Security Protection – Harry Waldron MVP Rotating Header Image

Microsoft Training – New System Administrator skills for future

Based on Microsoft’s strategies to further improve automated management and host applications using cloud technologies, IT professionals need education in these key areas below:

Windows Server, System Center and every other key Microsoft product are now undergoing fundamental architectural and design changes, and if you don’t adapt to them and embrace cloud computing, your career in IT likely will be cut short. Regardless of how much experience you have as an MCSE or MCSA, Pluralsight Curriculum Director Don Jones pointed to key changes coming from Microsoft that’ll have a major impact on the careers of all IT pros and developers who specialize in all or any component of the Redmond stack.

The changes in Windows Server 2016, the move toward system automation, the shift to applications based on containers,  Microsoft’s cloud-first approach and  a move to continuous updates will all require IT pros to gain new skills. Speaking at the TechMentor conference on Microsoft’s main campus in Redmond, Wash., which, like Redmond, is produced by 1105 Media, Jones’ stern warning to attendees was to keep up on these changes and get educated accordingly “or run calculations on the days you have until retirement.”

PowerShell: “That’s the future.” That’s because in order to use the forthcoming Windows Server 2016 Nano Server, administrators will have to rely on PowerShell remoting since the server OS won’t support video connections or have a GUI.

System Center: Microsoft’s systems management platform in 10 years will look nothing like it does today, yet will remain critical as Microsoft offers fewer tools in the operating system itself

Hybrid Cloud: Jones said those who ignore the rise of cloud computing architectures will be making fatal career mistakes

Big Data: One of the most ambiguous and disliked term in IT, the ability to process massive amounts of data to facilitate the move toward better systems automation will be important

Heterogeneity: The dream of working in all Windows environments is long gone, Jones notes. “If you don’t know how to do some basic maintenance on a Mac or have ever  built a Linux device, it’s a good hobby take up because it’s going to be a key part of your career,” Jones advised.

Exchange Server: It’s no secret that high on the list of endangered species are Exchange administrators thanks to the rapid push toward Office 365 and hosted versions of the e-mail platform

Active Directory:  The ability to configure and manage Azure Active Directory and AD Connect are critical. Those who earn a living by just adding users to Active Directory are the equivalent to those who pump gas at full service stations.

WINDOWS 10 – First Major Windows Update of 325MB sent on AUG 5th

The first major WIN10 update is documented in following links:

Pushes 325MB update to all Windows 10 devices; will be first test of WUDO

Microsoft today delivered the first large-sized update for Windows 10, a “servicing update” that weighed in at around a third of a gigabyte.  The update, labeled KB3081424 in Microsoft’s identifying scheme, has been pushed not only to Windows Insiders — those who opted in to the firm’s preview program — but also to everyone who has upgraded to the new OS since its launch last week.

KB3081424 was billed as a non-security update: In other words, it did not include patches for vulnerabilities. “This update includes … changes to enhance the functionality of Windows 10 through new features and improvements,” the supporting support document read, using Microsoft’s boilerplate for its bug-fix and feature-change updates. The update was the largest post-launch by far. According to its manifest, the 64-bit version ran approximately 325MB, while the 32-bit version tipped the virtual scale at around 160MB.

WINDOWS 10 – Free upgrades from WIN7 and WIN8 link users to new paid service options

This article from PC World shares the new strategic economic model for Windows.  It still is a free and beneficial upgrade for many users.  Adjustments in settings allow users to opt in or out of services, and choose how they wish to interact in terms of privacy, advertising, and additional paid enhancements.

Wait, what? Isn’t Windows 10 fre… er, a free upgrade?   … Yup! And therein lies Microsoft’s genius

Windows 10 is a free upgrade only for consumers. Very, very, very few consumers ever pay money to upgrade their operating systems. Look at the masses sitting pretty on Windows XP and Windows 7!  For most of the operating system’s history, Windows users were one-and-done buyers that never emptied any more cash into Microsoft’s pockets unless they decided to buy a one-time Office license or an Xbox.

Windows 10—like Windows 8 before it—changes that. It’s infused with all sorts of hooks into Microsoft’s superb ecosystem of services, which are a strong focus under Nadella’s watch.

