In this week’s newsletter
Firefox turns on DNS over HTTPS. Mitigating flakey software updates. Known issues with Windows. Best browser for privacy. Windows 98 nostalgia. Migrating Redirected Folders from SBS 2011 GPO to Server 2019. Cheap remote access? Problem with new Edge browser. Plus lots more — read it all, read it here on WServerNews!
Enjoy this week’s newsletter and feel free to send us feedback on any of the topics we’ve covered — we love hearing from our readers!
Got questions? Ask our readers!
WServerNews goes out each week to more than 200,000 IT pro subscribers worldwide! That’s a lot of expertise to tap into. Do you need help with some technical problem or are looking for expert advice on something IT-related? Ask Our Readers by emailing your problems and/or questions to us at [email protected]
Editor’s Corner
This week’s observations and ruminations from Mitch Tulloch our Senior Editor…
Firefox turns on DNS over HTTPS
Following up on last week’s newsletter item about Apple’s latest bout of “courage” comes news of this bold move by the makers of the Firefox web browser:
Firefox turns controversial new encryption on by default in the US (The Verge)
DNS over HTTP (or DoH or DOH but don’t confuse it with d’oh lol) is “a protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol” whose intended goal is “to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver” (Wikipedia). DoH has been under discussion for some time now, and some experts have expressed concerned that it not only provides a false sense of security for users but also can break the underlying decentralized nature of the entire DNS system on which proper working of the Internet depends. Catalin Cimpanu has a pretty good summary here of the issues involved:
DNS-over-HTTPS causes more problems than it solves, experts say (ZDNet)
https://www.zdnet.com/article/dns-over-https-causes-more-problems-than-it-solves-experts-say/
Also useful to read is this post from a few months back by APNIC the Asia Pacific Network Information Centre which is the non-profit organization responsible for distributing and managing IP addresses and AS numbers in the Asia Pacific region:
Opinion: Centralized DoH is bad for privacy, in 2019 and beyond (APNIC Blog)
https://blog.apnic.net/2019/10/03/opinion-centralized-doh-is-bad-for-privacy-in-2019-and-beyond/
Also helpful and a really interesting read is this APNIC article that describes some of the disruption that DOH may result in:
What is the DNS anyway?
https://blog.apnic.net/2020/01/09/what-is-the-dns-anyway/
And for some additional APNIC articles on DoH see this post:
Three of the best: DoH (APNIC Blog)
https://blog.apnic.net/2019/12/26/three-of-the-best-doh/
RIPE the European regional Internet registry has also been debating the problems surrounding DoH, but for some reason ARIN the North American registry seems to be strangely silent on the matter. I don’t know why — do any readers have an explanation? And how do you feel about Firefox’s decision to unilaterally implement DoH in their brower? Email me at [email protected]
Mitigating flakey software updates
If you’re a Windows user or have a small business that doesn’t use WSUS or some other patch management platform and you’re concerned that simply letting Windows update itself automatically on your PCs might lead one day to having your employees come to work one morning and be welcomed by a black screen because Microsoft didn’t properly test a patch before making it available on Windows Update, you may want to implement a procedure something like this: Begin by pausing the installation of updates on your PCs for a week or two after the date they’re released by Microsoft. Woody Leonhard explains how to do this in this article:
The difference between Defer updates, Pause updates and Delay updates — and what happens with Win10 1909 (ComputerWorld)
Then do the following a day or two before you let Windows automatically install the paused updates:
- Back up all important data on your PCs
- Make image-based backups of the OS volumes on your PCs
If you just have a few PCs to deal with, you can make image-based backups with a product like the free standalone Veeam Agent for Microsoft Windows:
https://www.veeam.com/windows-endpoint-server-backup-free.html
Once you’ve backed up your data and imaged your OS volume you can go ahead and let Windows automatically download and install the update. Then afterwards you should check your computer to make sure your key applications are all running properly. If there’s a problem with them you can first try recovering your machine from the latest restore point (these are automatically created by Windows before any installing updates) and if this doesn’t work — or if your problem is of a more serious nature like not being able to log on or boot properly — you can use your image-based backup to recover your machine to the state it held before the updates were installed.
