Today’s Tip…

If you have a scenario where you need to map OneDrive to a drive letter, here is the steps to do that…

Note: While WebDav is supported this will work. If at any time OneDrive for Business no longer supports WebDav, this will no longer work.

1. Within File Explorer, right click on your OneDrive for Business, select OneDrive for Business, then select Copy link.
2. Within File Explorer, right click on Network and select Map a network drive. 
3. In the Folder field, right click and paste
4. Make sure that Reconnect at sign-in  is selected                                
5. Click Finish

Your OneDrive will now show up as a mapped drive.

Partner of the Year Awards are presented each year at WPC based on a self-nominating process by partners.

Winners are celebrated at the Worldwide Partner Conference (WPC) in Toronto, Canada from July 10-14, 2016.

We have exclusive early access to the awards guide, to help you prepare your nominations for 19th February, when you can submit your entry. Download the guide today.

Join our webinar  on Tuesday 23rd Feb to find out our top hints and tips for writing your nomination and how you can maximise your chances of winning an award.

While at WPC, award winners will be recognised during the main stage keynote, executive photo opportunities, and invite-only events to meet and network with top Microsoft executives and other award winners. Register for your all access pass WPC today.

Today our partners are doing amazing things with Microsoft Azure to secure, accelerate and grow their business. They are taking advantage of the wealth of relevant industry and technical solutions that Microsoft’s application builder community provide. These solutions allow quick and easy resolution of short-term and strategic concerns around ‘the cloud’ as the pace of today’s business climate challenges the way we think about how technology delivers a competitive advantage.

Join this webinar series, designed to show you the best Azure solutions for your business to take advantage of. You will learn the value a solution will bring to your business, the ease of implementation & delivery and what you need to do benefit.

Protecting your customers servers, whether it is on-premises, physical, virtual or cloud is vital to making sure you keep your customers safe and secure.   A good friend of mine, Yuri Diogenes, just published a fantastic article on the Microsoft Antimalware for Azure Cloud Services and Virtual Machines is a real-time protection capability that helps identify and remove viruses, spyware, and other malicious software, with configurable alerts when known malicious or unwanted software attempts to install itself or run on your Azure systems.

He discusses the capabilities, the architecture, the functionality of the service and much more take a look here for the full article:  Microsoft Antimalware for Azure Cloud Services and Virtual Machines 

Here is an overview of what features are available when you deploy and enable Microsoft Antimalware for Azure for your applications:

• Real-time protection - monitors activity in Cloud Services and on Virtual Machines to detect and block malware execution.
• Scheduled scanning - periodically performs targeted scanning to detect malware, including actively running programs.
• Malware remediation - automatically takes action on detected malware, such as deleting or quarantining malicious files and cleaning up malicious registry entries.
• Signature updates - automatically installs the latest protection signatures (virus definitions) to ensure protection is up-to-date on a pre-determined frequency.
• Antimalware Engine updates– automatically updates the Microsoft Antimalware engine.
• Antimalware Platform updates– automatically updates the Microsoft Antimalware platform.
• Active protection - reports telemetry metadata about detected threats and suspicious resources to Microsoft Azure to ensure rapid response to the evolving threat landscape, as well as enabling real-time synchronous signature delivery through the Microsoft Active Protection System (MAPS).
• Samples reporting - provides and reports samples to the Microsoft Antimalware service to help refine the service and enable troubleshooting.
• Exclusions– allows application and service administrators to configure certain files, processes, and drives to exclude them from protection and scanning for performance and/or other reasons.
• Antimalware event collection - records the antimalware service health, suspicious activities, and remediation actions taken in the operating system event log and collects them into the customer’s Azure Storage account.

Take a look at the full article here:  Microsoft Antimalware for Azure Cloud Services and Virtual Machines 

Matt Hester
Sr. Partner Technology Strategist

Publicado a 9 de Fevereiro de 2016 por Jacqueline Beauchere 

Chefe responsável pela segurança da Microsoft Online 

Dia 9 de Fevereiro de 2016 foi  o  “Safer Internet Day”, ou o dia da Internet Segura.Um dia internacional para promover a utilização mais segura e responsável de tecnologia e serviços, especialmente entre as crianças e jovens.  A partir da última década, a Microsoft tem tomando parte em numerosas atividades como esta em vários continentes.

Nos Estados Unidos, foi dada largada a uma série de eventos na Lojas Microsoft  para indivíduos e famílias com informações importantes sobre a prevenção de fraudes online.

