My Thoughts On IT…

Brian Lewis's Thoughts on all things Information Technology related

ProcexplA new version of Processor Explorer shipped yesterday and it is better than ever at helping you find unwanted malware. The new version is Version 16.0.

This version of Process Explorer introduces a new integration with VirusTotal.com, an online antivirus analysis service. When enabled, Process Explorer sends the hashes of images and files shown in the process and DLL views to VirusTotal and if they have been previously scanned, reports how many antivirus engines identified them as possibly malicious. Hyperlinked results take you to VirusTotal.com report pages and you can even submit files for scanning.

To use this new feature you just need to turn it on. After running Process Explorer click on “Options” and then VirusTotal.com. Next select “Check VirusTotal.com”. The first time you enable this you will have to accept an agreement.

Try it now! You can download it from the Sysinternals section of the TechNet website here:

http://technet.microsoft.com/en-us/sysinternals

TwofactorauthenticationYou may have noticed that some of the Microsoft social media accounts were compromised last week by the Syrian Electronic Army. CNET story here. http://news.cnet.com/8301-1009_3-57617306-83/microsoft-employee-e-mail-also-hit-by-syrian-electronic-army/

Well that happened because the people who had access to those accounts used just plain old Passwords. We should all know by now that plain old passwords SUCK. I have written about this before such as in my article about password insecurity found here: http://mythoughtsonit.com/2012/10/password-insecurity/

What you need is to use some form of two-factor authentication! If you don’t use two-factor authentication today, I ask you why not? It isn’t that hard and is just a little annoying but it is nowhere near as bad as someone taking over your account. Here are a list of some common sites with the directions to turn on two-factor auth.

Facebook Accounts

  1. click on the “Preferences” (gear icon) located in the upper right corner of your Facebook page and select “Account Settings”
  2. Click “Security” and enable “Login Notifications” and “Login Approvals” by clicking “Edit”
  3. Click “Save Changes”

Twitter Accounts

  1. Click on the “Settings and help” (gear icon) located in the upper right corner of your Twitter page and select “Settings”
  2. Under “Account” select “Security and privacy”
  3. Under “Security/Login verification” select “Send login verification requests to my phone” You man need to add a SMS enabled mobile phone to your Twitter account to enable this feature.
  4. At the bottom of the page, click “Save changes”

LinkedIn Accounts

The way LinkedIn handles two-step verification is by requiring you to type a numeric code when logging in from an unrecognized device for the first time. This code will be sent to your cell phone via SMS. Here is their blog page with directions on how to turn this on:
http://blog.linkedin.com/2013/05/31/protecting-your-linkedin-account-with-two-step-verification/

Dropbox Accounts

Dropbox has a webpage on turning on two-factor authentication which you can see here:
https://www.dropbox.com/help/363/en

Google Accounts

Google has a webpage all about it’s two factor authentication. It is for it’s own service and others companies are using it’s app to enable two-factor authentication on their sites instead of creating their own app.
http://www.google.com/landing/2step/

Apple Accounts

Apple supports two-factor authentication via SMS messages to your cell phone. Read about enabling it here:
https://support.apple.com/kb/HT5570

Microsoft Accounts

Your Microsoft account can be setup for Two-Factor Authentication. Here is a link to the FAQ with step by step directions.
http://windows.microsoft.com/en-us/windows/two-step-verification-faq

For more tips and general information on Social Networking Safety Microsoft has some good stuff here: http://www.microsoft.com/security/online-privacy/social-networking.aspx

If you have other suggestions – please add them to the comments section. Thanks –Brian

Microsoft Windows Server and Systems Center Customer Research team is looking for ITPros to participate on an IT Pro panel.

As a member of the panel, you will have the opportunity to provide vision and feedback to the Cloud and Data Center Management Product team through surveys, focus groups, usability sessions, early design concept reviews, and customer interviews.

We are looking for very specific expertise profiles. Use of Microsoft products IS NOT required. To help us identify if you qualify we ask that you start by completing a short survey.

Please note, we can only accept customers located in the US but are working toward extending to an international audience soon. You do not have to use Microsoft products to participate. Interested? Want to learn more?

