Get your Windows serviced

Keep the faith Windows users!  The much debated issues with updating older OSs (7 and 8.1) is about to get a lot easier 🙂

As of October of this year windows updates for Windows 7 and Window 8.1 will be monthly pushes.  What is that you say? How is that a big change? Well, from October on the udates are all going to be… cumulative. That’s right – each update will include all the previous updates so you will only need to download one file and not run a series of updates to get back to “current branch”.

This does beg a few questions from this humble blogger

  1. How big do the “rollups” become?  I am wondering about bandwidth usage and companies on slower networks
  2. If you are only one or two versions behind do you really need to download the whole package? Hopefully there is some mechanism that checks the version you are running and only pulls down the portions you need
  3. What if you only want certain updates (i.e.: critical and security updates) and not the rest?  There seems to be some answers here as MSFT says they plan to release a separate package of just security updates
  4. How can you recover from a failed update?  What to do if an update causes issues. I can recover from that (hopefully) but how can it be removed from the list of file I have to download.  Am I blocked from ever updating again??

I am going to have to dig deeper on this one dear readers!

Stay tuned 🙂

Xbox controls man’s PC

At the time this gets posted I will be in the wilds of Algonquin park. I a weird twist I will also hopefully have cell reception so I can watch the last ever Tragically Hip concert. I have never wanted a signal when camping before (it was nice at times when I did get one) but this is an exception.  Much respect for the band and Gord himself.

To try and segue here – combining things that are quite different (see, I’m trying) the Xbox One controller is a supported device in Windows 10.  As the platforms start to show some overlap it will be nice to use a controller for PC based gaming without needing to shell out another 60/80/100 dollars.  The wired cable works, if you have a wireless adapter that works and the newer controllers have Bluetooth.

Sweet!

Pass the Hash: Windows security (part 3) – Always site your sources

In 2 articles now I have talked about Pass the Hash.  I am by no means a security expert so I did what we all do.  I searched/Bing’d the ideas and used them as the sources of my articles.  If you want to learn more about Pass the Hash here are some great sites to check out.

https://www.microsoft.com/security/sir/strategy/default.aspx#!password_hashes

http://www.gfi.com/blog/security-101-pass-the-hash/

https://technet.microsoft.com/en-us/security/dn785092s

http://www.windowsecurity.com/articles-tutorials/misc_network_security/Dissecting_Pass-  Hash-Attack.html

http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/How-Cracked-Windows-Password-Part1.html

Get with the times (Office updates)

I really need to update my Office version. I am using 2013 at home.  In some free time I took a look at the new/improved features in Office 2016 (check out the full list here: https://support.office.com/en-us/article/What-s-new-and-improved-in-Office-2016-29d7e38e-ef06-4d9c-a476-03d896928b2f?ui=en-US&rs=en-US&ad=US)

Here are some of my favorites (in no particular order)

  1. Co-authoring.  Gives you the ability to work, from any device, with others in real time . Makes team documentation much easier in Word.
  2. Mail triage.  Outlook learns your email habits and moves low-priority emails to another folder so you can be more productive.  It will give you a list of emails moved so you are aware of them.
  3. Version history.  I really love this.  Word, Excel and PowerPoint have the ability to see previous versions of a document when you are editing it.  Makes documentation review and update way easier and more effective.
  4. Smart Lookup.  Uses the power of Bing while in a document to look up facts and information without needing to leave your work.  Efficient!
  5. Shared notebooks.  OneNote is the red-headed step-child of the Office family. But, man, does it have some awesome capabilities. I have posted about it a number of times and will do so again.  Updating in seconds means that you can share a list with your loved ones (and co-workers) from one location.  Brilliant!!

 

Pass the Hash: Windows security (part 2)

Here is my second installment in the Pass the Hash series.  In this section we will look at 5 ways to mitigate these types of attacks

Mitigation #1

Restrict and protect high privileged domain accounts – Restricts the ability of administrators to inadvertently expose privileged credentials to higher risk computers.  Make sure only a few people know the paswords to these high level accounts and make sure to configure windows settings to require a password when the accounts are to be run in admin mode

Mitigation #2

Restrict and protect local accounts with administrative privileges – Restricts the ability of attackers to use local administrator accounts or their equivalents for lateral movement PtH attacks.  Avoid using admin accounts as much as possible and (as per #1) force password on elevation

Mitigation #3

Restrict inbound traffic using the Windows Firewall – Restricts attackers from initiating lateral movement from a compromised workstation by blocking inbound connections on all workstations with the local Windows Firewall.  This is where your network techs get a staring role – prevent the attack and you won’t have to worry about mitigation