I’m sure there are many other various on the above procedure, and if you’d like to recommend your own method to our readers you can email me at [email protected]
Known issues with Windows
Want to know what the status is with the latest version of Windows 10? Check out the following official information from Microsoft:
Windows 10 release information (Microsoft Docs)
https://docs.microsoft.com/en-us/windows/release-information/
For example, let’s say you want to find out about any known issues for v.1909 which is the latest version of Windows 10. In this case you scroll down this page and look under Known Issues:
Windows 10, version 1909 and Windows Server, version 1909 (Microsoft Docs)
https://docs.microsoft.com/en-us/windows/release-information/status-windows-10-1909
Best browser for privacy
Getting back to the topic of web browsers, Douglas J. Leith of the School of Computer Science & Statistics at Trinity College in Dublin, Ireland has just published a study summarizing the results of his research on which web browser is best at ensuring the privacy of users browsing habits. The winner — no surprise here — is the Brave browser which happens to be the one we have deployed on PCs at our own business. You can download and read the study in PDF format using this link:
https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf
You can also get Brave here:
Windows 98 nostalgia
And finally here’s something for all you users out there who still hate Windows 10. Guess what? Apparently if you tweak hard enough it’s possible to make Windows 10 look just like Windows 98:
This Windows 98 themed version of Windows 10 looks amazing (betanews)
https://betanews.com/2020/02/11/windows-98-themed-windows-10/
Nice!
Got more thoughts about anything in this newsletter?
Email us at [email protected]!
Tell all your friends about WServerNews!
Please let all your friends and colleagues in the IT profession know about our newsletter. Tell them our latest issues can be found at wservernews.com while older issues dating back to 1997 can be found in our archive. And let them know also that they can receive WServerNews each week in their inbox by subscribing to it here. Thank you!
Ask Our Readers – Migrating Redirected Folders from SBS 2011 GPO to Server 2019 (new question)
A reader named John who is an IT consultant in Connecticut, USA sent us the following question asking for some help from our readers:
Does anyone have a fool proof method (step by step including dos and don’ts) of migrating redirected folders? This seems to be something that trips me up every migration. I have tried several methods but ultimately I get mixed results.
Methods tried:
- Copying using robocopy with and without backup option (this option has never worked in any shape or form)
- Creating new OU moving user into new OU (I get mixed results and ultimately wind up with some folders moving back to local some still redirected to old server) <- current situation with a migration that has not been finished because of this!
Do you create new GPOs and new groups?
Do you modify the existing GPO object for redirected folders?
What is the proper method for returning them to the local user profile (even though this is checked in GPO it doesn’t always return them)? Do you remove them from the group? Move them to a new OU? Disable the policy? Delete the policy altogether?
So many questions so I’m looking for the correct method with the steps and dos and don’ts. I see so many ways to do it in different forums on the web but so far none has worked 100% of the time. It’s basically been a lot of late nights creating groups moving users etc to finally get them back to the local user profile then to the new server with a new OU and GPO but then that doesn’t always apply so I still have some at past migrations that are pointing to the local user profile.
If anyone can offer any suggestions to John or point him to some online resources that can help, please let us know by emailing us at [email protected]
Ask Our Readers – Cheap remote access? (a reader response)
Several weeks ago our newsletter included the following question from a reader named George:
I recently had a business IT colleague recommend Terminal Service Plus (TSPlus) as a more cost-effective alternative from a licensing perspective with respect to costly Remote Desktop Services (RDS) CALs for Windows Server. Especially for smaller businesses who need to provide remote access for their employees:
However, another IT colleague of mine has told me that this product can’t possibly be in compliance with Microsoft licensing. In other words you will still need to purchase Microsoft CALs to be in compliance with using TSPlus within a Windows-based environment, even if you just run it on Windows 10 not Windows Server.
So…what do your readers think on this subject? Does running TSPlus on Windows Server violate Microsoft’s EULA? Has anyone had to deal with this kind of situation by having Microsoft’s Licensing Police come to arrest them and cart them away? Please help as I can’t find any authoritative information on this matter either on the TSPlus website or on Microsoft.com. Thanks!!
A reader named Matthew responded to this one as follows:
Mitch, I noticed that thus far there seem to be no responses from users concerning Terminal Services Plus. I am sorry to see that, as I was most interested in the comments on this. That being said, I’ll throw in my two cents worth, but I will ask that you not use my name if you post these. I do not want The Microsoft Gestapo running my client or me down.
I downloaded a trial of Terminal Services Plus for a client recently, and ultimate acquired it for them. And I asked the good folks at TSPlus about this licensing issue, as it seems, um, complicated. But first, why would I choose TSPlus over Remote Desktop?
