Apr 05

Remove Microsoft OneDrive from Windows 10

As system administrators, we are commonly called upon to simplify the experience for our users. OneDrive is definitely a complication for everyone who doesn’t use it, or want it. It’s one of the first questions many Windows 10 users ask me about. When I first started running into the issue, I would just fix it one by one, but that became cumbersome, and I found that many of the resources I read missed steps that seemed at first to work, but later turned out to be incomplete, or just plain inaccurate. Now, it is still possible that something else will change in the Windows Operating System, or in OneDrive, that may make even this solution incomplete. If I discover that issue somewhere down the line, I will endeavor to update this post with new details.

Before we go on – if you are not a highly technically proficient user (preferably a professional or well trained Windows system administrator), I encourage you to stop now and call someone to help you. And, of course, make a backup of your system and/or registry before you continue. I am not here to support anyone but my paying customers, so I won’t be watching closely for comments. This is strictly informational to help IT Professionals to get their jobs done quickly. For those of you who know what to do with the following – have at it; I hope it helps.

Batch/CMD File

cls
set ODx86=”%systemRoot%\System32\OneDriveSetup.exe”
set ODx64=”%systemRoot%\SysWOW64\OneDriveSetup.exe”

taskkill /f /im OneDrive.exe

timeout /T 10

if exist %ODx64% (
%ODx64% /uninstall
) else (
%ODx86% /uninstall
)

timeout /T 10

rd “%userprofile%\OneDrive” /q /s
rd “%LOCALAPPDATA%\Microsoft\OneDrive” /q /s
rd “%ProgramData%\Microsoft OneDrive” /q /s

reg ADD HKEY_CLASSES_ROOT\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} /t REG_DWORD /v System.IsPinnedToNameSpaceTree /d
0 /f

REG ADD HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} /t REG_DWORD /v
System.IsPinnedToNameSpaceTree /d 0 /f

REG ADD HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} /t REG_DWORD /v
System.IsPinnedToNameSpaceTree /d 0 /f

REG DELETE HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{018D5C66-4533-4307-
9B53-224DE2ED1FE6} /f

set “ODx86=”
set “ODx64=”

timeout /t 20

Sources :

The script above was compiled from a variety of sources, most notable are those listed below :

  • https://www.tenforums.com/tutorials/4818-add-remove-onedrive-navigation-pane-windows-10-a.html
  • http://lifehacker.com/how-to-completely-uninstall-onedrive-in-windows-10-1725363532
  • https://answers.microsoft.com/en-us/insider/forum/insider_wintp-insider_files/how-to-uninstall-onedrive-completely-in-windows-10/e735a3b8-09f1-40e2-89c3-b93cf7fe6994

 

Mar 24

DoubleAgent Vulnerability poses a risk to Security Software – Steps You Can Take

DoubleAgent is a vulnerability in the Microsoft code checking software that allows an attacker to replace that code checker with an alternative version. Once the alternate version is in place and the software using it checks for changes to its code based on the results, it reacts accordingly. This, in turn, allows an attacker to replace critical code, such as a security software’s own code, with code from an attacker. While it is impossible to know what changes an attacker might make, the list can include deletion of files, theft of data, and even remote control of the computer.

While every Windows operating system is potentially vulnerable, all versions of Windows from 8.1 and later use an additional layer of protection that most security software vendors already take advantage of, thereby reducing the risk. Windows 7 and older systems, however, have additional susceptibility.

What can I do?

To address this vulnerability on your computers, perform the following :

  1. Check to see if there is an alternate Administrative account on the computer. If not, create one.
  2. Remove Admin privileges from the primary account you use on each of your computers.
  3. Verify that the most recent version of your security software is installed.
    1. Update, if necessary
  4. Reboot when complete.

The Risks of an Admin Account

The reason for removing admin privileges is that this exploit, like many others, is toothless unless the logged in user has administrative privileges. Without those privileges, the code checker cannot be modified, which, in turn, protects the security software as well. While you have to have an admin account somewhere on your computer, and removing administrative privileges from your day to day account in itself does not secure against all threats, it does reduce the risk because the installation of a wide variety of software generates a prompt requiring the admin account’s username and password, which should be different than the one used in every day activities on your computer.

