Preview of Project Honolulu

Posted on 10/26/2017 1:00:00 AM | Written by kozi_admin

 

Tired of all those dated MMC’s and Server Manager? Microsoft is working on a new tool to significantly improve your on-premise experience managing servers. The Technical Preview of “Project Honolulu” was released at Microsoft Ignite 2017.

Honolulu is designed to combine all the features of task manager and the MMC’s.




As you can see, pretty much any feature you want is available here. So what servers can be managed by Honolulu? It was designed for Server 2016, however features are also available to 2012 R2. Although, you’ll want to install Windows Management Framework 5.1.



Honolulu runs from a light-weight web server, that’s not IIS. You can install it as a stand-alone app on Windows 10, or as a multi-user service on Windows Server 2016. You can choose to use a self-signed cert, or use an enterprise pki cert; chosen on install.

For your client, the Honolulu interface runs in either Microsoft Edge or Google Chrome. Other browsers are not supported, at this time, but I imagine that Mozilla Firefox will be added later.

One of my favorite features of Honolulu is the ability to edit firewall rules. Have you ever tried to do that remotely before, it’s not fun.



Suggested Reading
Project “Honolulu” technical preview is now available for download!

 


 

 

Beware SCOM SQL MP v6.6.4.0

Posted on 2/8/2016 11:00:00 PM | Written by kozi_admin

 

SCOM fans will no doubt notice the new and improved Dashboard functionality provided by v6.6.0.0 of the SCOM SQL MP. However I would urge you to hold off on updating to the latest version beyond this, as v6.6.4.0 has a reported bug in several PowerShell monitoring scripts.

I was working on a SCOM performance issue which appeared to impact SQL Server performance. We were having repeatable CPU spikes on several SQL 2012 boxes. The problem ended up being a log file monitor that was causing a cpu drain on single and dual-core VM's. But, as part of this troubleshooting, Microsoft had us update to the latest version; 6.6.4.0. This is where my real problems started.

Upon updating, we began to notice random SQL servers have the MonitoringHost.exe process spike up to 100% and crash the server. We dumped the processes and with the help of a new case with Microsoft, we learned that they were receiving several support cases a day due to this issue.

So far, they've narrowed this down to a potential flaw with two powershell scripts used in the MP; CPUUsagePercentDataSource.ps1 and DBDiskLatencyDataSource.ps1. Disabling the monitors and collection rules that utilize these scripts magically made this problem disappear. In addition to the cpu utilization, this problem also presents as RunAs Account permission alerts, and database login timeout alerts. These are really symptoms of the scripts running up CPU and failing to complete. The problem has been known to happen more frequently on servers with large database counts, and a heavy amount of overrides.

The best piece of advice is to stay on an earlier version of the MP, as these problems seem to be specific to 6.6.4.

 


 

 

Security Tips 101

Posted on 9/8/2015 10:00:00 PM | Written by kozi_admin

 

My job is highly intermingled with security. It’s something that I’m conscious of on a day-to-day basis. In a world where we face incalculable threats, it’s hard for a business or individual to totally protect themselves. Here are my tips for safeguarding yourself in our connected world.

 

 

1.  DO NOT RUN AS AN LOCAL ADMINISTRATOR

  Back in the days of Windows XP, it’s easy to buy the need for running your local account as an administrator. In reality, running as a limited user world break many applications. It’s the opposite of today, stuff ran with administrative privileges by default.

  Starting with Windows 7 really, and continuing on, Microsoft introduced the UAC. You may hate it, but it’s the reason we can operate much better and more securely than before. Learn to hate the UAC. What it really does behind the scenes is generate two user personas for your, a standard token and an administrative token, but it only uses one of them; unless you need to be elevated to administer level. Then, you see the magic UAC box. The framework is already there to give you those elevated privileges, so things run much smoother.

