News Categories
Announcement (9) Amy Babinchak (64) Tips (1) SBS 2011 (6) Windows Essentials 2012 (4) Edwin Sarmiento (28) SQL Server (22) SQL Server 2012 (6) SQL Server Clustering (3) SQL Server Disaster Recovery (6) Windows Server 2008 Clustering (1) log shipping (1) Brian Higgins (3) Uncategorized (42) Hyper-V (67) Virtualization (13) Windows 8 (13) Cisco VPN Client (1) Windows Server 2012 (24) Friend of TT (4) Hangout (2) Office365 (4) DNS (8) Jeremy (7) Cliff Galiher (3) Active Directory (12) ClearOS (4) Linux (4) presentations (2) SQL PASS (6) Chris Matthews (4) Printers (2) SharePoint (8) SQL Server Administration (7) Windows PowerShell (3) recovery model (1) sql server databases (1) Dave Shackelford (7) SMB Nation (1) Steve (1) Boon Tee (5) Kevin Royalty (3) Lee Wilbur (2) Philip Elder (10) SMBKitchen Crew (31) Susan Bradley (15) AlwaysOn (1) AlwaysOn Availability Groups (4) readable secondaries (1) row versioning (1) undocumented (1) The Project (2) Webinar (3) Enterprise for SMB Project (9) Security (25) Remote Desktop Connection for Mac (1) Remote Desktop Services (8) Windows Server 2008 (1) Exchange (15) Powershell (6) Microsoft (15) Performance (7) data types (1) Server 2012 (1) monitoring (1) DevTeach (1) SQL Server High Availability and Disaster Recovery (5) Clusters (44) Hyper-V Server 2012 (2) Business Principles (26) Cost of Doing Business (13) DHCP (7) sbs (15) Windows Server (30) SMBKitchen (26) Windows Server 2008 R2 (4) StorageCraft (1) P2V (1) ShadowProtect (6) StorageCraft ShadowProtect (1) VHDs (1) Intel RAID (2) Intel Server System R2208GZ (1) Intel Server Systems (17) RAID (2) SAS (2) SATA (2) Server Hardware (12) Microsoft Licensing (2) OEM (2) System Builder Tips (4) Intel (5) Intel Channel Partner Program (4) Intel Product Support (10) Intel Server Boards (2) Intel Server Manager (2) Cloud (26) IT Solutions (2) On-Premises (20) SMB (9) WIndows Azure (2) StorageSpaces (1) Error (47) Error Fix (35) Intel Desktop Boards (2) Intel SSDs (2) SSD (2) Business Opportunity (17) Data Security (11) Identity Security (7) Information Security (14) Privacy (2) Intel Modular Server (6) Promise (2) Storage Systems (9) Live ID (2) Microsoft ID (4) User Profiles (2) Articles (2) Building Client Relationships (6) DBCC IND (2) DBCC PAGE (2) filtered indexes (2) SQL Server Index Internals (2) training (11) Adobe (3) Internet Street Smart (8) Intel Storage Systems (2) LSI Corp (2) LSI SAS6160 Switch (2) Storage Spaces (7) Firmware Update (2) Product Support (7) Hybrid Cloud Solutions (3) Server Core (2) MAXDOP (1) SharePoint 2013 (1) SharePoint best practices (1) SQL Server Authentication (1) Family (5) Alternatives (1) SBS 2011 Standard (4) Microsoft Small Business Specialist Community (2) Microsoft Surface (2) SBSC (2) Networking (4) Availability Groups (3) CANITPro (1) HA/DR (1) Step-By-Step: Creating a SQL Server 2012 AlwaysOn Availability Group (1) webcast (1) VMWare (2) Conferences (2) Client Focus (2) Disaster Recovery (6) Error Workaround (8) Troubleshooting (4) Logitech (2) Product Review (7) Windows Features (4) XBox Music (2) SBS 2008 All Editions (4) MDOP (2) Microsoft Desktop Optimization Pack (2) Software Assurance (2) W2012E (6) Windows Server 2012 Essentials (6) Internet Explorer (3) USB 3.0 (2) USB Hard Drive (2) Bug Report (2) Microsoft Office 365 (5) sharepoint online (2) BitLocker (2) Windows (2) Microsoft Update (3) Swing Migration (2) Windows Update (4) Outlook (2) Group Policy (9) WS2012e (2) WSUS (3) Office (3) Microsoft Downloads (5) Microsoft Office (3) DRP (3) Virtual Machines (2) Virtual Server Hardware (2) online course (1) SQL Server learning (7) 2 Factor Authentication (2) 2FA (2) PASS Summit 2013 (4) SQLPASS (5) Contest (1) e-learning (1) Udemy (1) smbtechfest (1) backups (2) PASS Summit First Timers (3) IIS (2) RD Gateway (4) RD RemoteApp (2) RDWeb (4) Remote Desktop Connection (2) Remote Web Access (2) Remote Web Workplace (2) Cryptolocker (6) Backup (4) Restore (2) CryptoLocker (1) AuthAnvil (1) SBS 2003 (1) SBS Migration (1) Windows Server 2012 R2 (9) Documentation (1) IE 11 (4) testimonials (11) SQL Server 2008 (1) Best Practices (1) Support (1) Intel Xeon Processor (1) RemoteApp (1) Android (1) iOS (1) Hyper-V Replica (2) PowerShell (2) SBS (3) Break (1) Business Intelligence (1) Excel 2013 (1) Power Map (1) Power Query (1) PowerBI (1) MultiPoint (2) Surface (1) Net Neutrality (1) Opinion (2) ASP (9) HP (2) Scale-Out File Server (8) SOFS (10) Windows Phone (1) Updates (1) Intel NUC (1) Intuit (1) QuickBooks (1) Office364 (1) Intel Server Systems;Hyper-V (1) Firewall (1) Patching (1) Mobile (1) Mobility (1) sharepoint (1) Microsoft Security (1) Beta (1) Storage Replication (1) outlook (1) Hyper-V Setup (3) JBOD (1) Azure (1) PCI (1) PCI DSS (1) PII (1) POS (1) MicroStaff (2) Catherine Barr (2) Third Tier (1) BeTheCloud (1) BrainExplosion (1) LookAWhale (1) Manuel (1) Rayanne (3) SuperSecretNews (1) TechYourBooks (3) Managed Services (1) Training (1) E-mail (1)
RSS Feed
Latest Updates

