Microsoft: Setup Wizard for Exchange Update Rollup Ended Prematurely

The installer fails with the following error messages:
"Setup Wizard for Update Rollup 5 for Exchange Server 2010 Service Pack 3 (KB3184728) ended prematurely because of an error. Your system has not been modified. To install this program at a later time, please run the installation again."

<< Cause >>
The reason for the error and why the Update Rollup installer is “ended prematurely” is because the server has User Access Control (UAC) activated on the server. For good reason, it is not recommended to disable the UAC.

<< Solution >>
The recommended process for installing Update Rollups on the server, is using an elevated command prompt (Open a CMD with Run As Administrator) and make sure the Update Rollup is located on a local drive of the server and start the installer using:
SYNTAX example: msiexec /update <UPDATE .MSP FILE>

How to Start Setup Wizard:
msiexec /update Exchange2010-KB2917508-x64-en.msp

How to install the Update Rollup unattended (silent) add the following parameter (/quiet):
msiexec /update Exchange2010-KB2917508-x64-en.msp /quiet

Documentation: Unable to Push SCOM Agent in Windows Server 2012

To solve this issue, you have to make sure that Microsoft .NET Framework 3.5 is installed or enabled.

To install or enable Microsoft .NET Framework 3.5 in Windows Server 2012, please follow the steps below:

1. Insert or mount the Windows installation disc into the server
2. In Server Manager, click Manage and then select Add Roles and Features to start the Add Roles and Features Wizard.
3. On the Select installation type screen, select Role-based or feature-based installation.
4. Select the target server.
5. On the Select features screen, check the box next to .Net Framework 3.5 Features.
6. On the Confirm installation selections screen, a warning will be displayed asking Do you need to specify an alternate source path?.

7. Click the Specify an alternate source path link to specify the path to the D:\Sources\SxS folder on the installation media in Step 1 and then click OK.

8. After you have specified the alternate source, or if the target computer has access to Windows Update, click the X next to the warning, and then click Install.
9. You should now see this under your Features list:

IT Technology: Information Technology (IT) Certifications

There are so many IT certifications in the current IT industry, for example Microsoft MCSE, MCSA, MCP and MCT; VMware VCA, VCP, VCAP and VCI; Cisco CCNA, CCNP and CCIE; CompTIA A+, Network+ and CTT+; ITIL Foundation, Practitioner, Intermediate, Expert and Master. Which certification do you need? Why do you need the certifications? How can you get the certifications?

• Which certification do you need?

The certification you need is highly depending on your job function. For example,
1. A network engineer would need the network certifications. (e.g. Cisco CCNA, CCNP and CCIE; Huawei HCNA, HCNP and HCIE; and so forth)
2. A system engineer would need the system or server certifications. (e.g. Microsoft MCP, MCSA and MCSE; VMware VCA, VCP and VCAP; and so forth)
3. A project manager would need the project management certifications. (e.g. PMP, CAPM, etc.)
4. An operations manager would need the IT management certifications. (e.g. ITIL)
5. A security engineer would need the IT security certifications. (e.g. CEH, CISSP, etc.)

The purpose for you to have these certifications is to prove that you have the sufficient knowledge to handle the daily tasks. But, please bear in mind that the hands-on experience might be more important than the certifications.

For fresh graduates, if they have time and extra money, they should take some common certifications (e.g. Microsoft MCSA, Cisco CCNA, etc.) so that they can make their job application stand out.

• Why do you need the certifications?

There are many reasons why someone decides to take the IT certifications:
1. Career growth
2. Salary increment
3. Fulfill Key Performance Indicator (KPI)
4. Knowledge
5. Hobby

Before you have decided to sit for an exam, please make sure the certifications can fulfill your needs. Furthermore, please take note the validity of the certification, your company bond and the cost of the certification.

• How can you get the certifications?

It highly depends on the requirements of the certification. Some of the certifications require you to go through the training before you can sit for the exam; while some of the certifications allow you to directly sit for the exam without going through the training. Please make sure you read the prerequisites of the certification and plan well.

To increase your passing rate of the exam, you can go for the training of the certification, complete the practice tests and do some hands-on practices. In addition, you may download and do the exam dumps. (You may get the free exam dumps from ExamCollection and AllExam Dumps.) Please do not fully depend on the exam dumps!

IT Technology: Setup IT Infrastructure / Facilities for A School

When you are giving an opportunity to setup the IT infrastructure / facilities for a school, what are the things that come up in your mind? For me, here are some of the questions that have popped up in my mind:

1. Where should I start?
2. Should I host the email service internally?
3. Should I use Google Apps or Office 365?
4. What type of devices should the pupils use?
5. How should the staffs and pupils print?
6. Should I install projector or interactive whiteboard?
7. How do I know the bandwidth is sufficient for the school?
8. What is VLE?
9. How can I optimize my budget?
10. How should I protect the staffs and pupils from cyber-attack?

Do you have the similar questions?

In this article, I will share my personal experience with you. I hope my experience can give you some hints on how to setup the IT facilities. Anyway, please feel free to correct me or share your experience with me.

Firstly, let’s categorize the IT facilities of a school:

1. Email Service
2. Shared Folder
3. Server Design
4. Wide Area Network (WAN) Design
5. Local Area Network (LAN) Design
6. WIFI Design
7. Pupil’s Device
8. Printing
9. Audio and Video

<< Email Service >>

Should you host the email system on premise, use Google Apps or use Office 365?

Let’s reduce the options by taking away the on premise email system because you would not what to have the following concerns:

1. Purchase and maintain the hardware
2. Patch the email application
3. Purchase the software and hardware licenses
4. Hardware upgrade
5. Increase storage space

However, please note that some of the organizations might need to host the data onsite because they have to meet certain requirements or compliance.

