Category Archives: News

October is cyber security month

And in the ransomware front we’re losing the battle. CryptoWall gets on a machine, not via wiggling in via the temp install locations but from an unpatched cocktail of Java, Silverlight, and Flash that we should have patched or ripped out of the machine years ago.

http://threatpost.com/rig-exploit-kit-pushing-cryptowall-ransomware

So on Day one of this 31 days of Cyber Security awareness month I challenge you to find a Silverlight installation and uninstall it.

Windows 10 betas now out

Announcing availability of Windows Server Technical Preview and System
Center Technical Preview – Microsoft Server and Cloud Platform Blog –
Site Home – TechNet Blogs:
http://blogs.technet.com/b/server-cloud/archive/2014/10/01/announcing-availability-of-windows-server-technical-preview-and-system-center-technical-preview.aspx

and

http://windows.microsoft.com/en-us/windows/preview

Windows 10 beta releases are now out so you can take it for a spin.

Right now the Windows update section is grayed out and you must install all updates.

But in a cryptic section in the blog post….

http://blogs.windows.com/business/2014/09/30/introducing-windows-10-for-business/

 

Windows 10 helps keep customers secure and up to date


Windows 10 will be delivered in a way that gives more choice and flexibility to businesses. As a result, a business can pick the speed of innovation that is right for each group of its users, rather than apply a one size fits all solution.

Businesses will be able to opt-in to the fast-moving consumer pace, or lock-down mission critical environments to receive only security and critical updates to their systems. And businesses will have an in-between option for systems that aren’t mission critical, but need to keep pace with the latest innovations without disrupting the flow of business. And the choice isn’t one or the other for businesses; we expect that most will require a mixed approach where a number of scenarios can be accommodated.

Consumers, and opt-in businesses, will be able to take advantage of the latest updates as soon as they are available, delivered via Windows Update. Business customers can segment their own user groups, and choose the model and pace that works for them. They will have more choice in how they consume updates, whether through Windows Update or in a managed environment. And for all scenarios, security and critical updates will be delivered on a monthly basis.

 

What exactly does THAT mean?

Looking for resources to check urls

I was wanting to check a url for nasty stuff… thanks to several folks … here’s a list of places to send a link to see what phishing/issues
Virustotal (Submit a URL)
https://www.virustotal.com/#url
URL Query
http://urlquery.net/index.php
Anubis – Malware Analysis
https://anubis.iseclab.org/?action=home
Dr.Web Check URL Scan
http://online.us.drweb.com/?url=1
AVG Threat Labs
http://www.avgthreatlabs.com/sitereports/
Norton Safe Web[/color]
http://safeweb.norton.com/
Trend Micro Site Safety URL Query
http://global.sitesafety.trendmicro.com/
Online Link Scan
http://onlinelinkscan.com/
Websense CSI: ACE Insight
http://csi.websense.com/
Website Security Check – Unmask Parasites
http://www.unmaskparasites.com/
Anubis
http://anubis.iseclab.org/
Wepawet
http://wepawet.iseclab.org/  << currently under maintenance
LongURL to de-obfuscate shortened URLS
http://longurl.org/

Also

http://www.brightcloud.com/tools/url-ip-lookup.php

and

http://www.brightcloud.com/platform/webroot-intelligence-network.php

PowerShelling on a OU structure

From Robert – I bet he orders Scotch using a PowerShell Script – Pearman comes this reminder of a script to put back in the SBS OU structure into a raw domain where there is no OU structure.

http://titlerequired.com/2013/12/04/quick-fix-sbs-essentials-ou-structure/
  1. on the AD server, Open PowerShell ISE.  Paste this into the box, hit enter.

 

$domain = (Get-ADDomain)

$DN = $domain.DistinguishedName

New-ADOrganizationalUnit -name “MyBusiness” -path $DN

New-ADOrganizationalUnit -name “Computers” -path “OU=MyBusiness,$DN”

New-ADOrganizationalUnit -name “Distribution Groups” -path “OU=MyBusiness,$DN”

New-ADOrganizationalUnit -name “Security Groups” -path “OU=MyBusiness,$DN”

New-ADOrganizationalUnit -name “Users” -path “OU=MyBusiness,$DN”

New-ADOrganizationalUnit -name “SBSComputers” -path “OU=Computers,OU=MyBusiness,$DN”

New-ADOrganizationalUnit -name “SBSServers” -path “OU=Computers,OU=MyBusiness,$DN”

New-ADOrganizationalUnit -name “SBSUsers” -path “OU=Users,OU=MyBusiness,$DN”

 
  1. Also on the AD server, at an elevated cmd prompt run this so that new users and computers are inserted on creation into the correct OU (instead of default users/computers).