Dec 10

Microsoft Exchange Server 2016 Cumulative Update 14 – Nightmare

Q. What’s the long term impact of an update gone bad?

A. Aversion to subsequent updates resulting in postponement of future updates for as long as possible.

Cumulative Updates for Microsoft Exchange Server 2013

Microsoft Exchange Server 2013 LogoWith Microsoft Exchange Server 2013, we’ve changed the way we deliver hotfixes and service packs. Instead of the priority-driven hotfix release and rollup update model used by previous versions of Microsoft Exchange, Exchange 2013 now follows a scheduled delivery model. In this model, cumulative updates (CU), which address customer-reported issues and may include new functionality and/or features, are released quarterly. Critical product updates, which are packages that address a Microsoft-released security bulletin or contain a change in time zone definitions, are released as needed on a monthly basis for the most recently released CU and the immediately previous CU.
To get the latest version of Exchange 2013, download and install Microsoft Exchange Server 2013 Cumulative Update 14. Because each CU is a full installation of Exchange and includes updates and changes from all previous CU’s, you don’t need to install any previous CU’s or service packs first.
https://technet.microsoft.com/en-us/library/jj907309(v=exchg.150).aspx

Simple? Right?! Ha! Of course, if you’re reading this, you already know that.

Now, I’ll grant you. I walked into installation of Cumulative Update 14 in an effort to help resolve problems with an installation of an On Premises Exchange Server 2013 that had suddenly, and recently, begin having problems with OWA. So, there was already a problem before this. That said, the problems I encountered during this installation, which was a jump from Exchange Server 2013 Cumulative Update 7 (which had completed without a hitch) on a Hyper-V Guest on Windows Server 2012, could have been entirely addressed by better error handling when Microsoft prepped the CU – which would have saved my customer – and a lot of other people’s, too – a ton of money, and me a few hours of sleep. Many thanks to those in the forum and blogospheres for helping me solve this problem.

A couple of brief notes :

  • First, if you’re reading this, you are an IT Admin – no other reason to read this.
  • Second, you’re probably in crisis mode – so find your error and hit the solutions so you can move onto other fires.
  • Third, you’ve probably already rebooted a number of times after attempting various solutions – be prepared for one or two more.
  • Finally, and I cannot stress this enough, slow down. Seriously. Take a breath, and plan for this to take 2-3 hours, depending on infrastructure and replication time. Plan on coffee breaks and/or naps.

Prequisite Steps

  • Make sure you have backups.
  • Disable the Security Software on your Exchange Server until this is all complete.

Setup Errors

ServiceControl.ps1 cannot be loaded because you opted not to run this software now

Error:
The following error was generated when “$error.Clear();
& $RoleBinPath\ServiceControl.ps1 Save
” was run: “System.Management.Automation.PSSecurityException: File C:\Windows\Temp\ExchangeSetup\ServiceControl.ps1 cannot be loaded because you opted not to run this software now. —> System.UnauthorizedAccessException: File C:\Windows\Temp\ExchangeSetup\ServiceControl.ps1 cannot be loaded because you opted not to run this software now.
— End of inner exception stack trace —
at System.Management.Automation.AuthorizationManager.ShouldRunInternal(CommandInfo commandInfo, CommandOrigin origin, PSHost host)
at System.Management.Automation.CommandDiscovery.ShouldRun(ExecutionContext context, PSHost host, CommandInfo commandInfo, CommandOrigin commandOrigin)
at System.Management.Automation.CommandDiscovery.LookupCommandProcessor(CommandInfo commandInfo, CommandOrigin commandOrigin, Nullable`1 useLocalScope, SessionStateInternal sessionState)
at System.Management.Automation.CommandDiscovery.LookupCommandProcessor(String commandName, CommandOrigin commandOrigin, Nullable`1 useLocalScope)
at System.Management.Automation.ExecutionContext.CreateCommand(String command, Boolean dotSource)
at System.Management.Automation.PipelineOps.AddCommand(PipelineProcessor pipe, CommandParameterInternal[] commandElements, CommandBaseAst commandBaseAst, CommandRedirection[] redirections, ExecutionContext context)
at System.Management.Automation.PipelineOps.InvokePipeline(Object input, Boolean ignoreInput, CommandParameterInternal[][] pipeElements, CommandBaseAst[] pipeElementAsts, CommandRedirection[][] commandRedirections, FunctionContext funcContext)
at System.Management.Automation.Interpreter.ActionCallInstruction`6.Run(InterpretedFrame frame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)”.

