News Categories
Announcement (9) Amy Babinchak (64) Tips (1) SBS 2011 (6) Windows Essentials 2012 (4) Edwin Sarmiento (28) SQL Server (22) SQL Server 2012 (6) SQL Server Clustering (3) SQL Server Disaster Recovery (6) Windows Server 2008 Clustering (1) log shipping (1) Brian Higgins (3) Uncategorized (42) Hyper-V (67) Virtualization (13) Windows 8 (13) Cisco VPN Client (1) Windows Server 2012 (24) Friend of TT (4) Hangout (2) Office365 (4) DNS (8) Jeremy (7) Cliff Galiher (3) Active Directory (12) ClearOS (4) Linux (4) presentations (2) SQL PASS (6) Chris Matthews (4) Printers (2) SharePoint (8) SQL Server Administration (7) Windows PowerShell (3) recovery model (1) sql server databases (1) Dave Shackelford (7) SMB Nation (1) Steve (1) Boon Tee (5) Kevin Royalty (3) Lee Wilbur (2) Philip Elder (10) SMBKitchen Crew (31) Susan Bradley (15) AlwaysOn (1) AlwaysOn Availability Groups (4) readable secondaries (1) row versioning (1) undocumented (1) The Project (2) Webinar (3) Enterprise for SMB Project (9) Security (25) Remote Desktop Connection for Mac (1) Remote Desktop Services (8) Windows Server 2008 (1) Exchange (15) Powershell (6) Microsoft (15) Performance (7) data types (1) Server 2012 (1) monitoring (1) DevTeach (1) SQL Server High Availability and Disaster Recovery (5) Clusters (44) Hyper-V Server 2012 (2) Business Principles (26) Cost of Doing Business (13) DHCP (7) sbs (15) Windows Server (30) SMBKitchen (26) Windows Server 2008 R2 (4) StorageCraft (1) P2V (1) ShadowProtect (6) StorageCraft ShadowProtect (1) VHDs (1) Intel RAID (2) Intel Server System R2208GZ (1) Intel Server Systems (17) RAID (2) SAS (2) SATA (2) Server Hardware (12) Microsoft Licensing (2) OEM (2) System Builder Tips (4) Intel (5) Intel Channel Partner Program (4) Intel Product Support (10) Intel Server Boards (2) Intel Server Manager (2) Cloud (26) IT Solutions (2) On-Premises (20) SMB (9) WIndows Azure (2) StorageSpaces (1) Error (47) Error Fix (35) Intel Desktop Boards (2) Intel SSDs (2) SSD (2) Business Opportunity (17) Data Security (11) Identity Security (7) Information Security (14) Privacy (2) Intel Modular Server (6) Promise (2) Storage Systems (9) Live ID (2) Microsoft ID (4) User Profiles (2) Articles (2) Building Client Relationships (6) DBCC IND (2) DBCC PAGE (2) filtered indexes (2) SQL Server Index Internals (2) training (11) Adobe (3) Internet Street Smart (8) Intel Storage Systems (2) LSI Corp (2) LSI SAS6160 Switch (2) Storage Spaces (7) Firmware Update (2) Product Support (7) Hybrid Cloud Solutions (3) Server Core (2) MAXDOP (1) SharePoint 2013 (1) SharePoint best practices (1) SQL Server Authentication (1) Family (5) Alternatives (1) SBS 2011 Standard (4) Microsoft Small Business Specialist Community (2) Microsoft Surface (2) SBSC (2) Networking (4) Availability Groups (3) CANITPro (1) HA/DR (1) Step-By-Step: Creating a SQL Server 2012 AlwaysOn Availability Group (1) webcast (1) VMWare (2) Conferences (2) Client Focus (2) Disaster Recovery (6) Error Workaround (8) Troubleshooting (4) Logitech (2) Product Review (7) Windows Features (4) XBox Music (2) SBS 2008 All Editions (4) MDOP (2) Microsoft Desktop Optimization Pack (2) Software Assurance (2) W2012E (6) Windows Server 2012 Essentials (6) Internet Explorer (3) USB 3.0 (2) USB Hard Drive (2) Bug Report (2) Microsoft Office 365 (5) sharepoint online (2) BitLocker (2) Windows (2) Microsoft Update (3) Swing Migration (2) Windows Update (4) Outlook (2) Group Policy (9) WS2012e (2) WSUS (3) Office (3) Microsoft Downloads (5) Microsoft Office (3) DRP (3) Virtual Machines (2) Virtual Server Hardware (2) online course (1) SQL Server learning (7) 2 Factor Authentication (2) 2FA (2) PASS Summit 2013 (4) SQLPASS (5) Contest (1) e-learning (1) Udemy (1) smbtechfest (1) backups (2) PASS Summit First Timers (3) IIS (2) RD Gateway (4) RD RemoteApp (2) RDWeb (4) Remote Desktop Connection (2) Remote Web Access (2) Remote Web Workplace (2) Cryptolocker (6) Backup (4) Restore (2) CryptoLocker (1) AuthAnvil (1) SBS 2003 (1) SBS Migration (1) Windows Server 2012 R2 (9) Documentation (1) IE 11 (4) testimonials (11) SQL Server 2008 (1) Best Practices (1) Support (1) Intel Xeon Processor (1) RemoteApp (1) Android (1) iOS (1) Hyper-V Replica (2) PowerShell (2) SBS (3) Break (1) Business Intelligence (1) Excel 2013 (1) Power Map (1) Power Query (1) PowerBI (1) MultiPoint (2) Surface (1) Net Neutrality (1) Opinion (2) ASP (9) HP (2) Scale-Out File Server (8) SOFS (10) Windows Phone (1) Updates (1) Intel NUC (1) Intuit (1) QuickBooks (1) Office364 (1) Intel Server Systems;Hyper-V (1) Firewall (1) Patching (1) Mobile (1) Mobility (1) sharepoint (1) Microsoft Security (1) Beta (1) Storage Replication (1) outlook (1) Hyper-V Setup (3) JBOD (1) Azure (1) PCI (1) PCI DSS (1) PII (1) POS (1) MicroStaff (2) Catherine Barr (2) Third Tier (1) BeTheCloud (1) BrainExplosion (1) LookAWhale (1) Manuel (1) Rayanne (3) SuperSecretNews (1) TechYourBooks (3) Managed Services (1) Training (1) E-mail (1)
RSS Feed
Latest Updates