Now, let’s take a look at Google Apps and Office 365. When evaluating Google Apps for Education (GAFE) vs Microsoft Office 365 for education (O365), I find a very similar feature set at the end-user level for productivity, communication, and collaboration. In fact, when looking at the following chart, you can see many similarities down the line with each of the primary features.

Feature	GAFE	O365
Browser	Google Chrome	Internet Explorer or Edge
Email	Gmail	Exchange Online or Outlook
Spreadsheets	Sheets	Excel
Drive Storage	Google Drive	OneDrive
Word Processing	Docs	Word
Notes	Keep	OneNote
Third-party Extensions	Google Classroom	Teacher Dashboard
Instant Messaging	Google Talk	Skype
Social Network	Google Plus	Yammer
Pages	Sites	SharePoint
Presentation	Slides	PowerPoint
Video Conferencing	Hangouts	Skype for Business

After understanding the similarities of GAFE and O365, we will now discuss the difference between them. The main difference between GAFE and O365 is as follows:

1. Google Form which is one of the products within the GAFE is a very powerful or convenient tool for you to gather information and do survey.
2. Google Summit held every year in many different countries has really provided a forum for all the educators to share their experience on using GAFE at their school. At the same time, it is the best platform for Google to promote GAFE.
3. GAFE has always been available for free – including teacher and pupil. The same cannot be said about Office 365, for which you have to purchase licenses for teacher.
4. O365 offers the unique Student Information System (SIS) sync that gives you complete control over the student and teacher data. You can sync the data a single time for all their learning apps and allow them to cherish the single sign-on experience.
5. Microsoft clearly has an edge with its lengthy tenure as an enterprise environment. This starts with Active Directory and directory services for identity and permission management at a very granular policy level.

In summary, determining which cloud productivity application to deploy for your school is very complex and based on many factors. The decision of GAFE vs O365 will likely come down to a few key issues:

1. A school’s existing approach to user account management and identity services within the IT network.
2. Existing email infrastructure and services
3. Existing document management methodologies
4. User adoption and skill level in using Microsoft productivity applications versus Google productivity applications
5. School administration / IT team skills, resources, and philosophy towards IT and automation in general

As you can see, there are a lot of different points to consider when evaluating whether to use GAFE or O365. These can be complex areas of discussion, and extend far beyond the surface level of just which apps have which features. Based on your requirements, the purpose of use, consideration of costs, security and so on, you are likely to find one of them as your best option. With these two high-quality cloud services, there is no one-fit solution that will suit all educational institutes.

<< Shared Folder >>

As I have mentioned above, GAFE and O365 might be the good options for you. When I briefly compare both products without considering the non-technical perspective, I will lean towards GAFE because Google Drive provides unlimited storage space for all the GAFE user while OneDrive has the storage limit of 1TB. But, you might challenge me that 1TB is more than enough in your environment.

<< Server Design >>

There are so many things I can share in this section. Anyway, I will try to cut it short. If you need more information or further explanation, please feel free to contact me.

There are so many different designs or technologies that you can consider. Anyway, I will mainly focus on cloud computing and virtualization. Cloud computing is a type of computing that relies on sharing computing resources rather than having local servers or personal devices to handle applications. Cloud computing is comparable to grid computing, a type of computing where unused processing cycles of all computers in a network are harnesses to solve problems too intensive for any stand-alone machine. To implement cloud computing, you should take a look at the following technologies:

1. Private Cloud
2. Public Cloud
3. Hybrid Cloud
4. Software as a Service ( SaaS )
5. Platform as a Service ( PaaS )
6. Infrastructure as a Service ( IaaS )

You may simply google the keywords above for more information. The famous cloud service provider will be AWS, Microsoft Azure, Rackspace OpenStack, etc. However, if your company does not have enough bandwidth or the ISP in your country is not good, I recommend that you should forget about cloud computing because it might affect your school’s operation.

Other than cloud computing, one of the popular technologies of all time is virtualization. Virtualization is the creation of a virtual (rather than actual) version of something, such as an operating system, a server, a storage device or network resources. You probably know a little about virtualization if you have ever divided your hard drive into different partitions. A partition is the logical division of a hard disk drive to create, in effect, two separate hard drives.

Operating system virtualization is the use of software to allow a piece of hardware to run multiple operating system images at the same time. The technology got its start on mainframes decades ago, allowing administrators to avoid wasting expensive processing power.

In 2005, virtualization software was adopted faster than anyone imagined, including the experts. There are three areas of IT where virtualization is making head roads, network virtualization, storage virtualization and server virtualization:

1. Network virtualization is a method of combining the available resources in a network by splitting up the available bandwidth into channels, each of which is independent from the others, and each of which can be assigned (or reassigned) to a particular server or device in real time. The idea is that virtualization disguises the true complexity of the network by separating it into manageable parts, much like your partitioned hard drive makes it easier to manage your files.
2. Storage virtualization is the pooling of physical storage from multiple network storage devices into what appears to be a single storage device that is managed from a central console. Storage virtualization is commonly used in storage area networks (SANs).
3. Server virtualization is the masking of server resources (including the number and identity of individual physical servers, processors, and operating systems) from server users. The intention is to spare the user from having to understand and manage complicated details of server resources while increasing resource sharing and utilization and maintaining the capacity to expand later.

Virtualization can be viewed as part of an overall trend in enterprise IT that includes autonomic computing, a scenario in which the IT environment will be able to manage itself based on perceived activity, and utility computing, in which computer processing power is seen as a utility that clients can pay for only as needed. The usual goal of virtualization is to centralize administrative tasks while improving scalability and workloads.

To deploy a virtualization solution, firstly, you need to pick a virtualization software, for example VMware, Microsoft Hyper-V, Citrix Xen, etc. After that, you need to decide what physical server to use. To pick the right server, you need to think of the followings:

1. How much resources do I need in terms of memory, CPU and storage?
2. Do you want to consider hyper-convergence?
3. Is the server certified for the particular virtualization software?What is your future expansion?
4. When is the EOL of the server?