Os workshops são projetados para ajudar as pessoas a aprender o que fazer se eles forem contactados por alguém de “software de segurança e serviços” e alegando ser de uma empresa como a Microsoft. Esses golpes nada mais são do que tentativas de roubo do seu dinheiro, números de cartão de crédito e outras valiosas informações pessoais. Lembramos que você nunca deve fornecer dados confidenciais para pessoas que lhe telefonam. Relate imediatamente qualquer informação sobre o truque para as autoridades locais. Você também pode alertar a Microsoft sobre estas operações fraudulentas que usam o nome da Microsoft através do Report a Scam.

Seja qual for o tópico relacionado à segurança, o Dia da Internet Segura é o momento ideal para se fazer um balanço dos hábitos e práticas online e a garantir nossa segurança. O objetivo da Microsoft é ajudar a educar, engajar e inspirar as pessoas para melhor proteger a si mesmo e aos outros online – todos temas decorrentes do Dia da Internet Segura.

Aqui estão algumas dicas gerais para ter certeza de que você está se mantendo atualizado digitalmente:

• Para defender o seu computador, tablet e telefone, reforçe as defesas do seu dispositivo. Mantenha todos os softwares atualizados com atualização automática. Não seja enganado por download de software mal-intencionado e pense antes de abrir anexos ou clicar em links em mensagens de email, IM ou em uma rede social - mesmo que você conheça o remetente.

• Proteger informações pessoais. Nunca forneça informações sensíveis (por exemplo, números de conta ou senhas) ou chamar um número em resposta a um email, IM ou solicitação de rede social. Pense antes de responder a pedidos de dinheiro de "membros da família", vendas que soe bom demais para ser verdade ou outros golpes.

• Criar senhas fortes e as mantenha secretas. Crie senhas longas e fortes, como frases ou sentenças que misture letras, números e símbolos. Use senhas diferentes para contas diferentes e sites, sobretudo aquelas que envolvem informações financeiras.

• Assuma o controle de sua reputação online. Descubra o que há na Internet sobre você digitando seu nome no Bing e outros motores de pesquisa. Periodicamente reavalie o que você encontrar e nos esforçamos para cultivar uma verdadeira reputação positiva.

• Tome medidas adicionais para manter seus filhos seguros online. Torne a segurança online um esforço em família com uma mistura de orientação e acompanhamento. Negocie regras de casa para a Web e o uso de jogos online que se adaptam ao seu nível de maturidade da criança e os valores da sua família. Preste atenção ao que as crianças fazem e ao que eles atendem online.

Construimos nossa histórico com experiência de mais de 20 anos de segurança online, a Microsoft continua comprometida a fazer a sua parte para ajudar a crescer e dar forma a uma melhor e mais segura para a juventude e a Internet e efetivamente para todos. Para saber mais sobre ser um bom cidadão digital , visite o nosso site (www.microsoft.com/saferonline); página através da nossa grande coleção de recursos, e compartilhar com a família e amigos. Você também pode nos encontrar no Facebook e siga-nos no Twitter.

Sobre o Autor

Jacqueline Beauchere

Microsoft chefe responsável pela segurança online

Original: http://blogs.microsoft.com/on-the-issues/2016/02/09/safer-internet-day-2016-the-perfect-time-to-take-stock-of-our-online-habits-and-practices/

Publicado el 9 de febrero de 2016 por Jacqueline Beauchere– Directora de Seguridad en línea de Microsoft

Hoy es el Día de Internet Seguro, un día internacional de acción para promover el uso más seguro y más responsable de la tecnología y los servicios, particularmente entre los niños y los jóvenes. En 2016, al igual que con la última década de Días de Internet Seguro, Microsoft participa en numerosas actividades en varios continentes.

En los EE.UU., vamos a iniciar una serie de eventos de capacitación en las tiendas de Microsoft  para ofrecer a las personas y a las familias información importante sobre cómo prevenir el fraude en línea. Los talleres están diseñados para ayudar a las personas a aprender qué hacer si son contactadas por alguien que pretende vender software y servicios de seguridad, y dice ser de una empresa como Microsoft. Estas estafas no son más que esquemas de confianza que tienen como objetivo despojar a las personas de su dinero ganado con gran esfuerzo, obtener números de tarjetas de crédito y otra información personal valiosa. Le recordamos que nunca proporcione datos confidenciales a llamadas o correos de anuncios publicitarios no solicitados, e informar inmediatamente cualquier información acerca de la estafa a las autoridades locales. También puede alertar a Microsoft de engaños que invocan nuestro nombre a través de Informe de una estafa.

