News Categories
Announcement (9) Amy Babinchak (64) Tips (1) SBS 2011 (6) Windows Essentials 2012 (4) Edwin Sarmiento (28) SQL Server (22) SQL Server 2012 (6) SQL Server Clustering (3) SQL Server Disaster Recovery (6) Windows Server 2008 Clustering (1) log shipping (1) Brian Higgins (3) Uncategorized (42) Hyper-V (67) Virtualization (13) Windows 8 (13) Cisco VPN Client (1) Windows Server 2012 (24) Friend of TT (4) Hangout (2) Office365 (4) DNS (8) Jeremy (7) Cliff Galiher (3) Active Directory (12) ClearOS (4) Linux (4) presentations (2) SQL PASS (6) Chris Matthews (4) Printers (2) SharePoint (8) SQL Server Administration (7) Windows PowerShell (3) recovery model (1) sql server databases (1) Dave Shackelford (7) SMB Nation (1) Steve (1) Boon Tee (5) Kevin Royalty (3) Lee Wilbur (2) Philip Elder (10) SMBKitchen Crew (31) Susan Bradley (15) AlwaysOn (1) AlwaysOn Availability Groups (4) readable secondaries (1) row versioning (1) undocumented (1) The Project (2) Webinar (3) Enterprise for SMB Project (9) Security (25) Remote Desktop Connection for Mac (1) Remote Desktop Services (8) Windows Server 2008 (1) Exchange (15) Powershell (6) Microsoft (15) Performance (7) data types (1) Server 2012 (1) monitoring (1) DevTeach (1) SQL Server High Availability and Disaster Recovery (5) Clusters (44) Hyper-V Server 2012 (2) Business Principles (26) Cost of Doing Business (13) DHCP (7) sbs (15) Windows Server (30) SMBKitchen (26) Windows Server 2008 R2 (4) StorageCraft (1) P2V (1) ShadowProtect (6) StorageCraft ShadowProtect (1) VHDs (1) Intel RAID (2) Intel Server System R2208GZ (1) Intel Server Systems (17) RAID (2) SAS (2) SATA (2) Server Hardware (12) Microsoft Licensing (2) OEM (2) System Builder Tips (4) Intel (5) Intel Channel Partner Program (4) Intel Product Support (10) Intel Server Boards (2) Intel Server Manager (2) Cloud (26) IT Solutions (2) On-Premises (20) SMB (9) WIndows Azure (2) StorageSpaces (1) Error (47) Error Fix (35) Intel Desktop Boards (2) Intel SSDs (2) SSD (2) Business Opportunity (17) Data Security (11) Identity Security (7) Information Security (14) Privacy (2) Intel Modular Server (6) Promise (2) Storage Systems (9) Live ID (2) Microsoft ID (4) User Profiles (2) Articles (2) Building Client Relationships (6) DBCC IND (2) DBCC PAGE (2) filtered indexes (2) SQL Server Index Internals (2) training (11) Adobe (3) Internet Street Smart (8) Intel Storage Systems (2) LSI Corp (2) LSI SAS6160 Switch (2) Storage Spaces (7) Firmware Update (2) Product Support (7) Hybrid Cloud Solutions (3) Server Core (2) MAXDOP (1) SharePoint 2013 (1) SharePoint best practices (1) SQL Server Authentication (1) Family (5) Alternatives (1) SBS 2011 Standard (4) Microsoft Small Business Specialist Community (2) Microsoft Surface (2) SBSC (2) Networking (4) Availability Groups (3) CANITPro (1) HA/DR (1) Step-By-Step: Creating a SQL Server 2012 AlwaysOn Availability Group (1) webcast (1) VMWare (2) Conferences (2) Client Focus (2) Disaster Recovery (6) Error Workaround (8) Troubleshooting (4) Logitech (2) Product Review (7) Windows Features (4) XBox Music (2) SBS 2008 All Editions (4) MDOP (2) Microsoft Desktop Optimization Pack (2) Software Assurance (2) W2012E (6) Windows Server 2012 Essentials (6) Internet Explorer (3) USB 3.0 (2) USB Hard Drive (2) Bug Report (2) Microsoft Office 365 (5) sharepoint online (2) BitLocker (2) Windows (2) Microsoft Update (3) Swing Migration (2) Windows Update (4) Outlook (2) Group Policy (9) WS2012e (2) WSUS (3) Office (3) Microsoft Downloads (5) Microsoft Office (3) DRP (3) Virtual Machines (2) Virtual Server Hardware (2) online course (1) SQL Server learning (7) 2 Factor Authentication (2) 2FA (2) PASS Summit 2013 (4) SQLPASS (5) Contest (1) e-learning (1) Udemy (1) smbtechfest (1) backups (2) PASS Summit First Timers (3) IIS (2) RD Gateway (4) RD RemoteApp (2) RDWeb (4) Remote Desktop Connection (2) Remote Web Access (2) Remote Web Workplace (2) Cryptolocker (6) Backup (4) Restore (2) CryptoLocker (1) AuthAnvil (1) SBS 2003 (1) SBS Migration (1) Windows Server 2012 R2 (9) Documentation (1) IE 11 (4) testimonials (11) SQL Server 2008 (1) Best Practices (1) Support (1) Intel Xeon Processor (1) RemoteApp (1) Android (1) iOS (1) Hyper-V Replica (2) PowerShell (2) SBS (3) Break (1) Business Intelligence (1) Excel 2013 (1) Power Map (1) Power Query (1) PowerBI (1) MultiPoint (2) Surface (1) Net Neutrality (1) Opinion (2) ASP (9) HP (2) Scale-Out File Server (8) SOFS (10) Windows Phone (1) Updates (1) Intel NUC (1) Intuit (1) QuickBooks (1) Office364 (1) Intel Server Systems;Hyper-V (1) Firewall (1) Patching (1) Mobile (1) Mobility (1) sharepoint (1) Microsoft Security (1) Beta (1) Storage Replication (1) outlook (1) Hyper-V Setup (3) JBOD (1) Azure (1) PCI (1) PCI DSS (1) PII (1) POS (1) MicroStaff (2) Catherine Barr (2) Third Tier (1) BeTheCloud (1) BrainExplosion (1) LookAWhale (1) Manuel (1) Rayanne (3) SuperSecretNews (1) TechYourBooks (3) Managed Services (1) Training (1) E-mail (1)
RSS Feed
News
Jun
12
Solved: PCI scans fail with RDP enabled
Posted by Amy Babinchak on 12 June 2018 03:07 PM