For starters, price was not the main issue. For seven users my RDS CALs would be about $900-$1000. With TSPlus plus some security add-ons (like 2FA and the ability to block entire overseas subnets from accessing the server) and three years of support, I was within about 10% of RDS. However, I setup the new Terminal Services for a client a few years back and it was a royal PITA! I had done several over the years using the old model and it was straightforward, but not the changes that came along with Server 2008. Six different roles to be set up and maintained and it seems like a drag on resources (it is a Microsoft product).
TSPlus installed in two minutes and a short tutorial had me up and running in about 10 more. I love the fact that it optionally uses HTML5 so the users just need a browser to access the programs. And if I have only one app that he users will run (in this case QuickBooks) I can set it up to auto-run; they never see the desktop.
Now about that licensing. I was told by TSPlus Support that if you use RDS functionality with their product you must install the RDS Role and you need the RDS CALs. However, their software does not need the RDS Role so no CALs are required. In short, I need only TSPlus CALs. I am not an attorney and do not play one on TV, but I consider that due diligence. To me this looks a lot like Citrix but uses RDP (an open protocol).
That being said, I did make sure that I have plenty of user CALs for Windows. I do not want MS saying “Oh, yeah! Well we’ll get on Windows CALs. Pay up!”
I hope that this perhaps clarifies a few things for those considering some form of remote desktop. Or perhaps it muddies the waters even more. Either way it’s food for thought.
I do think Matthew’s comments are helpful, though when it comes to software licensing some vendors seem to like to keep their waters somewhat muddied, perhaps so they have more options how they can squeeze customers for additional money. And Microsoft is probably not the least guilty in this regard from the licensing horror stories I’ve heard from others over the years. But perhaps they’ve improved — any comments from our readers? Email me at [email protected]
Ask Our Readers – Problem with new Edge browser (reader still needs help!)
Two weeks ago a reader named Logan sent us the following question:
I am using Windows 10 Pro version 1909 and Outlook 2013. I have half of my computer screen covered with the open email window. The other half is covered with an open email message. If I click on a link in the open message, the new Chromium-based Microsoft Edge browser opens behind both open windows. When I was using Internet Explorer, the link would open over the 2 open windows. How do I make the new Chromium-based Microsoft Edge browser open the link over the 2 open windows when I click on the link?
Erich Jacob from Switzerland replied with a suggestion which we published in last week’s newsletter, and Logan tried this but apparently it didn’t work for him:
My wife is from Germany so I had her check the settings as suggested by Erich. I then tried it and there was and is no change. The same problem exists. No fix!
Anyone else have a suggestion? Email us at [email protected]
Tip of the Week
>> Got any IT pro tips you’d like to share with other readers of our newsletter? Email us at [email protected]
Windows 10 God Mode
This might be helpful to a few of our readers who are still struggling with how things are rapidly changing in Windows 10 with the Control Panel apparently on the way to eventually being deprecated:
How to activate all of Windows 10’s secret God Modes (betanews)
https://betanews.com/2020/02/28/windows-10-god-modes/
Most of the time when I want to change a setting on Windows 10, I just press the Windows Key and start typing the name or description of the setting I need to find. This usually works, but for certain obscure settings it may be that so-called God Mode can help you find what you’re looking for faster than using the Windows Search feature.
Admin Toolbox
>> Got any admin tools or software you’d like to recommend to our readers? Email us at [email protected]
Ontrack can help small, mid- and large-scale businesses recover, restore and retrieve server data in a time sensitive manner:
https://www.ontrack.com/services/data-recovery/
TestDisk is powerful free data recovery software! It was primarily designed to help recover lost partitions and/or make non-booting disks bootable again when these symptoms are caused by faulty software:
https://www.cgsecurity.org/wiki/TestDisk
PuTTY is a free implementation of SSH and Telnet for Windows and Unix platforms, along with an xterm terminal emulator:
https://www.chiark.greenend.org.uk/~sgtatham/putty/
Mailbag
A few weeks ago in our newsletter issue titled Wither Windows management? we asked readers whether they view MDM as opposed to GP/AD going forward for enterprises. A reader named Jo responded thoughtfully as follows:
Hi There, This was very interesting, and I’m glad you popped the question. We are a medium sized organization, with a lot more PC’s than employees due to workshops, labs etc. In our network we have anything from Windows 2000 and onwards. Mainstream being Win7.