Cortana ramps up Bing’s market share with every search you make. OneDrive backs up everything to the cloud, and of course you can buy more storage space if you need it. The Video, Groove Music, and Xbox apps encourage entertainment purchases through Microsoft. The new Edge browser and the very operating system itself track you to serve targeted ads. The free Office apps encourage paid Office 365 subscriptions to unlock full functionality. Underneath it all, the Windows Store is the repository for all of Microsoft’s vaunted universal apps (and plenty of other things to buy).  Heck, even Solitaire begs for a monthly subscription to ditch ads now 

In other words, while Windows 7 customers never contributed anything to Microsoft’s bottom line, Windows 10 is chock full of opportunities for Microsoft to make some money off of you, long after you’ve paid up for your Windows license. Which, of course, you still have to do. Microsoft isn’t crazy.

And that’s just fine! Windows 10 is a wonderful operating system, and a worthwhile upgrade from Windows 7 and 8. Plus, Microsoft provides you the option to disable or outright not use any of its services—though they are pretty polished and helpful. You don’t have to pay Microsoft any more money or let it peer over your shoulder just because you use Windows 10 (though the express installation settings enable it all by default).

Windows 10 EDGE – how to revise browser settings

This link from the Windows Club describes to revise WIN10 EDGE browser settings

Microsoft Edge browser is shipped as the default browser for Windows 10 and comes tightly integrated with Cortana – Microsoft’s virtual personal assistant service and Bing search service. These services are specifically designed to keep a track of user’s actions on the browser in order to gather more information and help them in easy travels across the Web. Today’s post talks of Microsoft Edge in Windows 10, the Settings offered and how can tweak & personalize the browser to suit your browsing experience.

WINDOWS 10 – FAQ resources at Software OK site

In assisting a friend with WIN10 questions, I found this site which has several good tuning tips.

Windows 10 – over 100 topics

FAQ Home site for other Windows versions and 3rd party products

Microsoft Windows 10 – Wi-Fi Sense can share Wi-Fi password with Facebook

This Facecrooks Security article shares that certain user-enabled Windows 10 settings may lead to a sharing of Wi-Fi Password information with Facebook environment.  The Wi-Fi Sense application should stay disabled and this article shares dangers where some users may desire to turn everything on, while not fully understading the ramifications of this new facility.

Windows 10 Can Share Your Wi-Fi Password With Facebook

The new Microsoft Windows 10 operating system has a feature called “Wi-Fi Sense” that lets you share your network access with your Outlook and Skype contacts. It can also share your info with Facebook contacts, and some Windows 10 users have been thrown for a loop when a pop-up window displays that reads “Wi-Fi Sense needs permission to use your Facebook account.”

Of course, this kind of open access to your Internet connection could have potentially big privacy problems. There are a few safeguards; you need to agree to enable Wi-Fi Sense when you join a new network, your password will be encrypted, and anyone who gains access to your network will not be able to pass on that access. But there’s a pretty big catch: you can share any network as long as you access it by typing in a password. That means that users could share Wi-Fi access from many networks, not just their own, as long as they signed on one time.

And even though there are several security measures, many users simply agree to everything their computer asks them. Thankfully, there’s an easy way to turn off this invasive new feature. Simply go to Settings, click on “Network & Internet,” and then go to your Wi-Fi network. From there, you can select “Manage Wi-Fi Settings” and disable every Wi-Fi Sense feature.

Corporate IT Security Policies – ISC recommendations August 2015

And one more key best practice to add is to ensure these are published on the corporate Intranet where links and the website itself can be shared with all users.  The ISC template resources link provides excellent boilerplate security policies that can be further adapted for corporate needs

The following are several tips and tricks you can use to make sure you move from “no good to great” security policies.

*  Do not fail to add an expiration date to your security policies. This will force you to both review and update them on a regular basis or risk being embarrassed because they are out of date.

Do not ask anyone to memorize your security policies. Spend your time doing something meaningful instead, such as reviewing ways to implement the 20 Security Controls in your company.

*  Do not use your security policy as an attempt to control small and often times personal issues. Instead, make sure your security policy addresses specific risk in your organization. Without a direct mapping to risk, it will be very easy to have too many security policies scattered all over the place.

*  Do not have too many security policies. I recommend you hold up both hands right now and wiggle your fingers as you consider how many security policies you might actually need.

*  Will violation of your security policy eventually lead to the policy violator realizing their opportunity to violate security policy at a different company? It should – Otherwise your document is really a suggestion and not a policy.