Failing PCI compliance scans is a frequent problem for RDP users. I see many people abandoning RDS because of it but that really isn't necessary. The real solution is to set more secure crypto technologies on the server and disable to insecure connection methods. 

CLIENT: I have a client who runs their app via RDS. However, their new credit card vendor did a scan and they are failing the PCI scan. I've tried to disable TLS 1.0 and a cipher but every time I do, it breaks RDS. I'm stuck

THIRDTIER: I’ve just now used IISCrypto to disable TLS 1.0. It should break for you now but you'll pass the scan. However there is a way to make this work.

CLIENT: I've enabled SSL VPN but would prefer to use the server

THIRDTIER: I’m working on the issue and rebooting the RDS box given there are no users on it. Long story short – I’ve got all the answers we need to make this PCI compliant and still allow RD to work fine.  Let me know when we can make these changes on the client server and do testing

THIRDTIER: I remoted in tonight and reconfigured as discussed, it should now pass PCI DSS 3.1 scan. Please rescan it and let me know what you see.

If you have any problems that you're stuck on, remember to open a ticket with Third Tier. Odds are that we've seen it before and can help you quickly work through it. 

_____________________________

About Third Tier

Established in 2008, Third Tier only works for IT Professionals by providing them with access to advanced support services. No one can know it all these days, so we give IT pros a place to go to get the hands on support they need in areas they normally don’t work in or problems they’ve never encountered. We also work on projects, fix their accounting practices and do many, many migrations and other installations. Our staff covers a wide range of technologies.

Website: http://www.thirdtier.net

Helpdesk: https://helpdesk.thirdtier.net

Blog: http://www.thirdtier.net/blog


Read more »



Jun
6
Sad to relay that Scott Bonaker has died of a short battle with cancer
Posted by Amy Babinchak on 06 June 2018 02:16 PM

I received some said news today. Scott was an accountant, a generous supporter of our scholarship program, owner of the ransomware prevention kit and a customer of Third Tier. He was well known in the both the accounting and IT communities as a person that shared his expertise. Cancer sucks is the only phrase that comes to mind. He was 63 which is far too young to end a life well lived. 

