Posted on Wed, Dec 29, 2010
Oftentimes, companies approach IT with an "if it isn't broken, don't fix it" attitude. If the infrastructure you have is working for you, why spend time and money on costly, involving upgrades and migrations? Unfortunately, once software products pass out of their manufacturers support period, old software can become a serious security liability.
For instance, a client has been using Microsoft SQL 2000 for several years with no major issues. However, Microsoft SQL 2000 is now well out of it's support period with Microsoft, meaning it is no longer patched or monitored for security flaws. So while the software has been running well and reliably for the customer, it has been a ticking time bomb when it comes to security.
Unfortunately, the bomb went off at the worst possible time; the morning of Christmas Eve. A hacker was able to compromise the SQL database, crashing the service and gaining the security rights of the account used to run the SQL Server service. This allowed them to create a new account with administrative rights on the domain and reak all kinds of havoc. While Terminal.com support was able to get the situation under control within a few hours, the cleanup and repairs still took several hours over the holiday weekend and kept any client employees from working remotely during that period.
The bottom line is that even though your software may be working for you now, there may be hidden flaws or problems lurking beneath the surface. In the long run, the cost of keeping your software up to date is much less over time than dealing with emergencies and compromises like the one described above.
If you're interested in having Terminal.com audit the security of your network software, Contact Us and a representative will be happy to discuss your specific needs.
Brian St. Marie - Sr. Systems Engineer
Give Us a Call 617-731-6319 and Ask a Professional IT Support Technician Any Questions You May Have!
Sincerely, Terminal We Serve All of Greater Boston and Cambridge, MA
Posted on Tue, Dec 28, 2010
My brother received a fantastic Lenovo netbook from Santa Clause this year! It’s a great piece of hardware but he was not pleased that it shipped with the extremely limited Windows 7 Starter Edition. We set out to upgrade his new toy with Windows 7 Pro but Santa seemed to forget an external optical drive. Oops! Luckily for us, we had a surplus of USB thumb drives with which we could make bootable and install a FULL featured version of Windows 7.
The prerequisites for this installation method are simple. You will need a target computer that is capable of booting from a USB device, a thumb drive with at least 4GB of free space and the contents of a Windows 7 installation disk. To get started, you will first need to use a tool such as diskpart to create a primary partition on your thumb drive and format it with the NTFS file system. Next, from an administrative command prompt, switch to the directory that contains the contents of the Windows 7 DVD and prepare the drive using the bootsect.exe tool. Assuming that you have the installation files in a DVD drive on another machine, change directory to the “D:\Boot” folder (Where D: is your DVD drive). This is the folder that contains the bootsect.exe tool. The commands are listed in order below for preparing the drive:
(In this example F: is the drive letter of your USB thumb drive):
C:\>D:
D:\>cd boot
D:\>bootsect.exe /NT60 F:
When completed, you should see a message stating “Bootcode was successfully updated on all targeted volumes.” The final step is to simply copy the files from your Windows 7 DVD to your thumb drive.
In our case this method cut the installation time almost in half. It’s a quick and convenient way to install Windows especially since there are so many ultra-portables out there that lack optical drives.
Adam Jones - Systems Engineer
Give Us a Call 617-731-6319 and Ask a Professional IT Support Technician Any Questions You May Have!
Sincerely, Terminal We Serve All of Greater Boston and Cambridge, MA
Posted on Thu, Dec 23, 2010
Boston IT Services
Boston IT Services Describes What Virtualization Is
I have been using VMware and Hyper-V for some time and there is no better time to blog about it then when a fresh project comes out of the oven.
So, what is virtualization? Virtualization (or a virtual machine) is pretty much software that allows you to put another PC on your current PC. If you have a physical PC and you would like to add a PC to your office or home, you can simply add a virtual PC on your existing PC. This will cut down on cost and extra hardware to trip over.
When does virtualization make sense for you? Say you would like to buy a new PC and you want Windows 7 but you still have some applications that are not compatible with it, or maybe you have two PCs running two different operating systems (perhaps Windows on one and Linux on the other). In this case you can set up a virtual PC on the Windows PC and install any other operating system you may want. This would allow you to switch back and forth as you please without having to boot another PC or own any other hardware.
Over the last two weeks, I have been working with a client that was using a KVM switch to work between two computers. When doing this, the downside is that the client can only utilize some of the power from one PC and some of the power from the other. With the power of virtualization, I was able to take all the information from one PC (including the programs, settings, and all the documents using the virtual PC) and put them on the PC that the client mostly uses throughout the day. The client can then seamlessly open the second PC while having the comfort of being on the mostly used one.
