Archive for SMB – Page 2

Received 2014 Microsoft MVP Award

I just received the following email from Microsoft this New Year’s Day morning:

Congratulations! We are pleased to present you with the 2014 Microsoft® MVP Award! This award is given to exceptional technical community leaders who actively share their high quality, real world expertise with others. We appreciate your outstanding contributions in Windows Server for Small and Medium Business technical communities during the past year.

The Microsoft MVP Award provides us the unique opportunity to celebrate and honor your significant contributions and say “Thank you for your technical leadership.”

At Microsoft, we believe that technical communities enhance people’s lives and the industry’s success because independent experts, like you, help others extract greater value from products and technologies through the free and objective exchange of knowledge. As a Microsoft MVP, you are part of a highly select group of experts that represent technology’s best and brightest who share a deep commitment to community and a willingness to help others.
On behalf of everyone at Microsoft, thank you for your contributions to technical communities.

Sincerely,

Microsoft Director, Community Engagement
Microsoft Community Program Manager

Cloud Backup Calculator

Backing up your business data to the cloud should be a point of discussion with each and every one of your customers. I’m not saying that it’s necessary to do cloud backup, but it should be addressed.

One of the first questions that is generally asked is: “How long will it take me to backup my data?”

image

The folks at Highly Reliable systems posted an Upload Time Calculator which you may find useful. For example, it will take 8 days to backup 100GB of data on a T-1 line (1.5Mbps). But that time reduces to 2 1/2 days if your Internet upload speed is 5Mbps.

image

Attending the 2013 Microsoft MVP Global Summit

I have been a Microsoft MVP for Windows Server Small and Medium Business (formerly SBS) for ten years. One of the great honors I have as an MVP is the chance to attend the annual MVP Global Summit conference in Seattle.

This conference is an opportunity for MVP’s from around the world to come together, and to meet and interact with the Microsoft product team members for our respective products. There are nearly 4,000 MVPs worldwide representing 95 countries. Currently there are 36 MVPs worldwide selected to the Windows Server Small & Medium Business product line.

image

I will be attending this year’s event from November 18-21, 2013 in Bellevue/Redmond WA.

However, I am not looking forward to the weather forecast for next week Smile

image

Review of ShareMouse Utility

This is my 3rd in a series of personal reviews of various “extend my mouse and keyboard” tools.

My office desk setup includes three 24” monitors connected to my Windows 8 desktop workstation (Dell Optiplex), plus a monitor on my Hyper-V 2012/SBS 2011 server (Dell T410), plus a Windows 8 touch-screen laptop (Lenovo) that I use for testing. And, when necessary, I have a 32” Samsung TV that I can attach using a USB multi-display adapter (Plugable’s Model UGA-2K-A).

So, being able to use one keyboard and mouse is an essential tool and a real time saver for me. (P.S. someday, if I can get the stuff on my desk cleaned up and put away, I’ll take a picture of my setup!)

Mouse Without Borders

In August 2012 I wrote about a product called Mouse Without Borders. I must say, it works very well. The only negative is that only works with Windows-based computers, so no Linux or Mac OS. They released an updated version in January 2013 that supports Windows 8/Windows 2012.

Synergy

In May 2013 I tested a similar product called Synergy, which does support Windows, Linux and Mac OS computers. I used Synergy from May to August, and for the most part, the product worked fine. One nagging issue I had with Synergy was that whenever I needed to reboot my server or workstation, Synergy did not always sync up properly. The services start up, but I had to keep playing with it, stopping and starting the services, until eventually it was in sync and working. Very frustrating. Finally in August I reverted back to using Mouse Without Borders.

ShareMouse

image

This week I came across a new product called ShareMouse (from Bartels Media GmbH) and just installed it to give it a spin. So here are some first day impressions.

  • First thing to note is that it is very, very easy to install. After downloading the install file you are 4 clicks away (OK, Next, Next, Finish)
    image     image     image
  • It has a very intuitive screen manager to identify the position of my monitors for proper mouse movement.
    image
  • It supports both Windows 8 and Mac OSX 10.9
  • A simple, but very helpful, feature is that it dims inactive monitors, so you always know which computer you are working on
  • They offer a free version for personal use (two computers, two monitors)
  • The paid versions (standard and pro) offer ability to drag and drop files and folders between computers. They have enhanced the product so that you only need to install the license on just one computer in your group.
  • Comparison of their free, standard and pro editions

I will post a follow up on this utility after using it for a few more weeks.

CryptoLocker Group Policy Exceptions

In recent posts (here) I’ve addressed the process of creating Group Policy rules for securing your workstations from attacks like the CryptoLocker ransomware. These rules will prevent random executable files located in your local Application Data folder (AppData) from running.

