Search This Blog

Wednesday, August 26, 2015 - Monthly Newsletter - August 2015 - Monthly Newsletter - August 2015

Hi Security World,

Welcome to the newsletter by Debra Littlejohn Shinder <>, MVP. Each month we will bring you interesting and helpful information on the world of Windows Networking. We want to know what all *you* are interested in hearing about. Please send your suggestions for future newsletter content to:

1. There’s a new client in town

Back in October 2014, just two months shy of a year ago, my editorial for this newsletter was about Microsoft’s “next big thing,â€� Windows 10. I’ve been working with it off and on in pre-release versions since that time, and it has gone through numerous changes in the interim so that the interface â€" and to a lesser degree, the feature set â€" is very different from the one that I reported on back then. At the end of July, Microsoft was finally satisfied enough with the results of the tweaking and tuning in response to beta test feedback, and released the final version of the OS to the public.

As with practically every new operating system version, reaction both in the tech press and among ordinary computer users has been mixed. Most of those who are coming to Windows 10 from Windows 8/8.1 seem to be generally pleased with the changes to the interface and that is particularly true of business users who are happy with the enhancements to the desktop environment. The restoration of the Start menu was the big change that made the difference for many, even though it was relatively easy to modify Windows 8 to add back the Start menu with third party add-ons such as Start8 and Classic Shell.

For those who are using tablets, Tablet Mode takes you back to a full-screen Start screen like in Windows 8, but it’s been reworked to make it a bit more user-friendly and functional; now you get a bit of the best of both worlds with the taskbar remaining visible at the bottom of the Start screen (or wherever you’ve located it) and the new Action center that slides out when you swipe from the right now, replacing the old Charms bar with a more robust feature that displays information from your apps (new emails, Facebook posts, calendar appointments etc. depending on what you’ve configured it to display, along with handy toggle switches and quick access to settings, notes, battery status etc. â€" very similarly to the pull-down notification screen on Android devices.

As seems to be par for the course, the biggest complaints are coming primarily from two very opposite quarters. First there are those who aren’t at all technical, aren’t interested in new features, don’t care much about security, and just don’t want to have to learn something new. The second group consists mostly of very security-conscious techies who have concerns about privacy issues related to some of the new “convenience� features such as Wi-fi sense and the peer-to-peer sharing of updates.

Windows 10 offers some real benefits for business users, particularly for those many organizations that stayed with Windows 7 instead of upgrading to Windows 8/8.1. While there is a lot of controversy regarding the security implications of some of the operating system’s ways of being more “helpful� to consumers (forcing updates whether you want them or not, sharing your wi-fi networks with friends by default), Windows 10 Enterprise Edition introduces a number of new security mechanisms that will help to protect business client computers.

Containers are all the rage now, and Microsoft has used containerization technology to increase the separation between personal and company data and applications that are used on the same computer â€" a real “mustâ€� in today’s BYOD environment. Device Guard is a new feature that’s available only in Enterprise edition, which carries the basic premise of the old AppLocker (and Software Restriction Policies before it) to a new level. I wrote a detailed overview of it in Part 1 of my article series for our sister site,, that’s titled Microsoft Ignites a new Focus on Security <>.

Credential Guard utilizes containers for isolated storage of NTLM hashes and Kerberos tickets.
Admins will also be able to look forward to another feature that makes use of the containerization concept: Enterprise Data Protection (EDP), which is designed to protect against data leakage and further separate business and personal data, as well as provide the ability to wipe corporate data without affecting personal data. It integrates with Microsoft Intune, SCCM or other current Mobile Device Management (MDM) systems. In fact, Windows 10 for enterprises includes several new features to support MDM solutions, so that you can use MDM to manage network domain-joined devices and install apps directly from the Windows Store, update policies automatically, get information about device compliance, and more.

Another important improvement for enterprises is the ability of users to log into their accounts â€" including Active Directory accounts in the local domain, Azure AD accounts, and Microsoft accounts â€" using biometrics. Passport attempts to finally replace the traditional username and password only logon model with something better: strong two-factor authentication. The Windows 10 “pieceâ€� is called Windows Hello, and it supports not only fingerprint authentication but also facial recognition and iris scanning as the second factor. According to one of the senior program managers at Microsoft who presented at his year’s BUILD conference, the goal with Windows Hello was to create a logon system secure enough for government, health care, financial services and other verticals with high security requirements.

These are just a few of the benefits to businesses of moving to Windows 10, and by all appearances companies are much more enthusiastic about the latest OS than they ever were about its immediate predecessor. Only time will tell whether it proves to be as popular and enduring as Windows XP was for so long, but I’ll be writing more about specific Windows 10 networking features and issues here in the future.

‘Til next time,



What history has taught us is that we have learned nothing from history.

2. Windows Server 2012 Security from End to Edge and Beyond - Order Today!

Windows Server 2012 Security from End to Edge and Beyond

By Thomas Shinder, Debra Littlejohn Shinder and Yuri Diogenes

From architecture to deployment, this book takes you through the steps for securing a Windows Server 2012-based enterprise network in today's highly mobile, BYOD, cloud-centric computing world. Includes test lab guides for trying out solutions in a non-production environment.