We are running an on-prem GP/AD network, where we steadily have infused Win10 PCs. (Not that easy to buy anything else these days. Intel and MS has seen to that.) So at office desks around 50% are now running Win10. We have not done anything special to steer Win10 updates, other than using our WSUS server.
How MDM’s could be a better choice I don’t know. Our users are non-homogenous and with a wide spread of demands. In general we have less control with Windows10 patching, in contrast to the older OSes. This is a concern. So adoption and rollout is getting along, but we are not expediting it.
Security-wise we are thinking more cross platform, and rolling out solutions not depending on users running Win10. How to integrate mobile users is a major concern, but still manageable with on-prem GP/AD. Think we stay with on-prem GP/AD for now.
We’d still love to hear from more readers on this topic. Specifically, let us know if you have any thoughts on these questions from Jeremy Moskowitz which we posed in that issue:
“I’m starting to maybe detect a trend in Windows 10 management land. People seem to be sl-o-wing-down of rolling out Windows 10 and other security and management enhancements. The basic question is: “Are you considering a push toward some MDM system away from on-prem GP/Active Directory … and is this causing you to re-think or stall your plans for Windows 10 rollouts and security projects? Or are you staying with on-prem GP/AD and SCCM for the forseeable future?”
Email us at [email protected] if you have anything interesting to say concerning these questions.
And in the Mailbag of last week’s issue Howard from Brazil mentioned that there are still lots of Volkswagen bugs buzzing around the streets down there in Brazil. I wondered out loud whether they also had many VW buses there as well, and Howard quickly replied:
The majority of them are! That call them ‘Kombis’ here. Any given day, we pass on the street 4 or 5 in very good condition. Delivery vehicles, mostly.
“The production of the Brazilian Volkswagen Kombi ended in 2013 with a production run of 600 Last Edition vehicles. A short film entitled “Os Últimos Desejos da Kombi” (English: The Kombi’s Last Wishes) was made by Volkswagen Brazil to commemorate the end of production.” (Wikipedia)
You can read more here:
https://en.wikipedia.org/wiki/Volkswagen_Type_2
So are there any VW Kombi, Transporter or Microbus fans out there among our 200k IT pro newsletter subscribers? Email us at [email protected]
Factoid – Is the problem with my eyes, or what?
We didn’t receive any response to our previous week’s Factoid so let’s move on to this week’s:
Fact: Not only has the trend over the last few years towards using lighter and thinner fonts made web pages harder to read, it’s also making books harder to read!
Source: This one is based solely on my own observations as a collector and reader of hardcopy books. For example here is a photo of a portion of a page in a Jack Reacher novel published by Bantam in the UK in 2010:
Now compare this with a photo of another Reacher novel published by Dell in the USA four years later in 2014 which is around the time that fonts on web pages began to get lighter and thinner:
See the difference? I had no trouble reading the first novel under poor lighting conditions in our living room while I was recovering from a cold. But my eyes kept blurring when I tried to read the second novel because of the lighter and thinner font used in that book.
Question: Has anyone else noticed this trend happening with print books? Why do you think it’s happening? Are publishers just trying to be fashionable? i.e. “If we make the printed page look like web pages people will be more likely to buy our books.” Or are they trying to reduce printing costs by saving on ink by using lighter and/or thinner fonts? What do you think? Or don’t you buy hardcopy books anymore?
Email your answers to [email protected]
Subscribe to WServerNews!
Subscribe today to our WServerNews newsletter and join 200,000 other IT professionals around the world who receive our newsletter each week! Just go to this page and select WServerNews to receive our monthly newsletter in your inbox!
