Posts by MB

Summer is here

The summer heat is here, and I’m completely out of office. Looking forward to an exciting autumn.
Have terminated me from my current job and see the light in the tunnel of the future. It will be an exciting autumn.

Have a greate summer!

A Safer Message App

Thought to get my friends on a little more secure thoughts.
If you agree to this, it will cost you about US $ 3.57 if you use Android, or US $ 2.99 if you use iPhone to be safer.

At first, I just thought of mentioning something that I experienced as scary.
Me and Terese sat and talked as we sometimes do. After a while, Terese picks up her mobile and goes into the Facebook App, and hux flux then it shows up advertising about something we had recently talked about. None of us have used any device (neither mobile, computer or anything else) to search or anything else to check on / up what we had talked about.

The only conceivable thing is that the Facebook App listens (it has rights to record sound via the microphone) on us and uses what we are talking about in order to target advertising (and build on our shadow profiles).

And even WhatsApp Messenger is good at leaking, so it will soon appear advertisements in different flows about what we have written to each other in messages. 
I totally understand why Jan Koum and Brian Acton (both co-founders of WhatsApp) chose to jump off from WhatsApp / Facebook 
https://en.wikipedia.org/wiki/Jan_Koum | https://en.wikipedia.org/wiki/Brian_Acton

I can buy this with cookies that stalk us online when we browsing the Internet (there are other tools that can protect us there). But having Apps that actually listen / spy on us when we don’t even use them is not really what I “signed” up on.

Sure, we need Facebook to follow friends and what’s going on in the world nowadays. I mostly use Facebook to follow my interests (in the same way I use Twitter, LinkedIn, WeMe, Google+, etc.). 
But I do NOT use the Facebook App, nor the Facebook Messenger App. 
I run with the browser version of both, and chose not to install their apps and give Facebook rights that I do not think they should have.

I still have WhatsApp installed and use the App since most people I communicate with using WhatsApp. But I’d rather stop using that App as well.

So a while ago I made the choice to go over to Threema. 
Threema is a secure communication app, where all communication (message / conversation) is encrypted, and not even the company behind Threema (Threema GmbH) can intercept or spy on their users . As cream on the cake, Threema GmbH in Switzerland currently has the best data protection laws (delivering better privacy than GDPR, and is not under the EU or US laws). 
https://threema.ch/en | https://en.wikipedia.org/wiki/Threema

However, there are 2 “disadvantages” with Threema.

  1. Not many users use it, certainly because of point 2.
  2. The app / service costs about US $ 3.57 / $ 2.99, and WhatsApp costs you no money (but WhatsApp will cost you, and your friends souls).

But you do not need a mobile subscription to use Threema. No mobile number is needed to register or use Threema.

And you, your mobile / internet provider cannot sniff your communication when you pass it over Threema. Your mobile / internet provider can use your information in SMS and mobile calls to build a profile about you (thanks to GDPR you can say no thanks to it, if you live in Europe). 
And don’t make me start to waffle about the vulnerabilities in SS7 (which allows anybody to listen to conversations, read text messages and track a mobile as easily as possible). 
https://sv.wikipedia.org/wiki/Signalsystem_number_7 | https://www.theguardian.com/technology/2016/apr/19/ss7-hack-explained-mobile-phone-vulnerability-snooping-texts-calls

The final sprint:

  1. Stop using Apps where there are web versions
  2. Switch to a Safer Message App (Threema ?)
  3. Start and think about what you are worth, and protect your value and privacy.

Threema for Android 

Threema for iOS 

Threema in the browser 

A comparison between Facebook Messenger, Threema and WhatsApp 

Diskpart to the rescue

In my work, I recently heard that more often new devices (desktop’s/laptop’s) fails in the beginning of the OSD (OS deploy) because of something is wrong with the partitions on the hard drive. The Boot-image can’t download policys or files to the disk, so it fails. Often the IT-person needs to boot the device and re-partition the disk, and after that start the OSD again, and it will work. I have not done some examination on why it fails. The OEM’s OS works on the device/disk. But I have a workaround, or it’s not mine workaround. I did find it on the Internet for a few years ago, so I don’t remember whos to credit (I’m sorry).