Follow us on Facebook too. Click to go there now

Jun
15
Updated: This months patches are causing issues with IE, Outlook and login
Posted by Amy Babinchak on 15 June 2017 10:56 AM

Patch Tuesday fallout:


IE printing issues:
https://answers.microsoft.com/en-us/ie/forum/ie11-windows_7/kb4022719-printing-issues/e431c6e1-5f27-4bef-93ce-d8d9ae23a477 getting multiple reports of this in various venues impacting both Windows 10 and 7. Cumulative updates have to be rolled off to fix issue.

Update: IE frame printing issue: Patch is available - but on the catalog site only: 

  Reason for Revision: Microsoft is announcing the release of

    update 4032782 for Internet Explorer 11 on Windows 7, Windows

    Server 2008 R2, Windows 8.1, and Windows Server 2012 R2 to

    address a known issue customers may experience when printing

    from Internet Explorer. Only customers who are experiencing print

    issues after installing Internet Explorer Cumulative update

    4021558 should install update 4032782 because update 4032782

    addresses the known issue by removing the protection from

    CVE-2017-8529. The update is available via the Microsoft

    Update Catalog only.

Note you can import patches from the catalog site into WSUS, check with your patching vendors/tools to see if they can do likewise.


Outlook patches and attachments:
Impacting 2016, 2007, possibly 2010 and 2013 as well. KBs to hold off/roll back: 3191932, 3191938, 3203467, 3191898
Source:
http://marc.info/?l=patchmanagement&m=149748563116949&w=2

Update: Patch expected next Tuesday


Black screen/taking a long time to log in after updates. Appears to be triggered by interaction between Trend Micro and defender: http://marc.info/?l=patchmanagement&m=149748584716989&w=2


About Third Tier

Established in 2008, Third Tier only works for IT Professionals by providing them with access to advanced support services. No one can know it all these days, so we give IT pros a place to go to get the hands on support they need in areas they normally don’t work in or problems they’ve never encountered. We also work on projects, fix their accounting practices and do many, many migrations and other installations. Our staff covers a wide range of technologies.

