• Home
• About
• Advertise
• Contact
• Search

Nixadmins.net moved to Linode.com

by Mats Hellman on 06.May, 2011 under Nixadmins.net

After some research I decided to move the Nixadmins.net website to Linode.com. It’s been running here for a few days, in a few months we will see if this was a good or a bad move.

So far I only have good things to say about Linode. The configuration console is great and easy to use. Deploying the server took a few minutes and package installation was done in a few more minutes.

Leave a comment

Microsoft Techdays 2011–Finland

by Mats Hellman on 03.Apr, 2011 under Windows, Windows 7

I attended Techdays here in Finland 31 March and 1 April. This was a great event so I’m going to post a big thank you here to the people behind this event. The only thing I had trouble with was prioritizing which sessions to attend. There were just so many great speakers.

Things that really stuck were the session on Microsoft Intune by Salcom Group and the 7 ways to break into Windows 7 by Sami Laiho from Sovelto and Petri Paavola from Aalto Yliopisto and a really special session by Sami Laiho talking about WIOSKI.

Microsoft Intune

This is going to be big for any small companies. Remember I said this. Not because I’m really into cloud computing yet but the fact that any small-midsize company can easily get a management system for their computers.

Reporting is a big part of todays security, so getting reports on how many of your computers are patched is actually a big deal.

But the thing that I liked most about Intune was the fact that the license includes a copy of Windows 7 Enterprise, and when a new Windows version comes along you have the privilege to upgrade. This will effectively give small size businesses a chance to get BitLocker in use. And from a security perspective that’s a big deal.

One of the really great things is that since the whole system operates from the cloud the systems administrator can work from anywhere.

The remote assist feature is also a part of Intune but my personal opinion is that you’d be better of with something like TeamViewer.

Intune also includes Microsoft’s Forefront Endpoint protection, so technically you could ditch your current antivirus. I haven’t tried FEP but many who have says it can actually protect your computer from the malware and viruses you throw at it.

The pricing also looks quite affordable, at 11€ / workstation / month it’s really not that bad. You get a great system and you can ditch some costs, like Antivirus licenses and you’ll cut the management costs since you don’t have to keep your own servers. And that is a cost saver for SMB’s, since they are rarely able to keep them up to date and secured properly anyway.

You can find information about Intune here http://www.microsoft.com/windows/windowsintune/pc-management.aspx

7 ways to break into Windows 7

This was a really interesting seminar, thanks to Sami Laiho and Petri Paavola for this one, these guys really know how to take an audience.

The ways they break in isn’t in any way new, most of us know that if the systems physical security is compromised in any way, you can’t trust the system anymore.

The interesting part is that with simple disk encryption, like Bitlocker, most of the hacks can be stopped.

The hacks they did were simply to replace the Sticky keys (sethc.exe), Displayswitch.exe to cmd.exe. This way when Windows boots just press Windows+P or 5xShift to get a command prompt running with system privileges. After that just use net.exe to add your administrative user and the computer is yours.

This could, as I said be prevented with BitLocker because you can’t get to the encrypted drive and modify it from WinPE or a Linux LiveCD.

Even if BitLocker is enabled there are ways in if you don’t use pre-boot PIN codes. And since central management for the PIN code isn’t available yet many haven’t  applied it. This hack was using a Linux distribution to access the computer by writing directly to the memory, using the FireWire port. The scary thing is that this isn’t something that’s only available on Windows based PC’s. Any computer that has a Firewire port activated can be hacked using the same tools.

In Windows Administrators can use Group policies to force Firewire drivers never to install but I’m not sure how to get this done in any other environment.

And if you think you’re safe because you don’t have a Firewire port, think again. There are PCMCIA cards supplying this port and any modern operating system will without a question install the drivers unless it’s denied to do so.

WIOSKI

This is basically a really smart way to run a KIOSK computer. What Sami has done is put together a bunch of scripts using only standard Microsoft techniques. It works by using two VHD’s (Virtual Hard drives). Using one differential and one master image.

Basically you first operate the master one, install anything you need and after that reboot the computer to the differential VHD. The next time the computer is booted anything on the differential drive get’s trashed.

So every reboot you have a fresh start and the computer is just as it was when the administration installed and approved it.

The installation is dead simple and the performance isn’t bad in any way since no virtualization is done.

