (DAG) status. Add as many Exchange Servers as you wish. Simply click the “Add Server” button and fill IP address/domain name and credentials.

Download Free Tool

Editor's Corner

This week's newsletter is all about how organizations can utilize Azure Backup to protect their Active Directory database from ransomware attacks. To help us understand this I've asked Saurabh Sensharma, a Program Manager on the Microsoft Azure Backup product engineering team, to contribute this week's guest editorial. We also have lots of tips, tools, links, and fun stuff as usual--enjoy!

Ransoms are usually associated with kidnapping, and kidnapping is one of the main strategies of pirates (ahar!). Let's see how Dogbert leverages this approach for corporate success:




Ask Our Readers 

WServerNews now has over 400,000 subscribers worldwide! That's a lot of expertise to tap into. Do you need help with some issue or need advice on something IT-related? Got a question you'd like us to toss out to our readers to try and answer? Email us at [email protected]

And now on to the main topic of this week's newsletter…

Protecting Active Directory from ransomware with Azure Backup

The Active Directory (AD) database is the most critical database in the Windows IT infrastructure of every organization and is at the core of providing authenticated access to various network assets in any company. Domain controller (DC) servers provide physical storage for the AD database and therefore become the most critical servers of an organization.

Given Active Directory's crucial role in providing organizational identity management capabilities, it is also the most sought-after target for malicious attackers & ransomware. Once an attacker has admin access to one or more DCs, they can corrupt or even delete the AD-database triggering an organization-wide compromise of computing systems via AD replication. Therefore, backup admins need to be extra careful about safeguarding DCs from not only from accidental deletion or natural disasters but more importantly, ransomware. Microsoft Information Security and Risk Management (ISRM) prescribes some especially useful recommendations to secure your domain controllers against attack:


One of the key defense strategies that DC backup-admins must exercise is to "assume breach" and plan "recovering" from a compromise. In the probable event that your AD is compromised, recovery entails either reversing every adversarial change an attacker makes to the AD Database or just recovering from a "good" backup. A solid AD-backup & restore strategy is therefore critical in reducing costs related to AD-attack recovery.

What is a solid backup & restore strategy for AD?

Backing up the "System State" of two or more domain controllers in a domain-forest using a certified, AD-compatible backup application such as Windows Server Backup ensures the supported method of restoring an AD-environment to a healthy-state. System state contains the AD database, log files, the windows registry and the SYSVOL folder, which are critical in defining and maintaining the state of AD. The system state backup strategy holds good even for virtualized DCs, when implemented in-guest. Recovering AD from a VM-snapshot is not recommended or supported due USN-bubbles that can lead to incorrect passwords, lingering objects and a domain controller that doesn't converge with other domain controllers in the environment. While VMs on Windows Server 2012 and above alleviate USN-bubble issues by supporting the VM-Generation ID, VM snapshot-based AD restore is still not a replacement for System State backups and the AD DS Recycle bin. That's because after restoration from the snapshot, any un-replicated changes that originated from the VM after the snapshot, are permanently lost. A good System State backup is therefore the only fully-supported way to restore physical or virtual domain controllers.

But is that good enough?

So how does one ensure "good" System State backups? The time-tested Windows Server Backup feature on Windows is the most reliable way to make System State Backups of your domain controller to a locally attached disk or to a network share. However, there is additional infrastructure backup admins need to provision (such as local-disk space) and ensure availability of disks and network shares, both during backup & restore. But there is something more alarming. Attackers are becoming increasingly sophisticated and one of the exploits they are using to gain access to the AD Database (ntds.dit) is through domain controller backups located on-premises. So while you might be backing up your active directory on schedule, your backups might become the entry-point for compromise. That is not much reward for good behavior of backing up your AD regularly.

Not only is there a need to minimize local-backup infrastructure and secure System State backups, but more importantly to isolate or offsite these backups reliably to a robust fault domain that is not linked to your domain controller, so ransomware cannot get to them. The public cloud can come to the rescue here. Backing up AD 'directly' to the public cloud not only satisfies the requirement of creating an isolated fault domain for backups, but with advances in network bandwidth, it also meets recovery time requirements since the average size of the AD Database is about 30GB, which can be restored relatively quickly from the public cloud.