  Other tactics, like RunAs, which allow you to run programs under different accounts within the same login also make the user experience much better. The fact it, running as a standard user will protect you from 98% of all security exploits. Malware generally runs in the same user context as the account you’re logged on with. If you ignore everything else I have to say, follow this one.

 

 

2.  PATCH YOUR SOFTWARE

  The second-largest security todo is patching your systems. Make sure you stay up-to-date on Windows patches. Next, make sure your third-party browsers are also updated. Chrome and Firefox support automatic updates. Don’t feel like you need to personally approve and vet each update; you’re far safer letting them update automatically.

  Secondly; Flash Player and Java and the next-most-exploited software plugins on the internet. Update them regularly, let them automatically update. This will protect you from the remaining 2% of exploits. Not updating your software is like inviting yourself to be hacked.

  You may worry about it breaking stuff; but it’s far more likely that NOT patching will make you vulnerable to attack.

 

 

3.  Changing your passwords is a poor replacement for a strong password

  Many people, and companies think that by forcing their employees to change their password, they’re increasing security. In fact, requiring your employees to change their password and also placing complexity requirements is counterintuitive. Forcing this on your users will result in employees writing down complex passwords and putting them under their keyboard.

  Statistically, a strong password is much more secure than rotating passwords every month. Your users will just develop ways to barnify their passwords for easy recall; or you’ll just need to flip keyboards.

 

 

4.  Even a home network should lose the separation anxiety

  Even a modest home network can benefit from some separation. While we can’t airgap everything to make it secure, we’re all adding more and more devices to our home. We’re mixing platforms, and everyone’s buying in to the “Internet of hackable things”.

  We’re at the point where good firewall hardware is within the reach of the average person. It’s easy enough to configure that, if you have enough devices, you should have some form of physical security.

  For example, I separate my wireless devices (phones, tablets, IoT) from my windows network that contains all my personal data. Ok; I’m a little crazier than most. My network is segmented into 4 parts, protected by physical firewall interfaces.

  I call my networks the following:

    Yellow:   Phones, Tablets, TV
    Blue:   Windows Workstations & Laptops
    Purple:   Server Network; Email, Storage, & Backup
    Red:   DMZ Network; Hosted Web Servers

 

 

  In addition, you have a windows software firewall, you should use it. Even if you make a few exceptions for stuff like Remote Desktop and SMB, its way safer than not using one.

 

 

5.  Two-Factor Authentication

  Passwords are stupid. We all rely too much on them. It’s a broken system. The answer is two-factor authentication. Google, and others allow for some form of two-factor authentication, an example is a text message sent to your phone, or a separate hardware device that generates a token.

 

 

6.  Secure Password Manager

  Going hand-in-hand with #5 is to generate long\strong passwords, store them in a password manager, with two-factor authentication. My favorite is LastPass. They use good encryption, it’s published and reliable. LastPass was recently hacked, however the badguys didn’t make off with any real data because LastPass does it right, and that’s why I trust them to store my passwords. Other good examples are OnePassword and KeyPass.

  I use my LastPass with a YubiKey from Yubico.

 

 

Suggested Links

Wikipedia - Two-Factor Authentication
LastPass
KeyPass
Yubico Yubikey

 

Next Up: Encryption 101 & Backup\Recovery 101

 


 

 

Makerbot Replicator 5th Gen Comments

Posted on 6/12/2014 2:00:00 PM | Written by kozi_admin

 

Introducing the Makerbot Replicator, 5th Generation

 

At my organization, we’re “all in” on 3D Printing and the Makerfaire movement. We purchased a Makerbot Replicator2 about a year ago and have been experimenting with it for programming and community education.

I got to try out the new Makerbot Replicator 5th Generation. My initial opinion was that the new model was bigger and had a less industrial look; more polished.

The new unit comes with a glass build plate, which is a big improvement over the Plexiglass one from the Replicator2. Our old original build plate started to get pretty pitted and we replaced it with the glass a short time ago. I’m hoping it will withstand more abuse.