To access the survey click on the link below:
https://illumeweb.smdisp.net/collector/Survey.ashx?Name=CDM_interview_survey_openposts

If you take the time for the survey – Thanks for helping!!! –Brian

Communications-NSA-SnoopingToday on the Microsoft Official Blog Brad Smith, Microsoft’s General Counsel & Executive Vice President, announced Microsoft’s commitment to protect customer data from Governments and Hackers alike.

If you follow computer security issues like I do then you have been alarmed by the realization that all governments are spending heavily to have access to your data. The MUSCULAR program, from our own NSA, is intercepting data as it flows between data centers of companies like Yahoo, Google, and Microsoft. The idea of a “man in the middle attack” has often been talked about but often dismissed as very difficult to accomplish. Now it seems very likely that most governments around the world attempt this type of information gathering. So, not only do you need your cloud providers to encrypt traffic and data but you should do so on your networks also.

Another important statement in the post is about Microsoft’s position on the proper way for governments to get access to customers data. First they need to get it from the customer as they have always done before cloud hosting. Second in the rare instance that Microsoft would need to hand over data it will fight in court gag orders that prevent notifying customers.

I am very pleased to see Microsoft and other companies taking this stance witch I see imperative to protect democracy and liberty. Please take a moment to read the official post below.

The Official Microsoft Blog
Protecting customer data from government snooping

http://blogs.technet.com/b/microsoft_blog/archive/2013/12/04/protecting-customer-data-from-government-snooping.aspx

imageIt is shocking how much a stranger can know about you from your posts on social media. Most of us know not to post that our home is being left unguarded while we are gone on vacation. However, many still share enough information when they post where they or what they are eating that someone could figure out that you are not home. It is scary.

After watching the video I have linked below I just realized how much more vulnerable we are with the information we post to social media sites. It goes way beyond someone emptying your house while you are away.

In the video below Jack Vale approaches people and convinces people that he knows this stuff from his “psychic” powers. In reality he just saw they were nearby from a social media post. He then researches them on Twitter, Instagram, Facebook, and other social media sites. Then he makes his approach. People are shocked that he knows so much about them. In one case he knows more about the lady than her friend does. 

Watch Jack Vale the Social Medial Psychic
http://mashable.com/2013/11/18/social-media-psychic/

So, what do you think? Do you share too much online?

My Windows 8 Surface machines uses BitLocker by default. That is great if you lose  your device then others can’t get  your data; however, it is not so good when you have a technical issue. Well guess what happened to my Surface today? Yep, I had an issue. I was told “You’re locked out!” It went on to tell me to “Enter the recovery key to get going again” Here is a photo of the message:

IMG_4393

Unfortunately I didn’t have the recovery key to my Windows RT Surface machine. I did remember that the key is stored somewhere on my Microsoft account that I use to login to the machine. Great!!! Smile  Finding the key however was much more difficult that it should have been. I looked all around the settings and profile on my account. If there is a way to find it from the menus, I still haven’t found it.

So I went and googled the Internet via the Bing search engine. Surprised smile Yep, it’s true you should try it and see if you like it. Just Bing it! I did and I found the answers I was looking for on Bing! <end of commercial>

The article I found gave me the direct link to get the key from my SkyDrive. Here is the link to get your recovery key: BitLocker Recovery Keys. I still haven’t found a link in the settings to find this information. If you know where it is please leave it in a comment.

IMG_4394

After entering my recovery key I saw this screen!!!! Hurray!!!

Here is the article I found from Microsoft that gives the link:
( http://go.microsoft.com/fwlink/?LinkId=237614 )

Here is the Direct Link:
https://skydrive.live.com/P.mvc#!/recoverykey

microsoft-end-user-license-agreement-397x300What is AVMA?

Automatic Virtual Machine Activation is a new Windows feature added in Windows Server 2012R2 that enables you to activate your Windows VMs without using a KMS server or even a network connection. As you spin up new virtual machines they will activate against the host Hyper-v server. This activation only lasts 7 days and then it needs to renew it’s activation. This is perfect for your Windows Datacenter Hyper-v hosts because you can

Two features of AVMA that no other activation method offers are:

  1. The ability to automatically activate virtual machines without a network connection
  2. Track virtual machine licenses from the host virtualization server, without requiring any access rights on the virtualized machine

(Other options for activation are: KMS server, MAK key, AD-based Activation)

How Does AVMA work?