Furthermore, you need to think of the storage design as follows:

1. Type of hard disk – Solid State Drive (SSD), Serial Attached SCSI (SAS), Serial Advance Technology Attachment (SATA), etc.
2. Input / Output Operations Per Second (IOPS)
3. Storage protocols - iSCSI, NFS, FC, and FCoE

Other than the items above, you will also need to consider UPS, virtual network, virtual firewall, KVM and so forth.

<< Wide Area Network (WAN) Design >>

When we are talking about WAN, the first thing that normally comes to our mind is Internet connections. The Internet service provider usually sells the connection based on SLA. That is where you will choose between leased line and broadband. Generally, leased line has very high SLA but it is very expensive, while broadband is very cheap but its support is based on best effort. So, you will need to make your decision based on your environment.

But, how can you choose a good Internet connection? Other than speed which you can usually test using Ookla, the following benchmarks can tell you how good is the Internet connection:

• Latency
• Packet Drop
• Peering
• Traceroute

For example, if you have decided to adopt Google Apps, you would need to make sure that your Internet connection has low latency, no packet drop, good peering, and less hops to Google server. In addition, jitter, BGP, geo-location and so forth can also be your reference to choose a good Internet connection. Anyway, the quality of the Internet connection or service provider varies in different countries.

To save your cost, you may want to adopt a technology called network load balancing. Network load balancing is where two or more leased line or broadband connections are connected to a dedicated load-balancing router. Load balancing provides increased resilience by maintaining an Internet connection even if an individual broadband connection goes down. A load balancing router attempts to route Internet traffic optimally across two or more broadband connections to deliver a better experience to broadband users simultaneously accessing Internet applications. As leased line is usually more expensive, with network load balancer, you can now mix the leased line and broadband. This allows you to have more bandwidth in lower cost while you can still route your important traffics to the high SLA leased line.

Next device you need would be a firewall. There are many names used to describe firewall for marketing strategy, eg. next generation firewall, layer 7 firewall, application aware firewall, proxy server, etc. Whatever the name is, make sure the firewall you pick can block or allow the following:

1. Ports
2. URL Categories
3. Specific Domain
4. Specific URL
5. Apps Categories
6. Specific Apps
7. Protocols ( HTTP, HTTPS, FTP, etc. )
8. VLANs
9. Web applications
10. Schedule based

Other components that you would like to consider in your WAN design are as follows:

1. Network router
2. Quota management
3. Traffic management
4. Caching server
5. Dual-firewall architecture
6. DMZ
7. VPN

<< Local Area Network (LAN) Design >>

From LAN design, you might want to deploy the conventional three tier design which consists of core, distribution and access. Based on my experience, please take note of the following when you are designing your LAN:

1. Choose the brand that you are familiar with ( be in Huawei, Cisco, Juniper, etc. ) in terms of maintenance and support
2. Make sure you understand how the warranty of your chosen product works
3. Select the backbone. 4G, 8G or 10G? Fiber or CAT6?
4. Identify the position of patch panels and switches to avoid ‘network spaghetti’
5. Choose your cable type ( fiber, CAT6E, CAT6, CAT5E, CAT5, etc. ) and cable management
6. Divide your VLAN with buffer for future expansion
7. Deploy the monitoring tools to monitor the switches and alert you if there are any error

<< WIFI Design >>

The first thing that comes to my mind if you ask me about wireless design is to choose between controller and controller-less based designs. I am currently still exploring controller-less access point ( AP ). I don’t think I need to talk much about the conventional controller based design. Let’s me share some information on the controller-less access point. Here are the pros and cons of controller-less AP:

For Pros,

1. Do not have to purchase a physical controller as it is using the cloud based controller
2. You may configure the controller anytime and anywhere since it is in the cloud
3. Easy configuration – to me it is not true!!!
4. Cost effective??? ( make sure you calculate the return of investment – ROI especially you are doing a migration from controller to controller-less )

For Cons,

1. Less features compared to controller based WIFI ( it might be because controller-less based WIFI is still newer technology )

There are a few companies aggressively promoting the controller-less based WIFI, for example Cisco Meraki, Aruba and Ruckus. In summary, please make sure you make your decision only after you have compared both technologies in deep. Besides, don’t forget to calculate your ROI.

Other than choosing between controller and controller-less based WIFI, you may need to consider the following:

1. What is the frequency or channel you should use? ( 2.4GHz - 802.11b/g/n or 5GHz – 802.11a/h/j/n/ac ) It also depends on your country.
2. Identify and remove the interference and blind spots. Heat map is always useful to identify the blind spots.
3. Positioning of the AP and antenna ( if you are using the AP with external antenna ) to increase the coverage
4. Types of access point ( AP ), e.g. outdoor, indoor, with external antenna, etc.
5. Use wired network as much as possible because it is the most reliable network

<< Pupil’s Device >>

If you have decided to deploy Google Apps, you may want to use Chromebook because it can be easily managed and controlled by the Google Apps Admin Console. Besides, it can be reimaged easily via the Internet. Other than Chromebook, the best alternative will be MacBook. Apple is really keen in education sector. They provide education discount for MacBook and iPad. Besides, they will organize conference every year to gather all the teachers sharing their experience using Apple in their classroom. For Windows devices, I have nothing much to talk about. Most of you should be very familiar with them. For your information, Microsoft is promoting their devices for education only in certain countries. They provide education discount only in those countries.

Let me also talk a little bit about anti-virus here. You might hear from your peers that Mac OS X is not vulnerable. Let me tell you here. It is WRONG! Nowadays, there are so many malware and adware infecting the Mac OS X. Thus, please install an anti-virus software into the MacBook. So far, I have never heard that Chrome OS is vulnerable. However, we might not know what will happen in the future.

