Modifying Lync Server 2013 or Skype for Business 2015 Monitoring Reports URLs on the Control Panel

I had to move the SQL Server Reporting Services (SSRS) instance to a new server for one of our clients. After the move, everything was working, but I was still seeing the old server and the new links to the Reporting Service on the Control Panel under “View Monitoring reports”. So I had to remove the old Monitoring report server and edit the new one with the correct link page. To do that I made the following steps:

To check the configuration: Get-CsReportingConfiguration (For Lync Server 2010 ”Get-CsService -MonitoringServer | Select-Object Identity”)

Identify the old monitoring server and run: Remove-CsReportingConfiguration –identify “Service:….”

Check that the old server is now removed: Get-CsReportingConfiguration

Edit the new server with the desired configurations: Set-CsMonitoringServer -Identity ” Service:….”” -ReportingUrl “https://server.[domain]/ReportServer/Pages/ReportViewer.aspx?/LyncServerReports/Reports%20Home%20Page

Now you can see that I only have one link under the “View Monitoring reports” and it works with the correct link.

Hope this helps you in a similar situation, and if you need some help, all you have to do is contact us.

Udgivet i Uncategorized | Tagget , , , , , , , , | Skriv en kommentar

Microsoft Windows 10

Windows 10 blev i sidste måned tilgængelig for både virksomheder og forbrugere, og siden offentliggørelsen har der været meget hype om pris, men ikke så meget omkring hvad produktet faktisk indeholder af ny funktionalitet. Vi lister her nogle af de ting du bør fokusere på inden du går i gang med at implementere Windows 10 i virksomheden.

Microsoft Edge

Microsoft Edge er den nye standard browser i Windows 10 og erstatter Internet Explorer. Internet Explorer 11 er dog stadig inkluderet og supporteret i Windows 10, da Edge ikke understøtter ActiveX og Silverlight. Så hvis man har brug dette, så bør Edge ikke vælges som standard i virksomheden.

Web Note er en ny funktionalitet, som Microsoft har tilføjet til Edge. En smart og for nogle savnet feature, der muliggør at du kan skrive noter, markere tekst og billeder, direkte på websiden og gemme disse i f.eks. OneNote til senere brug.

Reading view – Dem som har brugt Safari browseren på enten iPhone eller iPad kender Reading View og muligheden for at gemme websider til læsning senere i Reading List. Denne funktionalitet har Microsoft nu også gjort tilgængelig i Edge browseren.

Cortana er Microsofts pendant til Apples Siri, som er et talende orakel som baseret på stemme, tekstinput og brugerens geografiske placering, kan komme med forslag til alt lige fra restauranter, shopping, vejvisning og wiki-opslag. Cortana er integreret med Edge som vil stille yderligere oplysninger til rådighed, når tekst markeres på en webside.

Device Guard

Device Guard giver mulighed for at kun applikationer, som er godkendt af virksomheden kan afvikles på virksomhedens Windows computere. Dette sker igennem sikker opstart af Windows via UEFI, en Hyper-V skal, der isolerer kritiske Windows processer og at alle applikationer skal være signeret med et godkendt certifikat. Signeringen kan ske via følgende:

  • Alle applikationer, der hentes via Microsoft Store er signeret og godkendt
  • Virksomheden benytter sit eget certifikat til at signere applikationerne
  • Virksomheden benytter et certifikat fra en af Microsoft godkendt udbyder
  • Microsoft Web-service, der lanceres senere på året.

En stærk feature der højner sikkerheden, men stiller også store krav til håndteringen af virksomhedens applikationsportefølje. Device Guard er en del af Windows 10 Enterprise.