Solution
  1. Admin Powershell
  2. C:\Windows\Temp\ExchangeSetup\ServiceControl.ps1
  3. Answer [A]  for “Always Run”

credit : https://support.microsoft.com/en-us/kb/2034420

The Active Directory schema isn’t up-to-date, and this user account isn’t a member of the ‘Schema Admins’ and/or ‘Enterprise Admins’ groups

Welcome to Microsoft Exchange Server 2013 Cumulative Update 14 Unattended Setup
Copying Files…
File copy complete. Setup will now collect additional information needed for
installation.

Performing Microsoft Exchange Server Prerequisite Check

Prerequisite Analysis FAILED
The Active Directory schema isn’t up-to-date, and this user account isn’t a
member of the ‘Schema Admins’ and/or ‘Enterprise Admins’ groups.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150
)/ms.exch.setupreadiness.SchemaUpdateRequired.aspx

Setup encountered a problem while validating the state of Active Directory:
Active Directory operation failed on thalamus.mdtclinics-sw.local. This error c
ould have been caused by user input or by the Active Directory server being unav
ailable. Please retry at a later time. Additional information: Active directory
response: The operation was aborted because the client side timeout limit was ex
ceeded. . See the Exchange setup log for more information on this error.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150
)/ms.exch.setupreadiness.AdInitErrorRule.aspx

The forest functional level of the current Active Directory forest is not W
indows Server 2003 native or later. To install Exchange Server 2013, the forest
functional level must be at least Windows Server 2003 native.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150
)/ms.exch.setupreadiness.ForestLevelNotWin2003Native.aspx

A Setup failure previously occurred while installing the PreSetup role. Eit
her run Setup again for just this role, or remove the role using Control Panel.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150
)/ms.exch.setupreadiness.InstallWatermark.aspx

Either Active Directory doesn’t exist, or it can’t be contacted.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150
)/ms.exch.setupreadiness.CannotAccessAD.aspx

The Exchange Server setup operation didn’t complete. More details can be found
in ExchangeSetup.log located in the :\ExchangeSetupLogs folder.

Solution Part 1

30 minutes or more, depending on replication time.

  1. Login to the DC (not the Exchange Server)
  2. Open Active Directory Domains and Trusts
    1. Right click your domain
      1. Choose Raise Domain Functional Level
      2. Verify that Current domain functional level is at least Server 2003
        1. Raise it on each DC to 2003.
      3. What IS the current Domain Functional Level?
      4. Click Cancel if there are no changes
      5. Repeat on additional Domain Controllers
    2. Right click “Active Directory Domains and Trusts
      1. Click Raise Forest functional level
      2. Verify that the Current forest functional level is at least 2003 AND that it is the same as your Domain functional level
        1. If necessary, Raise the functional level to the same as your lowest allowable domain functional level.
      3. Click Cancel if there are no changes
  3. Open Active Directory Users and Computers
    1. Check your user account’s Group Membership
    2. Verify the following :
      1. Member of “Enterprise Admins”
      2. Member of “Schema Admins”
      3. Primary Group Membership is an Admin membership group
      4. REMOVE account membership in Domain Users group.
  4. Admin PowerShell (on the primary DC)
  5. Navigate to the path of your extracted setup.exe for the CU
  6. [full path]\setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms

Credit : Paul Cunningham : http://exchangeserverpro.com/exchange-2013-installing-cumulative-updates/
Credit : cdoctor Users group comment : https://social.technet.microsoft.com/Forums/Sharepoint/en-US/41256f43-8040-4fe2-ae73-4754f4ca7815/unable-to-install-exchange-2013-on-server-2012-server?forum=exchangesvrdeploy

Welcome to Microsoft Exchange Server 2013 Cumulative Update 14 Unattended Setup
Copying Files…
File copy complete. Setup will now collect additional information needed for installation.

Performing Microsoft Exchange Server Prerequisite Check

Prerequisite Analysis COMPLETED

Configuring Microsoft Exchange Server

Extending Active Directory schema COMPLETED

The Exchange Server setup operation completed successfully.