Virtualization is often being used these days for everything from servers to workstations to notebooks. Servers are great to use virtually, because almost 65% of the time you are not utilizing all of the resources of your server and can save when it comes to time, hardware, space, electricity and cooling cost.
There is a few different companies that are leading the race to the virtualization promised land - one being VMware and the other being Microsoft’s Hyper-V. They both have a user-friendly interface along with what seems to be a never-ending goal to keep up with the changing times; your hardware and software environments run smoothly. I recommend that if you have multible PCs and are not sure what would work best, do some research or hire someone like > ME< to see what your options are. You could end up over-paying for something that would pay for itself over time.
Dennis Foote – Systems Engineer - Boston IT Services
Give Us a Call 617-731-6319 and Ask a Professional IT Support Technician Any Questions You May Have!
Sincerely, Terminal We Serve All of Greater Boston and Cambridge, MA
Posted on Tue, Dec 21, 2010
Boston IT Consulting
Boston IT Consulting Discussing Restricted Group GPOs
Restricted Group GPOs give network administrators the power to centrally control and enforce local group membership on computers in your domain environment. Let’s say you need to assign a specific group of technical staff the ability to administer computers in a particular department. Creating a Restricted Group GPO will allow you to add this group of staff members to the Local Administrators group on all computer objects that reside in this department’s organizational unit. Because the accounts defined in your policy will override any previous settings on the computer this is also a useful way to ensure that the members of these groups are not modified by the local user. Since this policy replaces the default members, be sure to add the domain admins group and any other administrative accounts that your network requires on client computers.
To access the Restricted Groups node, navigate to the following path in any GPO:
Computer Configuration > Windows Settings > Security Settings > Restricted Groups
Note that when creating the group, you need to use the exact wording of the local group that you wish to modify. For example, when adding users to the local administrators group, create a restricted group titled exactly as Administrators in the right pane of the GPO window.
Adam Jones - Systems Engineer - Boston IT Consulting
Give Us a Call 617-731-6319 and Ask a Professional IT Support Technician Any Questions You May Have!
Sincerely, Terminal We Serve All of Greater Boston and Cambridge, MA
Posted on Fri, Dec 17, 2010
Boston Printer Repair
Boston Printer Repair - Printing With Card Stock
A few weeks back, I ran into an unusual problem on a HP Color LaserJet 4700 getting streaks on its 8 1/2” x 11” forms. The streaks were from the yellow toner cartridge. The customer told me they were having the same problem on all of their cartridges in the past and they would replace them when they had this streaking problem. I asked the customer to show me all of the type forms they were running on the printer. The customer showed me a thick small card stock of 2 different sizes they used to print out birthday, wedding, holiday, and similar type cards for their business.
The customer was properly setting up their printers MFP Tray parameters. What I found was the card stock they were using had a slight bow in it which resulted in the left and right edges of the card stock forms scraping the image drums. I showed the customer how to work the bows out of the card stock forms. This will save the customer extra cost of going through toner cartridges, giving them a higher profit on their cards that they sell to their customers.
Joe Churma - Printer Technician - Boston Printer Repair
Give Us a Call 617-731-6319 and Ask a Professional IT Support Technician Any Questions You May Have!
Sincerely, Terminal We Serve All of Greater Boston and Cambridge, MA
Posted on Fri, Dec 17, 2010
For this week's blog, I am looking at iPhone applications that I cannot do without.
Having just moved to MA from Texas in the last couple of months, the first one that comes to mind is Google maps! It may not be as fancy as some of the other turn-by-turn GPS apps, but for a free app, it does a great job of showing me where I need to go in and around Boston.
The second app would have to be YouTube. When researching a problem on the go, the amount of issues people have made YouTube videos for is amazing - and they come in handy in a pinch.
I use the banking apps, the Weather Channel apps, and my Fios app all the time too. It is remarkable how smart phones have changed the way we access data on the go. With cell phone reception and ten minutes, you can usually find the answer to most common issues you have and keep yourself informed and up to date on changes in the industry.
Kristen Hewes - Hardware Technician
Give Us a Call 617-731-6319 and Ask a Professional IT Support Technician Any Questions You May Have!
Sincerely, Terminal We Serve All of Greater Boston and Cambridge, MA
Posted on Tue, Dec 14, 2010
Boston IT Security
Boston IT Security Discusses WikiLeaks Encryption and Data Security
WikiLeaks has been in the news quite a bit lately, as has their founder’s “insurance” file, an encrypted document which the founder threatens to have decrypted if anything happens to him. Today, CNN posted an article discussing the security of this file. Their expert source, Hemu Nigam, is quoted as follows:
"Most of the time, you see a 56-[bit]key encryption. That's considered secure. When you are using 256, you are sending a message: 'I'm smart enough to know that you will try to get in.'"
