27 November 2019

My users rebooted the RDSH!

So when using RDS in Windows Server 2016 there is a funny issue that arises… Users can actually reboot your Remote Desktop Session Host (RDSH). Yes, you read that right! Your users have the rights/permissions to reboot your host. If your like the dozens of forum posts i discovered, they will probably/definitely do it during production hours.

I know what you’re probably thinking… I had set up my GPOs and it was working before when we were on Windows Server 2012 or 2012 R2.

Well folks, 2012 R2 is where the support for that GPO ended. It is not supported on 2016 or higher. Stupid, right?!? Why would they take away that setting? Or better yet, why would users need to restart a server, that’s an administrator’s role? To be honest I don’t know.

The setting you used to use was “Allow non-administrators to receive update notifications”. It is found under “Computer Configuration\Administrative Templates\Windows Components\Windows Update\”. (Full description here – https://gpsearch.azurewebsites.net/#2794)

It seems like the only viable, and IMHO equally dumb option, to prevent users from applying updates and restarting your server is to completely disable windows updates.

That setting, if you choose to go that route, is “Turn off access to all Windows Update features”. It is found under “Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\”. (Full description here – https://gpsearch.azurewebsites.net/#4728)

Hopefully Microsoft fixes this and administrators are again able to take control back and stop our users applying windows updates and rebooting our machines.

Category: Microsoft | LEAVE A COMMENT
15 November 2019

What was that GPO setting?

There is a GPO setting for, literally, almost everything in Windows!

Software companies provide all of these settings to administrators by means of Group Policy Administrative Templates, better known as ADMX templates or ADMX files. The domain admin imports these ADMX files, into their Active Directory schema, and can then manage an array of settings for the software related to the imported ADMX template.

You can usually find these files on your software vendor’s website, or try doing a search for your software along with the term ” ADMX”. The files or templates consist of two parts; (1) ADMX file – this half are the settings that it allows you to set, and (2) ADML file – the is the language localization file and will have the same name as the ADMX file it is associated with.

While these ADMX templetes allow for an amazing level of control and standardization within a domain or corporate environment, it can be pretty intimidating trying to comb through all of the available settings to find the one thing you want to tweak. It’s akin to trying to find a needle in a hay stack.

Luckily we live in the age of the Internet. There are a couple of websites that I like to use, that have made the task of finding particular GPO settings incredibly simple. Since I’m starting off with Microsoft – Think of it as “Bing’ but just for GPOs & ADMXs. As i mentioned, the first one is “powered” by Microsoft themselves. I feel that it does a great job of simplifying the task of searching for the right GPO setting you want.

Group Policy Search – https://gpsearch.azurewebsites.net/

The other site that I like to use is not Microsoft specific, but compiles and lists the configurable settings available from many software vendors (I stopped counting after I got to 50 different venders).

If the software you use has an available ADMX template, there is pretty darn good chance that it’s settings will be listed on the site below.

GetADMX – https://getadmx.com/

Category: Microsoft | LEAVE A COMMENT
13 November 2019

Outlook O365 – minimized window issue

Had an issue today with a user using O365 Outlook. Whenever they tried to open a message in a new window, it open it as a minimized window, showing only dots, then the minimize/full screen/close window icons.

I could use the “windows key + [ARROW]” buttons to move and essentially resize the window. But after closing and re-opening the message, it was the minimized window as before. I tried resizing it and holding “SHIFT” when closing the window, but that didn’t work either. Everything i tried basically wouldn’t persist. Every time i closed the window and reopened it, it would be that same minimized window.

What did end up working for me was to close Outlook, and make a registry edit. This is the registry key I deleted:

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Message\Frame

After that, opening messages in a new window worked as expected again.

Category: Microsoft, Office | LEAVE A COMMENT
12 November 2019

HTTPS and SSL, options?

In today’s day and age, there is no reason why your website should not be serving up it’s content securely. Honestly, the only acceptable reason is if you have just spun up your website and you are still configuring it.

As far as obtaining an SSL certificate to make your site secure, you have two options, free or paid. There is really only one free provider, which I’ll cover below. For paid, there are lots of Certificate Authority vendors out there, and I’m sure that any one of them would likely be happy to take your money. I’ll mention my preferred vendor later.

The one free option that definitely stands out for doing it’s part to help secure the internet. That provider is, Let’s Encrypt. Let’s Encrypt is a free, automated, and open Certificate Authority. They do this to help the Internet be a more secure and privacy respecting Web. You can read more about them here.

The best part of Let’s Encrypt is it’s automated nature. No one enjoys replacing certificates, so having an automated process to renew and replace your certificate is like a dream. If your running your own server, check out their certbot. A lot of web hosting companies even streamline this process further by providing this option as an easy and simple solution directly thru their management consoles with only a few clicks.

If you are using AWS and running Bitnami as your server’s underlying operating system, then you are in luck. There is lots of documentation you can read up on. This link talks about how to generate and install your Let’s Encrypt ssl, where as this link about how to auto configure a Let’s Encrypt ssl. I’m not going to in to Let’s Encrypt much further than that though.