Solution Part 2

2 Hours to Complete

  1. Logon to the server running Exchange
  2. Admin PowerShell
  3. navigate to location of extracted CU files
  4. [full path]\setup.exe /m:upgrade /IAcceptExchangeServerLicenseTerms
  5. IF you still get the error, once again, double check the logged on account and verify that it is NOT a member of the Domain Users Group
    1. CU setup checks to see if the account is a member of Users. If it is a member of the Domain Users group, it assumes that the account is NOT a member of  Enterprise Admin and Schema Admins, even when it is, resulting in the erroneous error. The reasons aren’t important – just change the Primary Group membership to  something else, like Domain Admins, and remove your account’s membership in Domain Users, then repeat Step 4.
    2. In some cases, after changing group memberships, you’ll have to logoff, and then repeat Solution Part 2.
  6. Reboot the Exchange Server

Welcome to Microsoft Exchange Server 2013 Cumulative Update 14 Unattended Setup
Copying Files…
File copy complete. Setup will now collect additional information needed for installation.
Languages
Mailbox role: Transport service
Client Access role: Front End Transport service
Mailbox role: Client Access service
Mailbox role: Unified Messaging service
Mailbox role: Mailbox service
Management tools
Client Access role: Client Access Front End service

Performing Microsoft Exchange Server Prerequisite Check

Configuring Prerequisites COMPLETED
Prerequisite Analysis COMPLETED

Configuring Microsoft Exchange Server

Preparing Setup COMPLETED
Stopping Services COMPLETED
Language Files COMPLETED
Removing Exchange Files COMPLETED
Preparing Files COMPLETED
Copying Exchange Files COMPLETED
Language Files COMPLETED
Restoring Services COMPLETED
Language Configuration COMPLETED
Mailbox role: Transport service COMPLETED
Client Access role: Front End Transport service COMPLETED
Mailbox role: Client Access service COMPLETED
Mailbox role: Unified Messaging service COMPLETED
Mailbox role: Mailbox service COMPLETED
Exchange Management Tools COMPLETED
Client Access role: Client Access Front End service COMPLETED
Finalizing Setup COMPLETED

The Exchange Server setup operation completed successfully.

Mailbox server role isn’t installed on this computer

I would periodically encounter this message after a failed attempt at installing the CU.

Solution

Reboot the Exchange Server, verify the steps from the top of this post are all followed and you shouldn’t see this message again.

Post Install Steps

 I’m only adding this as a reminder, because, odds are, it’s late at night or the wee hours of the morning and you’re sleep deprived:

  • Re-enable Security Software
  • Verify functionality of :
    • EAC
    • OWA
    • Outlook Client

With any luck, it didn’t cost you a full day just to get here. For me, this was a two day ordeal, especially since each attempt plus server restart costs a good 20-40 minutes. I read some commenters say it took them three days to get their CU installed successfully. No server patch installation should be this much of a nightmare.

A couple more resources :

Good luck!

Dec 02

Security versus access – the balance between usability and security.

ECLAT Tech Scales Balancing Security and UsabilityOn a recent morning I logged into my online bank account and noticed the following message :

Beginning Nov. 2, we will no longer support the delivery of Secure Access Codes to email addresses. You can still have Secure Access Codes delivered by phone call or SMS/text message, just as you can today. To update Secure Access Code delivery locations go to Settings > Security Preferences.

As a translation, that means that they would no longer be sending emails with the secure codes to access a bank account. Why? It’s because that code is typically sent when a new computer logs onto the account. So, if someone has stolen a device, and that device has the email account pre-saved and automatically logging on, then having the code sent to your email leaves your bank account (or credit card, retirement account, line of credit etc.) vulnerable. In short order, a thief can take ownership of your account and do with it what they will.

Two Factor Authentication

To help reduce this risk, when you login to a new computer (or the system thinks it is new), a code is sent to a separate device, which adds another “factor” to the login process – hence the name, “Two Factor Authentication.”  Adding this factor introduces the idea being that, hopefully, the other device isn’t stolen (or hacked into) as well, or is locked with a separate set of authentication. In the ever changing world of security, this second factor is a pretty good idea, and it has saved people’s data, and even bank accounts. That said, there are, of course, problems.

Reduced Accessibility

In the world of technology, there are basically two driving forces – usefulness, and safety.  Ultimately safety is intended to improve usefulness, but, especially during the development stages, the two can clash and, when they do, the impact on usefulness can diminish the adoption of the technology. This is especially true of two factor authentication, which immediately assumes that you actually HAVE two separate devices. Setting aside those who strictly use mobile platforms, there is a whole world full of people who don’t have mobile devices. These groups include the elderly, those with disabilities that preclude the use of mobile devices, new immigrants, and the most socio-economically disadvantaged in society. All of these groups are actually harmed, not helped, by two-factor authentication.

So, when you think it’s just plain annoying to have to wait until a text message appears on your phone, imagine someone who either doesn’t have one, or who can’t physically manipulate one, even if they did.