But this is the workaround I have.

Begin by creating a txt-file with the content of commands for diskpart we will be using later (this is for UEFI-disks).
sel disk 0 clean convert gpt cre par efi size=200 assign letter=s format quick fs=FAT32 cre par msr size=128 cre par pri assign letter=c format quick fs=NTFS exit
Save the file (I have named my file uefi_disk.txt ), and put it on your SCCM Package-share. Then you will need to create a Package in your SCCM-console, where you will point out the source files (where you saved your new .txt-file). You don’t need to create a program, just select “Do not create a program” and click next, and just go on and finish the wizard. Here is two ways to use this. The first one, if you boot your PC’s from a boot-media (CD/USB), you can create a new boot-media and put in a prestart command to run diskpart. So go one and create a new Task Sequence Media if you choose this way. Mark Boot media, and Next Continue the wizard, entering your “SCCM-info” till you come to Customize the task sequence media. Here you will need to tick the Enable prestart command checkbox, and also enter Command line: cmd.exe /c diskpart /s uefi_disk.txt <– or the name you gave your .txt-file You must also select the Diskpart package you created earlier, and point out your Distribution point. After that, finish the wizard, and you are now ready to boot using your new boot-media.
The other one is to put this in your boot-image (if you PXE-boot your devices, choose this). Using this way the prestart command will always run (when using TS using this boot-image), and you don’t need to create a new boot-image with this prestart command. Go to your Boot-image in the SCCM-console, and right-click it and choose Properties. Go to the Customization tab, and tick the Enable prestart command checkbox, and also enter Command line: cmd.exe /c diskpart /s uefi_disk.txt <– or the name you gave your .txt-file Klick Ok, to save and re-distribute your boot-image, and after that your done.
When you are here, click Next And diskpart will run After diskpart is finished, you can choose your TS, and continue your installation

What a wonderful beginning of the year?

Meltdown/Specter, 2 serious vulnerabilities.
Meltdown vulnerability is “only” on Intel’s CPUs, while Spectre is found in addition to Intel’s CPUs also with AMD and ARM CPUs.
Info: A Simple Explanation of the Differences Between Meltdown and Spectre

Many operating system manufacturers are in the process of developing software updates to protect against the Meltdown vulnerability. But due to the fact that information about these vulnerabilities leaked to the media prematurely, more or less many manufacturers were forced to release their updates prematurely, which in turn could have caused problems for many users.
There have been reported problems for Microsoft Azure customers after Microsoft updated their system.
Other users who installed updates have been affected by BSOD (Windows crashes, displays “blue screen”), this in relation to the fact that some AntiVirus products make unsupported calls to Windows kernel memory. Here, one must ensure that the AntiVirus is supported/updated, and also ensure that the following registry key is in the registry before installing the update:

Value Name ="cadca5fe-87d3-4b96-b7fb-a231484277cc"

More information in the following links:

Important information regarding the Windows security updates released on January 3, 2018 and anti-virus software.

List of AntiVirus products and how they “support” the Windows update.

Windows Server guidance to protect against speculative execution side-channel vulnerabilities.

However, as this is hardware vulnerabilities, it may not be enough to update the operating system only, but you must also update the firmware for the hardware.
US-CERT has put together a list of manufacturers who have information/recommendation about their hardware:

Infomaniak offering students free Web and Mail hosting

Swiss web host Infomaniak is offering students a chance to receive free professional Web and Mail hosting during their higher education. This full offer, which is unique in Europe, has a dual goal of promoting both the acquisition of digital skills and the creation of digital-related projects.

Read more about this great opportunity, and how to grab it: https://news.infomaniak.com/en/free-hosting-for-students/

Clear Clipboard when locking Windows

First, let me just say that I’m no security expert, but safety is something that I find interesting.