Conference calendar
>> Got an IT conference or event happening that you’d like to promote in our newsletter? Email us at [email protected]
Microsoft Business Applications Summit
April 20-21, 2020 in Anaheim, California
https://www.microsoft.com/en-us/BusinessApplicationsSummit
Microsoft Build
May 19-21, 2020 in Seattle, Washington
https://www.microsoft.com/en-us/build
Microsoft Inspire
July 20-24, 2020 in Las Vegas, Nevada
https://partner.microsoft.com/en-us/inspire
Other Microsoft events
Microsoft Licensing Boot Camps – Dec 9-10 in Seattle, Washington
https://www.directionsonmicrosoft.com/training
Infosec conferences
Cyber Security Summit – Nov 21 in Houston, Texas
https://cybersummitusa.com/houston19/
Cyber Security Summit – Dec 5 in Los Angeles, California
https://cybersummitusa.com/losangeles19/
Other conferences
European SharePoint, Office 365 & Azure Conference – Dec 2-5 in Prague, Czech Republic
https://www.sharepointeurope.com/
SharePoint Fest – Dec 9-13 in Chicago, Illinois
https://www.sharepointfest.com/Chicago/
Podcast Corner
From Slack to stateful serverless: An interview with Nimbella (The T-Suite)
https://techgenix.com/podcast/the-t-suite/
Managing CosmosDB with Deborah Chen (RunAsRadio)
The State Of Optical Networking In 2020 (Heavy Networking)
https://packetpushers.net/series/weekly-show/
vSAN Deconstructed: Availability (Virtually Speaking)
https://www.vspeakingpodcast.com/
TWIW – Kr00k, CLI Mapping, YouTube, FCC, & DevNet (Clear To Send)
Why is IT Automation so Hard? (The CTO Advisor)
https://www.thectoadvisor.com/podcast
Chris Kennedy on the latest MITRE ATT&CK developments (Risky Business)
https://risky.biz/netcasts/risky-business/
Gear and Tech (Microsoft Cloud IT Pro Podcast)
https://www.msclouditpropodcast.com/
Azure Data Factory & the Latest Microsoft Cloud News (Microsoft Cloud Show)
http://www.microsoftcloudshow.com/podcast
New on Techgenix.com
Exchange 2019: Peaceful coexistence with Exchange 2016
Exchange coexistence has been around for a long time. This can be having Exchange 2010 and 2013 in the same environment or Exchange 2010 and 2016 coexisting or Exchange 2013 and 2016 running in the same environment.
https://techgenix.com/exchange-2019-exchange-2016/
Cybersecurity 101: Close the door on open network shares
If you have open network shares on your network, you are opening the door to cybersecurity risks. Use PowerShell to check the status of your network shares.
https://techgenix.com/close-open-network-shares/
PowerShell script to list virtual machine encryption status
In this Azure Quick Tip, we provide a PowerShell script that will tell you the encryption status of every virtual machine in any given subscription.
https://techgenix.com/virtual-machine-encryption-status/
Spear-phishing email results in U.S. gas pipeline ransomware attack
A spear-phishing email has resulted in a U.S. gas pipeline ransomware attack. Making the attack worse: The IT and OT networks were not segmented.
https://techgenix.com/gas-pipeline-ransomware-attack/
Review: Enterprise-grade backup application Vembu BDR Suite 4.0.0
Vembu BDR Suite is an enterprise-grade backup application designed to work in both VMware and Hyper-V environments. Here’s our review.
https://techgenix.com/vembu-bdr-suite/
Fun videos from Flixxy
Worlds Largest Airplane Antonov AN-225
The worlds largest aircraft, the amazing 6-jet-engined Antonov 225, shows off its maneuverability during an air show in Germany.
LA Speed Check – Lockheed SR-71 Blackbird
The true story of a SR-71 pilot requesting a ground speed check with Los Angeles Center, while flying the SR-71 Blackbird over Southern California.
https://www.flixxy.com/la-speed-check-lockheed-sr-71-blackbird.htm
Moscow, Tverskaya Street in 1896 – Color 60fps
Travel back in time to 1896 and take a trip through Tverskaya Street in Moscow – now with 60 frames per second, in color and with sound!
https://www.flixxy.com/moscow-tverskaya-street-in-1896-color-60fps.htm
People Are Awesome – Best of the Week #74
This week’s selection of awesome people performing balance tricks, soccer tricks, yoyo skills, weightlifting and more!
https://www.flixxy.com/people-are-awesome-best-of-the-week-74.htm
More articles of interest
Set Up PowerShell Script Block Logging for Added Security
Learn how to set up your systems to capture abnormal PowerShell behavior as one way to shore up your defenses.
Bring Cloud on Prem with VMware Cloud on Dell EMC, AWS Outposts
VMware Cloud on Dell EMC and the forthcoming AWS Outposts offer organizations rack-based hybrid cloud products that can extend their public cloud platforms to the data center.
Ramp Up Carefully During AIOps Implementation
Sound IT automation and data management practices — along with a healthy dose of patience — are prerequisites for a smooth AIOps implementation.
Should admins learn about serverless computing?
Serverless architecture is beneficial to organizations that use virtualization and function-as-a-service models. Here’s what admins should know about it.
Send us your feedback!
Got feedback about anything in this issue of WServerNews? Email us at [email protected]