The other option is to pay for a ssl certificate. The company that I personally use and recommend for purchasing SSL certificates through is SSLs.com. The site and service is owned by Sectigo (Comodo was re-branded), which is arguably one of the largest and most well known Certificate Authorities out there. My favorite part of using SSLs.com though is their pricing. They have, hands down, the cheapest price for a SSL certificate anywhere. At the time of me writing this, you could get an SSL certificate for a single domain for $6.88 for a single year, or down to as low as $3.77/yr if you bought it for four years.

Category: AWS | LEAVE A COMMENT
11 November 2019

Removing the Bitnami bannner image

On a new install of WordPress on Bitnami, you’ll have a small little banner image displayed in the lower right corner of your webpage.

To remove it, you can find instructions in Bitnami’s online documentation. https://docs.bitnami.com/aws/how-to/bitnami-remove-banner/

To remove the banner link you can complete these steps:

  • Log in to into your server console using SSH and execute the following command. sudo /opt/bitnami/apps/wordpress/bnconfig --disable_banner 1
  • If you get the response: “command not found”. Try using this command instead and it should work. sudo /opt/bitnami/apps/wordpress/bnconfig.disabled --disable_banner 1
  • Restart the Web server.
    • If you’re using Apache, execute the command below: sudo /opt/bitnami/ctlscript.sh restart apache
Category: AWS, Bitnami | LEAVE A COMMENT
29 October 2019

Getting your VMWare Certified Associate – Digital Business Transformation Certification

The name “VMWare Certified Associate – Digital Business Transformation Certification” is quite a mouthful. Thankfully it can more easily be referred to simply as the VCA-DBT. If you are just starting on your path of VMWare certifications, then this is a great one to begin with. Earning this certification validates and proves to other that you understand the concepts of virtualization and how they can really drive a company forward.

This exam covers, at a basic and low level, all of VMWare’s products – like vSphere, vSAN, NSX, and vRealize. While it exposes you to all of their product offerings, it is not diving deep into any of them. You aren’t going to learn any complicated concepts of virtualization or even how to deploy a VM. It is merely certifying that you are aware of the VMware product line. It lets employers know that you have a sound grasp of what virtualization is, and how it can be leveraged to help the business reach its’ goals. It is also a great way to show that you are committed to learning, increasing your knowledge and applying yourself.

The exam itself is not too difficult. It is non-proctored exam, which means you can do it anywhere, from home or even from a coffee shop. The exam itself is 135 long, has 30 questions, and costs $125. VMware provides an “Exam Guide” to help you study, which is very helpful. Also, being that it is non-proctored, if you needed to you could potentially even use Google to help you answers questions if it came to that. It took me just a couple days to prep myself for the exam, and I was able to pass with no problem.

One important thing to note is that the VCA-DBT is not required for the VCP. It won’t hurt you to get the VCA-DBT, but it is in no way a prerequisite to progress towards your VCP. It is, however, a great way to get familiar with VMware’s style for exams and test taking though. It also is a great way to gain some knowledge of everything VMware can offer, which is a huge portfolio of products.

Category: VMWare | LEAVE A COMMENT
5 October 2019

Getting your Comptia Security+ Certification

A few months back I was encouraged by a friend to get my Comptia Security+ Certification. After about 4-6 weeks of studying, I took the exam and passed with a score comfortably exceeding what Comptia considers to be its’ passing score. Woohoo!

The current iteration of the Security+ exam is call the “SY0-501” exam, and contains a maximum of 90 questions of both multiple choice and performance based questions. To pass, Comptia requires you score at least a 750, on a scale of 100-900, Which is harder then it might sound. It really is a pretty big exam, both in terms of subject matter and the sheer scope of security topics that it covers. Many people find it to be daunting and a bit intimidating – and rightly so. Comptia is also a little secretive about it’s grading policy and how it scores each question, meaning some questions might be worth more than others.

To give you an idea of what all it covers, here are just its’ overarching domains, straight out of their “Exam Objectives“:

  • Threats, Attacks and Vulnerabilities
  • Technologies and Tools
  • Architecture and Design
  • Identity and Access Management
  • Risk Management; Cryptography and PKI

That means that there is a lot of stuff that can be covered under all those topics. It’s literally all things security, and well, that is naturally a lot of stuff. I was lucky in that I have worked with many of the various aspects that the exam covers, in one form or another. I was able to draw upon that knowledge, and I know it helped me greatly. For me, using my personal knowledge and reviewing the video series I mention below was enough to enable me to pass.

The good news though is that it is not an impossible exam, even for those that don’t have any pre-existing knowledge of the subject matter. Comptia literally gives us the “Exam Objectives” in a pretty clear and concise document. Everything someone needs to know to pass, is listed right there in that document. I’m not saying it’s going to necessarily be easy… Just that they aren’t hiding what they are going to be asking you questions about. Use that as a guide. Review it and make sure you can describe what each item is and how it might be used or applied. Those objectives should be the very last thing you are reviewing before you walk into your exam.

