Using WMI filters for Group policy

This guide describes how to apply WMI filters to a Group Policy in order to target computers with a particular system configuration/information. WMI contains almost any information about the computers’ configuration, which gives us the opportunity to use this information to make sure that the Group Policy that we are using, only applies to the computers fulfilling the requirements specified in the WMI filter.  In this case we will use it to target only computers with Windows 8 and 8.1 installed.

  • Open the “Group Policy Management” console.

1

  • Right click the “WMI Filters” and click New.

2

  • Write a describing name and description and click the Add button.

3

  • In this case, keep the Namespace as it is and write the WMI query in the “Query” field.

4

This WMI query checks, if the version of the OS is either 6.2 (Windows 8 and Server 2012) or 6.3 (Windows 8.1 and Server 2012 R2) and Product type is 1 (Desktop OS). This narrows the result to only be true when running on a Windows 8 and Windows 8.1 operative system.

  • Click OK. If presented with a warning regarding namespace, just click OK again.

5

  • Save the WMI filter and the filter is done. Now we just need to apply it to a Group Policy.

6

  • Select the Group Policy that you wish to apply the WMI filter to. Under the Scope, choose the WMI filter at the bottom of the console.

7

  • Click yes to the prompt and you are done.

8

This is just one out of thousands or millions of different WMI filters that could be made. This is to show how it is created and to give an idea of how to use it. WMI queries can easily be found with a little bit of searching the web, if you are not that familiar with WMI.

Udgivet i Uncategorized | Tagget , , , , , , , | Skriv en kommentar

Incorrect holidays in Outlook 2007/2010

In this step-by-step guide, it will be shown how to do a work-around regarding Microsoft release of a .HOL file on August 28 2012, where the holiday is listed incorrectly. To correct this, you will have to locate the .HOL file and edit it with the corrected holidays. There are multiple options regarding how the changes can be made in the Calendar. The below guide is a “global” solution and is specifically used to correct the holidays if you have a lot of effected users, or if you do not want to do it manually on 5-10 PCs. I would not use this solution if it is only a problem on 1-3 computers.If that is the case, simple go to Calendar and drag-and-drop the holiday from the wrong date to the correct one.

Method 1: Before importing the .HOL file for the first time

  1. Before starting this step by step guide; Exit Outlook if it’s open on the PC you want to import fro
  2. In Microsoft Windows Explorer, you must locate the following file to edit changes for holidays:
  • drive letter:\Program Files\Microsoft Office\Office “xx”\LCID\outlook.hol à I had to go to: C:\Program Files (x86)\Microsoft Office\Office14\1033 (Because of version 2010)

>>Where “xx” is 12 for 2007 Microsoft Office and 14 for Office 2010<<

  1. Making a backup copy of the .HOL file is recommended as you may need to start over etc.
  2. Right click on the Outlook.HOL file then press “Open With -> Choose Notepad” (Or preferred editor) after you have finished editing the file, you can do the same again, but instead choose to “Open with -> Choose Outlook” – This is completely a matter of choice.
  3. Press Crtl+F to search for “Whit Sunday” or find it manually (Sometimes the search is not working).
  4. Change Whit Sunday, 2015/5/28 to Whit Sunday, 2015/5/24.
  5. Do this for every occurrences of Whit Sunday that you can find in the .HOL file.
  6. Press Crtl+F to search for “Whit Monday” or find it manually (Sometimes the search is not working).
  7. Change Whit Monday, 2015/5/29 to Whit Monday, 2015/5/25.
  8. Do this for every occurrences of Whit Monday that you can find in the .HOL file.
  9. Save and close the Outlook.HOL file if Not possible, maybe with notepad – open ‘as admin’, save to the desktop and copy it to the right folder.

Now you can import the corrected Holidays into your calendar. Before this step the holidays must be deleted manually!! (press, viewthen list then identify cat. holidays and then delete – Import the file after you deleted the old ones (Holidays).

Udgivet i Uncategorized | Tagget , , , , , , | Skriv en kommentar

KB: SCCM error: “The directory is not empty”

Problem case:

A deployment is stalling at the step “Wiping volume [Drive Letter]”.

