WServerNews: Does your router pass the test?

In this week’s newsletter

Ask Our Readers – Problem using iPads in enterprise environments (responses). WiFi router security problems. Granular delegation using PowerShell. Disabling TLS 1.0 and 1.1. Microsoft Safety Scanner. Is your SSD failing? Want to learn Linux? Solve Windows Update error 80072EE2. Vinyl outsells CDs. Plus lots more — read it all, read it here on WServerNews!

Enjoy this week’s newsletter and feel free to send us feedback on any of the topics we’ve covered — we love hearing from our readers! And please tell others about WServerNews! It’s free and always will be free — and they can subscribe to it here. Thanks!!!

Ask Our Readers – Problem using iPads in enterprise environments (responses)

In our previous newsletter we shared the following question submitted by a reader named Joe regarding an article I wrote a while back about some of the challenges of supporting Mac computers in a workplace:

I was disappointed there was no mention of the “AppleID” factor here. One of our issues with using corporate purchased iPADs is that when an individual leaves and the device is issued to a new user, freeing the device from the prior user’s AppleID (apple account) is a problem. We can manage a reset the device via MDM/Azure Endpoint Devices. However, they device never gets truly freed from the prior user until they remove it from their account. Is there a better way to handle this?

Mike Edelmayer who is the Senior IT Administrator for a home-building company in the USA responded with this suggestion:

We had this issue to start with. We were able to resolve this by forcing our users to use the Company email address. This way we could reset the apple password and remove the user from that device. The only time we have to use our MDM to reset now is when someone uses a backup email on the device. Works well for us. Hope this helps.

Robert Riley the Technology Director for a home and business security company in the USA said:

We have made it our policy and trained our HR people to initiate a Factory reset of the device as part of the user’s exit interview. This automatically removes the device from the old user’s account and makes it ready for re-issue with minimal complications.

If any other readers have more suggestions for Joe you can email me at [email protected]

Got questions? Ask our readers!

WServerNews goes out each week to almost 200,000 IT pro subscribers worldwide! That’s a lot of expertise to tap into. Do you need help with some technical problem or are looking for expert advice on something IT-related? Ask Our Readers by emailing your problems and/or questions to us at [email protected]

Editor’s Corner

We’re going to cover a bunch of ground this week which of course is par for the course for the working IT professional. Let’s start off with WiFi router security…

WiFi router security problems

The Fraunhofer Institute recently tested the firmware of more than a hundred home WiFi routers from ASUS, D-Link, Linksys, Netgear, TP-Link and other vendors against high severity CVEs and found significant security issues with many of them. They also made several sensible recommendations including purchasing only models that automatically install firmware updates (or at least allow you to install updates manually), making sure that UPnP and remote access are disabled, and changing the factory default password for your router’s administrator account. You can read the full report here (PDF).

Granular delegation using PowerShell

If you need to delegate limited privileges to a user to allow them to perform a limited set of tasks using PowerShell you can do this using a feature called Just Enough Administration (JEA) which was introduced back in PowerShell 5.0. It’s been around several years now, but many IT admins are not aware of how using JEA can make their job easier. A usage example might be if you wanted to allow a user to stop, start or restart a specific service because their workflow depended on having that service running properly.

A good place to start learning how to use PowerShell JEA is this article which was recommended to us by one of our readers:

PowerShell: Implementing Just-Enough-Administration (JEA), Step-by-Step (SID-500.COM)

https://sid-500.com/2018/02/11/powershell-implementing-just-enough-administration-jea-step-by-step/

And if you want to learn even more try reading these articles:

Just Enough Administration (JEA) – Part 1: Overview (4sysops)

https://4sysops.com/archives/just-enough-administration-jea-part-1-overview/

Just Enough Administration (JEA) – Part 2: An example (4sysops)

https://4sysops.com/archives/just-enough-administration-jea-part-2-an-example/

Just Enough Administration (JEA) – Part 3: Logging and reporting (4sysops)

https://4sysops.com/archives/just-enough-administration-jea-part-3-logging-and-reporting/