Unfortunately, Mr. Nigam is way off or CNN drastically misquoted him. The 56-bit encryption Mr. Nigam is referring to is the Data Encryption Standard (DES) developed in the 1970s and widely used until the early 1990s. However, the encryption was successfully cracked first in 1999 and can now be cracked, on average, in less than a day. It hasn’t been considered secure for many, many years and was replaced first by Triple DES (3DES) in the 1990s, and more recently by the Advanced Encryption Standard (AES) in 2002. 3DES typically uses a 168 bit key, but is much less commonly used these days. AES, which is the most common encryption algorithm in use, typically uses a 256 bit key, which is exactly what was used to encrypt the WikiLeaks file. This is the same encryption any user could expect from Windows Encrypted File System in Microsoft Windows Vista or Windows 7, or Symantec Backup Exec System Recovery encrypted backups. In fact, it’s relatively easy to configure most products to use even 512 bit AES encryption, with relatively little impact on performance.
What this means is that if you use encryption in your business or even at home, you too are likely enjoying the same high level of security as WikiLeaks; the same security that has many of the largest governments in the world spinning in circles with no way to access any of the information for at least the next several decades. That’s not bad insurance for anyone!
If you’re concerned about your data’s security or curious about how to improve it, feel free to Contact Us for a security consultation.
Brian St. Marie - Sr. Systems Engineer - Boston IT Security
Give Us a Call 617-731-6319 and Ask a Professional IT Support Technician Any Questions You May Have!
Sincerely, Terminal We Serve All of Greater Boston and Cambridge, MA
Posted on Tue, Dec 14, 2010
So with last month’s release of iPhone and iPad’s iOS 4.2.1 firmware and software came some new features. Here is a list of the new and much needed changes.
Apple Air Play: Now you have the ability to play movies, games, and music and stream pictures from your iPad directly to your apple TV with just a push of a button.
Air Print: This was a big one for me. Available on the iPhone as well as the iPad, air print allows you to print wirelessly to any device on a network.
Multi-tasking: You will now be able to multi task applications in iOS 4.2.1 easily with just a push of the home button. Feel free to let an application run in the background and finish up with it later - maybe after answering a very important email that you just received. Apple sure did make us wait for this, but now that it’s here, all the waiting was well worth it!
Folders: Now on the iPhone and iPad you will find you can group application together in folders by simply pressing down on an application until it starts to shake, then just move the application over another application that you want to group and it will make a folder to house both applications.
Enterprise support: iOS 4.2.1 comes with a lot of new security features for enterprise level software such as Microsoft Exchange. Apple hopes this will help with the usage of corporate offices’ making the jump to their devices or making the devices that are already in the workplace easier to work with. In my case, iPads as well as iPhones work very well with my office environment. I can maintain my Microsoft Exchange email account, calendar, and tasks as well as Microsoft Dynamics CRM with no issue.
If you have not tried an iPhone or iPad for yourself recently because of not being able to print or not having its support in your office with older security settings, you owe it to yourself to revisit the idea. iOS 4.2.1 has answered a lot of wishes for iPhone and iPad users and you may be missing out.
Dennis Foote – Systems Engineer
Give Us a Call 617-731-6319 and Ask a Professional IT Support Technician Any Questions You May Have!
Sincerely, Terminal We Serve All of Greater Boston and Cambridge, MA
Posted on Mon, Dec 13, 2010
Boston IT Services
Boston IT Services Explains File Synchronization
Moving data from a production file server to a new file server can be time consuming and create substantial downtime for a client. To avoid this, the best procedure is to set up a file synchronization between the old server and the new server. This way, switching to the new server is a virtually instantaneous process for users.
The simplest way to synchronize the production server with the new file server is to use robocopy. This executable is freely available from the Windows Resource Kit. Using the /MIR option with robocopy ensures that the folder and file structure between the source and destination are identical, including any deletions or modifications to files on the source server. Since only changed files are synchronized after the first synchronization, successive synchronizations take much less time than the initial synchronization.
Once you’re ready to actually make the switch, simply run one last synchronization and then update login scripts or other network file sharing services accordingly to ensure clients will redirect to the new server from that point forward.
Brian St. Marie - Sr. Systems Engineer - Boston IT Services
Give Us a Call 617-731-6319 and Ask a Professional IT Support Technician Any Questions You May Have!
