Archive

💻 Zettle code 2: this is the enshittification that Cory @doctorow@marmot.fr writes about. My partner has a Zettle terminal that was used maybe twice then put away for some time. Upon going back to it, it gives a code 02 error which indicates tampering…which I’m certain hasn’t happened unless the Cat knows more than …

There’s a long thread on Edugeek about pay and conditions for IT staff in UK education. I quit edu work about 6 years ago and my current employer in the private sector pays much better but is also much more respectful of its staff than anything I’ve ever seen in UK edu. We’re …

Apple's designs: Anyone ordered a Mac Mini yet? I’ve not got a use for one, but I’m intrigued. I can live with the power button being on the bottom. @gruber@mastodon.social makes an interesting point about the Apple Mouse charge socket being on its bottom; you might not agree with Apple but these are …

Becoming a Chartered IT Professional: I have recently been working on my professional development and was delighted to be awarded the status of Chartered Information Technology Professional (CITP) from the British Computer Society last year. Why does this matter? Chartered status can only be granted by organisations which have received …

👋 Not written anything about my techie noodling 👩‍💻👨‍💻💻in ages, but busy migrating to micro.blog from Wordpress. it’s been interesting to say the least. The Wordpress implosion, which I’m not qualified to write about, got me thinking about the why, if and how of blogs in 2024. Micro.blog turned out …

Securing Admin roles in Azure Active Directory: I’m going to continue my recent look at securing your Office 365/Azure AD directory with a quick dive into using Conditional Access rules to protect your directory’s most prized asset - accounts with admin roles. These are roles that can be used to accomplish admin tasks within your …

Using Passwordless for Office 365: As the pace of attacks continues against companies who use online services, major IAM providers such as Microsoft and Okta are looking for ways to improve theirs and your security game. I was fortunate enough to attend the 2019 Okta forum in London and one of the drums Okta beat throughout the …

Azure Conditional Access for Chromebooks: I suspect most of you reading this article will already know this, but part of Microsoft’s Azure AD (AAD) / Office 365 Cloud directory service that you get when you pay for premium AAD is Conditional Access (CA), which can be used to allow quite sophisticated access controls for accessing …

Teams CAA70007 errors: Has this ever happened to you? You're using Teams like normal and one day it doesn't start. No reason, just the usual Teams error that tells you nothing. You try the usual workarounds (Mark Vale's write-up on cleaning the Teams Cache is invaluable) but nothing helps. So back to that error that …

Tuning up Intune - Building your toolset: Introduction When talking about how Intune works with a colleague, I likened assembling a working Intune configuration to protect corporate devices and data to working with small pieces of Lego to build a house. The reason for this comparison is that a managed Intune environment is built up of lots …

Tuning up Intune, an introduction.: Introduction to Microsoft Mobile Device Management I'm currently settling in to a new job where I'm spending a fair amount of time working with Microsoft's Mobile security management tools, mostly Microsoft Intune. This is largely what I was doing towards the end of my old job too, and while there's …

Chocolatey in the workplace: I talked previously about using Chocolatey for home use. It makes building a PC at home nice, simple and fast. It makes supporting non-technical friends and family nice and easy, ensuring you can build their computers how they want and keep them up-to-date with just a few simple commands (that can …

Backup to the cloud.: Introduction So I think a lot of us take backups for granted. It's one of those things you look at once and then tend to not worry about too much. As long as its working, why worry? Except… if you don’t look at it, how do you know how well its working? I’m talking from the …

Tuning up Intune - Self Service Password Reset from the login screen.: IntroductionOne of the new features in Windows 10 1803 is the ability for "local Active Directory" Domain joined workstations to allow users to reset their password from the login screen. This was introduced for Azure Active Directory joined systems in Windows 10 1709. In this post I’m quickly …

My Server’s been hacked – What do I do now? Pt 3.: Finally. Finishing up after Part 1 and Part 2, this is the end of my updated thoughts on an old Server Fault post with some final thoughts on reducing risks in the future. Reducing the risk in the future. The first thing you need to understand is that security is a process that you have to apply …

My Server's been hacked - What do I do now? Pt 2.: Following on from Part 1 of my revision of an old Server Fault post, we will continue on to look at remediation after an intrusion. (Part 3 available here) Understand the problem fully: Do NOT put the affected systems back online until this stage is fully complete, unless you want to be the person …

My Server's been hacked - What do I do now? Pt 1.': Introduction In this series of posts I’m revisiting an answer to a question that appeared on Server Fault way back in 2011. I’m pleased to say that it’s been viewed over 100,000 times, and I like to think its helped a few of them. But it’s time to look again. Since I wrote …