The vast majority of programs that you may use should not put .exe files in the AppData folder, but every so often we come across an exception. In my case, I tried running Join.Me this morning and was greeted with this pop up window:

image

The process of adding an exception to the Software Restriction Rules we previously created is very straightfoward:

  1. From the server, open up Group Policy Management console
  2. Drill down Your_domain.local –> MyBusiness –> Computers –> SBSComputers

    Modify the XP rule

  3. Right click on the Prevent CryptoLocker XP rule, and click Edit
  4. Drill down Computer Configuration –> Policies –> Windows Settings –> Security Settings –> Software Restriction Policies
  5. Right click on Additional Rules, then click New Path rule… and create a new rule for the exception.
    In my case, my rule looks like this:
    image
  6. Click OK

    Modify the Vista and higher rule

  7. Right click on the Prevent CryptoLocker Vista and higher rule, and click Edit
  8. Drill down Computer Configuration –> Policies –> Windows Settings –> Security Settings –> Software Restriction Policies
  9. Right click on Additional Rules, then click New Path rule… and create a new rule for the exception.
    In my case, my rule looks like this:
    image
  10. Click OK

You may now wait the appropriate time (somewhere around 90 minutes, I believe) for Group Policy changes to be broadcast to all workstations, or, if you are in a hurry:

  1. From the server, open up an elevated command prompt and run: gpupdate /force
  2. Then from your workstation, open up an elevated command prompt and run: gpupdate /force

You may now test out your application

Testing your CryptoLocker Group Policy

I posted previously on using Group Policy to establish rules to prevent executable files (.exe) stored in the Windows AppData directory from running, as a way to minimize or prevent the Cryptolocker-type ransomware from infecting your computers.

Someone asked me: “How do I know if the group policy rules are working?”

Good question … easy answer: drop in a small executable file into your local AppData directory and try to run it. I like to use notepad.exe for this test.

Here are the steps if doing this from a Vista / Win7 / Win8 workstation:

  1. Open up an elevated command prompt window.
    By default, it should put you into the C:\Windows\System32 folder
  2. Enter the following commands, pressing Enter after each:
    copy notepad.exe %localappdata% 
    cd %localappdata%
    notepad.exe
  3. If you receive an error message: “This program is blocked by group policy.” – then your group policy rules are working.
    Congratulations!

image

Block Executables from AppData folder

The SMB Kitchen team from Third Tier has made available (for free) a CryptoLocker Prevention Kit that includes a 20 page document that includes step by step instructions on how to lock down your servers and workstation using Group Policy settings to minimize future attacks.

The purpose of this post is to summarize those steps down to a single page. These steps are specific to SBS 2008/2011, but should be applicable to Windows 2008/2012 servers.

GOAL: create Software Restriction Policies within Group Policies to block executables (.exe) from running when they are located in the AppData folder or subfolders therein.

CREATE POLICIES FOR XP

  1. Open up Group Policy and drill down to Domain –> Computers –> SBSComputers
  2. Right click on SBSComputers and select ‘Create a GPO in this domain and link…
  3. Title this policy Prevent CryptoLocker XP and click OK
  4. Right click on this policy and select Edit
  5. Navigate to Computer Configuration –> Policies –> Windows Settings –> Security Settings –> Software Restriction Policies
  6. Right click on Software Restriction Policies and click on ‘New Software Restriction Policies
  7. Right click on Additional Rules and click on ‘New Path rule’ and then enter the following information and then click OK
    Path = %AppData%\*.exe
    Security Level = Disallowed
    Description: Don’t allow executables from AppData
  8. Repeat Step 7 for AppData subfolders
    Path = %AppData%\*\*.exe
    Security Level = Disallowed
    Description: Don’t allow executables from AppData subfolders
  9. Close this policy configuration window
  10. From the Prevent CryptoLocker XP policy locate WMI filtering near the bottom of the middle frame and select ‘Windows SBS Client – Windows XP

CREATE POLICIES FOR VISTA / WIN7 / WIN8

  1. Open up Group Policy and drill down to Domain –> Computers –> SBSComputers
  2. Right click on SBSComputers and select ‘Create a GPO in this domain and link…
  3. Title this policy Prevent CryptoLocker Vista and higher and click OK
  4. Right click on this policy and select Edit
  5. Navigate to Computer Configuration –> Policies –> Windows Settings –> Security Settings –> Software Restriction Policies
  6. Right click on Software Restriction Policies and click on ‘New Software Restriction Policies
  7. Right click on Additional Rules and click on ‘New Path rule’ and then enter the following information and then click OK
    Path = %localAppData%\*.exe
    Security Level = Disallowed
    Description: Don’t allow executables from AppData
  8. Repeat Step 7 for AppData subfolders
    Path = %localAppData%\*\*.exe
    Security Level = Disallowed
    Description: Don’t allow executables from AppData subfolders
  9. Close this policy configuration window
  10. From the Prevent CryptoLocker Vista and higher policy locate WMI filtering near the bottom of the middle frame and select ‘Windows SBS Client – Windows Vista

Windows 8.1 now available!

imageThe much-anticipated upgrade to Windows 8 …

Windows 8.1

is now available today (October 17, 2013).

 

Upgrading to Windows 8.1 is free and easy. Just start up Windows 8, click on the Windows Store tile, and click to start updating!

image  image  image

After Windows 8.1 has been installed, and you restart your computer. you will be have a chance to set additional Express Settings. You can choose to take the default settings, or customize them on your own.

After logging in, you will have an option to generate a security code (6 digit pin code) for you to use in case of suspicious activity with your account.

Enjoy!

Windows Server 2012 R2 Free ebook!

imageMicrosoft Press recently released another free ebook, this one titled: Introducing Windows Server 2012 R2 Preview Release.

It is available in three formats (PDF, EPUB, and MOBI).

Click here to go to the Microsoft Press blog site to download your copy.

Enjoy!!!

SMBNation 2003 – A Look Back

image

SMB Nation will be holding it’s 2013 fall conference in Las Vegas on Oct 10-12, 2013.

 

IMG_0131Harry Brelsford and his staff have come a long way from the very first SMB Nation, which was held in Indianapolis, Indiana in September, 2003.

I thought it would be fun to view some photos from that first conference (click here for photo gallery).

 

Enjoy!