This is the image of himself that he uploaded in his account with us several years ago when he participated in our ASP program to help guide small IT firms into the new cloud era.

We'll miss his knowledge. You may not have known Scott in person but it is likely that you knew him in various forums around the web. Messages of memories can be post here: http://greenlawnfuneralhome.com/book-of-memories/3499210/bonacker-scott/obituary.php

---ThirdTier


Read more »



Jun
4
Solved: enabling only TLS 1.2 works for admin but not users
Posted by Amy Babinchak on 04 June 2018 03:26 PM

Helping IT pros figure out problem is what we do. Recently a client contacted us with a TLS problem via our helpdesk. (https://helpdesk.thirdtier.net) PCI compliance demands that you disable all protocols others than TLS 1.2 for credit card processing. However, after following documentation to disable all protocols except TLS 1.2 it was only working for admins not for general users. 

The documentation provided by the vendor was wrong. Well, actually omitting something rather important.

CLIENT: Server 2012 Remote Desktop. Users connect via RemoteApp. Processes credit cards which requires a TLS1.2 connection. If I am logged into the desktop as "administrator" (the domain administrator and the account used for all domain admin tasks) I can process cards. If I connect to remoteapp and use administrator I can process cards. If I connect via remote desktop or remoteapp as any other user the transaction fails and if I wireshark it the transaction is not TLS1.2 which causes the failure.

THIRDTIER: Have you tried logging onto the RDS server itself, as one of the “problem” users and then running a test as that user via the SSLLABS site?
https://www.ssllabs.com/ssltest/viewMyClient.html  I would be keen to see the report of a working user vs a non working user please.

CLIENT: Interesting. I disabled IE Enhanced security mode and ran that page as administrator and user. As admin it passed all the tests. As user it fails the Protocol Support test. I then compared the settings in IE under Advanced -and the TLS boxes were all unchecked on the User profile and all checked on the admin profile.

THIRDTIER: How are you going with this issue, given we’ve narrowed it down to IE setting and you were going to put the GPO in place

CLIENT: Looks like the GPO worked.  Everybody is processing cards this morning.thanks!

_____________________________

About Third Tier

Established in 2008, Third Tier only works for IT Professionals by providing them with access to advanced support services. No one can know it all these days, so we give IT pros a place to go to get the hands on support they need in areas they normally don’t work in or problems they’ve never encountered. We also work on projects, fix their accounting practices and do many, many migrations and other installations. Our staff covers a wide range of technologies.

Website: http://www.thirdtier.net

Helpdesk: https://helpdesk.thirdtier.net

Blog: http://www.thirdtier.net/blog

 

 

 


Read more »



May
21
GDPR and our Terms of Service
Posted by Amy Babinchak on 21 May 2018 11:58 AM

In the wake of GDPR we are all seeing a lot of change of Terms of Service on the various websites we use and I'm sure that you're seeing the same. Our Terms of Service remain unchanged because we have always used only opt-in (you had to create an account with us in order to be receiving this) and we have never sold or allowed our client list to be used by anyone. Further should you decide to delete your account, any ticket history that you have with us is automatically deleted too. Finally, when you log into your account you are viewing the full history that we have with you and you have the ability to delete as you wish. It's always been that way. We've never held anything back behind the scenes or prevented you from having full control over your data. 

thanks for your continued business and support,

Amy Babinchak

Managing Partner, Third Tier

 

Make your IT business better than the competition. IT Pro Helpdesk, TechYourBooks, Super Secret News, Women in IT Scholarship program, Ransomware Prevention Kit and more. http://www.thirdtier.net

 

 


Read more »



May
17
Windows 10 tools have been added to the Ransomware Prevention Kit
Posted by Amy Babinchak on 17 May 2018 12:41 PM

It has been about a year since we added new material into the Ransomware Prevention Kit. That’s a long time and it’s because Ransomware is somewhat a mature industry now. In the 5 years that we’ve been fighting this nasty with IT best practices we’ve noticed a certain stability. The attacks methods are varied but they really boil down into a few basic concepts that you need to avoid Ransomware.