Easy PC rebuilds with Chocolatey: One of the things that I’ve always been interested in is automation, and being able to reproduce a ‘known state’ reliably and consistently. This applies at work when building servers or workstations thanks to tools like SCCM and Fog, and should be in your grasp at home or in even …

Malware emails - doing it wrong.: I’m currently reading /r/sysadmin on reddit at the moment, specifically this post from someone ranting that a user complain that “malware spam e-mail” went to their mail client’s spam folder. While this is classed as a rant on the site and not intended as deep analysis of a …

Office 365 email migration gotchas: One of the things I’m working on at the moment is moving the remainder of our Exchange organisation over to Office 365 / Exchange Online. We moved the bulk of our accounts some time ago; students here have been on Office 365 Exchange email for a few years, but staff and ‘role’ …

Keeping Children Safe in Education: So I recently did a podcast with SonicWall on Safeguarding and the statutory guidance on Keeping Children Safe in Education (KCSiE). You can listen to it here. Invaluable resources: Safer Internet Centre's Advice section. Internet Watch Foundation (IWF) Thinkuknow website.

Upgrading Windows PKI from SHA1 to SHA2: As I’m sure most of us know by now, SHA1 cryptography hashes have been increasingly under attack, and are now regarded as fully broken. In fact, my use of “now” kinda understates the point; you should be urgently looking to upgrade to SHA2 if you have any devices or servers using …

Paying the price of free software: Microsoft’s march towards filling their operating system with adverts continues, with people upset to see adverts for OneDrive popping up in Windows Explorer. And lets be honest, we’re all right to be annoyed. I think that’s certainly pretty intrusive. The Next Web has an article …

Scratching the Surface: At work I tend to turn up to meetings with a MacBook Pro. This surprises a few people who know me as a former Microsoft MVP, a Windows Server/Infrastructure person and the manager of a IT system that is predominantly Windows based. The MacBook Pro isn’t ideal; it’s a 15" 2010 model …

Migrating from ADFS 2.1 to 4.0: {There was a section here on converting Windows 2016 server eval to full version for enterprise customers, but as Windows 2016 is properly out there now it seems pointless. I've pasted what was here into the comments below in case anyone needs it} Upgrading ADFS The first question after deciding to …

WiFi is hard... Yes, even with today's Top Gear.: Wireless is already ubiquitous in any modern home or business these days, yet it’s one of the areas that probably most upsets employees, managers and IT staff all alike. There’s an assumption that business WiFi must be easy because anyone can purchase a cheap home wireless router and set …

Microsoft's Marketing confusion: Just lately Microsoft seem to be determined to mix up brand names to confuse customers. For a while now we’ve had OneDrive for Business, the product that is built on the back of totally has nothing to do with OneDrive. OneDrive is your typical cloud file sync platform… and actually one …

Exchange 2013 and Bugcheck 0x000000ef: After our recent Exchange 2013 rollout, we noticed a problem with the Exchange 2013 servers (virtual guests on a HyperV cluster) experiencing clock drift and ultimately bugchecking (aka blue screen) with 0x000000ef errors. These crashes and clock drifts occurred once every couple of days and quite …

SCVMM 2012 and 10698 errors: This is perhaps another example of my recent comment about SCVMM making harder work of things than perhaps it should, but for all that I want to also say that it’s very likely that the root cause of this error was a mistake on our part. I also want to share this in case someone else has a …

Migrating from VSphere/ESX to SCVMM/HyperV: We’ve always been a VMWare shop. As some of you might know, I’ve been involved in the Microsoft virtualisation stack in the past, writing guides for Virtual PC and bits and pieces for the server products, but on the server side of things, at least, VMWare have always had the lead. …

Exchange 2013 notes Pt. 1 - Certificates: I’m currently heading an Exchange 2007 to Exchange 2013 migration at work and I’m going to share the thoughts and notes that I’ve made on the process so far. The actual install process was fairly painless to be fair, with one CAS and two Mailbox servers currently configured, but I …

Stormy weather for cloud providers and users?: So we’re a Mimecast customer and today they had a few problems with their email services in the UK going offline for a large part of the working day. No big deal as such, other than that they make big claims for their own availability and have been quite ready to point out the failings of …

The Problem with BYOD projects: I see lots of people talking about and asking about hardware being “prepared for BYOD” and/or “BYOD ready”. Most of the time they’re talking about Wireless Access Points(WAPs) or other similar items of infrastructure. In a lot of ways, as long as you stick to a …