Website: http://www.thirdtier.net

Helpdesk: https://helpdesk.thirdtier.net

Blog: http://www.thirdtier.net/blog


Read more »



May
19
Help ThirdTier win a speaking slot at ChannelCon!
Posted by Amy Babinchak on 19 May 2017 12:27 PM

If you're planning to attend CompTia ChannelCon (which is an excellent FREE two-day conference btw) then please help us win a speaking slot by using our registration link.

https://www.comptia.org/channelcon/register-and-plan/register?pc=CC17ThirdTier

Help us a little further and please share this link with your community

thanks,

Amy Babinchak, Managing Partner


Read more »



May
15
Another day; Another new Ransomware attack
Posted by Amy Babinchak on 15 May 2017 02:45 PM

I don’t mean to sound lackadaisical certainly we need to be aware of any new variant in the battle against ransomware. We are continuously reviewing the ransomware prevention kit to see what tweaks might be necessary to enhance the protections against new variants. The bad guys are always going to be out there trying new things.

But this weekends WannaCry ransomware outbreak wasn’t built by a new genius it was just another person taking advantage of lax attitudes toward patching and security. Essentially the writer was counting on the idea that IT was not adhering to certain well accepted best practices. 

Sure you will always have those machines that can’t apply patches, have to remain XP, require SMB1.0, that add security risks. Yes those exceptions to the rule exist but attacks like WannaCry only work if the exception becomes the rule.

Am I calling out my fellow IT admins here? Yes, I kind of am. There will always be exceptions to every policy but a secure network should not succumb to them. Best practices are what separates a professional from everyone else. As an IT professional I take pride in my role in a well secured and productive business.

There’s just no substitute for good IT. No software package is going to save us from the scourge of ransomware. It is up to IT to put the policies in place to protect the network.


Let’s break down how WannaCry gets on your network


Initial reports indicate the hacker or hacking group behind the WannaCry campaign is gaining access to enterprise servers either through Remote Desktop Protocol (RDP) compromise or through the exploitation of a critical Windows SMB vulnerability. Microsoft released a security update for the MS17-010 vulnerability on March 14, 2017.  According to open sources, one possible infection vector is via phishing emails.
 
The WannaCry ransomware received and analyzed by US-CERT is a loader that contains an AES-encrypted DLL. During runtime, the loader writes a file to disk named “t.wry”. The malware then uses an embedded 128-bit key to decrypt this file. This DLL, which is then loaded into the parent process, is the actual Wanna Cry Ransomware responsible for encrypting the user’s files. Using this cryptographic loading method, the WannaCry DLL is never directly exposed on disk and not vulnerable to antivirus software scans.

 

The newly loaded DLL immediately begins encrypting files on the victim’s system  and encrypts the user’s files with 128-bit AES. A random key is generated for the  encryption of each file. 
 
The malware also attempts to access the IPC$ shares and SMB resources the victim system has access to. This access permits the malware to spread itself laterally on a compromised network. However, the malware never attempts to attain a password from the victim’s account in order to access the IPC$ share.
 
This malware is designed to spread laterally on a network by gaining unauthorized access to the IPC$ share on network resources on the network on which it is operating.

The information in this FLASH was obtained through an FBI investigation and is provided in conjunction with the FBI’s statutory requirement to conduct victim notification as outlined in 42 USC § 10607

The above is the official word from the FBI.

You should also read this article from our friends at Bleeping Computer. Lawrence has been a guest with us and writes excellent break-downs on how specific ransomware variants work.

In summary it says:

This infection has two significant parts. One is a worm that executes the code to begin encryption, and stop certain services.

The worm uses SMB1 to discover files shares on the network. Once there it runs a command to change the permissions to Everyone so it can encrypt all of the files. When it encrypts the files it changes the name of the file by appending .WNCRY

It attempts to stop certain services so that it can encrypt your sql and mail server databases. Here are the list of services that it stops using the taskkill command: mysqld.exe, sqlwriter.exe, sqlserver.exe, msexchange.exe

After it is done encrypting then it runs a .exe file to display the ransom note.