 

 

Here’s What I Think Is Good

New Magnetic Extruder - The new unit has a magnetic extruder nozzle. After using the older version, we had to disassemble the nozzle OFTEN to repair problems or fix nozzle jams. Having a magnetic and easily removable part is a huge plus.

Wired Networking - The new Replicator has a network jack. I can submit jobs from my desk, which is a huge plus. Unfortunately, it doesn’t appear to have a “job queue” and can still only print one job at a time. Also, when I initiate a job, I still have to walk over and hit the dial button to start it. Which means, I still have to interface with the printer.

 

 

The Not So Good

Printing Times – Despite claiming to print faster, it still takes an awfully long time to print anything. For this technology to get even more mainstream, it’s going to need to take more like half an hour to print something. Right now, the average print seems to take more like 4 hours; Too Long.

Wireless Networking \ WiFi – I have two wireless networks, one’s protected and one’s open. I couldn’t get the Replicator to attach to either, I couldn’t find it on the iOS App (speaking of which, where’s the Android!). I upgraded the firmware to the latest version, still didn’t work.

The Camera – The camera is like the Makerbot Digitizer. It’s a cool gimmick, but it’s not very responsive and isn’t focused very well. It’s hard to see what’s actually printing. It looks nice on a feature sheet, but in practice, it seems pretty useless so far.

Filament – The filament holder on the back is integrated into the stand. Which is both bad and good. It helps organize and protect the filament, but it makes it more difficult for me to buy third-party filament from Amazon. Sorry, they make it cheaper. I work for a public library, money’s tight, I’m not going to buy it directly from Makerbot for a premium just because I like them.


If I were to have the “pie in the sky”. I’d would love to post the camera feed on the web for other people to view, however it doesn’t appear, so far, that I can hook into the camera with anything other than the software or the app. When I browse the Replicator’s IP Address, I just see a file structure.

It can take pictures too, but I was more interested in the video feed, and don’t see much use in taking pictures to publish online. Reposting pictures you can already find on say, Thingiverse, doesn’t appeal to me. What I print, isn’t going to be much different than the pictures on the site.

 

 

Required Reading

Makerbot Replicator 5th Gen Product Info
Makerbot Desktop Software Download

 


 

 

The Facts About the Truecrypt Meltdown

Posted on 5/29/2014 10:00:00 AM | Written by kozi_admin

 

 

 

I’ve been having a lot of fun today following the developments of the Truecrypt meltdown. The developers from Truecrypt, a popular whole-drive encryption tool defaced their site and shut down the project, leading many people on the internet to start coming up with conspiracy theories about anything from hacking to coercion.

 

Popular security researchers, such as Steve Gibson and Brian Krebs have accurately analyzed the evidence. While the above theories may be entertaining, the more accurate truth is that the developers were happy with the recent audit, but have grown tired of a product which is one of the best the internet has to offer. There was no malice, ill intent, or backdoors involved. They were just tired.

 

Truecrypt is and remains one of the most reliable encryption tools on the internet. While today’s story is entertaining, it does nothing to diminish this.

 

Truecrypt is one of my favorite tools. I’ve encrypted many hard drives and flash drives with Truecrypt, and I’ll continue to use it. Why trust a closed-source commercial product, when you could use a validated third-party alternative. Truecrypt is an example of open-source software working for the good of the entire internet. It’s an example of why we need good OSS projects. While you may remember the few times Heartbleed has affected the internet, you don’t remember the thousands of OSS successes that came before it.

 

 

Required Reading

True Goodbye: 'Using Truecrypt Is Not Secure' by Brian Krebs
Whither TrueCrypt? by Steve Gibson
An Imagined Letter from the TrueCrypt Developer(s) by Steve Gibson
Gibson Research Corporation Truecrypt Repository
Truecrypt Audit Finds No Evidence Of Backdoors Or Malicious Code Via Arstechnica.com

 

 


 

 

Printer Problems

Posted on 5/19/2014 6:00:00 PM | Written by kozi_admin

 

One of the most common problems we get called about are "Printer Problems". The problem is that "Printer Problems" isn't just one issue, it could be any number of things. To add an additional layer of complexity, we have managed printing software which sits between the user and the copier and controls job costing. There's a lot of server infrastructure behind it and running it.