Keep taking the tablets Dell: Let me just start this post by saying that professionally at least, I’m a happy Dell customer. I’ve built up a good relationship with them over the years, met senior Dell staff and we almost exclusively use their server & storage infrastructure where I work, we’ve used them for …

Robert's Modern Sysadmin Rules, Part 2: 5. "Nuke from orbit" is still the best approach to a rooted system. See http://serverfault.com/a/218011/7783 I've talked about this in the Server Fault answer above, and I might do another post diving into some of the details behind my beliefs here but the drive to rebuild after getting a system …

Robert's Modern Sysadmin Rules, Part 1: Based losely on a series of tweets I made last year. 10. Documentation & planning may not be fun but they can be the difference between being promoted & being fired. It's easy in support and operations to get sucked into the mantra that documentation doesn't matter, or more likely, that yes …

Procurve Manager - multihomed gotchas: We are almost exclusively a user of HP Procurve switches where I work. We have a wide range of models that we’ve used at both core and edge and have been happy with them over the years. One important part of our current toolset for managing switches is the HP Procurve Manager Plus management …

SCCM 2012 WTF moment: We’ve been migrating from SCCM 2007 to SCCM 2012 at work. One very interesting part of SCCM 2012 for us has been the support for Mac OSX that was added in SCCM 2012 SP1. We have about 70 Mac clients, I guess, on top of about 1500 Windows clients, and those 70 clients need a dis-proportionate …

At least you don't work for EA.: If you do then my condolences, but you probably don’t. And if you don’t then however bad your day at work was, it’s probably not as bad as the network admins over at EA. How is it that everyone except EA themselves could see this one coming? For some time now EA and Maxis have been …

IT Science vs. IT Religion. Again: What we’re going to here is go back. Way back. A long time ago, I made a brief comment on Mr Angry’s blog article about project managment disasters where I suggested a reason for the difference between a high level management view of IT projects vs. a lower level IT …

Java - Unsafe at any speed?: So another day, another Java vulnerability. Before we go on, if you’re not actually using Java for anything then uninstall it right now from your computer - or at the very least disable the browser plugin. Go ahead, I’ll wait. Done? Good. Much like the problems that surrounded …

Spend less time playing with featureless glass: Ok. So apparently Sergey Brin (seen here with an entire computer strapped to his face) thinks we should spend less time just “standing around rubbing this…"(smartphone/tablet)”…featureless piece of glass". He said this with an entire computer strapped to his face, …

The problem with Windows 8: When Windows 8 was first released to techies, I made the effort to install it on my main computer at home and use it in order to try and get used to it. I’ve always done this; if you work in technology you need to be up to date with technology. This install lasted for a bit longer than a month …

All I wanted to do was give you some money - a customer service story.: iPhone 4S disappointment... why? So the new iPhone 4S. Who's excited about that eh? Not the technorati apparently. More fool them, it seems. I guess a lot of tech commentators feel let down because they had decided among themselves that Apple were going to release something called the iPhone 5 and …

So what has happened at Sony?: Whatever problems you've faced at work today just comfort yourself with this thought: You're probably not "head of security" for the PlayStation Network. Yeah, Sony have been the victims of an intrusion, and the question that everyone is wondering (and I certainly hope you are thinking about this …

Talking Tablets: So I finally took the plunge into the world of tablets and got myself an iPad 2, and very nice it is too. Now those people who know me (and know exactly how many Apple gadgets I have) could be forgiven for thinking I just went for the Apple on autopilot… and nothing could be further from the …

Optimising for a virtual environment: In my last post, I talked about optimising virtual machine builds for the virtual environment. In this post, I shall talk about how to do just that. My employer implemented a VMWare ESX farm in 2008, using the “enterprise” level of their product, which includes tools like vCenter and …

The 4 stages of virtualisation: As virtualisation becomes more popular, and as I’ve done a few projects with this myself and both helped and watched others do virtualisation projects, I think there are probably at least four stages to the life cycle of virtualisation within an organisation, and I thought it might be …

I'm not very good with computers: The phrase “I’m not very good with computers” is one you frequently hear, sometimes from people who are embarrassed to have a problem with their computer, sometimes as a response to any technical question (Our helpdesk once had this response back to telling someone that their …

From Hell's heart, I email thee: My feelings about various email servers I’ve had to do battle with over the years are well known to those people who have worked with me. Imagine my surprise to receive an email that began like this: OS2 wasn't enough for me, I feel the need to go the whole hog and get IBM'd*! As it happens …