Follow us on Facebook too. Click to go there now

Jun
12
One way Microsoft 365 pays for itself
Posted by Amy Babinchak on 12 June 2019 09:53 AM

What if there was an application, maybe even an artificial intelligence, that could watch over some of your tasks and do them for you? What if letting that AI do those things for you ended up increasing your productivity so much so that it paid for the whole Microsoft 365 subscription all by itself? What if it also made your job less annoying? Well there is and most people haven’t started to use it yet. It’s called Microsoft Flow and it’s part of your Microsoft 365 subscription.

Do you hate uploading files into SharePoint?

Well stop doing that and let Flow do it for you. We’re going to configure Flow to watch a OneDrive for Business folder and when Flow sees that a new file has been put in the folder, Flow will copy that file into a specific SharePoint library.

  1. Create a folder in OneDrive for Business. Give it name that indicates where files put into it are going to end up. In my example I’ve created a folder called Upload to Training and I want files that are put in that folder to copy up to the Training Materials document library in SharePoint.

Files move from one folder to the next automaticallyNext I need to open OneDrive for Business in my browser and select the Flow I want to use. The easiest way to open up OneDrive is to click on the little blue cloud in your system tray and then select View Online.

View onedrive online easily

  1. In OneDrive press the Flow button in the menu and choose Create a Flow. This will let you browse through the available OneDrive for Business Flow templates.