Order your copy of Windows Server 2012 Security from End to Edge and Beyond. You'll be glad you did.

3. Articles of Interest

This month, we’re continuing with several popular article series on

How to Successfully Create a Hyper-V Cluster Using Virtual Machine Manager (Parts 4 & 5)
In previous installations of this series, Nirmal Sharma has explained how you can use virtual machine manager to create a Hyper-V cluster. Now in preparation for showing you the process for making a virtual machine highly available via VMM, he will describe how to make sure that Hyper-V cluster is configured with appropriate storage, virtual networks, and shared volumes.

PowerShell for Storage and File System Management (Part 2)
In this article, Brien Posey continues the discussion of PowerShell storage monitoring by taking a look at how storage monitoring might be automated. In this second part of a multi-part series, he will discuss the required steps and then begin showing you how to implement those steps.

Active Directory Insights (Part 3): Re-examining read-only domain controllers
In this article series, Mitch Tulloch has been talking about Windows Active Directory, and this third article in the series examines some issues associated with deploying read-only domain controllers (RODCs) in Active Directory environments.

Hybrid Network Infrastructure in Microsoft Azure (Part 4)
In part 1 of this series, Deb Shinder began the discussion about hybrid network infrastructure with some thoughts about what hybrid clouds are about, and then talked about some of the networking functionality that you get when you adopt Azure Infrastructure Services. In part 2 of the series, Tom joined in as co-author and we went over site to site VPNs and point to site VPNs. In part 3 we took a look at the Azure dedicated WAN link service, which goes by the name of ExpressRoute, and also discussed the Azure Virtual Gateway, which is located on the edge of your Azure Virtual Network and enables you to connect your on-premises network to an Azure Virtual Network. In this Part 4, we move on to discuss Azure Virtual Networks in more detail.

4. Administrator KB Tip of the Month

* Erasing sensitive data on solid state drives

Mitch Tulloch says:

A reader asked me the following question:

I am wondering if you have any recommendations to destroy data on an SSD in accordance to DoD before we send them to recycle. We have a very strong degasser that use that will not only wipe the HD completely, but will destroy the electronic in the boards. SDD drive will not work in this. This is quick for our mass number of computer turnover.

I asked some of my colleagues in the hardware and enterprise communities concerning this and basically received two kinds of answers. First, if you want to recycle them, you should ask the SSD vendor how best to erase all data from the drive in a way that meets DoD standards. The vendor's SSD Secure Erase function may be sufficient or it may not, but either way the vendor would be the best one to advise.

If you're not concerned about recycling them however, you should just have them physically destroyed using an industrial hard drive disintegrator. This article titled "Eliminating Data from Solid State Hard Drives" provides some recommendations on how to do this in accordance with NSA requirements:

Here is some additional reading on the subject of erasing SSDs in case you're still interested:

- Reliably Erasing Data from Flash-Based Solid State Drives (PDF)

- Fast Purge flash SSDs - when "Rugged SSDs" won't do the job (from

- Solid-state disks offer 'fast erase' features (from ComputerWorld)

- SSD security: the worst of all worlds (from ZDNet)

The above tip was excerpted from Mitch Tulloch's book Training Guide: Installing and Configuring Windows Server 2012 <> from Microsoft Press. For more admin tips, see

5. Windows Networking Links of the Month

Professional IT admins: 26 open source network management tools to help you do your job

What to expect from 5G wireless

Cisco warns customers about attacks installing rogue firmware on networking gear

The 9 worst wi-fi security mistakes

Android device makers promise monthly security fixes

6. Ask Sgt. Deb


We just upgraded to Server 2012 from Server 2003 â€" quite a jump, but since support for 2003 was expiring, we didn’t have much choice. So one thing I notice right off the bat is the way the Server Manager starts up immediately with that welcome thing. I’m sure there’s a way to fix that. Can you help? Lost in 2012, Jeffrey


Hi, Jeffrey. It can be a little overwhelming when you switch to a new OS, especially a complex server OS, and especially when you’ve skipped a version or two. Believe me, you aren’t the only one who doesn’t find the Welcome tile and Server Manager’s “helpful� omnipresence particularly endearing.

You can easily disable the Welcome tile in the View menu. To keep Server Manager from popping up automatically every time you log on, go to Manage | Server Manager Properties. There you’ll see an option that says Do not start Server Manager automatically at logon. All better! Sections
- Articles & Tutorials (
- KBase Tips (
- Products (
- Reviews (
- Free Tools (
- Blogs (
- Forums (
- White Papers (
- Contact Us (

Techgenix Sites
- (
- (
- (
- (
- (
- (
- (

To unsubscribe:
To change your subscription settings: is in no way affiliated with Microsoft Corp.
For sponsorship information, contact us at
TechGenix Ltd. Mriehel Bypass, Mriehel BKR 3000, Malta
Copyright 2015. All rights reserved.

No comments: