Category Archives: News

Resetting the Windows firewall on SBS 2008

Because the attachments were mangled a bit in the migration and because I’ve had several requests for this, I’m reposting the default settings for a SBS 2008 firewall on the server.

FirewallFileszipped up

So instead of this post – http://blogs.msmvps.com/bradley/2009/06/03/the-default-sbs-2008-firewall/

Use that link above

In Memory of

Parrotbooth

 

So walking around at CES we found at the Parrot booth (a French technology company) this memorial to the French citizens who lost their lives.

Microsoft pulls the plug on the heads up notification

http://blogs.technet.com/b/msrc/archive/2015/01/08/evolving-advance-notification-service-ans-in-2015.aspx

So today, instead of the normal first Thursday of the month heads up bulletin, the one that says how many security bulletins to expect and what type, they sent out an email saying that they are discontinuing it for everyone but their premier support customers.

So let’s review what actions Microsoft has done since they announced the closure of the Trustworthy computing group:

1. They stopped doing the MSRC monthly webcasts, the only method we have for getting public clarification of security patch questions.

2. They stopped posting the risk index post on the SRD blog.

3. They stopped posting the exploitability grid and recap video on the blog.

4.  They increased the price tag of support cases from $259 per call to $499 a call. Now while I know that support calls for security patch issues are ultimately “comp’d” back, many a customer is not willing to play what I call the credit card game and open a case with the trust that they will get the fee comp’d back.

and now they “got feedback” from customers that we no longer need to have advanced warning of what security updates are to be released on the second Tuesday.

I am really unsure of what customers feel that patches released lately are of a level and quality that merely waiting until the information comes out on Tuesday is good enough to plan our patching schedules around.

If you are like me and feel that enough is enough and I’m a customer of Microsoft that deserves more respect than what I am getting, go social and email  whatever Microsoft representative you have access to, and by all means take to Twitter or any other social site as you see fit to express your opinion on this matter.

#IdeserveaMSRCheadsup!

Being a female geek

The designs and mobile charging solutions found in this booth at CES really impressed me:

http://www.jill-e.com/

In the booth at CES they showcased models that had mobile power solutions inside the very stylish bags that did not look like the clunky backpacks I normally cart around.

I’ll be looking for those mobile charging solution models as soon as they go on the web site for sure!

 

The apple version of a BSOD

As seen on a kiosk at CES in Las Vegas

bsodforapple2

So you want to block the OneDrive option in Office?

Because you don’t have a corporate onedrive and don’t want folks to be urged to stick stuff on a personal cloud?

Follow this guidance to enter a regkey or use group policy:

http://www.uab.edu/it/home/component/k2/item/337-office-2013-recommendations

Disabling SkyDrive by using the Registry Editor

    • Launch the Registry Editor by opening the Run dialog box and entering regedit.
    • When the Registry Editor opens, navigate to the following key: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\SignIn.
    • If the SignIn key doesn’t exist, create it by right-clicking on Common à New à Key à SignIn.
    • In the right pane of the SignIn key, create a new DWORD value named SignInOptions.
    • Double-click on SignInOptions and change its value to 3. To restore SkyDrive functionality, simply set the SignInOptions value to 0.
  • Disabling SkyDrive by using the Group Policy Editor
    • To use this method, you need to install the Office 2013 Administrative Templates. If you don’t have these templates, download them from the Microsoft Downloads Web site and install them.
    • Once the Administrative Templates are installed, open the Run dialog box and enter gpedit.msc to open the Local Group Policy Editor.
    • Now that you’re in the Local Group Policy Editor, navigate down the tree to User Configuration à Administrative Templates à Microsoft Office 2013 à Miscellaneous.
    • Find the “Block signing into Office” option in the list of settings and double-click it.
    • In the Properties window, click “Enable” and select the option “None Allowed.”

Fujitsu fi-6220C scanner and Windows 7 64bit

Fujitsu fi-6220C scanner

The driver was listed only as supporting Vista.
Would not be ‘seen’ as a scanner on Windows 7.

I was thinking dang, I’m going to have to buy a portable scanner just for this one off field job.
Found this – http://www.hamrick.com/
$29 and the scanner driver in it works perfectly on a Windows 7 x64 laptop.

If at first the vendor says to upgrade, try looking around for options.

Tracking the post release issues

This has not been a good week in patching and updating.

The biggest patching mess was KB3004394 that was a root certificate update that had such odd side effects ranging from causing machines to fail WGA to applications not launching.   While Microsoft released an update to remove KB3004394 but I’m still scratching my head how this update got released in the first place.

Bulletin or KB KB numbers Post release issues
MS14-075 KB 3009712 Yes – Exchange 2010 sp3 update rollup 8 rereleased   – see http://blogs.technet.com/b/exchange/archive/2014/12/09/exchange-releases-december-2014.aspx
MS14-080 KB 3008923 IE9 and IE 11 crashing issues reported – see https://social.technet.microsoft.com/Forums/ie/en-US/db748198-05f2-48b2-a2f4-33b3f7ed71b7/help-kb3008923-breaks-windowdialogarguments-in-secondary-windows?forum=ieitprocurrentver and  http://marc.info/?l=patchmanagement&m=141823405324402&w=2
MS14-081 Word/Office/SharePoint, etc: 2910916 2899518 2899519 2920793 3018888 2920729 2920792 2883050 2899581 2889851 2910892
MS14-082 2726958 (2013), 2596927 (2007), 2553154 (2010) Yes, see http://stackoverflow.com/questions/27411399/microsoft-excel-activex-controls-disabled
MS14-083 2920790 Offcompat, 2910929 (2013),  2910902 (2010),  2984942 (2013)
MS14-084 3012176 (VB 5.8), 3012172 (VB 5.7), 3012168 (VB5.6)
MS14-085 KB3013126
n.a. KB3004394 Yes – Patches for Windows 7 and Server 2008 have been pulled see http://marc.info/?l=patchmanagement&m=141823342024035&w=2
n.a. KB3011970 Yes – Appears to have been pulled from servers – http://forums.timewarnercable.com/t5/TWCTV-com/Windows-Silverlight-Issue-Impacting-TWCTV-com/m-p/61788
n.a. October public non security releases for Office See http://blogs.technet.com/b/office_sustained_engineering/archive/2014/12/12/word-2010-amp-2013-october-public-update.aspx

Microsoft support cases for ITpros now $499

So apparently on 12/1 the price for the IT pro support cases increased from $249 to $499.

Wow.  Mind you this is not after hours support, this is the price for a support case.

http://support2.microsoft.com/gp/offerprophone

Microsoft Professional Support

Professional Support provides you with access to Microsoft experts, to help you address problems encountered with the development, deployment and management of Microsoft software in business environments.

Professional Support is available as a single “pay-per-incident” (PPI) or an annual contract with five incidents. Professional Support incidents focus on troubleshooting a specific problem, error message, or functionality that is not working as intended for Microsoft products. An incident is defined as a single support issue and the reasonable effort to resolve it. Incidents may be submitted online or over the phone. Response time will be between 2 and 8 hours, depending on severity of incident.

Price
Professional Support
Single Incident
$499 USD for
one incident
Professional Support
5-Pack Annual
Support Contract
$1,999 USD for
five incidents

Missing migration info if you are going to SBS 2011

Event ID 5015:
https://social.technet.microsoft.com/Forums/en-US/86b886af-5016-47c0-9b1d-34449687b6dd/event-id-5015?forum=smallbusinessserver

If you migrate to SBS 2011 from SBS 2008 you will find a leftover event alert:

SERVER 5015
MSExchangeTransport Routing
Application 11/30/2014 11:39:40 AM
Error (Info) 19213
Microsoft Exchange cannot find a route to the source transport server or home MTA server CN=Microsoft MTAADEL:9530bd1b-2705-4cb9-bd0b-a890ec236f88,CN=Deleted Objects,CN=Configuration,DC=DOMAIN,DC=lan for connector CN=Windows SBS Company Web Connector SERVER,CN=Connections,CN=Exchange Routing Group (DWBGZMFD01QNBJR),CN=Routing Groups,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=DOMAIN,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=DOMAIN,DC=lan in routing tables with timestamp 11/30/2014 7:39:40 PM. Microsoft Exchange is ignoring the source transport server.

To fix it you need to follow these instructions in the old SBS 2008 migration info

Migrate CompanyWeb connector:
http://technet.microsoft.com/en-us/library/cc974290(v=ws.10).aspx

  1. To start the Exchange Management Shell, on the Destination Server, click Start. Then, in the search field, type Exchange Management Shell, right-click Exchange Management Shell, and then click Run as administrator.
  2. In the User Account Control window, click Continue.
  3. At the command prompt, type the following, and then press ENTER:

    set-transportserver –identity <DestinationServerName> -RootDropDirectorypath C:\inetpub\mailroot.

  4. At the command prompt, type get-transportserver | fl, and then press ENTER. Ensure that RootDropDirectorypath is set.
  5. At the command prompt, type the following, and then press ENTER:

    set-ForeignConnector –identity “Windows SBS Company Web Connector <SourceServerName> ” -SourceTransportServers <DestinationServerName>.