Create a onedrive Flow in sharepoint

  1. Choose the template called Copy files between OneDrive for Business and SharePoint. You’ll be presented with a form to fill out. In the OneDrive for Business Folder filed press the folder icon and browse to the folder that you created. (in my example, this is the Upload to Training folder). In the SharePoint Site Address filed use the drop down arrow to select your SharePoint site. In the SharePoint Folder Path use the folder icon to select the document library into which you want Flow to copy your files. (in my example the Training Materials folder) Then press Create Flow.

Chose a Flow template to move files

  1. You’ll get a prompt asking you to give Flow permission to access your OneDrive for Business folder. Accept that request and you’re ready to start moving files into SharePoint without having to touch your SharePoint website. I created a shortcut for this folder and put it on my Desktop for easy drag and drop.

 

Everyone has tasks in their day that essentially involve pushing paper, digital paper in todays world but still it’s about taking a file from one place and putting it into another. Microsoft Flow is great and doing this. Harness the power of this everyday AI and safe yourself some time and annoyance.

Get your file approved for distribution

It’s the case for a lot of sales organizations that a quote must be approved by the sales manager before it goes out to the customer. This often involves a lot of back and forth in email. File attachments and file downloads. All of which take up time in the say. Flow can help eliminate a lot of that and return focus time to the sales staff.

Here is what this is going to look like for the manager when a quote is waiting to be approved.

Flow approval email

And after the quote has been approved here is what it looks like for the manager.

completed flow approval email

And here is what it looks like for me. My file moves into my approved quotes folder. Anything in that folder I know is ready to send to a customer.

Files move automatically into the approval folder

Here's how to set this up.

  1. We’re going to do something very similar to our first example. This time we’re going to create two folders in OneDrive for Business. Here I’ve created one called Quotes for Approval and one called Approved Quotes. My work process will be to save a new quote into my Quote for Approval folder. Flow will ask my manager to approve the quote and once it has been approved Flow will move the file into the Approved Quotes folder for me. So in this case Flow is taking two tasks from me. Flow is asking for the quote to be approved and then moving the file after it has been approved.
  2. After I have created my Quotes for Approval folder I need to share it with my manager. Because the manager will need to be able to open the file to review it. Now that I have my two folders and the one is shared with my manager I’m ready to setup my Flow.
  3. As before I’m going to go into OneDrive for Business in my browser and use the Flow button in the menu to create my Flow. For this one I’ll select the Flow called On Approval, move a new OneDrive for Business file to a different folder. I will be prompted to give Flow permission to the OneDrive for Business folder I created as well as the ability to send an email to my manager on my behalf.

Simple approval template

From here I fill out the form as I did in the first Flow example. That’s it! I’m ready to start using this Flow.

What have I accomplished by eliminating the task of asking my manager to approve a quote? I eliminated the need to compose and email, attach files to that email. Wait for a return email, download the approved files and save them somewhere. On the mangers side I’ve also eliminated the need for the manager to have to remember if there are quotes waiting for approval. The job status is right there in the managers email.

Microsoft Flow is your private artificial intelligence just waiting to take tasks off of your plate. We all have far too many paper pushing tasks even though we might not have the paper anymore.

I’ve only presented two examples, but can you imagine how many tasks each person at your company has that could be automated? I have about a dozen of them setup for tasks that I do. Think of it think way. If you can phrase it as an If-Then statement, then Flow should be doing it not you. If I need to get approval for a file, then have Flow do it. If I need to move files from one place to another, then have Flow do it.

Microsoft has a few thousand templates available and you can every create your own. When you get really good with it you can create much more complex multi-step Flow solutions. Imagine the possibilities. Add up that savings and you’ll see that Flow has the potential to pay for your whole Microsoft 365 bill and more. Increasing productivity is no small thing for businesses. It’s the best way to add to the bottom line. So if you’re in IT person that wants to be valuable to your employer, start introducing people to Microsoft Flow. If you have a Microsoft 365 subscription then you own it already. Why not start harnessing the power of everyday AI and be the one that uses technology to add to the bottom line of company. Put that on your resume!