Disabling TLS 1.0 and 1.1

If you need to disable a legacy security protocol like TLS versions 1.0 or 1.1 on Windows Server as one colleague of mine recently had to do in a hurry when it was discovered they were still being used, there’s a cool free tool available to do this that was recommended to me by another colleague. The tool is called IIS Crypto and it gives administrators the ability to enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows Server 2008, 2012, 2016 and 2019. It also lets you reorder SSL/TLS cipher suites offered by IIS, change advanced settings and do a bunch of other cool stuff. Great tool to have when you find your organization suddenly under a security audit and the auditor is wagging his finger at you.

Microsoft Safety Scanner

Another cool security tool is Microsoft Safety Scanner which is designed to find and remove malware from Windows computers. To use it you simply download it and run a scan to find malware and try to reverse changes made by identified threats. Note that Safety Scanner only scans when manually triggered and is available for use 10 days after being downloaded, so it’s best if you always download the latest version of this tool before each scan. Safety Scanner works on Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, and Windows Server 2008. It’s available in both 32- and 64-bit versions and can be downloaded here.

Is your SSD failing?

Back in September I wrote an article about a problem caused by bad sectors on the SSD drive of one of my Windows 10 machines. Towards the end of my article I mentioned some outstanding questions I still had, one of which being how to test the health of a SSD drive.

Well it turns out that Microsoft is testing a new feature for Windows 10 that will supposedly be able to detect whether your SSD is going to fail soon. In the meantime some of the ways of judging SSD health that have been suggested to be include monitoring for SMART errors 177 Wear Leveling Count (wear) and 187 Uncorrectable Error Cnt (failure). If readers have any other suggestions concerning this you can email me at [email protected]

Want to learn Linux?

I do! That’s why I posted this article on our TechGenix site asking readers for their suggestions on the best resources for learning Linux. If you have a Linux learning resource to suggest please add a comment to my article. Thanks!

Got more thoughts about anything in this newsletter?

Email us at [email protected]!

Tell all your friends about WServerNews!

Please let all your friends and colleagues in the IT profession know about our newsletter. Tell them our latest issues can be found at wservernews.com while older issues dating back to 1997 can be found in our archive. And let them know also that they can receive WServerNews each week in their inbox by subscribing to it here. Thank you!

Tip of the Week

>> Got any IT pro tips you’d like to share with other readers of our newsletter? Email us at [email protected]

Solve Windows Update error 80072EE2

The IT Bros has a helpful post on how to resolve a difficult error that sometimes arises during Windows Update operations. Read more here:

https://theitbros.com/how-to-solve-the-windows-update-error-80072ee2/

Admin Toolbox

>> Got any admin tools or software you’d like to recommend to our readers? Email us at [email protected]

Use these cmdlet extension agents to get Visual Power BI reports on who uses what command in Exchange:

https://gallery.technet.microsoft.com/exchange-audit-log-in-18a7c2ac

SysKit Shell is a new solution that allows system admins to run PowerShell Scripts on multiple servers simultaneously:

https://www.syskit.com/products/shell/

R-HUB provides you video/web/audio conferencing and remote support server that YOU own and YOU control–forever!

http://www.rhubcom.com/v5/index.html

Factoid – Vinyl outsells CDs

Our previous factoid and question was this:

Fact: It’s possible to run a full IBM System/370 Mainframe on a $20 Raspberry Pi Zero.

Question: Have any of our readers ever worked on or with mainframe computers?

This one drew a number of responses from our newsletter readers. Martin Urwaleck from Austria says:

Hi Mitch, when studying EE (in the 80ies) I worked on a CDC Cyber using FORTRAN 5. I had to use punch cards for my code since the 5 availabel terminals were reserved for postgraduates. During summer holidays I was working at a Siemens site in Vienna — they had a mainframe running on BS2000. My job was importing data from reel tape, reformatting it and writing it back to tape. And I had a terminal — no more puch cards. Later on I configured gateways for Novell Netware to connect to a Bull DPS7 (that was rather challenging since all error messages were in French!)