  • An educated user population
  • Avoidance of Phishing
  • Near immediate patching of Windows, Adobe and Flash
  • Use of latest versions of applications
  • Good IT practices to protect backup, avoid unwanted applications and prevent permission sprawl

Another thing has changed in the last 5 years. Computers are now more frequently not joined to on-premises domains. Instead they are stand-alone or joined to Azure AD. This on top of the announcements that Group Policy is now considered legacy technology and Software Restriction Policies are no longer being actively developed which in Microsoft speak tells us that both of these technologies are being phased out, means that we have to change too.

To that end you are going to find .reg, .pol files are the predominate means to managing Windows 10 computers. But we’ve also still supplied the old software restriction group policies because they still work. We’ve just put the new configurations into a different format.

In the photo above you see the list of files that reside inside of the zip file you’re going to find in the kit called Win10RansomPreventionFiles.zip. Note the text filed called Read the PDF’s first. Guess what that means? It means that you really, really, really need to read the two PDF files first in order to understand what the local group policy and reg keys are doing and how to customize them for your use. The PDF called Ransomware and Windows 10 is a long article detailing out all of the settings, what they do and how to manually deploy them. Once you understand that, you can then move to using the pre-built tools that we provided so you don’t have to reinvent the wheel.

There’s a second PDF that you should also read. Preventing ransomware on Windows 10 depends on using Windows Defender so please read the Understanding Windows Defender PDF. Especially if you think you don’t care about Defender. Many of us did’t like Defender and I want you to rethink that as we have.

I hope that you enjoy these new additions to the kit. I’ve copied other relevant articles into the zip file for convenience mostly. They aren’t new but they go along with Windows 10 and represent a tiny start to a reorganization of the materials to make them easier to find and consume.

One last thing, as you know we raised money from the donations for the kit to launch a scholarship fund. It is working. We are providing scholarships, changing lives and improving our industry at the same time. You should be proud of yourself for your contribution. Here’s a note from a recipient and if you’d like to make another contribution, your money is welcome. You can make another donation here

Would like to say “Thank You” and make a donation

Greetings Amy, I was fortunate to be one of the recipient of a scholarship through Third Tier a while back for the completion of my Security+ certification. It came at a time where my life, let alone my career, was up in the air. Getting that cert gave me the confidence to pursue my CCNA Cyber Ops which led to a new position as an Information Security Analyst with a great organization where I am now on the fast track to becoming the Information Systems Security Officer. So, I want to truly say thank you!! I appreciate the work you are doing with Third Tier and I would like to pay it forward with a $500 donation. How can we facilitate this? Best regards, LaDon Williams

If you need need to purchase the Ransomware Prevention Kit you can do that here. If you would like to send us some more money for our work in the kit and keep funding this project you can do that too. Please do that here

_____________________________

About Third Tier

Established in 2008, Third Tier only works for IT Professionals by providing them with access to advanced support services. No one can know it all these days, so we give IT pros a place to go to get the hands on support they need in areas they normally don’t work in or problems they’ve never encountered. We also work on projects, fix their accounting practices and do many, many migrations and other installations. Our staff covers a wide range of technologies.

Website: http://www.thirdtier.net

Helpdesk: https://helpdesk.thirdtier.net

Blog: http://www.thirdtier.net/blog


Read more »



May
16

A recording is available for the webinar reviewing what's new with ransomware, where the bad guys seem to be heading, and explaining our new ransomware prevention recommendations and tools for Windows 10. We're now covering more easily both domain and stand-alone PC's. We've moved to favoring direct registry edits and local policies over Group Policy. This is in response to the changing nature of work and therefore networks. We're seeing a lot fewer Windows 10 computers that are joined to a traditional on-premises domain. 

In addition, later today you will be able to go to the Ransomware Kit share location and get the new files. I'll have another blog post with the details on that. Meanwhile, find out what's new by listening in. It's about 30 minutes long. 

Download it from here

_____________________________

About Third Tier

Established in 2008, Third Tier only works for IT Professionals by providing them with access to advanced support services. No one can know it all these days, so we give IT pros a place to go to get the hands on support they need in areas they normally don’t work in or problems they’ve never encountered. We also work on projects, fix their accounting practices and do many, many migrations and other installations. Our staff covers a wide range of technologies.

Website: http://www.thirdtier.net

Helpdesk: https://helpdesk.thirdtier.net

Blog: http://www.thirdtier.net/blog


Read more »




Help Desk Software by Kayako Fusion