Cualquiera que sea el tema relacionado con la seguridad en línea, el Día de Internet Seguro es el momento perfecto para hacer un balance de los hábitos y prácticas en línea, y asegurar que cada uno de nosotros hacemos lo mejor para el futuro. El objetivo de Microsoft es ayudar a educar, comprometer e inspirar a la gente para protegerse mejor a sí mismos y a otros en línea – todo derivado del tema del Día de Internet Seguro de este año, "Ponga su granito de arena para un mejor Internet". He aquí algunos consejos generales para asegurarse de que está al día digitalmente:

• Defienda su PC, tableta y teléfono. Fortalezca  las defensas de su dispositivo. Mantenga todo el software al día con la actualización automática. No se deje engañar para descargar software malicioso, y piénselo dos veces antes de abrir archivos adjuntos o hacer clic en enlaces de correo electrónico, mensajería instantánea o en una red social - incluso si conoce al remitente.

• Proteja la información personal. Nunca dé información sensible (por ejemplo, números de cuenta o contraseñas) o llame a un número en respuesta a un correo electrónico, mensajería instantánea o solicitud de red social. Piénselo dos veces antes de responder a solicitudes de dinero por "miembros de la familia", ofertas que suenan demasiado buenas para ser ciertas u otras estafas.

• Cree contraseñas difíciles y manténgalas en secreto. Hágalas largas y difíciles, como frases u oraciones que mezclan letras, números y símbolos. Utilice diferentes contraseñas para diferentes cuentas y sitios web, especialmente las que implican información financiera.

• Tome las riendas de su reputación en línea. Descubra lo que hay en Internet sobre usted introduciendo su nombre en Bing y otros motores de búsqueda. Periódicamente reevalúe lo que encuentra, y haga un esfuerzo por cultivar una reputación precisa y positiva.

• Tome medidas adicionales para proteger a los niños en línea. Haga de la seguridad en línea un esfuerzo familiar con una mezcla de orientación y monitoreo. Negocie las reglas de la casa para el Web y el uso de juegos en línea de manera que se ajusten al nivel de madurez de su hijo y valores de su familia. Preste atención a lo que los niños hacen y con quién se encuentran en línea.

Sobre la base de nuestra historia de más de 20 años en la seguridad en línea, Microsoft mantiene su compromiso de hacer su parte para ayudar a crecer y dar forma a un Internet mejor y más seguro para los jóvenes y, de hecho, para todo el mundo. Para aprender más sobre cómo ser un buen ciudadano digital , visite nuestro sitio Web (www.microsoft.com/saferonline); navegue a través de nuestra gran colección de recursos, y compártalos con la familia y los amigos. Obtenga más información acerca de los próximos talleres en las tiendas relacionados con el Día de Internet Seguro, así como del calendario durante todo el año en microsoftstore.com/locations. También puede darnos “Me gusta” en Facebook y seguirnos en Twitter.

Sobre la autora

Jacqueline Beauchere

Directora de Seguridad en línea de Microsoft

http://blogs.microsoft.com/on-the-issues/2016/02/09/safer-internet-day-2016-the-perfect-time-to-take-stock-of-our-online-habits-and-practices/

If you’re running Exchange 2013 and you’ve configured a hybrid deployment with Office 365, this post contains important information that might impact you. Please evaluate this information and take any necessary action before April 15, 2016.

On April 15 2016, the Office 365 TLS certificate will be renewed. This certificate is used by Office 365 to provide TLS encryption between Office 365 and external SMTP servers. The new certificate, which will help improve the security of mail sent to and from Office 365, will be issued by a new Certificate Authority and it will have a new Issuer and Subject.

This change has the potential to stop hybrid mailflow between Office 365 and your on-premises Exchange servers if one of the following conditions applies to you:

• Your on-premises Exchange servers are running Exchange 2013 Cumulative Update 8 (CU8) or lower.
• You’ve upgraded the Exchange 2013 servers that handle hybrid mailflow to Exchange 2013 CU9 or higher. However, since upgrading to CU9, you HAVE NOT re-run the Hybrid Configuration wizard (either from the Exchange Admin Center or via the direct download link).

If one of the previous conditions applies to your organization, hybrid mailflow between Office 365 and your organization will stop working after April 15, 2016 unless you complete the steps below.

Note: This only affects hybrid mailflow. Regular mailflow and TLS encryption is NOT affected.

How to keep hybrid mail flowing (MUST be completed before 4/15/2016)

Let the new Hybrid Configuration wizard do it for you

You can use the latest Hybrid Configuration wizard (HCW) to configure your Exchange 2013 servers to work with the new TLS certificate. Just follow these steps:

1. If the Exchange 2013 servers handling hybrid mailflow are running Exchange 2013 CU8 or lower, follow the instructions in Updates for Exchange 2013 to install the latest cumulative update on at least one server.
2. After you install the latest cumulative update, download the new HCW application and run the wizard following the instructions here .

Note: For information on which releases of Exchange are supported with Office 365, see Hybrid deployment prerequisites.

Manual update

If you can’t upgrade Exchange 2013 to latest cumulative update right now (although we would like to remind you of our support policy), you can manually configure your servers to work with the new TLS certificate. On each Exchange 2013 server that’s used for hybrid mailflow, open the Exchange Management Shell, and run the following commands:

$rc=Get-ReceiveConnector |where {$_.TlsDomainCapabilities -like "*<I>*"}

Set-ReceiveConnector -Identity $rc.Identity -TlsDomainCapabilities "mail.protection.outlook.com:AcceptCloudServicesMail

Office 365 Hybrid Team

App-V 5.1 Hotfix 2 and 5.0 SP3 Hotfix 3 are available now and referenced in the same KB article: https://support.microsoft.com/en-us/kb/3139245

Full details, download and testing recommendations are available at the link above.

For Microsoft Application Virtualization 5.1 RTM, this hotfix package fixes the following issues:

• Issue 1
  The lock on the VFS folder was not getting released when the user logs off from the client service
• Issue 2
  Microsoft Office Click-to-Run apps can't be opened from SharePoint in Internet Explorer. Embedded Office Click-to-Run apps may crash
• Issue 3
  Press and hold (or right-click) app on taskbar, the app icon becomes blank.
• Issue 4
  Provide mitigation for apps which don't handle long paths correctly.
• Issue 5
  Enable users to create multiple instances of Office 2016 Click-to-Run apps.
• Issue 6
  Re-enable APP-V 5.1 Management server address "http://localhost:<port>/packages" and "http://localhost:<port>/packagesummary"
• Issue 7
  The Confirmparameter is ignored when the Groupsparameter is null for Grant-AppvServerPackage command. Use the newly added Forceparameter to avoid the "Confirm Action" dialog.

For Microsoft Application Virtualization 5.0 SP3, this hotfix package fixes the following issue:

• Issue 1
  Microsoft Office Click-to-Run apps can't be opened from SharePoint in Internet Explorer. Embedded Office Click-to-Run apps may crash.

For a particular folder you synced with the OneDrive for Business client, you see the following symptoms:

• A red x indicator sometimes appears on the folder structure that contains the files (this indicator may not show up each time)
• When you store files or folders in a folder in the document library, they may move to the root location instead.

For example, as you go down the layers of the subfolders it may look similar to this:

When you right click on OneDrive for Business cloud icon in the notification area, and then select view sync problems, you may see errors like these:

Why this happens

This behavior indicates that files or folders were shared with you, but you do not have permissions to the library. When you are in a SharePoint Online document library, you can Share either files or folders.  This will set unique permissions for those files or folders. For users that access the library only through the browser, the customized permissions on Shared files or folders will work.  However, they may not be sufficient for all operations of the client application, which needs to be able to find information on the folder tree. The most common issue occurs when the OneDrive for Business sync client cannot find the target folder for an uploaded item. In this case, it will save it to the root folder to prevent data loss.

In general, people with permissions to only a file or folder in a SharePoint library should not sync that library with OneDrive for Business. However, it can be made to work with further manual customization.

Solutions

If you want to continue syncing with the OneDrive for Business app, then you have following three options to resolve this:

• Use Browser access and Explorer View (Open with Explorer)
• Use a separate Document library
• Provide adequate permissions throughout the folder structure

Details follow.

Use a separate Document library

To avoid this issue, do not use folder permissions to provide access to a limited set of files. Instead, create a new document library for each folder that requires unique permissions. You will need to give access permissions at the document library level so that the folders and files inherit the permissions from the parent level. 

See this TechNet article for more details: Create a document library

Example

 Document Library <<<<<<<<<<<< give permissions here

ParentFolder0 (PF0)

 Subfolder0 (SF0)

 SF1

PF1

 SF0

 SF1

PF3

 SF0

 SF1

Provide adequate permissions throughout the folder structure

All the folders and files above the target location need ‘View only’ or better permissions.

See this TechNet article for more details: Understanding permission levels

Example:

Give permissions at the root parent folder and have those permissions inherit to everything below.