Backup your Domain Controllers' System State to cloud with Azure Backup. 

Azure Backup is a simple, secure, and reliable solution from the very folks that created Windows Server Backup to take the advantage of the Microsoft Cloud and directly backup your domain-controller's system state to Azure and protect from ransomware and disasters:


Secure, Ransomware-protected backups 

Backups stored in Azure are encrypted at rest. Azure Backup employs native AES256 encryption to encrypt your backups right at the source with a key that only you have access to and then sends them 'directly' to Azure via HTTPS secure protocol. More importantly, Azure Backup has built-in protection in the form of Multi-factor Authentication (MFA) to prevent ransomware attacks on backups and an alerting mechanism to notify you in case of any suspicious activity:


Reliable, no-cost recoveries 

Azure Backup leverages the infinite scale of Azure to provide a bottomless, highly-available, and robust offsite backup target. By storing three copies of your data at a minimum, Azure Backup precludes possibilities of backup data loss due to corruption or storage failures, making restores more reliable than ever. Additionally, you can restore your System State backups from Azure without any charges!

Flexible backup and retention policy

Windows Server Backup lacked the capability to specify retention of backups. In addition to providing automated scheduled backups, the Azure Backup enhancement provides a rich experience to specify retention period for daily, weekly & monthly system state backups, and automatically prunes recovery points that reach the retention age.

Central Management at scale

Once a domain-controller is registered with the Azure Backup service, it provides a bird's eye view of the status of all the backups, provides automated alerts for failed backups:


It also generates custom reports using Microsoft Power BI:


There is no need to deploy any agents or provision additional infrastructure to get these management capabilities, which can be used for backing up your AD infrastructure at scale.

Getting Started

Create your 30-day free trial Azure account which fetches you $200 worth of Azure credits:


Follow 3 simple steps in this tutorial to start backing up your domain controller's System State like never before:


Manage backups from servers at scale with central monitoring and reporting:



Get started today and share your experiences and tell us more about enhancements that can help you bolster your Active Directory's protection against ransomware. You can reach out to us on Twitter:


Or on Azure Backup user voice:



About Saurabh Sensharma

Saurabh Sensharma is a Program Manager on the Microsoft Azure Backup product engineering team. He is responsible for Cloud-integrated backup solutions for Hybrid IT environments and integration scenarios for Backup and Disaster Recovery in Azure. Saurabh has worked on enabling several hybrid backup and restore scenarios, including the Restore-as-a-Service based Instant File Recovery approach for Azure Backup. With 7+ years of experience in mobile and cloud technologies, 1 granted and 3 pending patents in security, artificial intelligence and user-experience, Saurabh hopes to redefine what public cloud can be for IT data protection and infrastructure management.


Send us your feedback

Got feedback about anything in this issue of WServerNews? Email us at [email protected]

Recommended for Learning

Want to learn the basics of Word, Excel, or Outlook? Get started here!

The popular course is a thorough Office training created for true beginners who want to learn the basics of working in Word, Excel, and Outlook. Based on the Microsoft Step by Step books, the course starts with the very basics. You get hands-on practice in every module, as the instructors take you through the practical skills you'll need for any job that requires Office fluency for day-to-day tasks. In just six short weeks, with four to six focused hours per week, you can skill up on Office—and you don't have to bring any experience at all to the table. Plus, you can use free trial versions of the software if you don't already have it on your computer. After you've successfully completed the course, you will even be prepared to take the Microsoft Office Specialist (MOS) certification—which looks great on any résumé and proves your new knowledge and skills—if you choose to do so.



Microsoft Virtual Academy

VIDEO: Interview with Jenny Lay-Flurrie, Chief Accessibility Officer, Microsoft

Kaitlin talks with Microsoft's Chief Accessibility Officer, Jenny Lay-Flurrie. They discuss her journey from Birmingham, England working at Energis to relocating to the United States and helping create a culture of change at one of Seattle's most mammoth tech companies. On top of being the CAO, Jenny created and leads the DisAbility Employee Resource Group at Microsoft and also helped start the company's Ability Summit.