 

 

Printing Problems

Here's one of my top issues: we have Xerox copiers, and for unknown reasons lately, some of the copier drivers in Windows have been corrupting. When this happens, its not possible to uninstall the drivers and the computer gets locked out of the printers. Weirdly, sometimes, the client turn a single-paged document into thousands of pages.

A trouble ticket will come in saying something like "PC doesn't have all the printers" or "PC keeps losing its printers". A Tech will sit in front of the computer and try to remap the printers, but receive an error that says "No Printers Were Found"; even though the printers are obviously there for the other 20 computers at that location. The distribution seems almost random.

 

 

Troubleshooting

My first step is to try and remove the printer drivers before reinstalling them. Sometimes, this actually works, but most of the time it fails. You can access the print server properties on your client OS using the command "printui.exe /t2 /s".

Under drivers, find the driver package you want to remove and click Remove. In this case, I'm looking for the Xerox WorkCentre 7150 PCL drivers. Unfortunately, most of the time, this process fails because the drivers are "in use by SYSTEM". At this point, all other ways to remove them fail, and we're left with reimaging the PC.

 

 

Potential Solution

While researching this one night, I came across a Microsoft FixIt Tool. These tools are usually registry hacks and the like intended as a tool of last resort when there's a major problem or flaw. This particular tool rips out the windows print spooler settings and resets them back to default, deleting all third-party drivers in the process. I ran the tool and what do ya know, it fixed my problem. The side effect is that all other printer drivers need reinstalled and, it recreates the annoying fakey printers (Fax, Microsoft Document Imager, XPS Document Image Writer, etc.) and you have to delete them again. These are some of the most useless parts of Windows. I delete them every time I see them.

 

 

 

Locating Problem PC's

My next problem is that I need a way to detect that there's an issue. I don't want to run the fix against everyone, because only a small number of PC's are affected by the problem. To help figure out who's drivers are corrupted, I modified my Powershell printer deployment script to check if it successfully maps printers, if a printer mapping fails, it outputs the name of the failed printer to a text file called T:\printers.txt. If all printers are mapped, the text file doesn't exist.

Powershell: print.ps1 - Run on user logonFirst off, we test for the output file from the last run of the script and delete the file; we only need current results

if (Test-Path printers.txt) {
Remove-Item printers.txt -Force
}

 

 

This function does two things. A printer name is passed as an argument to the function. This script attempts to map the printer, and then checks to see if the mapping was successful. If the printer isn't found, it outputs to a text file called "printers.txt" with the name of the printer that failed to map.

function addprinter([string]$printer)
{
(New-Object -ComObject WScript.Network).AddWindowsPrinterConnection($printer)

$print = Get-WMIObject Win32_Printer | where{$_.Name -eq $printer}
If($print.Name -eq $printer)
{
#echo $printer' exists' >> printers.txt
}
else
{
echo $printer' failed' >> printers.txt
}
}

 

 

This function is run at the end and its job is to set the default printer to the last printer in the list.

function setdefaultprinter([string]$printer)
{
(New-Object -ComObject WScript.Network).SetDefaultPrinter($printer)
}

 

 

This function call deletes all "network" type printers on the computer; then maps all our detailed printers.

Get-WMIObject Win32_Printer | where{$_.Network -eq 'true'} | foreach{$_.delete()}

$printer = '\\tallmadgepub02\tacolor'
addprinter($printer)

$printer = '\\tallmadgepub02\tab&w1'
addprinter($printer)
setdefaultprinter($printer)

 

 

Step two, was that I created a nagios monitor that checks for the existence of T:\printers.txt. Using Check_nrpe CheckFile2, the monitor goes critical if the file exists, but ok when the file is absent. Thus, any computer that fails to map will trigger a notification.