Sincerely, Terminal We Serve All of Greater Boston and Cambridge, MA
Posted on Fri, Dec 10, 2010
Computer Repair Boston
Downloading Viruses Can Change Your Registry
This week has been about Malware for me. I have spent some time with a customer’s computer that needed a good cleaning.
I started off by taking a look at the programs that were installed on the machine, and removing the likely candidates causing trouble. These usually include extra toolbars, downloaders, and in this case, a bunch of registry editors that were on there.
Once they were all removed, I used various tools for cleaning up the infections. I then moved on to cleaning up the registry. There are lots of tools out there for this, and that’s where the problems can start. People like to download them and just let them run. The registry is not a toy! If your registry gets hurt it can cause lots of issues for the computer.
Once the registry fixes were done I ran an exefix to get all the .exe’s running again. A quick driver and Windows update later and I was done!
A lot of these types of infections are preventable with a few easy steps: keep your antivirus up to date, be watchful of the websites you visit, and make sure you trust any software you install!
Kristen Hewes - Hardware Technician - Computer Repair Boston
Give Us a Call 617-731-6319 and Ask a Professional IT Support Technician Any Questions You May Have!
Sincerely, Terminal We Serve All of Greater Boston and Cambridge, MA
Posted on Thu, Dec 09, 2010
Printer Repair Boston
Intermittent Paper Jams in HP Printers!
A couple weeks back I worked on a HP LJ printer in the Terminal.com shop that was getting very intermittent Fuser area jams. The printer Event Log showed the jam errors that the printer was having were in the Fuser area. I tested the printer and could not get the printer to fail. The printer also was over 90% to the point of needing a Maintenance kit. The main part in a Maintenance Kit is a Fuser assembly. I called and updated the customer that I could not get the printer to fail and that I would like to order a Maintenance Kit for the printer. The customer gave the OK. I installed the Maintenance Kit on the printer when it came in. I tested the printer and it ran OK! The customer picked the printer up and brought it back to his company’s site.
The customer called Terminal.com back the next day (PM) and stated that he was having the same intermittent jam problem again. I worked with the customer over the phone instructing him on how to remove the jam and run diagnostics. After working with the customer over the phone, we determined that the only time the printer was getting Fuser jams was when they were running duplex print jobs. We also determined that the forms that jammed in the Fuser area were leaving the duplex unit in an angle causing a jam in the Fuser area. During the troubleshooting of the printer, I had instructed the customer on how to remove and install the Duplex unit. The customer needed the printer up and running ASAP to print out invoices to bill customers. The customer was more than willing to replace the Duplex unit on his own and ship the original NG back to the vendor. Terminal.com had a spare Duplex unit shipped to the customer site and the customer replaced it and was able to print out their invoice print jobs.
Joe Churma - Printer Technician - Printer Repair Boston
Give Us a Call 617-731-6319 and Ask a Professional IT Support Technician Any Questions You May Have!
Sincerely, Terminal We Serve All of Greater Boston and Cambridge, MA
Posted on Wed, Dec 08, 2010
Boston IT Support
Creating an Exchange 2010 & 2007 SMTP Relay Connector with No Authentication
Last week I was tasked with creating a receive connector for relaying email messages from a group of computers in a remote office running an emergency alert messaging program through a Microsoft Exchange 2010 server. My goal was to limit the scope of machines allowed to send through the connector to a specific range of addresses that contained trusted, protected computers for this task. Since the software did not support SMTP authentication and the group of machines were trusted and members of the same domain, my preference and only real option was to configure the connector for no authentication. Easy, right? It turns out, at least for now, that’s not the case!
After poking around the authentication tab for a “No Authentication” (or similar) option I was stunned and quite sure I was missing something. There seemed to be no suitable option! I turned my focus to the support site for the messaging software thinking that there must be a way to enable authentication in their application only to hit another roadblock!
Now for the trick! After skimming a couple of lengthy TechNet articles and deciphering a few Exchange shell commands I realized that the answer was right in front of me. On the “Authentication” tab inside the connector’s properties, there is a handy option titled “Externally Secured”. What I did not know beforehand is that this option essentially tells the Exchange server not to worry about authentication because there is some other method authenticating this connection for me. The catch is that if you do not provide that alternative external method, there is no authentication happening!
This is a good tip to know for two reasons. One being that this is your ticket to setting up a simple SMTP relay on your network for a trusted server with no authentication required. Two being that you need to be certain that your external authentication method such as a VPN link or IPSEC is properly configured and secured before using this option as your only method.