Next comes this from John Downey in the UK:

Hi, I didn’t realise I was that old — it’s a bit like ‘what did you do in the war, dad?’

I started working on ICL mainframes (1900 series) in early 1973, as a trainee operator. From then until 1994 I went on to run 2900 and latterly 3900 series machines. Thereafter I joined the new-fangled PC/network club. I retired about 3 years ago.

I have probably a million mainframe-related stories, but do your readers really want to know what I did in the war? Just sit me in the corner of the public bar with a pint and I could regale you at great length.

Charles Lewis from Florida, USA worked with several mainframes and some other cool technology way back in the day:

Mitch, I have no worth-telling stories about mainframes. The first two mainframes I used, hands on, were the IBM 1130 and the IBM 370/115. By the way, this model had a DOS operating system! Then I went elsewhere and used RJE (remote job entry) for a few years using Nortel (Canadian) equipment connected to big, big iron, at 4800 baud! Around this time I also had a Texas Instruments 733, with an acoustic coupler at 1200 baud, and with dual cassette drives. It had a built-in thermal printer. And then, later, also an Intertec Superbrain. Then, a Prime “minicomputer” with mini equipment the size of laundromat washers and dryers. I specced my to-be-built computer room, a lot of fun and fast learning.

We’ll finish off with a couple of fun mainframe stories by Ted Bodfish from Ontario, Canada:

Hi Mitch, While a university student in the Computer Science program I had a part-time job at the Natural Sciences Computing Centre as a program consultant, assisting non-Computer Science grad students and professors with their programs for analyzing their data. The Computing Centre had a CDC Cyber mainframe which was programmed with punched cards. The Computing Centre also had a DECsystem-10 mainframe with 256 kWords (about a megabyte) of memory which supported about 300 time-sharing terminals. My current phone has 4GB (4096 MB) of RAM and 128GB of additional storage, and way more processing power.

Story 1: One evening the system operator came out from the machine room and asked me to help him out. It seems the DECsystem-10 had been slowing down and he was concerned. As we looked over the machine he mentioned that the DECwriter, a dot-matrix printer with a keyboard, had stopped printing out the system log. We checked and found that it had blown a fuse. He found a replacement fuse (good thing someone had done some planning) and as soon as he put it in the DECwriter started spewing out reams of paper. As the length of the log stored in mainframe memory was reduced the DECsystem-10 slowly returned to its normal speed.

Story 2: During the summer I worked full-time at the Computing Centre but arranged to take a COBOL course in the Computer Science Department. The COBOL compiler was on the CDC Cyber mainframe computer and we had to program it with punched cards. The students did not have any storage allocated so had to lug around their entire program on punched cards in a box. Some were even into their second box. My boss allowed me to use the storage so my program lived on the computer. I just needed to run an update set to make changes to my program before running it. So instead of a box or two of punched cards, I was able to walk around with my update set in my shirt pocket.

Story 3: While working on the COBOL course, mentioned above, I experienced delays of up to a few hours between when I submitted my job on punched cards and when I got back the cards and the printed output from the program. I discovered that I could get immediate turn-around on Friday nights, when all the other students were out partying.

Such dedication! For me I’d rather party Friday nights 😉

Anyways if any other readers have interesting mainframe stories (or other ancient computing technology stories) you’d like to share with our readers you can email me at [email protected]

Now let’s move on to this week’s factoid:

Fact: Vinyl-Record Sales Top Compact Discs for First Time in 34 Years

Source: https://www.bloomberg.com/news/articles/2020-09-10/vinyl-record-sales-top-compact-discs-for-first-time-in-34-years

Question: Do any of our newsletter readers still listen to vinyl? And for that matter, do any of you still listen to CDs? Why or why not? Email your answers to [email protected]

Subscribe to WServerNews!

Subscribe today to our WServerNews newsletter and join 200,000 other IT professionals around the world who receive our newsletter each week! Just go to this page and select WServerNews to receive our monthly newsletter in your inbox!