Today I saw the posts by Hasain Alshakarti on Facebook, Hasain had posted a link to Accessing the clipboard from the lockscreen into Windows 10 # 2.
Interestingly, Microsoft should have already blocked that security risk.

But you can prevent this yourself, so that Clipboard  is emptied when you lock Windows. No thirdparty software is needed.

Start Task Scheduler
Click on Create Task... under Actions, Task Scheduler Library in the right task pane (or right-click on Task Scheduler Library folder)
On General tab ->
Name: Clear Clipboard 
On Triggers tab ->
Click on New.. button
Under Beging the task, choose: On workstation lock, and click Ok button
Under Actions tab ->
Click on New.. button
Under Program/script, write: cmd.exe
Under Add arguments (optional): write: /c "echo off | clip" and click Ok butoon
Click on Ok button again, and you are done.

Cant turn on RSAT (0x80073701) in Windows 10

rsat-2For about 10 days ago, I tryed to install RSAT (Remote Server Administration Tools) on my work computer.
I downloaded the latest version, WindowsTH-RSAT_WS2016-x64.msu and run the installation. But when I went to turn RSAT on, I got the error message:

The referenced assembly Could not be found.
Error code 0x80073701
Tell me how to solve this problem

Unfortunately, Microsoft’s solution was not the right one for me.

But today (10 days later, and a variety of attempts to activate the RSAT) so I got to it.

I took the downloaded file, WindowsTH-RSAT_WS2016-x64.msu and packed it up (using 7-zip) to C:\RSAT
I started PowerShell as Administrator and went to the path: C:\RSAT and wrote:
DISM /Online /Add-Package /PackagePath:C:\rsat\WindowsTH-KB2693643-x64.cab

After DISM (Deployment Image Servicing and Management tool) run through, I also execute .\ Rsatcustominstaller.exe in the PowerShell window.

A restart later, and RSAT is in action.


YouTube to Sonos?

sonoscastFirst day of the holiday and I nailed it. At last we can look at music videos on YouTube, and play the sound in our Sonos speakers. The only thing I had to do was to complete our Sonos system with a Google Chromecast Audio.
But yes. It’s not just YouTube we can cast to Sonos, we can of course also cast sound from Netflix, HBO and everything else possible sound from our computers and mobile devices. And tomorrow I will to cast the sound of British GP (Formula 1), I can’t wait. 🙂

Windows Defender Scheduled Scans Drains Laptop Battery

I recently received a question whether it is possible to set Windows Defender to stop a scheduled scan on a laptop that was on AC power when the scheduled scan started, but later switchs to run on battery (we dont want to drain the battery).
I have Googled like crazy for days, but my googlefu has not been sufficient. I have looked through group policy’s again and again, but no, I can not find the solution.
I have also not seen any such setting in ConfigMgr 1602 that we use at work.

But just now, it hit me. Why not look in the Task Scheduler?
Said and done, and 10 seconds later, the question was resolved.

 Open the Task Scheduler.
 Expand Task Scheduler Library (by clicking on the arrow in front of Task Scheduler Library).
 Expand Microsoft.
 Expand Windows.
 Go down to, and click on Windows Defender.
 Right click on Windows Defender Scheduled Scan, and select Properties.
 Go to the Conditions tab.
 Check the box infront of Stop if the computer switches to battery power.
 Click Ok, and thats it.



Paus i jobbhelgen

jobbhelgHelgjobb står på tapeten denna helg.
Började gårdagen med att ominstallera 15 RDS:er. På dagens agenda står det patchning av servrar för min del, men just nu väntar jag på att kollegorna ska bli klara med brandväggsjobb så att nätverket åter blir tillgängligt och jag kan fortsätta patchningen.

Under tiden så tar jag och bläddrar lite i Deployment Fundamentals, Vol. 6: Deploying Windows 10 Using Microsoft Deployment Toolkit som damp ner i brevlådan igår. Det får gärna ta ett tag med brandväggsjobbet känner jag 🙂 .