No matter what device you have chosen, please make sure that you are fully supported by the management team. Besides, all the teachers must be confident and comfortable with the devices so that can focus on their lessons.

<< Printing >>

There are so many printers/copiers in the market. Which one is the best? How should I choose? To choose a suitable printer/copier for your school, please remind yourself with the items below:

1. What are the features you need? Print, scan, copy and fax?
2. Where would you like to place the printers? A printing room or all around the school?
3. What is your monthly expected volume?
4. Do you need a finisher for the printer? – stapling, binding, printing booklet, etc.
5. How does the user’s device connect to the printer? Via print server, WIFI, LAN cable, USB cable, etc.?
6. Do you need color printer or monochrome printer?
7. Do you prefer Inkjet or LaserJet?
8. Would you like to implement Print Anywhere which the user can collect their print job anywhere via an access card?
9. What is the printing speed that you are expecting?
10. What is the paper size that the user will normally choose?
11. At last, it would be COST including the maintenance and cartridge costs.

<< Audio and Video >>

For AV, please try to organize a demo session for all the teachers to choose and agree to the most suitable product/brand because there are too many variables that can affect the quality of the image and sound:

1. Building structure
2. Screen
3. Types of projector
4. Seeing and hearing abilities of the teachers
5. Weather
6. Quality of the source file
7. Cleanliness of the surroundings

Another technology related to AV is interactive whiteboard. There are mainly two brands you can consider – SmartBoard and Promethean Board. They used to have some difference. However, nowadays, they are more or less the same. Thus, I would recommend you to choose the product based on the teacher’s preference.

In conclusion, to setup the IT infrastructure for a school is a challenging job. However, it would be easier if you have the proper planning. As a reminder, please do not always depend on the system integrator ( SI ) because no one knows your environment better than you. As IT is always lacking of manpower, you may hire SI for deployment and maintenance, however please make sure that you always verify and monitor their work.

Microsoft: How to Recover Domain Controller ( DC ) / Active Directory Server

One of the great things about AD is the mostly stateless nature of the DC. Aside from potentially holding one or more Flexible Single-Master Operation (FSMO) roles, a DC should generally be a matching replica of other DCs in the domain, except for some potential delay in replication depending on your topology. If a failure renders a DC inoperable, this stateless nature is fantastic because it will often remove the need to go through a complicated restore from a backup. Instead, you can simply reinstall Windows and use Dcpromo to promote the server to a DC and replicate all of the data back in—assuming your domain has more than one DC. If you only have one DC in your domain, you can greatly reduce your exposure to failure by deploying a second one.

Before you reinstall and repromote a DC, though, you need to clean up AD, which is a two-step process. The first step is to seize any FSMO roles that the DC might hold for another DC in the domain. If you’re not sure which DCs are hosting FSMO roles in the domain, run

netdom query fsmo

in a command prompt window to find out. You can then seize the FSMO roles using the Ntdsutil utility. Follow the instructions under the “Seize FSMO roles” section in the Microsoft article “Using Ntdsutil.exe to Transfer or Seize FSMO Roles to a Domain Controller”. It’s very important to note that when you seize a FSMO role, best practice dictates that you should never bring the original role-holder back online.

Because it isn’t possible to put the original FSMO role-holder back in service, the second step is performing a metadata cleanup of the failed DC’s configuration in AD. You can use Ntdsutil for this step as well. Follow the instructions in the Microsoft article “How to Remove Data in Active Directory After an Unsuccessful Domain Controller Demotion”. Alternatively, if you’re using the Server 2008 (or later) version of the Active Directory Users and Computers snap-in, you can complete this step by deleting the DC’s computer account in the Domain Controllers OU.

Repromoting a DC over the network might not be feasible when the amount of data to replicate would place an undue amount of strain on the network. In this case, there are a couple of other options. The first option is to restore the DC’s system state from a backup and continue on. The second option is to use the Install from Media (IFM) functionality, which was added in the Windows 2003 release. IFM lets you take a system state backup (created with NTBackup in Windows 2003) or IFM media (created with Ntdsutil in Server 2008 or later) and point Dcpromo to the AD database in the IFM media. IFM media created by Windows 2003 must first be restored to an alternate location on the file system so that Dcpromo can consume it. The DC will make the necessary changes to the database in the media and replicate only the changes since the media was created over the network.

Microsoft: Tombstone in Active Directory

Tombstone lifetime value states that how many days deleted objects will remains in deleted object containers. The basic purpose of tombstone is to keep all domain controllers in sync.

When you delete an AD object, a number of things happen behind the scenes. Most important, deleting an object doesn’t directly correlate to a record being removed from the AD database. To maintain consistency in AD’s replication model, objects first transition through a state known as being tombstoned. Rather than implementing a distributed mechanism to replicate physical deletions from the database, AD replicates a change to an attribute that indicates the object has been deleted.

When you delete an object from AD, the isDeleted attribute is set to True, which means nearly all the object’s attributes are removed. The object is moved to the Deleted Objects container, and its lastKnownParent attribute is stamped with the distinguished name (DN) of the parent object before the object is deleted. After an object has been marked as deleted, it won’t be visible to any tools that query AD, unless you add a special LDAP control to indicate that you want AD to return deleted objects in the search results. Various free LDAP query tools (such as AdFind) will include this LDAP control for you and allow you to easily search for deleted objects.

At this point, the object will remain as a tombstone for a period of time. The default tombstone lifetime for forests is based on the OS of the first DC in the forest. Table 1 shows the default tombstone lifetimes. Upgrading AD doesn’t change the tombstone lifetime for the forest.

Periodically, a background process called garbage collection runs on each DC. The garbage collection process (aka garbage collector) scans the database for tombstones that are older than the forest’s tombstone lifetime and purges them from the AD database.