Options

Those people who are faced with this conundrum do have options – but it takes some preparation, and tends to decrease the effectiveness of two factor authentication. The first step is to set up a phone number on a platform that allows for email forwarding of SMS messages, like Google Voice, for example. Next is to add this account to the online banking setup, and use it for the two-factor authentication. Now, when text messages with codes are sent, they arrive via email, just as they always did. It’s not as secure, but, given the option between using the account and, say, paying for a wheelchair accessible ride to the bank, this is probably the way to go. Just remember to use an email platform that supports decent security, and a password that doesn’t just use words you can find in the dictionary.

Flawed Logic

Two-factor authentication isn’t perfect, but it is a useful method of decreasing unauthorized access to accounts. Still, it is based on some flawed logic, some of which I have already discussed, but the most obvious one is this : mobile device access. The basic premise of two-factor authentication is that there are two separate devices involved in the process. But, for the majority of young people today, almost all activity is performed on a mobile device, whether it’s making phone calls, sending text messages, watching YouTube videos – or online banking. Since smart phones have the ability to use a web browser, this makes it possible to generate the secure code request on the same device that receives the message. If that device doesn’t have a password, pin or other mechanism to secure it against unauthorized access, or if the SMS messages themselves can be viewed even when otherwise locked, the entire multi-factor authentication mechanism breaks down.

What do I do?

So, you know that there are workarounds, and flaws, so, you may be asking yourself “what do I do?” As crazy as it may seem, I still believe there are distinct advantages to two-factor authentication. Ultimately, though, you’ll have to decide for yourself, on a case by case basis. The world of technology is complicated, and the see-saw between usefulness and security will continue to tip back and forth. Add in devices like smart TVs, network backups, and internet capable lights and thermostats, and all of a sudden things become much more complicated. When it becomes too much, that’s when it is time to call in an expert for a consult. Find one near you that you can trust on an ongoing basis – because this isn’t going to get any easier, or less confusing, anytime soon.

Nov 28

We’re falling behind on system security updates and Google and Apple are to blame

Security updates on personal devices are critical. But many people don’t do them. Now, limiting the blame to just two companies is understating the issue, and if all this sounds a little harsh, stick with me, and I’ll explain, beginning with an analogous scenario.

We have updated your car

We have updated your car, patching security problems, improving performance, and adding exciting new features we think you will like. Sedan Coupe blendYou are driving to work, and it is your day to carpool. You drive your 4 door sedan and pick up 4 people. While on your drive to work you find out that your car needs to be updated to fix a major security problem. Seems someone can remotely turn on your turn signal without you knowing about it, making you the person driving down the road for 30 minutes without changing lanes or turning. Well, you certainly don’t want that so, when you reach work and park your car, you push the update button and walk into work with your car pool buddies. At the end of the day, though, your whole crew comes out of the office, ready to go home and discover that the update has also changed your 4 door sedan into a 2 door sports coupe. Sure, the blinker can’t be turned on remotely, anymore, but, seriously?!

Time goes on, your buddies found their own ways home, they have finally stopped giving you grief for updating your car, and you’ve learned to live within the limitations of the 2 door sports coupe. It does, after all, have some handy features. Now, however, you’re back on the road, heading out on date night with your significant other, and you hear that there is a major security flaw affecting your car. Turns out your cars brakes can be remotely applied. Now, this worries you, and you’d like to apply update that fixes this, but, you don’t actually apply it. Sure, it leaves you vulnerable to unexpectedly stopping, maybe even causing an accident, but, if you do apply the update … what else is going to happen? Will you return to your car and find out that it is now a freight truck?

Combining GUI and security updates is the real culprit

If you followed the analogy, it’s pretty much the same on your phone or tablet. Basically, your device offers you an update, and you refuse to apply it for months, even years, even though you want to fix the security flaws, because you have learned, by now, that updating also affects the way that your device looks and functions – the GUI, or Graphical User Interface. And this is what Google and Apple have yet to learn – combining GUI and security updates is the real culprit. If the general public is going to willingly apply fixes for major security flaws in a timely fashion, then those fixes MUST stand apart from the graphical user interface updates. Otherwise, every time someone settles into their comfy device, they’re going to want to stay there, without the risk of it changing to something unfamiliar.

Time marches on – we must move with it

While it is absolutely true that time marches on, and, yes, we must move with it, there is also a limit to the rate at which people can change. Exceed that speed and people become overwhelmed, and they sprint back to an earlier state of being as rapidly as possible. Consider how long Microsoft Windows XP was the primary operating system on desktop pcs – 2001 until 2015 (later in some cases). Why? In part, it is because people get comfortable with the way things look. Updating from Windows 95 to XP was easy – they looked, and felt, the same. Updates to that operating system did not impact that overall feel. Contrast that with the change in Microsoft Office between 2003 and 2007, and people still haven’t stopped complaining about the change in the interface.