_________________

Make your IT business better than the competition. Open a ticket with us! IT Pro Helpdesk, TechYourBooks, Super Secret News,  Ransomware Prevention Kit and more. https://www.thirdtier.net


Read more »



Apr
11
A few Windows 10 features to not forget about
Posted by Amy Babinchak on 11 April 2019 06:08 PM

Ahead of the coming release of Windows 10 1903 let's take a look back and what you might have missed that can be helpful in the previous versions.

I think a lot of people don’t notice the changes to Windows after an update comes out, unless they’ve moved your cheese. Then I hear from my clients about something in the UI that they don’t like because it’s different. Otherwise people have a tendency to just go along doing things they way that they’ve always done them.

Windows is the platform basis for all applications that run on your computer. It’s the traffic light controlling all things behind the scenes and it’s really a very complex piece of engineering. In addition to performing those duties it also tries to make the life of the person using the computer just a little bit better. For example, recently Microsoft has been promoting all of the work that they’ve put into the accessibility features and those are amazing and wonderful because as Microsoft says in their ads, we’re all better when we can all create. And that’s really what’s important about Windows. It’s the platform that makes creating possible.

So in that spirit I’d like to call-out 5 features that might just make your creating life just a little bit better.

Make your own font

Make your own font is the name of an app that is available in the Windows store. So it’s not installed by default but I wanted to also call out the Microsoft Store itself. You need to check out the Microsoft store from time to time. It’s not fundamentally different from Google Play or iTunes except that it’s more business focused. There’s some great apps in there and some fun ones too. This one probably falls somewhere in between.

Did you ever wish you could write an email or a document in your hand-writing? Well you can and it’s very easy to do. The Make your own font app is super simple. All you do is fill out the alphabet in capital and small letters, numbers and symbols in the form provided by the app. Then you save it and give your font an awesome name. Next go to Control Panel then Fonts and upload the font file you just saved. Now your font will show up in all of the applications on your computer.

 Making a Font

This is Amy’s font. If she had created it years ago it would have been much neater.

While this font might resemble my handwriting, it’s not quite there because like everyone I have quirks that no font is going to capture. For example, when I write my first e in a word, I tend to use an e that look like a miniature big E. But then when the next e comes along in the word I use the traditional small e. I also have a tendency to mix cursive and printing, sometimes in the same word, definitely in the same sentence, and well no single font can deal with that! But still I’m enjoying the Amy font that I created.

Automatically lock your computer when you walk away

Many people have heard of Dynamic lock but few understand the power fully. Dynamic lock is a component of Windows Hello. While most people think that Windows Hello is just the ability to log in with your face if you have the proper camera in your laptop it’s really a lot more than that. In a nutshell Windows Hello is the ability to authenticate to your computer with a means other than a password. That can be with a PIN, a face, a picture, an app or other devices. How is that more secure than a password? Well under lying these is the credential but it’s only accessible to apps after you enter you use one of these devices. Windows Hello keeps the actual credential secure. But this is just a stepping stone to the very soon coming day when passwords will be going away and our computers will instead recognize us by our behaviors. Boom! I’ll write another article on that topic sometime because it deserves it.

Back to Dynamic lock. You can pair any Bluetooth device to your computer. Once paired it can be selected as the Dynamic lock device. Now, when you start up your computer it will look for the paired device, if it’s present Dynamic lock is active. If it isn’t present Dynamic lock will pop-up a toast letting you that because the device isn’t in range at that moment that Dynamic lock will not be turned on during this session. However, when you start-up your computer and your paired device is nearby Dynamic lock will be active and now when that devices leaves a short distance from your computer, after about a 30 second delay your computer will lock.