Device Management

Microsoft har udbygget Mobile Device Management (MDM) funktionaliteten i Windows 10, hvor både PCer, tablets og smartphones kan håndteres igennem virksomhedens MDM løsning. Microsoft har baseret sig på Open Mobile Alliance (OMA) specifikationer, hvilket understøtter, at benytte en ikke Microsoft MDM løsning til håndtering af virksomhedens enheder.  Kravet om at enheder skal være forbundet til virksomhedens netværk og Active Directory forsvinder og enheder og brugere kan indrulleres og håndteres igennem Azure Active Directory. Dette åbner op for en langt bredere understøttelse mobile medarbejdere og af Bring Your Own Device (BYOD).

Enterprise Data Protection

Microsoft adresserer med Enterprise Data Protection (EDP), problemet med det stigende antal enheder, som medarbejdere selv har indkøbt og benytter til at udføre deres arbejde og dermed nemmere blotlægger virksomhedsdata.  EDP stiller policies til rådighed, der kan begrænse hvilke features, der kan benyttes i de installerede applikationer og hvor data kan gemmes. EDP giver sammen med virksomhedens MDM løsning også mulighed for at slette data fra devices, hvor kun virksomhedsdata slettes.

Dette giver en langt bedre brugeroplevelse, da brugeren ikke behøver at have 2 sæt applikationer installeret – Privat og Arbejde, men i stedet kun bliver begrænset funktionaliteten i applikationerne.

Microsoft Passport

Det har altid været irriterende at skulle logge ind med brugernavn og password på en enhed med touch-skærm. Dette løses med Microsoft Passport, hvor brugeren for mulighed for at logge på med en PIN-kode efter at både bruger og device er verificeret igennem en 2-faktor godkendelsesproces.

Dette var et lille udpluk af de nye muligheder, der er inkluderet i Windows 10 for din virksomhed.  Her følger en nogle links hvor du kan læse mere om disse eller kontakt os og vi vil dele ud af vores viden og erfaringer.

Windows 10 overblik.

Hvad indeholder de forskellige versioner af Windows 10.

Device Guard. 

Mobile Device Management.

Udgivet i Uncategorized | Tagget , , , | Skriv en kommentar

How to create a prestaged image in Configuration Manager 2012

One of the operating system deployment features in Configuration Manager 2012 is the ability to create a prestaged image. What this means is that you create a WIM file, which has all the content required for the deployment of the OS. Most hardware vendors offer a service, where they will apply this image to the disk of your computers before delivery. Thus, when you receive the computers, they already have the content on the local hard drive.

There are several advantages to this, for example a drastically lower deployment time, since the client computer will not have to download the content. It also allows for OS deployment in areas with a low bandwidth connection and no local distribution point.

To create the prestaged image follow these steps:

  • In the Configuration Manager console, right click task sequences and select Create Task Sequence Media.

  • Select Prestaged Media

  • Specify how you want the client to find a management point.

  • Fill in the information for the prestaged image and put in a destination for the WIM file.

  • Input your required security settings.

  • Select your task sequence for OS deployment.

  • Fill in boot image, distribution point, and management point.

  • Input image information.

  • Here you can specify additional application content to include in the prestaged image. This is for software deployed to the device that is not part of the task sequence.

  • The same as the previous step but for packages instead of applications.

  • Add the necessary driver packages.

  • Specify a distribution point that has all the content needed to create the prestaged image and add it.

  • If you need specific task sequence variables or prestart commands for the deployment, you can input them here.

  • Review the summary of the settings.

  • Let configuration manager do the heavy lifting.

  • The image is successfully created and ready for testing, before delivering it to your hardware vendor of choice.

Udgivet i Uncategorized | Tagget , , , , , , , | Skriv en kommentar

Controlling the Start menu in Windows 10 using Group Policy

Prerequisites: Windows 10 Administrative templates imported. 

This guide will show how to control the start menu in windows 10, using Group Policy. This allows administrators to determine, which live tiles will be available to the end user. Controlling live tiles this way, will prevent the users from adding or removing live tiles in the start menu.

All we need to do is:

Pin and arrange the live tiles as needed on a client computer.

Open Powershell and run the command “export-startlayout –path c:\Temp\start.xml” (Make sure C:\Temp exists or point it to another path)

Now we have a start.xml file. Copy this to a file share that is readable for every user that will be affected by the Group policy.

Open Group Policy Management Editor on your DC (or wherever you have access to it).

Edit the GPO where you what to create the policy and go to:

User Configuration->Administrative Templates->Start Menu and Taskbar->Start Layout

Double click “Start Layout”

Enable the policy and fill in the path for the Start Layout File:

Click OK, link the GPO to where you want it and you are done!

Udgivet i Uncategorized | Skriv en kommentar

How to start Conference session with Mikogo and what it is about

First off, Mikogo is an easy-to-use but powerful online meeting software solution for companies to host conferences, online presentations, and remote support sessions – Mikogo has a great variety of uses for both small as well as bigger companies, with the needs for a quick meeting across distance.

The first time opening this application, you will be asked to log in by typing the desired Username and Password that you chose when you signed up, at the website.

1. After starting Mikogo, press ‘start meeting’ as illustrated below.

2. You should then have the same options, as shown in the picture.

3. Next you should choose the preferred profile, which in this case would be the profile “Support” and not “Standard”, as shown in the picture – You do this by clicking on the downside arrow marked with red in the picture, and then select “Support”

4. Next you will be moving the black marker from “Vis” to “Se & Kontrollér” and continuing by pressing “OK” as marked with red in the picture below.

5. Now you will have a picture shown as below – You need to invite people to join your session; You do that by pressing the little man, with a green “+” beside him, as marked by red in the picture.

6. Next, press the option, “Send e-mail med mødeinformationer” that’s marked with red, as in the picture below.

7. Choose people you want to join the session by entering their selected E-mail address in the “To” box as marked with red. They will have all information needed in the E-mail they receive, as shown in the picture below.

8. When they press the instructions they receive in their E-mail, you will be able to see them in Mikogo. They will be represented with the name they chose in the interface.

9. When they join you’re session, you will be able to see their desktop, as in the picture below and you will be good to go.

Udgivet i Uncategorized | Tagget | Skriv en kommentar

The Future of IAM

Where is Identity and Access Management headed? What do consumers need for the future, and what defines a ‘consumer’ as compared to a ‘user’?

With technology being a big part of any business, the future of IAM carries great meaning, especially as concepts like cloud solutions, IDaaS (Identity as a Service), BYOD (Bring Your Own Device), IDoT (Identity of Things) and many others get bandied about and become more mainstream. Regarding the future of IAM, both Gartner and KuppingerCole have created outlines for the direction IAM will take. Looking at Gartner‘s IAM research team, they have tried to quantify their vision and identified 5 key trends:

1. Every user is a consumer

New mobile and other non-PC architectures will shape the user access landscape.

Enterprises are demanding scalable solutions for identities and starting to embrace social media, cloud options and BYOD scenarios. This shift requires a business-driven self-service approach to simplify the added complexity that comes with allowing users some control. Faster IAM deployment, mobility options and scalability are driving new IAM solutions, pushing out old and rigid control paradigms that require technicians to maintain. With every user requiring consumer privileges, IAM architectures will need cater to the business as a whole, providing simple interfaces that work across desktop and mobile devices in order to keep up.

2. A competitive marketplace for identities

Social and business identities are converging; the line between work and private life is increasingly becoming blurred, even severed to the point where the two sides meld together for the convenience of the user and the business advantages to the employer. Social Logins from providers like Google, Facebook and PayPal have slowly been working their way into applications that are serving enterprises. Already, several healthcare, automotive, oil and gas, aerospace, defense and government infrastructures use third-party SSO identity providers to support their ID initiatives.

3. The death of least privilege

Enterprises will increasingly remove restrictions on non-critical or non-sensitive information and assets, allowing all users access to these resources. By opening up basic access to everyone, privileged access becomes easier to manage and IAM costs can be reduced. The principle of least privilege originated with government and military information security policies based on the premise that each user should only have access to the very specific systems and resources they require to complete the individual tasks they are assigned. It’s like putting keycard locks on every single door, cubicle, workstation, toolbox, machine and phone in the building, and then not providing a common room. Obviously enough, the principle of least privilege brings lot of administrative duties with it, and can be highly costly and time consuming to control. One way to be more lenient is to introduce a people-centric approach to security. People-centric security involves identity analytics and intelligence tools, like security behavioral analytics, to monitor, detect and correct user activity and behavior.

4. Attributes are “how we role”

Attribute Based Access Control (ABAC) will be the future for enterprises. Traditional Role Based Access Control (RBAC) is one-dimensional and rigid, making it unwieldy for handling the influx of devices, applications and connections through social media that can add up to ‘big data’—data so large that it requires complex systems just to read through it all. ABAC makes the needed connections automatically by looking at attribute profiles that can still include traditional roles, providing an extra layer that looks at the user first, rather than all the technical stuff. More and more new systems are supporting ABAC and systems that only support RBAC will become legacy. “Attributes will become the new currency of access control.”

5. Managing identity includes the Internet of Things

From the ISSA paper on the Gartner predictions:

The Internet of Things (IoT) links people, places, things, systems, and information sources into activity streams, deriving value for those interactions and relationships by using the context of combined “identities” (people, devices, and other “objects”), their attributes, and uses.

The internet is everywhere. No longer content with serving linked documents in a browser window, the internet has become a rich platform for doing almost anything, and it has been showing up more and more in every kind of machine, contraption, device and app mankind can come up with. For people and objects to interact properly, everything needs to have an identity: smart phones, smart lamps, smart watches, and other ‘smart’ gear, not to mention individual components of larger systems like those involved in building automation. Do an internet search on how to control your thermostat with your watch and you will quickly see that anything and everything is being networked nowadays. Managing all of these connected identities is known as the Identity of Things (IDoT). Keeping so many disparate devices running properly in an enterprise environment requires a single platform that interface with and control them all from a central location, in other words, an IAM solution that is ready for it.

Conclusion

As the requirements, definitions and scope of IAM continue to expand and evolve, companies that provide IAM solutions will need to update their services and tools accordingly in order to handle all that data in a simple and user-friendly manner. Many of KuppingerCole‘s fundamentals and Gartner‘s vision for what IAM will look like in 2020 are already being covered now by IDM365. By always focusing on the user and giving control to the business’s decision makers through hybrid ABAC/RBAC, we make sure users have the right access based both on who they are what they need to do. Through automation and an interface that speaks to non-techies, IDM365 is future friendly tool for identity and access management that is ahead of the curve.

Sources

Identity and Access Management 2020, by Ray Wagner
Seven Fundamentals for Future Identity and Access Management, by Martin Kuppinger

IDM365

Udgivet i Uncategorized | Skriv en kommentar

VBS – Logging the SCCM-way

Visual Basic Scripting history:

VBScript (Visual Basic Scripting Edition) is an Active Scripting language developed by Microsoft that is modeled on Visual Basic. It is designed as a “lightweight” language with a fast interpreter for use in a wide variety of Microsoft environments.

VBScript has been installed by default on every desktop release of Microsoft Windows since Windows 98, on Windows Server since Windows NT 4.0 and optionally with Windows CE.

Visual Basic Scripting is becoming an old scripting language but is still a very simple and useful language working with and around System Center Configuration Manager (SCCM).

The script snippet include 3 functions. These functions are designed to format, sort and print the information defined and current date/time when calling the function.

Set objOutputLog = oFSO.OpenTextFile ([“Log file location”], 8, True) 

Modify the above line in the script to the desired log file location

objOutputLOG.WriteLine formatTrace32Line([“Information”], [“Category”], [Highlight value]

Modify and use the above line whenever a log entry is needed within the script. Here is an example of the output using SCCM’s log parser, Cmtrace.exe/Trace32:

Download the script here.

Udgivet i Uncategorized | Tagget , , , , , , | Skriv en kommentar