*See this note from MS TechNet article bb1738161:
Configuring a Receive connector as externally secured without using an Externally Secured authentication method is functionally equivalent to configuring the Receive connector as an open relay for the external SMTP server. The messages that originate from the external SMTP server are treated as authenticated messages. The messages bypass anti-spam checks and message size limit checks. The external SMTP server is allowed to submit messages as if they originated from internal senders within your Exchange organization.
Adam Jones - Systems Engineer - Boston IT Support
Give Us a Call 617-731-6319 and Ask a Professional IT Support Technician Any Questions You May Have!
Sincerely, Terminal We Serve All of Greater Boston and Cambridge, MA
Posted on Tue, Dec 07, 2010
IT Consulting Boston
Three Ways to Access a Remote PC
So being home sick for a couple days this week I thought to myself what can I blog about. The thing that came to mind first was I wanted to do some work from home without being in the office and getting everyone else sick. With this thought came the subject of remote desktop and the various ways to use it. There are a lot of different office environments; the right remote software for you may be different from others.
- Logmein is a common 1 PC connection user friendly environment that allows you to connect to one computer from anywhere you have an internet connection. The best thing about it is it’s FREE! The down side is that you can only connect to one computer.
- Other environments may be cause for upgraded software such as GoToAssist. For a monthly fee this software allows you to have multiple connections to multiple PC’s. You can setup unattended installs that will allow you, without anyone on the other end to connect to any PC anywhere as long as you and the PC that you are connecting to have an internet connection. GoToAssist also provides a connection method to connect to a PC without unattended install as long as the person follows the steps provided to you when you sign up. This will require the user to allow you to connect to their PC and works well for a small to medium-sized business that would like to use remote desktop software to connect to PC’s within the company or from outside the office. The only negative thing about GoToAssist for me is only one person can use it at a time unless you buy multiple licenses. They do give a free 30 day trial and stand by the product with very good phone support, online chat, and email support.
- A third way is RDP or Windows remote desktop. It’s built into every common version of windows and it’s FREE! There is some downside to it though. It’s not the easiest to setup nor is it very user friendly when it comes to maintaining settings and connections. The RDP connection is based on either DNS or Public IP.
Now, if you have a static IP from a company such as Verizon you should not worry, seeing that you will be connecting using the same IP all the time. But if you do not have a static IP from a provider and rely on a public IP then this may not be for you. Public IPs do change from time to time and it can be very frustrating when you need to connect to a PC to get some work done and you find that the public IP has changed and you cannot get a connection. If you do venture down the path of Windows RDP, you may find yourself using something like ipchicken.com to find the public IP of the PC’s location that you want to connect to. This may not help at crunch time seeing that if you need to connect to a PC and you are not at the location of it, you might as well throw in the towel.
All and all, remote desktop can be a blessing when you need to access a remote PC. You just have to find one that fits your needs. I have used all three listed above and have been able to use them in a way that works for me and the clients I serve.
Dennis Foote - Systems Engineer - IT Consulting Boston
Give Us a Call 617-731-6319 and Ask a Professional IT Support Technician Any Questions You May Have!
Sincerely, Terminal We Serve All of Greater Boston and Cambridge, MA
Posted on Mon, Dec 06, 2010
IT Support in Boston
Are You Locked Out of the Network?
Changing the System Time Can Lock You Out of the Network!
Learn from Brian exceptional IT Support tech.
A user today was completely unable to log onto her computer after a crash, receiving the following message:
“The current time on this computer and the current time on the network are different.”
This is actually a pretty common issue, but completely crippling for most users. No matter what they might try to do, they cannot log into their computer and have network access. This occurs whenever the workstation and the server have a time difference of more than 5 minutes. The server and workstation stamp all Kerberos authentication tokens with the current time, and if their time stamps are too far apart, the server will not allow network access. This is primarily to prevent replay attacks. Windows typically avoids this issue by synchronizing the time between the workstation and the server each time a user logs on. However, when the server time is incorrect, users often take it upon themselves to correct the time on their workstations manually. Once this manual correction goes past 5 minutes, they’ll find themselves locked out of the network after their next reboot.
The simplest solution is to simply log into the computer as the network administrator and manually change the time to within 5 minutes of the server. The Domain Administrator is the only account allowed to log into a network workstation in this situation.
Brian St. Marie – Sr. Systems Engineer - IT Support in Boston
Give Us a Call 617-731-6319 and Ask a Professional IT Support Technician Any Questions You May Have!
Sincerely, Terminal We Serve All of Greater Boston and Cambridge, MA