Because it locks when you walk away with the device, your data will remain safe from passersby. As you can see below, I have my phone paired for this purpose. And while this might be the most common scenario, you can actually pair any Bluetooth device and select it to your Dynamic lock device. Just be sure to pick something that you’re never without. I haven’t tried it but I think one of those Bluetooth key fobs would be a great pairing for Dynamic lock.

 automatically lock your computer when you walk away

A clipboard that holds 10 or more things at once

Being able to clip several things and then come back to them later is a great productivity tool. People have been loading clipboard apps onto their computers for ages and finally Microsoft built one into Windows. It’s very simple to enable and use.

 Save multiple things to the clipboard

Just hit Windows  key + v and the clipboard history will pop-up. Then simply select the item you want to paste from the list. The clipboard history is not on by default. To turn it on the first time, do the same thing. Hit the Windows key + v and press the Turn on button when the clipboard history opens.

Notice the … at the upper right corner of each clip. As shown in the picture above you can delete it or pin it, so it gets saved forever in your clip history or clear the entire history with the exception of the pinned items. Very simple and very functional.

 clipboard settings

Now in Settings of your computer there are a few more items. This is where you can turn the feature off or choose to sync your clipboard across your others devices. By other devices, Microsoft means other Windows devices. So if you have a desktop and laptop, they will share a clipboard history with each other. That way you can clip something on your laptop and use it later from your desktop. You’ll notice the privacy statement link under that feature and that’s because in order to keep those in sync the items clipped on your laptop and desktop pass through Microsoft’s data center.

Ransomware protection

Ransomware has been hitting computers, mostly business computers, since around 2013. With Windows 10 Microsoft provided protection against ransomware through the Controlled Folder access feature. You’ll find this setting located under Ransomware protection. Again it’s something you need to turn on.

 ransomware protection

Turning Controlled folder access on protects the default Windows data storage locations in your profile from access by unknown applications. Microsoft will compare what is trying to access your Documents folder, for example, with known good applications and then allow the access if the app is on the list. If it isn’t then you’ll see a Toast pop-up letting you know that Microsoft blocked an app from accessing the files. If you happen to have an app that isn’t on the list you can add it by clicking the Allow an app through Controlled folder access link.

Let’s say that you are in the habit of saving data to another location on your computer. Let’s say you created a folder on your C drive to save data into. You can also protect that location by clicking on the Protected folders link and then the + sign and adding your custom location. This way none of your data has to go unprotected.

At the bottom of that screen you’ll noticed an opportunity to setup OneDrive for file recovery. This feature allowed for one-click restore of the data you have stored in Desktop, Documents or elsewhere in OneDrive. It’s a sort of fail-safe in case your OneDrive data were to get encrypted.

Don’t let Windows keep you up at night

If you find yourself using your computer just before heading to bed then Nightlight is for you. It’s not about providing light as the name might imply. It’s actually about reducing light and limiting the color spectrum so that your melatonin doesn’t get impeded. Melatonin is the chemical the body produces after a cue from the eyes that it’s dark and time for bed. If your eyes see daylight, then it’s time to wake up. Your computer can give your body the false indication that it’s daytime and Nightlight is designed to prevent that.  

Nightlight is another one of the features that isn’t turned on by default. So go to Settings, Nightlight to find the settings screen above. I suggest scheduling night light. Since Windows knows what time it and the time zone that your computer is in, it therefore knows the time of sunset to sunrise. If you don’t like those times you can optionally select your own by choosing the other radio button.

 Remove the blue light that keeps you awak

Hopefully I’ve given you a few good reasons to take a better look at what Windows has to offer. Those updates aren’t just providing new security features, they also provide new functionality. Sometimes you have to look for them but the hunt is worth the effort.