 

I don't know what's causing the problems, but this allows me to successfully treat the effects of the problem. I created a new deployment package which runs the FixIt, deletes the fake printers, and then reboots the PC.

 


 

 

Heartbleed Need to Know

Posted on 4/12/2014 10:00:00 AM | Written by kozi_admin

 

Heartbleed is strangely enough a problem with Linux and not Windows for once. Downside is that a lot of major sites use vulnerable versions of OpenSSL. Make sure your protected, and make sure that your sites have actually changed their certificates and patched their systems before you go through the trouble of mass-changing all your passwords. Otherwise, you're really not fixing the problem. Here is some advice on how to test if a website is safe to change your password.

 


 

 

Google Changes Chrome 32 Scrollbars and Buttons

Posted on 1/19/2014 10:00:00 AM | Written by kozi_admin

 

Microsoft and Google are like two grumpy neighbours that keep trying to one-up each other with their gardening. They reluctantly work with each other when public standards demand it, but silently annoy each other at every turn.

This latest version of Chrome is a great example of this continual back and forth. A brief line in their blog post on the Chome Blog said this: “Chrome on Windows 8 “Metro” mode gets a new look: Manage multiple Chrome windows and quickly get to your favorite Chrome Apps with an integrated app launcher. On the desktop, we’ve updated the default styling of UI elements like form controls and scrollbars to match the sleek design of the new Chrome Metro interface.”

 

Chrome

IE

 

You’ll notice that after upgrading to this new version of Chrome, your slider bars are thinner and smaller; and don’t have directional arrows. The biggest problem is that it’s harder to manipulate these elements than it used to be. I’ve had reports that the sliders aren’t working as intended on some Microsoft products, like Exchange OWA.

Windows has a built-in native control library that most people use to render scroll bars, buttons, and the like. Most people program with these because they’re compatible and they’re easy to use. With this version of Chrome, Google has ditched this typical library for their own propriety one that they also happen to use in their ChromeOS. This benefits Google because it gets people more used to ChromeOS and can direct people to their ecosystem. ChromeOS could be a really good threat to Microsoft for the casual user. It would greatly benefit Google to familiarize a greater pool of users. Right now, almost half of the web is using Chrome.

 

Browser Stats

 

There’s no law that says that Chrome has to use the default control libraries, but I’m sure it’s going to annoy users, like myself, who are used to one way or another; especially when it results in the controls being less usable than we’re used to. Like everyone, I don’t have a say in this and I suppose that I’ll just get used to them again.

 

Recommended Reading

More web, more savings with Chrome for Mobile - Google Chrome Blog
Chrome 32 vs. Windows - Paul Therrott's Supersite for Windows

 

 


 

 

Internet Explorer 11 Hits General Release

Posted on 12/2/2013 8:00:00 PM | Written by kozi_admin

 

Microsoft recently released Windows 8.1, which came bundled with the new Internet Explorer 11. After initially only being available with the update, Internet Explorer 11 is now available for Windows 7 as well. Like IE10, the new version is only available on newer version of Windows, so you need at least Windows 7 to install it.

With the rise in popularity of alternate browsers like Firefox and Chrome, IE has been holding about a 12% market share. Here is what to expect from the latest iteration.

 

 

Built-In Flash Player and Automatic Updates

Two of my favorite features from IE10 have continued on with IE11. First, IE11 runs automatic updates like other browsers, helping to ensure that you're always up to date. Also, Adobe flash Player is built into the browser, so there's no longer a need to manually patch up Adobe Flash Player. This is one of the most often exploited plug-ins on the internet, so this is one less critical stap that the end-user has to manage.