Up until the point when a tombstone is purged by the garbage collector, you can recover the object using a process known as tombstone reanimation. When you reanimate a tombstone, you only get back a handful of attributes that are kept during the tombstoning process. For example, the attributes saved for a user object include the user’s SID, SID history, and username (sAMAccountName). Notice that this list doesn’t include attributes such as the user’s password, group membership, or demographic information (e.g., name, department). You can control the list of attributes that are preserved when an object is tombstoned by modifying the searchFlags attribute of an individual attribute’s definition in the schema. You can add as many attributes as you like. However, you can’t add linked attributes, such as group membership or the mailbox database containing a user’s mailbox. For information about how to modify the searchFlags attribute, see the MSDN web page “Search-Flags Attribute”.

In AD forests operating at the Server 2008 R2 forest functional level (FFL), you can enable a new feature known as the Active Directory Recycle Bin. The Active Directory Recycle Bin adds an intermediate state between when an object is deleted and when it is tombstoned. When an object is in this new deleted state, it’s hidden from search results but all its attributes (including linked attributes such as group membership) are preserved.

An object in the deleted object phase can be recovered to the exact state it was in at the time of deletion using the same process that’s used to reanimate a tombstone. By default, an object stays in the deleted object phase for the same amount of time as the forest’s tombstone lifetime, as outlined in Table 1. You can change this time period by modifying the forest’s msDS-deletedObjectLifetime attribute.

After the deleted object lifetime expires, the garbage collector moves the object into the recycled object phase. A recycled object is the functional equivalent of a tombstone, with one important difference: You can’t reanimate a recycled object or restore it from a backup.

Google: Google Docs Allows You to Limit Access with An Expiration Date

In business, many people collaborate with clients, contractors and other small companies for a short length of time. You might want to give them access to some of your documents -- a list of your team's contact details, for instance -- and then revoke access once the job has been wrapped up. Well, Google is now starting to offer that feature to Google Apps customers that use Drive, Docs, Sheets and Slides. So when you share a file with someone, you'll also get the option to set an expiry date. Handy.

There is one caveat, however -- the person that's limited by the expiry date can only have view access. So if you want to given them permission to actually edit a Google Doc, you'll still need to go in and lock them out the old fashioned way at the end of the project. Still, for enterprise customers this should be a useful tool, and one more reason to consider Google's productivity suite over Microsoft Office. We just hope this eventually rolls out to all Google users, and not just those with Google Apps accounts.

VMware: Missing Hardware Status Tab in VMware vCenter

If you are missing the Hardware Status Tab in your VMware vCenter, you may solve it by following the steps below:
1. Go to vCenter – Plug-ins – Manage Plug-ins
2. Right-click on the plug-ins
3. Select “enable”

Apple: Link Speed - Network Utility Mac OSX

You can use the Network Utility by using Cmd+Space to pull up the Spotlight search box and typing it in, or you can navigate through your Applications -> Utilities folder to find it.

Once you’re there, you can see the current connection speed by looking at the Link Speed, which will show the actual data rate that you’re using. This rate will change as you move around your house, so if you’re far away from the router, the rate will change, and if you’re closer, it will get higher.

Apple: Repair Disk Permission in El Capitan

For El Capitan, you need to use the following commands to repair the disk permission:
sudo /usr/libexec/repair_packages --verify --standard-pkgs /

APC: Default Authentication Phrase for PowerChute Network Shutdown (PCNS)

The administrator authentication phrase used by PowerChute Network Shutdown (PCNS) should be the same as that used in the NMC. The default used by the NMC is: admin user phrase

IT Technology: WhatsApp Desktop Client

WhatsApp has launched a desktop companion for its popular mobile messaging app. While it's little more than a wrapper for its web version, it does provide action center notifications on Windows 10, as well as native integration for sending files and utilizing the camera.

To access the service, you'll need to authenticate with a mobile phone and scan a QR code as you would with the web version.

IT Technology: Saisei Network Performance Enforcement Solutions

<< Introduction >>
Saisei FlowCommand is a modern, real-time flow-policy control, analytics and security solution that doubles the usable bandwidth in deployed networks; guarantees no link or user session will ever crash again; and provides sub-second analytics, policy enforcement and security across 40 metrics.  Users, apps and geographies are all covered.

FlowCommand was designed to solve all of the problems associated with enterprise and service provider edge network congestion, performance and policy enforcement.  Only FlowCommand can deliver on these revolutionary capabilities.

FlowCommand uses patented flow-engine technology that literally changes the way that TCP/IP network traffic under its control behaves. All other networking, security and analytics solutions are forced to operate at the mercy of random, best-effort routed IP data packet transmission.  We changed those rules.  In doing so, we were able to completely re-engineer how flow control, security and visibility can be realized when using “domesticated” TCP/IP flows.

FlowCommand runs on x86 processors atop commodity hardware, either as a bump-in-the-wire on a server in the data-forwarding path or as a VM under hypervisor control. The software can monitor up to 5 million concurrent data flows on a 10G link 20 times per second. While examining the flows it can apply any combination of up to 40 bandwidth, business and security policies to each flow and execute those policies in under one second.

Saisei FlowCommand, FlowEnforcer and FlowVision subsume or replace some of the functionality of older, stand-alone appliances, such as WAN optimizers, packet shapers, application delivery controllers, APMs, NPMs, IDSs, next-gen firewalls and more. These legacy systems were largely designed as workarounds to various business-impacting limitations of TCP/IP and were optimized for the scale of private networks. In contrast, the FlowCommand family has been architected for the scale of mobile, cloud and Internet of Things data flows and supports up to 1 billion external hosts in its initial release.