The only downside is that the only Windows versions able to boot from a VHD file is Windows 7 Enterprise OR Ultimate. So you need a license for one of them.

Anyway, you can find the Wioski medias and a instruction video from the site http://www.wioski.com.

 

Thanks again for a great couple of days to the organizers.

Leave a comment

Belkin F5U103v USB to Serial Windows 7 X64 driver

by Mats Hellman on 03.Apr, 2011 under Uncategorized

A few years ago I bought a Belkin USB2Serial adapter because most laptops don’t have a serial port anymore. I need RS-232 to be able to configure network equipment so I got myself this adapter.

The sad thing is that Belkin does not supply Windows 7 X64 drivers for it, luckily I found another driver that works like a charm.

You can get if from http://www.prolific.com.tw/eng/downloads.asp?id=31

Just download this one from the site

If there is a new version you could probably use it but this one is working for me.

3 comments

Signing Tomcat CSR with Microsoft ADCS

by Mats Hellman on 08.Mar, 2011 under Active Directory, Windows

Today I got a request to sign a Tomcat server with our Microsoft PKI. After some trial and error I could not get the server to sign the certificate with the standard templates, Web server or Code Signing.

After some searching on the web I found a solution, use the Subordinate Certification Authority template. This is not ideal but it works. So anyone out there getting errors like

The certificate is not valid for the requested usage. 0x800b0110

Can use the Subordinate CA to sign the certificate in question.

If you have a better solution please post a comment.

Leave a comment

Nokia & Microsoft

by Mats Hellman on 11.Feb, 2011 under Mobile

Today 11.2 2011, Nokia and Microsoft announced their future plans for long-term partnership. There is plenty of talk about this on the web so I want to bring my 2c to the table.

As I live in Finland I’ve been using Nokia a long time. My first was the 2010 and my last the E90. I never really liked Symbian and my problems with Nokia begun when Symbian stepped up to the market. Symbian to me was a clumsy OS that was slow and really difficult to handle.

Since I stopped buying Nokia I’ve been using my HTC HD2 and my private phone is an iPhone 3GS. IOS is a phenomenal mobile OS, anyone who ever tried the OS must agree that it is really fast, and my grandmother can use it after five minutes of training. The HD 2 on the other hand is running Windows Mobile 6.5 and those of you who have used it know that it can’t compare to IOS in almost anything. But there is one thing the Microsoft mobile OS does well, and that is connecting to services provided by the Microsoft Exchange server. Hand’s up whoever uses Exchange in their daily work, I’m guessing many of you do.

Windows Phone 7 greatly improves the user experience compared to Windows Mobile 6.5, and I’m talking about normal everyday users. CEO:s, CFO:s, marketing people etc. Not the tech-savy geek who wants to modify his/her device in every way possible.

I think Nokia made the right choice here by going to Microsoft, we have seen great hardware from Nokia for years, Microsoft has finally understood the importance of totally redesigning the mobile OS. It should not look like your desktop OS since it’s not used for the same purpose.

Our organization has been buying Nokias devices and will be doing so into the future. Finally we can get rid of the hundreds and hundreds of support calls on how to change your MfE password on the Symbian device. IT departments need to provide easy to use tools for their users so they get their work done. And Nokia+Microsoft delivers precisely that.

So I wish Nokia and Microsoft a great journey together and I’ll be looking forward to the devices you deliver.

Leave a comment

« Previous Page — Next Page »

Advertising

Recent Posts

• Configuration Manager 2012 installation trouble
• Install Software Updates hang on Downloading update
• SCCM 2007 management point fails to install
• Setting up Windows Server DHCP for SCCM2007
• The tale of the broken hard drive

Archives

January 2012

December 2011

July 2011

May 2011

April 2011

March 2011

February 2011

January 2011

December 2010

November 2010

September 2010

May 2010

Login

Register

Log in

Browse by tags

Acrobat Active Directory Apache Apple ASP.NET CentOS Defragmentation Drivers Free Software Group policy Install iPad Linux Microsoft MSI OSX Redhat SCCM Security Service Pack 3 SSL VPN SSTP VPN Virtual PC VPN Windows 7 Windows Deployment Services Windows Server Windows Vista Windows XP WinPE

Ads

Ads