Automatic Virtual Machine Activation requires a Hyper-v host server running Windows Server 2012 R2 Datacenter and it must be activated. The Virtual Machines must be 2012R2 or above to activate under AVMA. This includes 2012R2 Datacenter, Standard, and Essentials.

The guest VMs must have an AVMA product key configured on them. See the table blow for the key.
Windows Server 2012 R2 AVMA keys:

Edition AVMA key
Datacenter Y4TGP-NPTV9-HTC2H-7MGQ3-DV4TW
Standard DBGBW-NPF86-BJVTX-K3WKJ-MTB6V
Essentials K2XGM-NMBT3-2R6Q8-WF2FK-P36R2

* Licenses above were taken from http://technet.microsoft.com/en-us/library/dn303421.aspx

These keys can be installed during the install or installed at a later time.

The last piece of this is how the virtual machine talks to it’s Hyper host to get activated. The channel it uses is the “Data Exchange” that the para-virtualization drivers provide. This is a per VM setting and is enabled by default. You can verify that it is enabled by going into a VMs settings and then selecting the Integration Services. Make sure “Data Exchange” is checked.

AVMA1

AVMA also provides real-time reporting on usage and historical data on the license state of the virtual machine. This data is stored and available on the virtualization host server. There is no need to have any access or rights to the VMs on that server to access this information.

Step by Step directions to implement AVMA:

To use AVMA is easy just follow these 4 steps to virtual bliss:

  1. Install Server 2012R2 Datacenter
  2. Activate the server
  3. Add the Hyper-v Role
  4. Install a 2012R2 Virtual Machine and assign an AVMA key

If your virtual machine needs a key or already has a different key and you would like to give it an AVMA key there are a couple ways to achieve that. Here are two:

Using the GUI – Start the File Manager and Right click on “This PC”. From that dropdown list select “Properties”.

image

You will then get the System Screen. From here you select the Change Product key at the bottom right of the window. Put in one of the keys in the above table.

image

 

Another way to change the product key is to do it from a command prompt or script. This will need to run with administrative privileges.

Steps to Set the Product key from a command Prompt:

  • Click on the Start Button and type “CMD”   — (Welcome back Start Button)
  • Right click on the Command Prompt and select “Run as administrator”

    image

  • In the command window run the command slmgr /ipk <AVMA_key>
    Command in the example below:
    slmgr /ipk Y4TGP-NPTV9-HTC2H-7MGQ3-DV4TW

    image

Hope you found this fun and informative! –Brian Hot smile


ITEBlogThis post is part of a series of posts by the US IT Pro Evangelist team. In this series we cover, Why Windows Server 2012 R2 is important, how to deploy, manage, configure any number of components in Windows Server 2012 R2. 

This series is deep technical content with lots of How To’s and Step-By-Step instructions. You will learn about storage, cloud integration, RDS, VDI, Hyper-V, virtualization, deduplication, Hyper-v replica, DNS, AD, DHCP, high availability, SMB, backup, PowerShell and much, much more! – See more at: http://itproguru.com/expert/2013/10/windows-server-2012-r2-launch-blog-series-why-win2012r2/

SharedVHDXOne of the new features in Windows Server 2012 R2 is Shared Virtual Hard Disks.

What are the benefits of Shared VDHX?

The benefits of using Shared VHDX on a 2012R2 Hyper-V server is that you can deploy a failover cluster consisting of all Virtual Machines. You can also create failover clusters using Fibre Channel, Server Message Block (SMB) file share, Storage Spaces, or iSCSI storage. The real benefit of using the Shared VHDX is that you don’t have to expose your storage infrastructure like you would with the other options above. This is something that an ISP would want to use because it would be easy to automate the creation of new failover clusters without having to make a new file share or a new LUN.

What does it take to run Share VHDX?

Let me start with the error that many IT Pros see as they start to look at Shared VHDX. If you started to try and use this technology you may have missed some important prerequisites and received this error message:

image

Error Message Error Applying Hard Drive Changes
Failed to modify device ‘Virtual Hard Disk’.
The storage where the virtual hard disk is located does not support virtual hard disk sharing.
Cannot get information for attachment ‘\\Svr01\hyper-v smb storage\shared_disk_1.vhdx’.
The storage where the virtual hard disk is located does not support virtual hard disk sharing.