As seen below, smsts.log states that it fails to complete installation of the image, with the error: Installation of Image x in package [Package ID] failed to complete. The directory is not empty. Error: 80070091; Source: Windows.

KBerror2

Investigating the remaining files on the local drive gives us a clue that some files could not be deleted. The folder “Documents and Settings” was still visible on the local drive C after attempting to wipe the drive. A single file in the users documents called “SlideIT.exe “ was not deleted during the tasksequence step “Wiping volume C”.

Notice the whitespace (“ “) in the end of “SlideIT.exe “.

Note: As this deployment was a migration scenario using Hardlink, the drive is wiped (files deleted) and the disk not formatted completely.

If a single file is named with whitespace somewhere in the name, a regular delete command cannot delete the file and folders above hierarchy. Pending file operations or corrupted files could cause this error as well.

Solution:

  1. Locate the undeleted files on the local drive while error message is still present
  2. Reboot using a SCCM boot image (Bootable device or PXE) to enter WinPE
  3. Quickly delete the issued files and folders before the error state occurs and before the file enter “in use state” using the following commands:
    1. Del /s [directory] – Deletes  folders and subfolders
    2. Rmdir /s [directory] if needed – Deletes an empty folder
    3. Restart deployment
Udgivet i Uncategorized | Tagget , , , , , | Skriv en kommentar

IDM365 identity and access management for the finance sector

Challenges in this sector

Financial service providers (banks, insurance brokers, wealth and asset managers) need to be aware of the requirements for effective identity management more so than in most other industries because of the complexity and risks inherent in the financial environment. Any breach of or lapse in security can be disastrous and costly with potential revenue loss, increased operating costs and a damaged reputation leading the list of harmful consequences.

The regulatory framework that applies to this industry requires full compliance and strict control over what are often highly complex IT environments burdened with a large number of users. The financial sector must deal with increasingly numerous and stringent national and international regulations and regulatory agencies.

Your solution

Identity and Access Governance (IAG) is the most comprehensive way to manage access to enterprise resources. IDM365 here provides a foundation for information security and a top-level way for users to interact with security software and comply with data policies. The Sarbanes-Oxley Act of 2002 (SOX) made corporate governance practices more transparent in an effort to improve investor confidence. IT is a major player when it comes to being SOX compliant as the majority of data required for financial reports are generated or stored electronically.

Compliance regulations

IDM365 helps your organization achieve compliance with regulations such as:

  • The Sarbanes-Oxley Act of 2002 (SOX)
  • Basel II
  • ISO 27001

Operational risk challenges

Proper Account Termination
Research shows that over 40% of user access rights are not removed upon termination. These orphaned accounts increase risk exposure by a factor of 23—a staggering amount.

Management of a Central Security Policy
It is critical not only to define a central security policy but also to ensure that it is implemented and enforced across the entire organization.

Controlled Sharing of Information
Ensuring that different business units in your company can’t involuntarily share sensitive information is crucial for a company of your stature.

Secure Audit Trails & On-Time Reporting
A critical component of any operation is the detailed and trustworthy logging of information to later be used in audits. This data is to alert auditors of any potential compromises.

Secure Procedures for Access to High-Risk Systems and Databases
Ensuring that all the correct users have access to secured systems can be both difficult and tedious to manage. Properly managing access to these high-risk systems and databases is an essential component.

IDM365 solutions

IDM365 security features

  • Complete and immediate removal of access carried out across all resources when a user is terminated, done with the push of a button
  • Centralized security policies enforced across all users and systems
  • Approval workflows integrated to ensure proper tracking and fulfillment
  • Detailed records kept of every change carried out across the entire infrastructure producing reliable audit logs (i.e. access requests, authorization decisions and administrative changes)
  • Who has access to what information can be determined immediately
  • Adherence to the approval process can be measured in just three clicks
  • Access management handled through automated processes for the entire user life cycle
  • Centralized Identification and authorization for all applications
  • Tighter security and sustained compliance management via detailed reporting and secure audit capabilities

Notable Security Statistics
According to a recent Forrester report, over 60% of breaches originate from insiders due to either inadvertent misuse of data or malicious intent.

Challenge of cost reduction and optimization

Tedious manual operations
Forms are often manually filled out and sent out, requiring stamped approval by one or more managers. IT personnel who are tasked with managing users must then carry out each request one-by-one in each system and application.

Thousands of hours are usually spent by IT departments carrying out these tasks. It’s not an interesting job but highly paid employees usually carry it out.

On-boarding and off-boarding slows operations
Businesses often suffer because new employees have to wait long periods for their access to get added or updated. Automated role-based access provisioning cuts this time down.

System deployment is complex and resource intensive
Introducing new or upgraded systems can take months of focused work, requiring lots of manual and costly labor to get running fully. Having to make sure that every user has the correct level of access can be overwhelming and a barrier to upgrading equipment. This can be sped up with a global overview which allow the rapid and secure deployment of such systems.

Optimizing with IDM365

Speed up system deployment
IDM365 provides a structure for managing users that will mirror your business. With a proper overview and means to create access profiles that target users within groups, new systems can be deployed more rapidly than. Some of IDM365 resource-saving features are:

  • Self-service administration and personalization including password resets
  • Increased speed and productivity through automation
  • Delegated administration that allows data owners to manage access to resources rather than handing it off to a service desk or IT
  • Role-based provisioning allowing management to assign new job functions themselves with as little as 3 clicks

Proper Account Termination
Research shows that over 40% of user access rights are not removed upon termination. These orphaned accounts represent a major process failure and increase risk exposure by a factor of 23—a staggering amount.

Focused software
IDM365 is not a complicated suite of modules. It gives you a VERY efficient control tool that enables you to streamline, and even move Identity and Access Management (IAM) anywhere you want in the organization. With it, you can ensure compliance and simplify control for highly critical internal and external systems in offices at all levels and geographies.

Compliance through IDM365

Identity and Access Management (IAM) . It provides a foundation for information security and a top-level way for users to interact with security software and comply with data policies and governances such as the Sarbanes-Oxley Act of 2002 (SOX).

Ensure transparency of complex IT systems
IDM365 provides automated processes for attestation, reporting, and segregation of duties (SoD), enabling your company to enforce policies. Transparency is further augmented by instant, up-to-date documentation and reports covering user access rights and entitlements. With access to all systems, effective governance, risk management and compliance can be achieved.

Enforce access policies
IDM365 provides a strong defense against inappropriate information access through IAM. Rapid, secure processes ensure detailed recording of changes and transactions.

Manage access through roles and attributes
IDM365 merges Role Based and Attribute Based Access Control (RBAC & ABAC) to handle user access in a way that management can understand and that looks at each user individually. As an example, two identical users may require different access if they’re at different locations.

  • IDM365’s focus on business-centric governance provides enterprise-wide control and compliance. In your sector, combining this into one system provides enormous benefits.

The IDM365 Rapid Implementation Policy

The deployment of a tool for IAM can be tedious and for many often runs over time and over budget. We have developed proprietary tools that allow us to rapidly set up IDM365 in a new environment.

IDM365:CLEAN is our analysis tool which we use to generate reports for each system involved in the implementation. These reports identify permissions that are redundant, no longer in use, or that can be removed for other reasons.

IDM365:ORGANIZE is a tool for automatically generating suggestions for role design and mapping based on the data gathered during the CLEAN process. This special software engine was developed in-house based on highly complex pattern recognition formulas.

These tools will ensure that the implementation of IDM365 stays within the agreed time and scope and adds a transparency so you are on top of the whole project.

Udgivet i Uncategorized | Tagget , , , , , , | Skriv en kommentar

Migrating DHCP From Windows Server 2003 to 2012 R2

Windows Server 2003 is reaching the end of its lifecycle (14 July, 2015). To address this concern, Microsoft provides great tools to assist organizations in their migration efforts ”Windows Server Migration Tools.”

Unfortunately this tool requires installation on both the destination and source server (NET 3.5, Powershell and the tool Windows Server Migration Tool). If you want to move a single service like DHCP it might sometimes be preferable and even faster to just simply use the built-in commands.