 

_________________

Helping IT Pros is all we do! No contract, no minimum. Just current and former Microsoft MVP's with deep technical skills ready to help. IT Pro Helpdesk, TechYourBooks, Super Secret News,  Ransomware Prevention Kit and more. https://www.thirdtier.net


Read more »



Mar
19
Making the leap from job owner to business owner
Posted by Amy Babinchak on 19 March 2019 11:15 AM

Most businesses start out as one person deciding to do what they are currently employed to do under their own name, rather that continue to work for someone else. There are a lot of us that just don’t fit into corporate culture and so we start our own business. As a one-person business though…are you really a business or are you just self-employed?

I don’t mean to imply that there’s anything wrong with being self-employed. I was for 3 years until I decided that if this is what I loved doing then I should make it into a business. Some people never make that decision and that’s ok too. But some people are stuck wanting to have a business but can’t figure out how to make that leap. This article is for you.

What is the definition of business anyway?

A business has certain characteristics that make it different from a job.

  • It is incorporated
  • It employs people
  • It can continue to exist beyond your lifetime

I started my MSP like a lot of people did. I started to gather up some side gigs supporting businesses after hours from my job supporting schools. Eventually I decided to move the side gig work into being my main work. So I went to all of those businesses I was supporting and asked them to sign a contract so I could get enough stability to quit my job. And so they did, and I did. Now I owned my job.

I worked this job for about 3 years while I thought about what I was going to do. I was enjoying this job but it was of course a dead end. There was just me and no where to go except to keep doing what I was doing. I knew I wouldn’t be satisfied with this reality for much longer and so I decided to create a business from this job.

I’m ready to not be a tech any more

Making the leap from job to business is largely a mental one. The point of the business is to give you someplace to grow in your career and to grow the business into something of value that you can later pass down or sell to fund your retirement.

The problem is that the first person hired is a 100% growth for your business. The second one is 50%. The third is 33%. The fourth is 25%. You probably got the point that it will get easier as you go but those first steps are really big ones. It’s like being at the gym and the coach has you starting on the 3 foot box jump then work your way down! It’s backwards from what would be ideal but that’s the way it is. Your business needs to be ready and your budget needs to be ready too.

As your business grows you will find yourself not being a tech anymore. Nor an engineer or architect. You’ve chosen a career path that ends as business owner and you need to embrace it.

Who should be your first hire?

There’s a lot of discussion on this topic. It’s reached the status of the “old quandary”. Your options are an admin person or a technical person. While there are good arguments on both sides I come down on the side of choosing a very good technical person as your first hire. Here’s why.

In starting your business you are playing all of the roles. Marketing, sales, technical, accounting, payroll and more. The process of growing your business is all about giving away your job. Each person that you hire will take part of your job from you. Don’t worry about not having anything to do. Each of your other roles will naturally expand to fill the space. Been too busy to meet with your accountant monthly? Blog regularly? Engage in regular marketing activities? Now you’ll start to have time for those things. But only if there’s enough money coming in. You need the technical person in generate additional income for the business.

My other reason for suggesting that you hire a technical person first is that you know how to do it. You know how to determine if a tech person is good. You know what their task list should be and you’re prepared to train that person. You can do all of these things because you are a tech. While it might be appealing to get rid of the admin work, you probably aren’t as prepared to interview and train that person because you don’t know the job well yourself yet.

Initially both you and your new technical person will be doing the same work. You’ll be training this person to do the technical work just as you like it to be done. This person is going to be expensive because you need them to be capable of being you so you can bill clients for them in full confidence. Meanwhile you are also working like crazy to bring in more clients so that both of you are busy billing full time.

Your second person is probably another technical person for the exact same reasons. The company needs the money coming in. By this time you’re reaching exhaustion from being fully billable yourself while focusing on training this staff and bringing in new clients. Now your business should be able to afford to pay the three of you and start to off-load some of your workload. Hire a firm to help you with the bookkeeping and taxes and payroll. Off-load some of your billable work to your new hires and keep the path toward giving away your job duties to others while bringing in the new business to support the expense.