In the world of smart phones and tablets, however, change has been a constant. It’s hard to go more than a month before something on a device is changed, assuming regular updates. Each of those changes affect privacy settings and the overall feel of applications. The constant changes, and time involved in updating, impacts our lives, our flow, our schedules, and the efficiency with which we can operate. Anything that impinges on that flow is something that we, as human beings, put off as long as possible. Major phone vendors typically recognize this, and they change the basic function of the operating system, whenever possible, to limit the number of changes that occur when a security patch is rolled out. Unfortunately, they, too, are becoming part of the problem, as they are so slow to roll out the updates, that devices are left vulnerable for extended periods of time.

Ok. So, what’s the fix?

In the short term, there’s very little we can do to influence the major companies to change their basic operating procedures. That said, Google seeks Feedback, and Apple Feedback is possible, too. Of course, you can also turn to social media to publicly post your feedback, or turn to a larger platform, like Change.org, and create and promote, or participate in, petitions. In the meanwhile, I do encourage you to update your devices. It’s a tough pill to swallow, I know, but it’s one that is necessary, at least until the security patches are finally separated from the comfortable look and feel of the apps we know and love.

 

Oct 05

Network Attached Storage for Backups Reviews and Recommendations

An existing customer asked me to recommend a Network Attached Server (NAS) for use in backing up their primary computer and, rather than keep the recommendations to just them, I thought I’d share a few thoughts. The limitations of this review are that I haven’t physically handled most of them, and this not be a comprehensive review of the options out there as there are altogether too many to choose from, so this will only cover a few select units. Also, there is no way in a review like this to cover all of the features offered in each unit.

Our goal here is to back up a a single computer using Acronis True Image Home, and there must be capacity for multiple copies of backups, going back a month. The system to be backed up is a typical small office computer, with about 250GB of hard drive space used. A NAS is preferred, because it can be placed in a physically different location, reducing the risk of theft during a break in.

Qnap TS-251+ 2-Bay, 6TB(2x 3TB NAS Drive) Intel 2.0GHz Quad-Core CPU (TS-251+-2G-23R-US)

Bottom Line : I DO recommend the QNAP TS-251+2G for very small businesses and people at home

Prices found online : $340 plus your choice of hard drives

GOOD BAD
2x Gigabit Ethernet
Hot Swappable drives
Quad Core Processor Celeron J900
2GB RAM
Raid 1,0
SATA III (6Gb/s)
Firewall
Supports Encryption
User based Sharing
Manufacturer Virus Scan/Security Software No Third Party Security Software
Installable SSL Certificates

QNAP TS-251 2-Bay Personal Cloud NAS, Intel 2.41GHz Dual Core CPU with Media Transcoding (TS-251-US)

Bottom Line : I DO recommend the QNAP TS-251 for very small businesses and users at home.

Prices found online : $250 plus your choice of hard drives

GOOD BAD
2x Gigabit Ethernet
Hot Swappable drives
Dual Core Processor Celeron J1800
1GB RAM
Raid 1,0
SATA III (6Gb/s)
Firewall
Supports Encryption
User based Sharing
Manufacturer Virus Scan/Security Software No Third Party Security Software
Installable SSL Certificates

The choice between the TS-251 and 251+ is really about the processor. If you’re willing to part with the extra $90, you’ll definitely get farther with the 251+ . In either case, I do wish the NAS manufacturers would go ahead and move into the i series processors, even if it does cost a few extra dollars to do so.

Synology DS216j Diskless System NAS DiskStation

Bottom line : I DO recommend this system for very small business and home use. I wouldn’t use it with more than 2 computers at once, but it is a solid device with a lot of positive features.

Prices found online : $170 Plus your choice of hard drives

File format is EXT4.

GOOD BAD
Gigabit Ethernet
SATA III
512MB RAM
Dual Core Processor
Supports Encryption
User based sharing
RAID 0,1 Drives NOT hot swappable
Firewall
Manufacturer Virus Scan/Security Software No third party security software
Installable SSL Certificates

Syno_UsersGuide_NAServer_enu.pdf

WD My Cloud 3 TB

Bottom Line : I do NOT recommend this for business or personal use, except in very specific circumstances.
My customer picked this up (model WDBCTL0030HWT-NESN) , quite inexpensively and, from its spec sheet, it seemed like a good option. Once we started using it, however, its reality fell far short of expectation. As a result, its review is considerably shorter than those I do recommend.