How do you prevent it?


  1. You patch your systems. The worm can’t run if patches released in March 2017 were applied to the system. That’s it. Truly it was that simple. If the machine was patched then this infection can’t event get started. Specifically this patch: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx


What other steps can you take?


Before you ask, yes even if your systems are fully patched and you’ve made sure that you are safe for today you should still take some additional steps. These additional steps might just protect us against a future variant. We can see the pattern that this attacker used. Sure a simple patch vulnerability was used this time but something else might be used next time to allow the type of activity to run in the future.

  • Turn off SMB 1.0
  • Add .WNCRY to the list of not allowed file type in FSRM
  • Do not allow .dll’s to run from user locations
  • Block access to https://dist.torproject.org
  • Make sure that users are not running as Admin on their computers

All but the first item in that list are currently in the ransomware prevention kit. You have the tools! Let’s use them to prevent the next variant of this infection from happening to our networks.

Instructions for disabling SMB 1.0 on your computes will be soon added to the ransomware prevention kit.


About Third Tier

Established in 2008, Third Tier only works for IT Professionals by providing them with access to advanced support services. No one can know it all these days, so we give IT pros a place to go to get the hands on support they need in areas they normally don’t work in or problems they’ve never encountered. We also work on projects, fix their accounting practices and do many, many migrations and other installations. Our staff covers a wide range of technologies.

Website: http://www.thirdtier.net

Helpdesk: https://helpdesk.thirdtier.net

Blog: http://www.thirdtier.net/blog


Read more »



Apr
20
The MSP model is dying
Posted by Amy Babinchak on 20 April 2017 09:53 AM

Something new is happening. It’s a side effect of cloud. Businesses no longer need monitoring, maintenance, a suite of bundled software on their desktop and someone to care for the server.

What they need now is someone to walk them through how which business processes need modernization in a cloud world. Then they need you to make sure that they select the right cloud solutions, that their data is safe and to provide helpdesk services to their people.

Mostly they need you to lead the way and get them from point A to point B.

If your business model is based on standard packages it might be time to rethink. 

About Third Tier

Established in 2008, Third Tier only works for IT Professionals by providing them with access to advanced support services. No one can know it all these days, so we give IT pros a place to go to get the hands on support they need in areas they normally don’t work in or problems they’ve never encountered. We also work on projects, fix their accounting practices and do many, many migrations and other installations. Our staff covers a wide range of technologies.

Website: http://www.thirdtier.net

Helpdesk: https://helpdesk.thirdtier.net

Blog: http://www.thirdtier.net/blog


Read more »



Mar
23
Adding SSL to your Website
Posted by Amy Babinchak on 23 March 2017 12:55 PM

It has become best practice for SEO purposes to have your website be secured with an SSL certificate. It provides another indication to the search engines that your site is legitimate. SSL websites are now slightly preferred in the results over ones that are just http.

Azure makes it easy to add an SSL certificate to your website. Essentially it is a two-step process.

Step one: upload your certificate

Step two: bind it to your website

image


It is pretty much that simple. Of course first you have to have an SSL certificate that is a .pfx file with password that is ready to import. To get my certificate from the .cer that came when I ordered it I imported it into my computer, then exported it as a PFX file.

Azure has some of the best documentation available from anywhere so if you are stuck anywhere along the way this is the URL that you need. https://docs.microsoft.com/en-us/azure/app-service-web/web-sites-configure-ssl-certificate

If you’d like us to help you through the process, well we’re here to serve. Please open a ticket and we’ll help you through it.


About Third Tier

Established in 2008, Third Tier only works for IT Professionals by providing them with access to advanced support services. No one can know it all these days, so we give IT pros a place to go to get the hands on support they need in areas they normally don’t work in or problems they’ve never encountered. We also work on projects, fix their accounting practices and do many, many migrations and other installations. Our staff covers a wide range of technologies.

Website: http://www.thirdtier.net

Helpdesk: https://helpdesk.thirdtier.net

Blog: http://www.thirdtier.net/blog


Read more »




Help Desk Software by Kayako Fusion