Month: May 2017

Password Managers – Be Safer Online.

Password Managers – Be Safer Online.

I created this Article about Password Managers back in 2015 and published it to a well known Tech Forum called Experts Exchange. The Article is still relevant so I’ve decided to publish it on my blog as well. Happy Reading.


A brief insight into online Password Managers – Be Safer Online.

 

A few customers have recently asked my thoughts on Password Managers. As Security is a big part of our industry I was initially very hesitant and sceptical about giving a program all of my secret passwords. But as I was getting asked about them more and more I decided to trial one so I could offer a better opinion. The one I decided to trial was called ‘LastPass’. It came highly recommended from a couple of my Web Developer friends who now use it for every website that requires some form of login!

In addition to the recommendation I did some research on the program to give me a little more confidence and understanding – I suggest reading a few reviews prior to jumping into anything.

What is a Password Manager?

A password manager is a program that helps a user to better manage and organise their passwords for online accounts. Most Password managers store your passwords and then encrypts them. The programs then require the user to enter a Master Password to decrypt them before they can be access.

What is the benefit of having a Password Manager?:

If you’re anything like me you will have lots of online logins, then over time this can become difficult to manage. I found myself trying multiple login credentials on sites before finding the one that works, eventually getting there but sometimes I would have to do a password reset.

Using a Password Manager takes away this problem. All you have to do is remember the one password and the program does the rest.

 

Getting Starter – The Master Password:

The first thing that a Password Manager will ask you to do is to create a ‘Master Password’. This is the password that you will use to access the program and the access your ‘Password Vault’ (where your passwords are kept). Because this is the password that allows you to access your other online accounts I would highly suggest making this as Complex as possible. The password needs to be completely unique and not used anywhere else – I can’t stress this enough. Make sure that you remember this password. If you forget it you will not be able to access your account.

Master Password tips:

– Make the password as long as possible. At least 12 Characters long would be a good goal.

– The password should contain Lower and Upper case letters

– The password should contain Numbers (0-9)

– The password should contain Special Characters – e.g. £ * ( ) $

– The password must be Unique

 

First thoughts:

I started using the program for some of sites that I don’t really care about – Mostly online games and a couple of forums etc. I found it was easy to add the sites to the ‘Password Vault’ and it replicated to all of my other devices (PC/Mobile/Laptop) where LastPass was installed. One great feature is that when you’re logged into LastPass and visit a site that you’ve saved it will auto-complete the login fields for you – Saves time which is great and stops the ‘which password is this’ problem.

Boosting my online security with The ‘Security Challenge:

LastPass has a built-in ‘Security Challenge’ which ranks you based on the type of usernames and passwords that you’ve used on the stored online sites. My rating was pretty low. This didn’t surprise me much as the sites I’d stored were of little importance so wasn’t using any of my secure passwords.  What did surprise me is that it gave me an option to visit the site and change the password to something randomly generated and more secure.

I visited a couple of my ‘weak’ sites and let the program generate a new random/secure password which boosted my security rating and technically made me safer online. The password was then saved into the password vault and again updated to all of my other machines that had the program on.

An example of one of the automatically generated passwords is:            !dDOoDgLs8Jp

 

Why Random passwords are such a good thing:

A lot of the people that I speak with tend to have one or two passwords for everything that they use online. The reason that this is a problem is because if an attacker gained access to one of your accounts then they could potentially use the information to get into any of your other online accounts.

For example:

Say you register on a website to play an online game. You register with your normal email address and password. One week later the website is hacked and your username and password are in the hands of a hacker. I can almost guarantee that these people will try your username and password on other well-known sites to see if they can get in… They will try accessing your facebook, email, twitter etc. I know this because if I was a hacker, I would do the same.

There are literally hundreds of cases where people’s lives have been ruined because they’ve used the same password everywhere. The random password generator solves this problem. With the random password, if my details where leaked that could try accessing any of my accounts but because all the passwords are different they will fail.

 

After the trial:

Since trying LastPass I’ve added most of my online accounts into it and I’m now using it on all of my devices. I’ve updated my passwords on various sites to improve the security and I’m happy that everything can be managed from one place. The program also allows me to create various sub folders in the Password Vault so that I can easily find any details I may need in the future. Another nice feature is that if I want to I can share my login details with other LastPass users which gets around the sending passwords via email problem.