Below is a quick step-by-step guide to migrate DHCP from Windows 2003 to Windows 2012 R2 using netsh command.

12

Udgivet i Uncategorized | Tagget , , , | Skriv en kommentar

The y-Cloud

I have been in this business for quite some years now and things tend to go in circles – or just like fashion – the same thing pops up again with just a little twist. So what does this have to do with IT and the omnipresent cloud? The cloud has always been there; it is just a new name for a datacenter – on-premise or off-premise – what has changed is the way we should utilize the cloud, and that is more than a little twist.

cloud-solutions1

This is where the y-Cloud comes in – why should we utilize the cloud? It is all in the solutions – solutions are made up from one or more applications, which makes the solution with its associated processes and workflows. Moving servers to a virtualized platform on-premise or off-premise does not mean you have utilized the cloud – you have just moved your servers to a more energy-efficient platform; and basically this is good, but old news. But let us stick to servers – servers are expensive, maybe not to buy, but to maintain, and a lot of applications are placed on dedicated servers with average low utilization, making these less efficient and in most cases under-utilized. The different vendors of cloud technology provides technology to run applications across several servers building solutions, which utilizes the capacity of the serves more efficient and offers more flexible scalability. This is “y” we should utilize the Cloud, and as mentioned earlier, this can be done both on and off-premise. Of course; this is not done just by flipping a switch – this requires some careful preparation. Moving solutions to the cloud requires that you know what services your applications delivers and how these build your solutions. When you have documented the business processes and workflows of the solution then you can map the technology services to match. With this you will then be able to decide how and which services can be moved to the cloud. The upside to do this is that you end up with a documented solution with quantifiable services, which really is what this is all about. Some years ago we talked about service enabling solutions – Now it is cloud enabling – Does this sound familiar? So – When you talk with suppliers and vendors about y-Cloud – keep this in mind – It takes a lot of work to get there and yes it is expensive – Do they have a process for getting you ready for the cloud? Just because you can see clouds from your windows – it does not mean you have actually moved among them…

Udgivet i Uncategorized | Tagget , , , | Skriv en kommentar

Lync On-Premise vs Lync Online (Office 365)

Companies are curious to know, which of the three available Lync solutions suits them.

Implement Lync Hosted or on-premise or Office 365/Lync Online: that is the question?

To start out, the most important thing is to determine the needs of the company – and based on these needs we can identify the Lync solution that fits best.

In my opinion, and because “I love to have control and access to all features”, I have to say that I prefer Lync Hosted or On-Premise.

So we can have the following implementation scenarios:

  1. Lync Hosted or on-premise
  2. Office 365
  3. Lync Online

Following are the advantages and disadvantages of all three options.

For starters, the Lync Online and Office 365 are located online on the cloud. These solutions are low-cost, but are lacking key features that are important to many organizations.

Feature differences

Skærmbillede 2015-02-11 kl. 14.53.26

Enterprise Voice (SIP Trunk) this is only available on a hosted or on-premises installations. You must have a SIP trunking services qualified for Lync Server 2013, or with a qualified gateway.

Technical differences 

Skærmbillede 2015-02-11 kl. 14.53.43

Data Security and Privacy

Hosting Lync online release the organizations of deploying more hardware, managing licenses, and it is very easy to setup. But it can seem elusive to get access to data and find where it is stored

So please before implementing Lync Online, you must read the Microsoft EULA carefully. Microsoft has rights to all analytics, inclusive data that is stored in their datacentre. This is also depending on the privacy laws in each region. But this data is not available for you, so you don’t have the possibility to use the reporting features.

So what is the best solution for you?

As mentioned above, this depends on your needs:

Skærmbillede 2015-02-11 kl. 15.02.04

You can also take a look on the Client comparison tables for Lync Server 2013 (These tables indicate the features that are available to Lync users in an on-premises deployment of Lync Server 2013. The same features are also available to Lync Online and Office 365 users unless otherwise indicated).

Conclusion

All the Lync options are valid, so if you want to get the best option for your organization, do not hesitate to contact us, and we can design the best solution for your needs.

(Information for this post has been retrieved here)

Udgivet i Uncategorized | Tagget , , , , | Skriv en kommentar