<< FlowCommand >>
FlowCommand offers the highest level of functionality.  It has added security and control features designed specifically for service providers and for the largest of distributed enterprise customers.  Specifically, FlowCommand offers our full set of flow-based security capabilities, including comprehensive data exfiltration controls, real-time DDoS controls, and spotting and throttling Botnet activity in real time as attacks begin.

FlowCommand is a Linux software suite that can run on x86 processor cores on bare metal commodity servers, or as a VM under hypervisor control (VMware or KVM), or both. It can monitor and control data flows between two virtual servers, between two physical networks or between a virtual network and a physical network. These networks can be legacy TCP/IP networks or SDN/NFV-based networks. FlowCommand also includes an intuitive RESTful API plus GUI and CLI interfaces, making it easy to integrate into third-party systems, such as orchestration tools for SDN and NFV.

Among the service provider features specific to FlowCommand is a unique capability called Net Neutrality. Technically a form of host equalization, Net Neutrality instantly solves the problem of a small group of users attempting to take a disproportionate amount of available bandwidth. When faced with rogue users or peer-to-peer applications, such as BitTorrent and Encrypted BitTorrent, FlowCommand can classify all host flows as a “single” flow and give it exactly the same percentage of available bandwidth that every other flow in the network receives. Or, it can completely block specific traffic if that is the policy.

Net Neutrality can also be applied differently to different classes of applications – what we call ‘Net Neutrality with benefits’. In this case, critical business applications can be grouped together and assigned a high percentage of the available bandwidth with the remaining bandwidth being equally divided among the remaining flows.

When FlowCommand is in control of mission-critical network links, every single flow is associated in real-time with the:
1. Application it is serving (for example, a specific website or business application, or a protocol such as VoIP)
2. Geographic location it is serving (generally a country or city)
3. Hosts (internal and external) it is connecting
4. Users it is serving (via an address-to-user database such as Microsoft Active Directory or OpenLDAP)
5. Custom groups — applications, geographic locations, hosts and users can be combined into groups (for example, a group could consist of all countries where a company has business partners, or all applications whose network usage is to be tightly controlled)


<< FlowEnforcer >>
FlowEnforcer is designed for small- to medium-sized enterprise users. It has the innovative capabilities and features of FlowCommand without the service provider and large enterprise elements, such as Net Neutrality.  The control, visibility, security, ease of use and third-party integration you need, without the stuff you don’t.


<< FlowVision >>
FlowVision is designed for network operators who want an unprecedented level of real-time visibility of all the activity on their network but who do not currently wish to exercise control. All the scalability and performance of FlowCommand are included in FlowVision, which can either sit in-line like FlowCommand or can run off of a network tap or SPAN/mirror port.

FlowVision is ideal for real-time investigation of network issues and comes with comprehensive reporting capabilities, including historical reporting. FlowVision can be easily upgraded to FlowEnforcer or FlowCommand to realize all the potential of next-generation Network Performance Enforcement.

APC: How to Obtain Configuration File from APC Network Management Card

For all firmware versions, one option is to retrieve the config.ini file via FTP from the Network Management Card(NMC) device (or SCP if enabled). Steps for Windows FTP are provided below:
1. Open a command prompt and type: ftp<space><ip address of the NMC>
2. Log into the NMC device using your login credentials.
3. Type "bin" for binary mode and "hash" for hash marks (optional) indicating the transfer is in progress.
4. Once logged in, type get<space>config.ini.
Note: This will save the config.ini file to your current working directory. If you wish to save the file to a different directory, change your working directory.
5. Once finished, type "bye" and you will exit from the NMC device.

For Network Management Card 2 v6.0.6 and higher only, in addition to FTP, the web UI can provide an option to download the configuration:

This option is located under Configuration->General->User Config File and select the Download button as shown above to receive a prompt to save the file locally.

Once the config.ini file is downloaded via either method, you can open it and view all settings from the NMC device.

Cisco: Difference Between Network-Clock-Select and Network-Clock-Participate?

1. network-clock-participate
To allow the ports on a specified network module or voice/WAN interface card (VWIC) to use the network clock for timing, use the network-clock-participate command in global configuration mode. To restrict the device to use only its own clock signals, use the no form of this command:

network-clock-participate [slot slot-number | wic wic-slot | aim aim-slot-number]
no network-clock-participate [nm slot | wic wic-slot]

<< Usage Guidelines >>
This command is used for ATM segmentation and reassembly or digital signal processing and Cisco 3660, Cisco 3725, and Cisco 3745 routers. This command applies to any network module with T1/E1 controllers to provide clocks from a central source (MIX module for the Cisco 3660) to the network module and to the port on the network module. Then that port can be selected as the clock source with the network-clock-select command to supply clock to other ports or network modules that choose to participate in network clocking with the network-clock-participate command. This command synchronizes the clocks for two ports. On the Cisco 3700 series, you must use the network-clock-participate command and either the wic wic-slot keyword and argument or the slot slot-number keyword and argument.

2. network-clock-select
To name a source to provide timing for the network clock and to specify the selection priority for this clock source, use the network-clock-select command in global configuration mode. To cancel the network clock selection, use the no form of this command:

a. Cisco 2600 Series and Cisco 3660 with MIX Module
network-clock-select priority {t1 | e1} slot/port
no network-clock-select priority {t1 | e1} slot/port

b. Cisco MC3810
network-clock-select priority {serial 0 | system | bvm | controller}
no network-clock-select priority {serial 0 | system | bvm | controller}

<< Usage Guidelines >>
When an active clock source fails, the system chooses the next lower priority clock source specified by this command. When a higher-priority clock becomes available, the system automatically reselects the higher-priority clock source.

a. Cisco 2600 series, Cisco 3660, and Cisco 3700 series
This command is used on Cisco 2600 series and Cisco 2600XM with AIMs installed or on the Cisco 3660, Cisco 3725, or Cisco 3745 with Multiservice Interchange (MIX) modules installed. This command names a controller to provide clocking signals to the backplane, which then provides the names to all the network modules that are participating in network clocking.

b. Cisco MC3810
This command applies to Voice over Frame Relay, Voice over ATM, and Voice over HDLC on the Cisco MC3810. Use the network-clock-select command to establish the clock-selection priority when there are multiple sources of line (network) clocking in a Cisco MC3810. Possible sources of line clocking for the Cisco MC3810 are the BRI voice module (BVM), the multiflex trunk module (MFT), and a serial port configured for clock rate line.