They aren’t going to quiz you so much on vocabulary and definitions, thought it does help to know those. Their questions are going to be more along the lines of which would be the better choice in this scenario, using ‘A’ or ‘B’ or ‘C’, type of questions. One of great things about the Comptia exam is that they allow you to flag, skip over, and later revisit any question on the exam. My personal exam taking suggestion is to do all of the multiple first, then go back and do the performance ones. My reason for that is time management. It’s easy to get caught up in those performance questions and end up not having enough time to finish all the other questions. So power thru all of the multiple choice questions, then do the performance questions, then circle back and revisit and multiple choice questions you flagged and were unsure about.

In my opinion, one of the best (if not the best) resources I was able to find in my studies was, Professor Messer. He has a complete YouTube series that walks though the exam objectives, covering every bit of it. He gives lots of examples of how/where you might encounter those subjects or topics in the real world. I find having a real world example helpful. He also has some other resources like a monthly study group where he spends time going a little deeper into a study question, then follows it up with a “open line” where he takes questions about anything live on the air and answers them.

The most amazing part is that his video content and study groups are FREE! He does offer a more in-depth study guide book and notes for sale on his website, which if your particular learning style requires a book to read from, you will probably find it beneficial. You can cruise right to his YouTube channel and watch all his videos on the exam and his monthly study. And if you buy his book, you can follow right along with notes. Here is a link to Professor Messer’s YouTube Channel about the Security+ as well as his website. If you’re going to go for your Sec+ exam… Definitely check him out.

Category: Comptia | LEAVE A COMMENT
4 October 2019

Veeam Backup O365

While I’ve spent more than a few years working with Veeam’s Backup & Replication (VBR). But I’m pretty new to Veeam’s Backup O365 (VBO365). I recently learning about some of their differences while setting up a new install of VBO365 in an environment which already used VBR.

One is that unlike VBR, VBO365’s repositories don’t support drives have data deduplication enabled and running on it. It can be on a Windows server with the data deduplication role installed, that won’t break anything. But the disk volume that the repositoy lives on can not have a running data dedupe task, as you risk a change of corruption in your backup file.

The next is that it’s recommend that the VBO365 application is installed on it’s own VM. It can be run on the same VM as your VBR, but it can be resource intensive so they recommend it be running on it’s own.

The VBR backup job that is running against your VBO365 VM needs to be application aware. On top of that, they recommend running pre-job and post-job scripts to stop and start the VBO365 services. This means before the VBR job runs, it’ll need to run a script to stop VBO365 services (there are three services, though the RESTful API is probably already off by default). Then once the VBR job completes, it’ll need to start up it’s VBO365 services (there are two of them).

Luck for you and me, VBR can easily be set up to run the pre- and post- job scripts. And even luckier for you, I have already put together the Powershell command you’ll need to stop and start those services

Stop Services:

Get-Service | where {$_.name -match “Veeam.Archiver”} | sort-object Status -desc | stop-service

Start Services:

Get-Service | where {$_.name -match “Veeam.Archiver.Service”} | sort-object Status -desc | start-service

Get-Service | where {$_.name -match “Veeam.Archiver.Proxy”} | sort-object Status -desc | start-service

Category: Backups | LEAVE A COMMENT
4 October 2019

Easy Beginnings – website hosting

The Internet has come a long ways since it’s early beginnings. One of the things that have gone from “only a nerd could accomplish” to now “almost anyone” can do is pick a host and create their own content.

Ages ago I started using a hosting company called DreamHost.com (referral link, save $50). They are a great hosting company, and I still use them for some stuff. If you’re much of a ‘techie’ person, then they would definitely a great choice for you to use. They have a lot of affordable hosting options, and make things really simple with “one click” installers that will do all of the heavy lifting for you. With one click it will do everything for you from the install to configuring the associated application’s database and creating the admin user. Within minutes you have an email in your mailbox telling you that your ready to go! Here is a link to all of DreamHost’s “one click” installers and 3rd party apps.

They actually have some really great support, and to help keep their costs down, they only offer email based support. For some people, that just doesn’t work for them. I can honestly say that I really haven’t had much to complain about in over a decade of relying on them. Their email support has been timely. In my opinion, they are a wonderful hosting company. If you need things simple and easy, and don’t really want to mess around with having to do anything yourself, this is the perfect hosting company for you to use. They do also offer more advanced stuff too.

If you need something a little more powerful or robust. Or if you are that nerd that wants to have a bit more control over the server hosting your site, then it’s time to consider taking a look at a larger provider like Amazon Web Services (AWS). AWS has some great options to choose from and with services like, Lightsail, they make it super simple and affordable to make and host a website or application. Their Lightsail offering even have many of the same “one-click” install options. In an attempt to broaden my own knowledge and skills on AWS, I have started to move my “web things” over to them. I don’t have any complaints. And being able to manage the underlining server my site runs one at the OS level, gives lots of options for me. As an IT professional, I’m hopping compute pools and settling into the AWS and Azure environments for my next ride. Both of these LARGE cloud providers offer so much to the power user like myself. At some point, I’ll write up an article on creating your first Lightsail in AWS, so stay tuned!

Category: AWS | LEAVE A COMMENT