GOOD BAD
Easy Setup Poor Security
Low Cost
Drives are included and installed

Drives are not hot swappable

While I only had my hands on this unit briefly, the security problems I ran into were as follows :

  • Returning to the setup screen in any web browser allowed immediate ability to edit the configuration of the NAS, without being challenged for a password.
  • UNC (\\servername) from a Windows based computer allowed full, unchallenged access to the data stored on the NAS. This makes the data vulnerable to intentional or unintentional deletion by an employee, or worse due to malware, ransomware and infiltrators.

Even at home I have serious reservations about this device, and I wouldn’t recommend it to anyone until the company updates the firmware to ensure basic security is in place first.

If you have more than 2 computers to backup, or are planning to use the NAS as a primary file server, then you should consider a 4 Bay NAS, like the QNAP TS-453A. More on that in another post.

Sep 06

Text messaging for business correspondence is bad business practice

Text messaging is an invaluable tool. We use it regularly for a wide variety of applications including notification of deliveries, appointments, quick messages to family and friends, queries about arrival times, alerts for banking, system problems, and so on. In business it has practical applications for alerts of system downtimes, equipment failures, power outages, intrusions, delivery confirmations, and, occasionally, a quick ping to someone to see if they’re on their way to a meeting. Beyond that, however, text messaging is just bad business practice.

How do you know when text messaging crosses the line?

Here are a few general guidelines to follow :

  • If your text message has paragraphs – stop and move to email
  • If your text message will need to be referred back to at any time – it should be an email
  • If the message contains sensitive information, especially in a regulated industry (such as healthcare, or finance) – stop texting and use an encrypted communication method.
  • If your text message is becoming a business conversation – call, or email
    • If you can’t finish the text message exchange in 4 brief texts back and forth, it’s time to stop
  • If you don’t know, with 100% certainty, that the recipient is available (there is no vacation notification for text messaging)

What are the alternatives to text messaging?

Phone and email are generally the defacto methods of business communication. Which one to use generally depends on the circumstance, but, if you don’t need to have a record of the details for later, just pick up the phone and call.

More sensitive information may need to be transferred via secured documents on a local server, or through encrypted methods such as Google Drive.

Email may or may not be encrypted. So, unless you’re absolutely certain that the email will be encrypted, when confidentiality is critical – don’t use email. That said, businesses in regulated industries typically have email archives as required for compliance purposes. This becomes important in any number of legal disputes, or compliance audits. If information leaked out, your best protection is to prove that you didn’t leak it by having a searchable copy.

Calling on the phone? Leave a message!

If you do call, and you reach voicemail instead of the person, leave a brief message, just enough to let them know the topic, timeline, and that you do need them to call you back. Unless the person you are calling specifically asks you to do otherwise, leave out the minute details as long voicemail messages usually just result in a callback anyway.

That said, leaving a message is critical, because it tells the recipient that your call is important enough to return. If you don’t leave a message, your call will likely go unanswered, because most businesses receive too many calls in a day, for the recipient to simply return every missed call. In addition, your call may have been accidental, or, by the time they do call you back, if may have been addressed via an email, in person, or by someone else.

As an extra incentive to leaving a message, many voicemail systems today will transcribe your message for you and send it to the recipient as a text or an email. Bear that in mind if you are leaving a message that relates to confidential matters, and leave only enough information to clue the recipient in as to the importance of calling you back.

What’s the takeaway?

Text messages are great for alert purposes, or asking your friends if they’re bringing the pizza. Beyond that, if you’re in a business, use the phone or email. Avoiding texting is both good etiquette and sound business practice.

Aug 11

ECLAT.TECH Proud to support Sean’s Run for ARROAutism – 2016

Runners and Walkers Prepare for Sean's Run for ARROAutism on a sunny Oregon day
On Saturday, August 20th, ECLAT.TECH will once again be on site for the annual Sean’s Run for ARROAutism.

The annual event, largely a 5K/10K walk/run raises money for families in Multnomah, Washington and Clackamas families during the holidays.