The common problem here that people run into is that you can’t use local storage (d:\VHDs\disk.vhdx). Further, you can’t use a regular file share (\\Server\Share\disk.vhdx). You either need to have the VHDX file on on a scale out file share or on a CSV volume. The CSV volume can be from iSCSI, fiber channel, SAS, or clustered Storage Spaces with SAS JBODs. So the virtual disk must be a VHDX not a VHD and it must be on Cluster Shared Volumes (CSV) or on a Scale-Out File Server Cluster with SMB 3.01. Again the benefit of using the VHDX file in addition to the storage is that you can add more clusters without provisioning more shares or LUNs and the guests don’t have access to the shared storage. This is easier to secure and automate for you end users who may want fail over clusters from your Hyper-V farm.

Here are the other things that are required to configure a guest failover cluster that uses shared virtual hard disks:

  • At least a two-node Hyper-V failover cluster.
  • Servers must be running Windows Server 2012 R2.
  • Servers must belong to the same Active Directory domain.
  • Availability of configured shared storage resources—for example, CSVs on block storage (such as clustered storage spaces) or a Scale-Out File Server cluster (running Windows Server 2012 R2) with SMB 3.0 (for file-based storage).
  • Sufficient memory, disk, and processor capacity within the failover cluster to support multiple virtual machines that are implemented as guest failover clusters.

For step by step instructions on deploying a Guest Cluster using Share VHDX Microsoft has a great guide on the TechNet site here:

Deploy a Guest Cluster Using a Shared Virtual Hard Disk (step by step)
http://technet.microsoft.com/en-us/library/dn265980.aspx

If you have anything to add – just drop it in the comments!

Thanks –Brian 

—————————————————————————————————————————-

ITEBlog_thumb[1]This post is part of a series of posts by the US IT Pro Evangelist team. In this series we cover, Why Windows Server 2012 R2 is important, how to deploy, manage, configure any number of components in Windows Server 2012 R2. 

This series is deep technical content with lots of How To’s and Step-By-Step instructions. You will learn about storage, cloud integration, RDS, VDI, Hyper-V, virtualization, deduplication, Hyper-v replica, DNS, AD, DHCP, high availability, SMB, backup, PowerShell and much, much more! – See more at: http://itproguru.com/expert/2013/10/windows-server-2012-r2-launch-blog-series-why-win2012r2/

ITEBlogThis article is part of a larger series on “Why Windows Server 2012 R2” where my peers and I detail many of the new features in Server 2012 R2 including step by step guides where appropriate. You can see the whole series here:
Windows Server 2012 R2 Launch Blog Series Index
http://itproguru.com/expert/2013/10/windows-server-2012-r2-launch-blog-series-why-win2012r2/

Storage Quality of Service
Storage Quality of Service is a new feature in Windows Server 2012 R2 in the Hypervisor. It enables you to control a VMs use of disk IO so that you can manage a VMs performance relative to disk access. This is a very necessary ability if you wish to run multiple VMs and insure each VM has adequate access to the disk and that no single VM consumes all of the disk IO leaving the others to have poor performance.

The Storage Quality of Service is set on a per Virtual Machine basis. You can set a Maximum and a Minimum level. The Maximum sets a cap and the Minimum sets a reservation.

If you have the luxury of a San you could accomplish the same result of setting a Maximum cap by provisioning a Lun, for that VM’s drive, and then set a cap on that. This is how administrators would coral a poorly behaving application if they couldn’t get the business group to fix the app. You can see that it is much easier to set this limit on the VM rather than relying on your San to do the work. Further you can now set the limits no matter where the virtual disk is, no need for a San.

Step by Step
The only feature that needs to be installed is the Hyper-v Role in Server 2012 R2 and then have the ability to set limits on your IO. To do this on your VM, just follow the steps outline below:

Screenshot

  • Open the Settings on your VM. From Hyper-V Manager, Cluster Manager, or VMM
  • Select the VM and go into the “Settings”
  • Select the disk that you want to set the limits on.  (Works on both IDE and SCSI disks)
  • Expand the disk properties and choose “Advanced Features”
  • Click the checkbox to “Enable Quality of Service management”
  • Set your desired Maximum or Minimum
  • Click on “Apply” or “OK”

That is it. That is how easy it is to set Quality of Service limits on your Disk IO for your Virtual Machines! Stay tuned to the Windows Server 2012 R2 Launch Blog Series for more insight into the new features of Windows Server 2012 R2.