 

 

UI and Compatibility

The User Interface looks just like Internet Explorer 10, so there's no need to get used to something new. Microsoft has still implemented its “One Bar” for both web browsing and searching, eliminating the need for a second search box. “Under the hood” improvements have made this version far more compatible with web standards than previous version. Standards compliance has always been one of IE's weak points.

Microsoft has finally added support for WebGL, a Javascript API for rendering 3D and 2D graphics on the web; which is based in HTML5. From an acceloration standpoint, IE11 is the best browser for HTML5 content.

 

 

Windows 8 Platform-ONLY Features

Microsoft has enabled support for the SPDY protocol, but only on Windows 8 version of IE11. SPDY is a networking protocol developed by Google to speed the transport of content over the web. The goal is to help pages load faster, and SPDY utilizes SSL encryption by default.

The second major feature is Syncing. This option syncs open tabs, browsing history, and favorites across all your devices (like chrome's sync). You can maintain your browsing throughout all your devices, although as mentioned, this is only available on the Windows 8 platform.

 

 

Outlook Web Access

Some versions of Outlook Web Access (OWA) may experience problems when viewed using Internet Explorer 11. This limits you to the low-bandwidth version of OWA. There is a fix on the way, but until then, you can get full OWA functionality by adding your OWA URL to Compatibility View. The reason is that in Internet Explorer 11, Microsoft eliminated a line in the user-agent field, so that IE11 doesn't know that its an Internet Explorer browser. A server-side fix will eliminate this problem soon.

 

 

Internet Explorer 11 has a lot of great features with improved speed and compatibility; especially if you're running Windows 8/8.1. I would recommend upgrading.

 

 

Internet Explorer 11 on Technet
Internet Explorer 11 Automatic Updates

 

 


 

 

MakerFaire Akron

Posted on 11/2/2013 11:00:00 AM | Written by kozi_admin

 

The Maker Faire Movement

 

A Maker Faire (yes, it has an "e") is a gathering of Makers, people who gather to explore new technology and innovation. You can find more information about the Maker Faire movement on their website.

We hosted a Mini-Maker Faire at work on Saturday, November 2nd. Apparently a "Mini" Maker Faire is one that doesn't take place in a major city; "smaller, community-produced events".

Our event brought together a number of community organizations; such as the Akron Digital Media Center and Syn Hak, our local hacker-space. My purpose in the event was to showcase the Library's 3D Printers. The event was intended to be a smaller-scale gathering to try and test the community interest in "making" and 3d-printing. We ended up having a pretty big turnout. I assisted my System Tech, Shawn Whetsel in manning our IT Booth. I would say that we were both constantly talking throughout the entire three hour event. A positive sign that local interest in new and emerging technology was worth the effort to produce the event.

 

 

The Makerbot Replicator 2

 

We happened to have our Makerbot Replicator 2 and the Makerbot Digitizer on display and in action. The Replicator 2 is Makerbot's second generation printer. It uses a PLA Plastic Filament to produce 3D-printed objects. It's a bioplastic derived from corn that's biodegradable. It runs about $30 a spool on Amazon, making the actual objects relatively cheap to produce, possibly pennies.

 

 

On display, we had printed up a chess set in Library blue and orange. The eventual intention is to have the printer (or printers) open and available to the public sometime soon. I feel that the Library should be a source of innovation and knowledge for our community. Educating people on this technology is worthwhile goal.

There are three ways to create a finished product; downloading a schematic from the internet, scanning in a model using the 3D Digitizer, or creating one yourself using a variety of paid or free modeling applications. Along with printing, I think the Library may eventually offer classes on some of these applications.

From an educational and informational perspective, I think this event was a huge success. Look for the Akron Library's 3D-Printer soon at a Tech Center near you.

 

Community Links

Maker Faire
Akron Digital Media Center
Syn Hak Akron Hackerspace

 

3D Printing

Makerbot
Makerbot Thingiverse (3D Model Community)
Piecemaker Technologies
Sketchup (Free 3D Software)