 

Other Password Managers:

There are plenty of other Password Managers to choose from. As I said previously, I used LastPass because it came recommended and I was happy with the features that it offered. I would advise you to have a look at the others on the market before making a decision on using one. The features on most of the Password Managers are very similar but some do offer more than others. For example, one feature that I would like to see on LastPass is fingerprint authentication for the mobile devices, this is something that others offer.

 

And Finally – A link to the LastPass Website:

SBS2011 – MoveData.exe – CLR20r3 Crash (Moving WSUS Database)

SBS2011 – MoveData.exe – CLR20r3 Crash (Moving WSUS Database)

I’ve come across a few issues over the years with the Move Data wizard in the SBS Console.

I decided to write about this one specifically because its a common issue I have when taking over Server Support from another provider.

Situation:

Space on the Servers C:\ partition is running out. SBS2008/SBS2011 have a few useful wizards in the SBS Console which allows the Administrator to move large items like the Exchange Database, WSUS and User folders with ease. This is called the MoveData Wizard.

Problem:

When trying to move data like the WSUS Content to another Drive via the SBS Console, you get the following error:

Windows SBS 2011 Standard Console has stopped working

Problem signature:
Problem Event Name: CLR20r3
Problem Signature 01: MoveData.exe
Problem Signature 02: 6.1.7900.0
Problem Signature 03: 4cd854e7
Problem Signature 04: StorageCommon
Problem Signature 05: 6.1.7900.6
Problem Signature 06: 52547e02
Problem Signature 07: 174
Problem Signature 08: 6f
Problem Signature 09: PSZQOADHX1U5ZAHBHOHGHLDGIY4QIXHX
OS Version: 6.1.7601.2.1.0.305.9
Locale ID: 2057
Additional Information 1: 4323
Additional Information 2: 43239e9fc32d5958d879af5d68b14cad
Additional Information 3: ad0b
Additional Information 4: ad0b47be9336c61ea7f4be913ec84e32

CLR20r3

Resolution:

To get to the bottom of the problem you need to find out why the MoveData.exe process has crashed. Forunatly Microsoft have given you a log for this which can be found here:
C:\Program Files\Windows Small Business Server\Logs\movedata.log

In my case, the log information gave me this:

[25944] 170526.082631.4406: General: Initializing…C:\Program Files\Windows Small Business Server\Bin\MoveData.exe
[25944] 170526.082631.6066: Storage: Data Store to be moved: WSUS
[25944] 170526.082634.1439: Storage: An error occured during the execution: System.Runtime.InteropServices.COMException (0x80070422): The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. (Exception from HRESULT: 0x80070422)
at WindowsUpdateAgent.IUpdateInstaller.get_IsBusy()
at Microsoft.WindowsServerSolutions.Storage.Common.MoveDataUtil.IsSystemPerformingCriticalMaintenance()
at Microsoft.WindowsServerSolutions.Storage.MoveData.MainClass.Main(String[] args)
———————————————————

Yup, it was as simple as the Windows Update Service was not started. The last administrator had disabled the service for some stupid reason… 

I checked the service via services.msc, changed it to Automatic, started it and re-run the Move Data wizard from the console.

Job done.

I then spent a few hours updating the server.

Related Links:

If you’re having a similar but not exact problem to this, it would be worth checking the below Question which I answered on the Experts-Exchange forum. This may help you further:

https://www.experts-exchange.com/questions/28676769/SBS-2011-standard-move-data-wizard-has-stopped-working.html

For further information about how to cleanup disk space on Small Business Server, see here:
Free up disk space in SBS2008 and SBS2011

For more of my Articles on SBS click here:
SBS Articles

Avoid getting infected by threats like ‘WannaCry/WCry’ – Ransomware

Avoid getting infected by threats like ‘WannaCry/WCry’ – Ransomware

I’ve been asked about the WannaCry Ransomware a few times over the last few days. My top tips on how to avoid becoming a victim to these kinds of threats are below:

Keep your Systems up-to-date.

Windows updates can be irritating. We’ve all been there when we’re ready to go home and we’re waiting for Windows update to finish installing before the PC is shutdown. However, in the case of ‘WannaCry’ ransomware, the infections could have been avoided by the Microsoft Fix being installed. The Fix itself was released months ago, with Microsoft Updates turned on there is a vastly reduced chance of you getting this kind of infection that tried to access your machine via known Vulnerabilities in Microsofts software.

Use a supported Operating System.

The support for older versions of Microsofts Operating Systems like Windows XP ended ages ago. Microsoft were under no obligation to release a fix for the SMB issue that the ‘WannaCry’ infection exploited. Users on the latest Windows 10 operating System were immune to this issue as the auto updates would have patched the vulnerability when it was released. Refer back to item number 1.