*  Do have your security policy stored in one single and easy to find location? It would be a shame to spend all that time and no one ever read your security policies.

WINDOWS 10 – Security settings for improved privacy

Most vendors provide high degrees of functionality & flexibility in new products that users expect out-of-the-box. The security process often takes an opposite approach of locking down functions so they are more difficult to work with. Many of the settings in the following two links will minimize information sent to the vendor and other parties by tightening security settings.

The first issue is that Windows 10 automatically assigns an advertising ID to each user on a device tied to the email address that’s on file. Using that ID, the company can tailor ads for web-browsing and using certain applications.  The next concern is that much of users’ personal data is synced with Microsoft’s servers.

Some of this information, like your Wi-Fi password, can then be encrypted and shared with your contacts, using a feature called Wi-Fi sense. Although, some have argued that this isn’t a security risk, because the user must choose to share the network. Additionally, Microsoft’s personal assistant, Cortana, must collect data as well to provide the kind of service it does, but it is likely not better or worse than its Apple and Google contemporaries.

One of the final security checks you can do is to opt out of the personalized ads while browsing in Microsoft Edge. Click the following link or paste it into your browser: … Click the Xs next to the options to turn off “Personalised ads in this browser” and “Personalised ads wherever I use my Microsoft account.”

Microsoft IE 11 – Older IE versions not patched after JAN 12, 2016

Currently, around 50% of IE users need to update Internet Explore to latest available version by 2016, as documented in study below.  While this was announced over a year ago, more progress will be needed especially for corporate users which may be on older browser versions due to legacy websites and their compatibility with more modern browser standards.   We are now only four short months away from deadline

With just over four months left before Microsoft stops serving security updates to most versions of Internet Explorer (IE) other than IE11, nearly half of all IE users are still running a soon-to-be-retired edition, new data released Saturday showed. In August 2014, Microsoft abruptly told virtually all IE users that they needed to be running IE11 by Jan. 12, 2016, or face a shut-off of security updates. After that date, Microsoft will support IE9 only on Windows Vista and Windows Server 2008; IE10 only on Windows Server 2012; and only IE11 on Windows 7, Windows 8, Windows 8.1, Windows 10, Windows Server 2008 R2 and Windows Server 2012 R2.

As of the end of July, 49% of all IE users were still running versions other than IE11, according to statistics published by analytics vendor Net Applications over the weekend. Through July, 50.3% of all instances of IE were IE11, Net Applications said. Substantial fractions of the IE user base, however, continued to run editions slated for shutoff, notably IE8, which accounted for 24.6% of all copies of the browser. But IE9 (13.6%) and IE10 (9.6%) also remained in wide use.

Microsoft Windows 10 – WUDO Bandwidth sharing options can be tuned

Windows 10 uses a new shared approach for delivery of Windows Update patches and users with either bandwidth caps or sharing concerns can set options as noted below

Windows 10 uses your bandwidth to help strangers download updates

In some ways, Windows Update Delivery Optimization (WUDO) sounds really cool:  Windows Update Delivery Optimization lets you get Windows updates and Windows Store apps from sources in addition to Microsoft. This can help you get updates and apps more quickly if you have a limited or unreliable Internet connection. And if you own more than one PC, it can reduce the amount of Internet bandwidth needed to keep all of your PCs up-to-date.

But here’s the next bit: Delivery Optimization also sends updates and apps from your PC to other PCs on your local network or PCs on the Internet.  Yes, you read that right. WUDO doesn’t just look for computers on your internal network, but – just as if you were downloading a torrent of a Hollywood movie – it will try to find other computers on the internet which are running Windows 10, and try to get parts of the download from them too.

And, of course, it could be your Windows 10 PC that is giving a helping hand to those complete strangers’ PCs by *uploading* the data that they are looking for. Microsoft says that WUDO won’t use metered or capped internet connections to download/upload updates, but that’s only the case if you have *told* Windows 10 that a particular internet connection is metered.

HOW TO CHANGE WUDO Default settings

1. Go to Start, then Settings > Update & security > Windows Update, and then select Advanced options.

2. On the Advanced options page, select Choose how updates are delivered. From there you can use the toggle to turn Delivery Optimization off (you will still be able to get updates and apps from Windows Update and from the Windows Store), or disable WUDO’s default setting of potentially downloading updates from, and offering them to, PCs anywhere else on the internet

Windows Update Delivery Optimization (WUDO) – FAQ