Microsoft: Windows Update Failed Because Services Do Not Run

You might have encountered the situation where the Windows Update failed to run because the services do not run. You might want to try the solution below:
1. Go to the Windows update setting and set it as Never Check for Updates ( Not Recommended )
2. Restart your computer
3. Go to the Windows update setting again and set it as Install Update automatically ( Recommended )
4. Try to run the Windows Update again and it should work now

Microsoft: How to Uninstall System Center Configuration Manager ( SCCM ) Client

To uninstall the System Center Configuration Manager ( SCCM ) client:
1. Open a Windows command prompt and change the folder to the location in which CCMSetup.exe is located.
2. Type Ccmsetup.exe /uninstall, and then press Enter.

IT Technology: Researcher releases Free Ransomware Detection Tool for Mac OS X Users

Introducing RansomWhere, a free generic ransomware detection tool for Mac OS X users that can identify ransomware-like behavior by continually monitoring the file-system for the creation of encrypted files by suspicious processes.

This ransomware detection tool helps to block the suspicious processes and waits for the user to decide whether to allow or stop the process.

Ransomware has risen dramatically since last few years... so rapidly that it might have already hit someone you know.

With hundred of thousands of ransomware samples emerging every day, it is quite difficult for traditional signature-based antivirus products to keep their signature database up-to-date.

So, if signature-based techniques are not enough to detect ransomware infection, then what else can we do?

Some Antivirus companies have already upgraded their security solutions that detect suspicious behaviors like the sequential accessing of a large number of files, using encryption algorithms and key exchange mechanisms.

Here’s the latest ransomware detection tool for Mac OS X users:

RansomWhere? – a smart application that can identify ransomware-like behavior by detecting untrusted processes rapidly encrypting files, stop that suspicious process, and then alert the user.

<< How RansomWhere tool works >>
Patrick Wardle, a former NSA staffer who now leads research at bug hunting outfit Synack, has developed the RansomWhere tool, which aims at detecting and blocking generic ransomware on Mac OS X by regularly monitoring the user's local filesystem for the creation of encrypted files by any process.

"The ransomware will likely encrypt a few files (ideally only two or three), before being detected and blocked," Wardle wrote in a blog post.

This ransomware detection tool, by default, scans Mac apps and binaries that are signed with an Apple Developer ID and not by official Apple certificates.

If the tool detects any untrusted process, it suspends the suspicious process and alerts the user by showing a pop-up asking user to continue or terminate the process in question.

Wardle successfully tested RansomWhere against KeRanger as well as Gopher ransomware proof-of-concept, which was developed by a pro-Apple Mac hacker, Pedro Vilaca, last year.

Though Wardle admitted that his tool does not guarantee 100 percent result and that it could be circumvented by malicious hackers who can discover a way to bypass RansomWhere and avoid detection, it is always better to be somewhat safer than completely vulnerable.

<< Some known Limitations of RansomWhere tool?: >>
1. RansomWhere would not be able to help if any Ransomware malware abuses Apple-signed file or app.
2. RansomWhere detects ransomware infections after they have already encrypted some of your important files.
3. Files outside of your home directory are not protected by RansomWhere. So sophisticated ransomware could shift all your files outside home directory and lock them up.

Since hackers are always a step ahead of researchers, the RansomWhere tool has already been bypassed. Vilaca had tweaked his Gopher ransomware to bypass RansomWhere in a matter of minutes.

As mentioned in the limitations, Vilaca added just ten lines of code in its ransomware proof-of-concept to take the victim's files outside of the home directory and lock them up. You can watch the video above showing his hack.

IT Technology: Opera Browser Now Offers Free and Unlimited Built-in VPN Service

Opera becomes the first web browser to offer a built-in Free, unlimited and 256-bit encrypted VPN service for everyone.

Opera's Free VPN protects unencrypted browser session from leaking on public WiFi networks and will also let unblock firewalls to improve privacy and security.

Virtual Private Networks (VPNs) have become an important tool not just for large companies, but also for individuals to improve web privacy, dodge content restrictions and counter growing threat of cyber attacks.

Opera has released an updated desktop version of its web browser with a Free built-in VPN service to keep you safe on the Internet with just a click.

For those unfamiliar, VPNs are easy security and privacy tools that route your Internet traffic through a distant connection, protecting your browsing, hiding your location data and accessing restricted resources.

<< Free VPN Service with Unlimited Data Usage >>
Unlike several other free VPN services, Opera's built-in free VPN service will offer you unlimited data usage as well. You just have to turn on a virtual switch in the Settings menu to enable the feature.

So you required to install no third-party extensions, pay no monthly fee as well as set no limit on data usage.

"By adding a free, unlimited VPN directly into the browser, no additional download or extensions from an unknown third-party provider are necessary," Opera's engineering chief Krystian Kolondra wrote in a blog post.

"So, today, our Opera desktop users get a handy way to boost their online privacy, as well as easier access to all their favorite online content no matter where they are."

Opera's Free VPN service uses 256-bit encryption to hide all your connection details and replaces your IP address with a virtual one, making it difficult for the government or anyone to trace your location, identify your computer or block content they do not want you to see.

The free VPN feature in Opera has been made possible after the company acquired VPN provider SurfEasy last year.