It can be a roller coaster of paying others before yourself but staying the course and compressing the timeframe to bring in that additional business is the key to success.

Avoid these pitfalls

I’ve seen MSP’s struggle to get off the ground. The problems can seem like many but in my experience these are the worst ones.

  • Under-qualified staff
  • Debt
  • High overhead
  • Micro-management

Hire people that can do the job, are going to stick around for a while and that you can be proud of. Stay out of debt. Debt kills businesses! Remember that software will not set you free so don’t load up on “MSP solutions” until you really know what your business looks like when it has staff. Like-wise be frugle on your license purchases and keep your office costs as low as possible. No client is coming to see you so they really don’t care where you work from. You need as much of your income to go toward payroll as possible not over-head. Finally avoid micro-managing your staff. Train them up to do it right then let them do the job. You’ve only got so many brain cycles and you need the ones you aren’t using doing technical work to focus on business growth. Because growth is ultimately what is going to get you past all of the initial hurdles so you can work your way down the growth ladder.

_________________

Make your IT business better than the competition. IT Pro Helpdesk, TechYourBooks, Super Secret News,  Ransomware Prevention Kit and more. https://www.thirdtier.net


Read more »



Mar
8
Please stop disabling IPv6
Posted by Amy Babinchak on 08 March 2019 01:27 PM
A recent Windows 10 update brought to light just how many people are disabling IPv6 as part of their normal process. Should you be doing that? Probably not.

But first things first. Since so many people are disabling IPv6, many readers are probably already jaded at the prospect of allowing IPv6 on their network. I’m going to argue that in most cases it is not necessary or desirable to disable IPv6 and, in fact, it is desirable not to. But before we get to that, if you just can’t stomach it or you have some serious legacy applications or hardware, here is Microsoft’s official recommendation: Keep IPv6 enabled but issue a policy that says to prefer IPv4.

To configure IPv6, modify the following registry value based on this table.

Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\

Name: DisabledComponents

Type: REG_DWORD

Min Value: 0x00

IPv6 Functionality Registry value Comments
Prefer IPv4 over IPv6 Dec 32
Hex 0x20
Bin xx1x xxxx
Recommended instead of disabling

Moving right along

Now that we’ve gotten that out of the way, let’s take a look at how Windows uses IPv6 even when your DHCP server is providing it an IPv4 address and your Internet router doesn’t support it.

We all know that the world is running out of IPv4 addresses. I’m not going to bother to rehash that here other than to say that this doesn’t matter for your internal network. Your internal DHCP can still use IPv4 for compatibility reasons but you’ll end up using IPv6 to access the Internet. But that still doesn’t mean that you want to disable IPv6. You actually want to use both. You can use IPv4 for the ease of readability. But let Windows prefer IPv6 for the reasons I’m going to discuss now. I think that this is the best option.

IPv6 is core to the Windows operating system and Microsoft doesn’t do any testing with it turned off so they won’t guarantee that anything will work properly without IPv6. Of course, many things do but behind the scenes, Windows has to work hard and fall back to older protocols after it finds that IPv6 isn’t available. That waiting to fail can really be felt on the PC when you disable IPv6. Back in the Windows 7 days there was a condition where there would be a lag getting to the Internet when IPv6 was enabled and your router didn’t support it. But starting with Windows 8 and Server 2012, Windows detects that there is no route to the Internet in IPv6, remembers this, and then prefers IPv4 for this type of traffic. No configuration or disabling required.

What does IPv6 do for network traffic?

don't disable IPv6
IPv4 is one of the longest-lived pieces of technology in our computers today. When it was built, the population of computers were a lot smaller and there was no real need for security. In fact, there is no security built into IPv4. My, how things have changed! In IPv6 security is its top priority. IPSec is the default. Here are a few of the advantages of IPv6.