Mitigation #4

Use complex changing passwords – do it!  Avoid becoming Mordac, the preventor of information (http://blogs-images.forbes.com/ciocentral/files/2011/06/Mordac.png) but complex passwords and a properly managed change process are key here

Mitigation #5

Do not use LM hashes – use NTLMv2 exclusively on all Windows boxes currently supported by Microsoft.
Another step is to disable LM authentication across the network. Browse to HKLM\CurrentControlSet\Control\LSA. Once there, locate the key named LMCompatibiltyLevel. This can be set to 3 to send NTLMv2 authentication only which is a great setting for domain clients. The alternative is to set this value to 5 which configured the device to only accept NTLMv2 authentication requests, which is great for servers.

Virtually the coolest thing

Get ready for VR/AR windows!  MSFT has just announced that in 2017 they plan to release a Windows Holographic shell for PCs:

“Next year, we will be releasing an update to Windows 10, which will enable mainstream PCs to run the Windows Holographic shell and associated mixed reality and universal Windows applications.” (Terry Myerson)

This will allow some computers to use a headset for VR/AR use in Windows

BTW, VR is Virtual Reality – what we see in movies (and now in real life games) where your experience is total immersion in a virtual world. AR is Augmented Reality which puts virtual objects in our real world (think Pokémon Go – but with a headset).  AR has been the bailiwick of the Hololens project and has some fantastic uses aside from ruling your local pokemon gym.  Picture an AR headset showing you in, real time as you tour your building, pieces of equipment that are expected to fail or have run past their expected usage limits. C’est beautiful, non?

Edge bashing

I get it.  Everyone wants to pick on the new kid.  “He’s different”, “He’s weird” and  “He smells funny” (well, okay, that last one was just my own experience).  But what does all that really matter?  Of course it’s different and weird.  So were you… once.

IE has gotten a lot of flack as being slow, bulky and not user friendly like the newest generation of browsers. Again, I get it. It has been around a looong time. Longer than almost any other currently used browser.

So when Edge hit the scene it has to take all the flak for IE’s long history and the fact that is different.  I don’t get it.  One of the rallying cries of people against MS browsers is the speed.  Edge is faster than Chrome and Firefox. Yes, only sometimes but that means they are comparable in speed to say the least.  Check out these reviews of the browsers:

Battle of the browsers: Edge vs. Chrome vs. Firefox vs. Safari vs. Opera vs. IE vs. Vivaldi

Microsoft Edge vs. Google Chrome for Windows 10

          http://www.laptopmag.com/articles/best-windows-browser

They all say that the browser is better in some situation and as-good, or worse in others. So does it not stand to reason that these attacks against Edge are not fact based but rather fear based?  I think so. The market share for both Chrome and MS browers are neck and neck and the best the Chrome fanboys have to offer is arguments not based on fact but on history and conjecture.

I like using Edge and I don’t care who knows it.

Anniversary aftermath

What a fun night it was!   Went out with some good friends and fellow MVPs for a Windows 10 Anniversary party.  If you are (or want to become a Windows Insider and live in Ottawa, Canada you should check out https://www.meetup.com/Ottawa-Windows-Insiders) Woke up this morning to a full inbox with all the new tweaks for Windows 10.  Here are some of my favorites

  1. You can now prevent apps running in the background.  This is done via the “Settings”.  On the left side, at the bottom is the “Background Apps” link. Locate the app and turn the slider to off
  2. Not really my thing but the Bash/Linux command prompt has been added
  3. Windows Defender got a nice boost.  It can be run in an offline mode now. I need to make a full post about defender at some time. I have been reading about it lately and it just keeps getting better
  4. The Start Menu has a new look. They have added a third panel to it – well actually a very narrow section for some common activities.
  5. A whole whack of improvements to Edge.  They have added extension support (LastPass is now in the Windows Store). There are some neat new “Paste” options as well as many more novelties.  This will require another full post in the near future!

Happy Versary

It’s here and its happening!!  Well, at least it is here for some of us.  The Windows 10 Anniversary Update has started to be rolled out to some 350 million plus end points.  I would hate to manage compliance on that! 🙂

You can either wait for it to show up in your update list or you can try a few tech tricks

1) Check out this link to get an .ISO: https://support.microsoft.com/en-us/help/12387/windows-10-update-history

2) The Windows Media Creation tool also gives you a way to get the .ISO.  You can either download the tool (https://www.microsoft.com/en-ca/software-download/windows10) or use the Refresh and Replace tool to launch it

3) If you are one of the lucky few with MSDN or VLSC then the ISO is there as well

Download, love and geek out!!