<< Here's How to Try Opera's Free VPN >>
To give Opera's Free VPN a try, install the latest developer version of Opera for Windows and Mac, look for the 'Privacy & Security' tab and toggle this feature ON.

Since Operas Free VPN service is available in the latest developer version of Opera, the service lets you switch between three virtual locations: The United States, Canada, and Germany.

However, the company says it will add more countries in the stable version of its browser.

Microsoft: Office for Mac 2016 Does Not Support WebDAV

WebDAV is not supported in Office 2016 and Microsoft does not plan to add WebDAV support to Office 2016. It is because Microsoft would like to push Mac users to use OneDrive. As a result, I strongly advise you to stick to Office for Mac 2011 for Word / Excel / PowerPoint and maybe switch to Outlook 2016 which offers a far better experience with Office 365.

Apple: Disable Hibernation for Mac OS X

To disable this, turn autopoweroff in the sleep settings by running the following command in Terminal (under /Applications/Utilities):

sudo pmset -a autopoweroff 0  

The -a option disables auto poweroff for the Mac while on the charger as well as on battery. Use -c (instead of -a) to disable auto poweroff only when it's plugged in.

IT Security: SideStepper Vulnerability in iOS 9 Endangers Companies that Use MDM to Distribute Apps

Apple's iOS 9 added safeguards for businesses to help prevent employees from downloading malicious software posing as legitimate enterprise apps, but researchers now warn that the use of mobile device management (MDM) technology within companies opens up a loophole in these protections.

According to a new research report from Check Point Software Technologies, MDM solutions, which allow companies to distribute software to employees' mobile devices en masse across its enterprise, pose a threat to device-holders if MDM communications via iOS are successfully hijacked by bad actors. This vulnerability has been assigned the nickname SideStepper.

To pull off a SideStepper scam, an attacker would first trick an employee into installing a malicious configuration file by clicking on a link in a phishing email, SMS text message or instant message. This newly created profile then sets the stage for a Man-in-the-Middle attack, whereby device-holders think they've received an over-the-air app download on their devices from corporate IT, when it's actually a malicious enterprise app sent from cybercriminals who have hijacked the MDM exchange.

A malicious enterprise app could allow bad actors to completely take over the phone, endangering not only the device-holder but potentially the enterprise if confidential or sensitive documents, files or contacts are impacted. The criminals could potentially capture screenshots, even those captured inside secure containers, as well as record keystrokes.

Normally under iOS 9, a user who downloads an enterprise app on his device must first as a precaution go through a series of settings screens to verify the app's developer before actually executing the program. But MDM solutions skip these steps for the sake of expediency and efficient business workflow—“so iOS natively trusts any app installed by MDM solutions,” the report explains. “In fact, an app installed by an MDM will not show any indication of its origin.”

Furthermore, the app download and approval process looks exactly the same regardless of which MDM solution a company is using, making it easy for cybercriminals to convincingly spoof the process, as no special customization is necessary.

“The issue is not with the MDM companies,” said Michael Shaulov, Head of Mobility Product Management at Check Point Software Technologies, in an interview with SCMagazine.com. “The [MDM] communication API is not developed by the various MDM developers. It's actually something provided by Apple, so Apple is responsible” for correct this flaw. CheckPoint informed Apple of this vulnerability in late 2015 and it is not known when the company will address it. SCMagazine.com has reached out to Apple for comment. In the meantime, said, Shaulov, businesses can help themselves by coupling their MDM solutions with a proven mobile threat intelligence solution.

Symantec: Symantec Mail Security LiveUpdate Failed

If the liveupdate of your Symantec Mail Security fails, it might be caused by the Quarantine Thresholds. You can follow the steps below to solve the problem:
1. Go to Monitors > Quarantine Settings and delete the old quarantined items by checking the Delete oldest items
2. Go to Admin > LiveUpdate/Rapid Release Status and click on the Run LiveUpdate Certified Definitions

Microsoft: Amended Exchange Mailbox Quota Not Taking Effect Immediately

After I have increased the mailbox quota of an user's mailbox, it will not take effect immediately. It will take about 1 hour for the new quota to be applied.

The only way to get the quota to take effect immediately is to restart the store service. However, that will kick all users out of Exchange.

This is by design. Exchange caches a lot of information, including permissions and mailbox limits. That cache is flushed every couple of hours. While the time of the cache can be reduced it is not recommended because it will have an impact on the performance of the server. The more users you have the bigger the impact.

Microsoft: Query All Users in Active Directory

The command below allows you to query all the users in your Active Directory:
dsquery * -limit 0 -filter "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))" >>allusers.csv

BlueCoat: Troubleshoot BlueCoat PacketShaper

With PacketShaper, the problem could be with the hardware, software, policies, partitions, topology, etc.

You can take certain steps to isolate the problems:
1. Power down the PacketShaper unit. Does the problem go away?
When you turn the unit off, it works as a piece of wire -- the inside interface will be connected directly to the outside interface. If the problem goes away by turning off the unit, the problem is with PacketShaper.

2. Turn shaping off. Does the problem go away?
When shaping is off, PacketShaper works like a bridge. It will monitor the traffic flowing through it but it will not apply any policies and partitions. If the problem goes away with shaping off, then it is related to a policy, partition, or the link rate setting. It can also be problem with the topology.

3. The problem does not go away with shaping on or off until the unit is turned off.
It could be a hardware problem, problem with the network cards, 10 baseT/100baseT, Half Duplex, Full Duplex settings, bad cables, and so forth. Try some of the following:

* Try auto-negotiate.
* Use different cables.
* In the command line, use the net nic command to see whether RxErrors and TxErrors are incrementing fast.
* There may be an incompatibility problem with one of the devices connected to the inside or outside interface. You can put a hub in between PacketShaper and the other device to rule out any problem due to incompatibility. Topology is also a common problem.