Get yourself a decent Anti-Virus.

There are far too many people out there who run their Systems with either no Anti-Virus or a poor performing free Anti-Virus. With a paid Anti-Virus you’re in safer hands.

Personally, I recommend ESET Anti-Virus. I’ve used it for many years and have it on both my Home and Work Operating Systems. It’s low on Resource consummation and has an excellent virus detection rate. Those users who already have ESET will have been immune to the ‘WannaCry’ infection as ESET can detect and stop it. The same is said for many of the other varients of Ransomware

A Link is for ESET can be found at the bottom of this page.

Email – Be cautious, if in doubt don’t open them.

Email is possibly the biggest method in which machines are infected with viruses and malware. This means that if the users are more cautious and aware then there is less risk of being infected. Scammers are getting very smart in their methods of making an email look like it has come from a legitimate source when it hasn’t. I strongly suggest that you take care when going through your emails. If you don’t think the sender is legitimate then check with them before opening it. If you can’t contact them directly, delete the email. Better safe than sorry.

Going even further than this, if you’re a company you should have some kind of Email Filtering in place. Yes, it does cost a little bit of money but probably nothing in comparison to getting an infection and losing your data!

If it’s important to you – Have a BACKUP!

Despite having all of the above in place, there is still a chance of being infected by something that you can’t remove without having to reinstall you PC. In the event of this, it’s always best to have a backup! Anything that you have that you cannot do without you’ll want to backup. Backup to multiple locations and backup often.


728x90 ESET for Windows, 30 Days Free

Unable to update Windows 10 with DESlock+ Full Disk Encryption (FDE) enabled

Unable to update Windows 10 with DESlock+ Full Disk Encryption (FDE) enabled

Problem:

Unable to install the latest build of Windows 10 when DESlock+ Full Disk Encryption (FDE) is enabled on the System Disk.

When installing it brings up an error stating:
Disable encryption to continue or run windows setup with the /reflectdrivers command-line option

Background:

As Security is a big portion of what I do, I have both my Work and Home Windows 10 machines Encrypted with FDE. Its definitely overkill for my home PC but it serves a purpose on my work machine. I can sleep happily knowing that if the machine is ever stolen – They’re not getting to my data. It’s probably also worth mentioning that I recommend having FDE in place for businesses.

Resolution:

I used the following article to get round it:
https://support.deslock.com/index.php?/Default/Knowledgebase/Article/View/379

You need to Download the Media Creation tool, save an ISO and then install the DESlock+Win10Update utility:
https://support.deslock.com/resources/KB379/DESlock+Win10Updater.exe
DESlock+ Win10Update utility
When the Utility Runs, you need to point it at the mounted Win10 ISO. It will then complete the upgrade as normal.

Windows Server Backup – “The filename, directory name, or volume label syntax is incorrect”

Windows Server Backup – “The filename, directory name, or volume label syntax is incorrect”

Problem:

I had used AOMEI Server Edition to re-size the Partitions on a Windows 2008 R2 Server. Once the re-size was complete the server functioned as normal but the Window Server Backup stopped working.

I was getting Error Event 146 in the Backup Log with the message:

A volume VOLUME_NAME included for backup is missing. This could be because the volume is dismounted, reformatted or disk is detached.”

For more information about this error see the TechNet Article here:

In my case I could not remove the Volume from Windows Server Backup. Attempting to modify the backup Schedule via the GUI gave me the error:

The filename, directory name, or volume label syntax is incorrect

Solution:

To resolve the issue I disabled Windows Backup via the GUI. I then re-setup the backup as normal with a single External Backup Drive. This retained my current backups and did not format the drive.

I then added the other drives into the Backup Schedule via the “wbadmin enable backup -addtarget” command. For more information on this command see here:

The backups then worked as they should.

Outlook 2013 / 2016 Reading Pane not showing any email content

Outlook 2013 / 2016 Reading Pane not showing any email content

Issue:

The Reading Pane in Outlook 2013/2016 suddenly stops displaying email content and instead shows nothing.

Resolution:
In my instance the problem was resolved by disabling Hardware Graphics Acceleration in Microsoft Outlook. To do this, follow the below instructions:

1) In Outlook, Click File> Options
2) In Outlook Options, Click Advanced
3) Scroll Down to the ‘Display’ Settings
4) Check the box for ‘Disable Hardware Graphics Acceleration’
5) Restart Outlook for it to take affect

See below for reference:

Disable Hardware Graphics Acceleration