  • There’s no need for NAT. Every computer can have an address that allows it to get to the Internet using the same IP that allows it access to internal resources. We no longer have to try to keep those two networks separate through IP addressing. VOIP QoS is more robust because direct connections to the PC are possible.
  • IPv6 moves the handling of fragmentation to the device rather than the router. This makes everything faster because there is no handling of checksum.
  • IPv6 uses multicast rather than broadcast so hosts that don’t care about what you’re doing do not have to process the packets.
  • IPSec is no longer an add-in. It’s baked in, which means that information in the header and packets are secure by default.

There’s a persistent myth about IPv6 and that is that if you disable it you are reducing the attack surface. The truth is that your IPv6 traffic won’t get out if your router doesn’t support it and if it does support IPv6 then it will protect the internal traffic. Since IPv6 header information is encrypted, your internal network is actually safer.

Additional benefits that might seem scary

never disable ipv6
It’s an upside down world these days. Remember when IT departments used Group Policy to manage and control PCs? Remember when we had to maintain DHCP servers? Remember when your devices used non-routable addressing and had to NAT to get to the Internet? Remember when employees all worked in the office? Remember when we didn’t have VOIP phones? Remember when you didn’t have any IoT devices at all?

IPv6 doesn’t need a DHCP server because it doesn’t use NAT. The individual device is capable of assigning itself an address. It queries the network for the prefix and the automatically assigns the rest. What is so scary about that? It’s a loss of control. There no more GUI to look at and see which machines are using which addresses. You’ll have to query for that information. But if the computers are self-assigning and assuring that there are no duplicates automatically then why do we really need to care? It’s the letting go of past practices that is the scary part, not the technology itself.

Letting go of NAT is probably the scariest part for many IT admins. NAT gives you this illusion that your network is safe. And yet every day in a million ways each device makes a connection to the Internet and traffic directly routes to it from the Internet. If the device wants to allow an incoming connection it either makes the initial call or a port is opened in its local firewall. Guess what? The same thing happens when you use IPv6 except that the router doesn’t have to do all of those NAT calculations. NAT was never about security.

While Group Policy and DHCP servers might not be eliminated from your network yet, they will be eventually. While some businesses still have digital key phones and all of their employees work in the office they aren’t in the majority anymore. I dare say that there aren’t any businesses that don’t have some form of IoT on their network at this point. Even security cameras and network-connected time clocks count as IoT and many businesses have a lot more variety of IoT devices than that. The point is that the very definition of networking has changed as has the very definition of “the edge.”

You’ve probably read that “the edge” is the user credentials. It’s true. Now that users have access to corporate data from mobile phones, desktop phones, softphones, laptops, tablets, and so much more while on the road and in the office, the edge is getting pretty transparent. I mean, when you can take the desktop phone off your desk and plug into your home Internet and make a call with no additional configuration needed? The world of networking has changed. It’s not, your DNS, DHCP, your NAT scheme, or your firewall that is protecting the network. It’s the credentials on that phone that count. That’s our edge and it is where we need to focus on security.

Forget about the imagined pitfalls of IPv6. It’s small, more nimble, encrypted, and secure. We need to focus our efforts on modernization to make sure that we aren’t crippling our networks by hanging onto legacy networking technologies. The easiest way to adopt IPv6 is to simply stop disabling it.

_________________

Make your IT business better than the competition. IT Pro Helpdesk, TechYourBooks, Super Secret News,  Ransomware Prevention Kit and more. https://www.thirdtier.net


Read more »



Feb
28
Rethinking Network Design where there's no server
Posted by Amy Babinchak on 28 February 2019 10:36 AM

______________________________ 

Make your IT business better than the competition. IT Pro Helpdesk, TechYourBooks, Super Secret News, Women in IT Scholarship program, Ransomware Prevention Kit and more. https://www.thirdtier.net

 


Read more »




Help Desk Software by Kayako Fusion