 

(edit the XXXX to match your domain name for your environment)

 

2.1 For redirecting users;

c:\Windows\System32\redirusr.exe ou=SBSusers,ou=users,ou=mybusiness,dc=xxxx,dc=local

 

2.2 For redirecting computers;

c:\Windows\System32\redircmp.exe ou=SBScomputers,ou=computers,ou=mybusiness,dc=xxxx,dc=local

 

 

Firefox is evil

firefoxisev

Seen on a random computer…helping to clean it up.  The number of times I’ve found funky extensions in Firefox…. are too numerous.

I am not a fan of Firefox’s security model.

Do you want to virtualize ONE desktop in HyperV?

And you want to know how to license it?  As I read it, you need to either purchase a VDA subscription (don’t ask me how this is done) or purchase VL with SA in order to be able to host one desktop in HyperV if you plan to have other servers being hosted as well.

If you wanted to only host ONE desktop and only that ONE desktop you could use a retail license – not OEM.  But that’s kinda silly.

But bottom line, want to host one virtualized desktop operating system?  Get VL and SA to be legal.

See discussion with Cliff on the sbs2k@yahoogroups.com listserve for more nuances and details.

How to hide a shared folder in RWA

Want to know how to hide a shared folder in RWA in SBS 2011?  (this should also work in Essentials as well)

http://social.technet.microsoft.com/Forums/en-US/c653943f-98d6-47ad-86ca-05e370467f65/sbs-2011-std-how-to-prevent-shared-folder-from-displaying-on-rwa?forum=smallbusinessserver

Share name is null or empty

Share type is not of type disk drive (0)

Share name ends with a $

Share is special:

Address

ExchangeOAB

GroupMetrics

NETLOGON

SYSVOL

WSUSContent

WSUSTemp

UpdateServicesPackages

Share directory does not exist

Share is not created on an NTFS volume

Access to share volume is denied

No IISRESET required when share list changes

Bottom line put a $ at the end of a folder name and it will be hidden.

 

And if Microsoft had done this?

u2photo
http://support.apple.com/kb/HT6439?viewlocale=en_US&locale=en_US

And if Microsoft had done this… wonder how much folks would have been up in arms over this?

So what’s this Storage server thing?

http://blogs.msmvps.com/bradley/2014/09/12/windows-storage-server-2012-r2-essentials/

Windows Storage Server 2012 R2 Essentials.

Okay so what is this?

To be clear it’s not Windows Storage Server 2012 R2 Standard.  It has no feature set from the Storage server line.

It’s a new OEM only sku… or rather a price point.  It’s the Standard server os with the Essentials role, so it needs to BE a domain controller or SEE a domain controller.  It can’t be merely a workgroup computer (unfortunately).

So think of it as a low cost/OEM only/has to be or see a domain controller but still provide the Essentials role/feature set.

So?  What do you think of it now?

Will you consider it for your client base?

 

Windows Storage Server 2012 R2 Essentials

http://www.thecus.com/media_news_page.php?NEWS_ID=15373

09/10/2014- Thecus Technology Corp. today announces another world first: Windows Storage Server 2012 R2 Essentials is now available for NAS users. Available this October, the 2-bay W2000, 4-bay W4000, and the 5-bay W5000 offer a host of benefits to SMB users, including data protection, integrated cloud services, and secure remote access.

“Thecus NAS provide users with a complete solution to their storage needs. With the additions to the W Series, Thecus is able to offer a more diversified product to its customers.  Windows Storage Server 2012 R2 Essentials is an ideal pairing with Thecus NAS and will equip small businesses with a powerful and trusted storage solution.”  Florence Shih, CEO at Thecus Technology Corp.

By running Windows Server software on a Thecus NAS, users will be able to simplify the integration of Microsoft’s cloud-based applications and services, including Microsoft Office 365 and Microsoft Azure. These new NAS offerings provide users with an affordable, flexible solution that minimizes resources spent on business operations while still optimizing productivity.

“The Windows Storage Server 2012 R2 Essentials software allows small businesses to protect, centralize, organize, and access their data anywhere by using almost any device,” said Peter Han, Vice President of Worldwide OEM Marketing, Microsoft. “We believe offering our software on Thecus NAS devices will provide an excellent solution for those small businesses looking to protect their data while optimizing their resources with a hybrid, on premise, and cloud-connected offering.”

Thanks to proven Thecus hardware based on the Intel Atom platform, serviced by dual LAN ports and no less than 2GB of DDR3 RAM, and all featuring media connectivity (HDMI and VGA), the new line of world-first Windows Storage Server 2012 R2 Essentials NAS are user-friendly yet robust answers to the data needs of every forward-thinking small to medium-sized business.