Factoid of the Week

Last week's factoid and questionwas this:

For the first time food scientists have managed to produce bacon that does not include nitrites from vegetables or curing agents. Would you actually eat that stuff if it becomes available in your area? Why or why not?

No readers took the bait on that one, maybe nobody likes bacon?

Now let's move on to this week's factoid:

Fact: America is running out of cassette tape. National Audio Co. is the only company in the U.S. that produces cassette tape. Now, as cassette tapes enjoy a resurgence in popularity, National Audio has less than a year's supply left of the stuff.


Question: How many readers still remember using cassette tapes with their personal computers like the TRS-80 or Commodore 64? Got any fond memories or stories to share with us? 

Email your thoughts to me if you have any: [email protected]

Until next week, 

Mitch Tulloch


Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

GOT ADMIN TOOLS or other software/hardware you'd like to recommend? Email us at [email protected]

Cloud physical and workstation technical overview for Veeam agents with enterprise storage capabilities. Read now.


Detailed reports on Office 365 with PROMODAG Reports - Free evaluation version

If native Office 365 reports are not sufficient for you and if you need more details on your email traffic such as the sender, recipient and email subject, try PROMODAG Reports for free now!


MailStore Server is an email archiving solution, catering to the needs of SMBs. It is easy to install and supports most email systems. A free trial is available for download on the vendor's website.


The EDB to PST Converter allows you to save individual items to MSG, EML, RTF, HTML and TXT files:


SysKit Shell is a new solution that allows system admins to run PowerShell Scripts on multiple servers simultaneously:


R-HUB provides you video/web/audio conferencing and remote support server that YOU own and YOU control--forever!


This Week's Tips

Laptop - Turn the screen off without going to sleep (REVISITED)

Several weeks ago I offered the following tip in this newsletter based on my own personal experience, er…fiddling around:

Laptop batteries never give you enough juice to get everything done you need to, or so it's always seemed to me. I've gotten used to closing the lid and putting my laptop to sleep if I'm going to be away from it for more than a couple of minutes, but wouldn't it be nice if I could just kill the display without putting the machine to sleep? 

Well I recently discovered that there's a way to do this and it works with Windows 10. Go to this page on The Windows Club:


and download ScreenOff 2.1, a small standalone utility that does just want you desire. After you've downloaded the zip file, extract it and then drag ScreenOff 2.1.exe onto your taskbar. Now anytime you want to turn off your display just click the icon on your taskbar and voila! To turn your display back on, just press ESC or click your mouse.

I want to add one more thing I've found very useful concerning this tip. If you pin the ScreenOff app to your Windows 10 taskbar and drag it to the rightmost position on the taskbar, then instead of needing to click on the ScreenOff taskbar item to turn your screen off, you can do this with your keyboard by pressing the WinKey + 1 combination. Yay!

I figured this out from reading the following helpful thread on SuperUser:


Amazon - Fixing Inability to Install and Uninstall Apps after Recent Fire Tablet Update

Rod Trent explains on his site myITforum how to fix a problem whereby after a recent update to Amazon's Fire tablets customers have found that when attempting to uninstall apps, the app seemingly will not uninstall and the icon grays out but never disappears.


PowerShell - Ensuring HTTP Strict Transport Security (HSTS) Compliance without System Modification

Michael Hansen explains that White House OMB memorandum M-15-13 now requires that federal agencies make all existing websites and services accessible through a secure connection (HTTPS-only, with HTTP Strict Transport Security, HSTS) and explains that simply closing off port 80 on relevant sites to make sure all traffic goes to port 443 is insufficient to ensure compliance. Michael then explains how to use PowerShell automation and Azure services to bring a website or service into compliance without making any modifications to the system itself:


Events Calendar

Microsoft Tech Summit on January 24-25, 2018 in Birmingham, UK


Microsoft Tech Summit on March 5-6, 2018 in Washington, D.C. USA


Microsoft Tech Summit on March 14-15, 2018 in Paris, France


Microsoft Tech Summit on March 19-20, 2018 in San Francisco, California USA


Microsoft Tech Summit on March 28-29, 2018 in Amsterdam, Netherlands


Microsoft Ignite 2018 on September 24-28, 2018 in Orlando, Florida USA


Add Your Event

PLANNING A CONFERENCE OR OTHER EVENT you'd like to tell our 100,000 subscribers about? Contact [email protected]

New on TechGenix.com

Top disaster recovery services for businesses of every size

Businesses of all sizes need to be prepared for the worst. These disaster recovery services can get you up-and-running after a major catastrophe.


What 2017's IT conferences taught me about time management

For many IT pros, each year is defined by the seemingly endless chain of IT conferences they attend. Here's how to stay sharp and productive on the road.


PowerShell errors: Dealing with 'term is not recognized as the name of a cmdlet'

PowerShell can be wonderful — but PowerShell errors can be frustrating. Knowing how to avoid "term not recognized" errors will make your PowerShell experience a lot less trying.


Don't be a victim: Beware these critical enterprise cybersecurity risks

Cyberattacks pose a massive threat for every enterprise. These cybersecurity risks deserve your undivided attention and constant vigilance.


Preparing for Azure Directory synchronization

Azure Directory synchronization involves a little bit of planning, but this article gives you a road map to get to your destination.



Tech Briefing - Education and training

Virtual Machine Optimization Assessment Tool - Cloud Recipes

From Azure in Education


Cloud Computing & Skills for a Digital Workforce

From Microsoft Faculty Connection 


An Introduction to Microsoft's Big Data Certifications and Courses

From the TechNet UK blog


What's New in EDU UK

From the UK Microsoft Educator Blog


Our Office 365 eTraining Library has a Fresh Look, Improved Functionality

From Directions Training Center


Other Articles of Interest

Win10 Volsnap.sys Issues? Here's how to fix them. 

Fixing Win10 Volsnap.sys issues is pretty simple, as long as you've got the right ingredients. Find step-by-step directions here.


How much has Citrix really changed in the last 5 years?

Take a look back at how Citrix has changed, where they stand now, and what's coming next.


Don't get tongue-tied with VMware terms in VDI deployments

Think you have what it takes to be considered a VMware VDI expert? Go up against our toughest VMware terminology test to claim the title every virtual desktop admin should have.


New Citrix ShareFile features automate workflows

Organizations that perform repetitious business tasks can benefit from Citrix ShareFile's workflow feature, which has seen numerous updates recently.



WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff

GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at [email protected]

Flying Bathtub Hexacopter

Who would not want to go shopping in a flying bathtub?


CES 2018 Intel Drone Light Show

Intel launched 250 'Shooting Star' drones over Las Vegas and synced up a dazzling display in the sky with the ever popular fountains of the Bellagio Hotel:


Nicholi Rogatkin Wins Red Bull District Ride

Nicholi Rogatkin amazed the mountain bike world with the world's first 1440° (4 x 360°) during the Red Bull District Ride 2017 Urban Freeride MTB contest:


Flight through the Orion Nebula in 3D

This beautiful trip through the Orion Nebula is an experience to be savored. You'll feel like you're piloting a spaceship:



WServerNews - Product of the Week

Free Tool for Monitoring Exchange Server Status & Performance 


SolarWinds® Exchange Monitor is a free tool that allows users to monitor Microsoft® Exchange™ Server 2013 and 2016. Get basic information about the server’s metrics, services, and database availability group (DAG) status. Add as many Exchange Servers as you wish. Simply click the “Add Server” button and fill IP address/domain name and credentials.

Download Free Tool

WServerNews - Editors

Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit and has been author or series editor for almost fifty books mostly published by Microsoft Press. Mitch is also a ten-time recipient of Microsoft's Most Valuable Professional (MVP) award for his  outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com.

Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also manages research and marketing for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.