How Sean’s Run Helps Oregon Families

Until this year, most families in Oregon did not have access to insurance covered treatments for Autism. Indeed, many treatments are still not specifically covered. Thanks to the efforts of a number of volunteers, the late Senator Alan Bates, Senator Edwards, Autism Speaks, Autism Society of Oregon and Paul Terdal, families in Oregon finally have some breathing room when it comes to the medical costs associated with helping an Autistic family member.

While that is a tremendous help, finances for Autism families are often still severely strained, with one family member often having to quit work to help tend to younger children, recently diagnosed on the Autism Spectrum, but also due to lost work days, uncovered medical costs, additional expenses incurred to address the unique needs of some individuals with Autism, and, of course, all of the other costs associated with every other aspect of modern, American, human existence.

ARROAutism Family Holiday Assistance Project

This is where Autism Research and Resources of Oregon is stepping up. Beginning in 2007. ARROAutism established a fund to help provide access to $100 worth of groceries, as well as a select number of toys, to help Autism families during the holiday season. This small sum makes an extraordinary impact on those families who so desperately need a small ray of light.

You can help bring that light, and, At Sean’s Run 2016, even enjoy rare access to normally closed off areas of the Columbia River dike.

You can join us!

Stretch of Columbia River Dike - Sean's Run for ARROAutism 2016

Stretch of Sean’s Run for ARROAutism 2016 – Closed off Area specially opened for this event.

Whether you want to volunteer, donate, or (best yet) participate in the run, you can!

Hope to see you at 9376 NE Sunderland Ave, Portland, OR 97211 on Saturday, August 20th, 2016 !

Mar 06

Important Announcement – ECLATT discontinuing resale of Google Apps for Business

Google Apps for business, also known as Google Apps for Work, is a fantastic product. It provides a fantastic array of options, and truly revolutionizes collaboration amongst groups. Google takes Privacy and Security seriously, and it shows in the Google Apps Admin model. So, when we learned that Google was offering Value Added Resellers, like us, an opportunity to resell Google Apps in such a way that would allow us to also Administer the most common aspects of Google Apps from our own central admin interface, we signed up in a hearbeat.

Way back in 2014

Since 2014, we have been able to provide Google Apps for business as a value added product for our customers. The idea was simple – we would provide bill customers, either on an annual or monthly basis, and, in exchange for a small markup, we would provide all the front line support for Google Apps questions. Mostly, this was about adding and removing accounts, changing passwords, and the transition to Google Apps.

Questions, Questions

Of course, as great as Google Docs and Google Hangouts are, there are still plenty of questions when any new technology is introduced, and we provided, and will continue to provide, on-site and remote consultation and training at our standard and customary rate. We get that. In the grand scheme of computers, Google Apps is still pretty new, and it does A LOT – so there’s lots to learn! There’s also a lot that can be done that requires a different skill set than most people want to learn. And that’s okay – we’re here for that, too!

Why not keep reselling?

All this, of course, brings us to the question of why we are discontinuing our resale of Google Apps for work. There are some behind the scenes reasons, changes in the agreement, and so on, but, ultimately, it’s mostly because Google Apps is SO inexpensive, it’s just not cost effective for us to provide the service as a middle man. Far better for each of you to directly lease from Google and cut out the middle man and just call us when you have more technical or training questions. So, while we still happily recommend Google Apps for business, we just won’t be call number 1 for password resets, new account creations and such. During March and April, as we transition, we’ll help set one of your employees up as a HelpDesk person or semi administrator (you already have a super-administrator) and they can handle all those tasks. They’re really quite easy.

So, to all of you we’ve helped with Google Apps, Thanks so much for allying with ECLATT. We’ll be in touch, soon!

Feb 28

It’s 2016 – so what’s happening with Windows 7?

With all the hoopla surrounding the release of Windows 10, questions are beginning to arise about Windows 7, which has replaced Windows XP as the standard desktop environment for most businesses that were forced to replace WindowsXP, but still ran desktops or laptops and were uncomfortable with Windows 8/8.1. The biggest Windows 7 question has been – is it still supported? The simple answer is – yes – and it will be until 1/14/2020.

Why the confusion about Windows 7 support?

You can always be forgiven for being confused about Microsoft’s support and licensing. Pretty much everyone would like to see the folks in Redmond simplify all this a whole lot, and the Microsoft Support Lifecycle page, while useful, still demonstrates the overall complexity. To state it simply, though, all you have to remember is that Microsoft will continue producing updates that will be distributed through the normal Windows Update process until 14 January, 2020. For most people, that’s enough. For everyone else, there are IT consultants you can call for help.

Microsoft Windows Support until 2020

Older posts «