Document Library

ParentFolder0 (PF0) << give permissions here

 Subfolder0 (SF)

 SF1

PF1 <<<<<<<<<<<< give permissions here

 SF0

 SF1

PF2 <<<<<<<<<<<< give permissions here

 SF0

 SF1

For many application packagers, virtual application sequencers, and general IT pros, the concept of actual “debugging” can take on many meanings. Often the words “troubleshooting” and “debugging” are interspersed – especially when reading articles and blogs dealing with the topic of trying to dissect what may be occurring when a virtual application is not functioning as expected. When we speak of the word “debugging” in the context of its meaning with regards to programming and compiled software code, it is simply the dissection and reverse engineering of binaries to determine the root cause of an issue or basically “find the bug” in the code.

The level of depth may vary depending on the tools being leveraged and the amount of access to code or symbols. For example, open-sourced code projects on the web are very easy to debug because – well – the code is distributed alongside of the binaries. In addition, special files called “symbols” are also often available if need be. This is especially helpful in the world of Windows debugging. For Closed-Source binaries – like Windows, access is limited to what API’s are exposed and documented within MSDN, the SDK’s, and publically available symbol files. Still, this tremendously aids our ISV partners when they are troubleshooting issues with their own code running on top of the Windows platform.

Enter the Virtual Application

What makes this especially complex in the world of virtual applications is that the surface area expands to not only include the original application but also the virtualization engine that is maintaining its sandbox – specifically its isolation and/or state separation mechanisms. With this, you have essentially increased your variables for issues. Whereas a native application involves one vendor; running on top of another vendor’s operations system, a virtual application now deals with potentially three different vendors (not even counting the potentially amount of 3rd-party vendors that could also be hooked into the kernel via filter and device drivers.) In the case of Microsoft and App-V, if the application being virtualized is a Microsoft application, there are unlimited resources internally to work on that application. In most cases, that represents less than one-hundredth of one percent of the applications out there in the ecosystem – at best. Most cases, the application is external. When that is the case, the debugger must determine the following:

Is the application open sourced or closed source?

If the application is open-sourced, the application can be easily investigated alongside the virtualization subsystems and likely debugged pending that the individual doing the debugging understand the source code and has the proper tools to debug the application from within the share operating system (in the case of App-V – that would be Windows.)

If the application is closed source, what resources are available from the vendor?

This is where it can be challenging. When you are debugging a closed source application running virtually, it requires significant insight into the application – especially if the application is running in native code. While Microsoft makes public symbols available for ISV’s to help with debugging, often the opposite is not true. As a result, the debugging is “best-effort” at best and is usually limited to basic reverse engineering tools like Process Monitor, API Monitor, or DbgView. One exception to this - that I have encountered - have been situations where the application encounters specific issues when virtualized – and those issues cannot be reproduced on a natively installed instance of the application. In those cases, the focus can shift to the virtualization engine however, even in these situations, working in triangulation with the application vendor yields more success – much quicker.

Is the application using a 3^rd-party application virtualization engine by a vendor different from the vendor of the underlying operating system?

In this scenario, the application is written by one vendor, running on top of an operating system by a different vendor, and then sandboxed using an application virtualization by yet another vendor. In the case of Windows, the application is using a non-Microsoft virtualization solution. There have been many times where I was working support for App-V and a customer would call in with an issue they were having virtualizing a version of Office or Visual Studio on a non-Microsoft platform. I would always re-direct the customer to the vendor of the app virt stack – even though we were the vendor of the application being virtualized as well as the underlying operating system. I would then direct the customer to reach out to the Office or Visual Studio team as well to work in triangulation.

Relationships of Application to Support Vendors

When debating the best source for debugging virtual applications, please feel free to leverage the following matrix I constructed to assist you in reaching out to the most likely resources that will be able to help resolve the issue.

The reason I make the above recommendations is because at some point the application, the application virtualization engine, or even perhaps the operating system may require some debugging – especially if there is a potential bug. If the resources troubleshooting the issue do not have access to the resources and tools needed to debug the issue – then you are essential throwing darts against the wall – and it will lead you potentially down a rabbit hole.

Why Discuss Debugging?

I have decided to start discussing the topic of virtual application debugging to serve the following purposes:

1. To demystify the concept for application packagers and IT Pros in the Application Virtualization space. There are tools and concepts that can help these professionals to further arm their skills and enhance their arsenals and toolboxes.  Many reverse engineering tools such as ProcMon can only go so far.

2. To aid software vendors in how to debug applications running under App-V and how their applications may be affected.

1. To aid customers in how to gather and collect the appropriate debugging information to help Microsoft and other software vendors diagnose issues, isolate root cause, and resolve problems and bugs quicker.

Next Up Part 2: Types, Modes, and Situations

Old Project realized

A month ago I reinstalled one of my PC's and thought of a project I started but never finished many years ago. It was when I found out about autorunsc.exe , one of the many awesome tools from the Sysinternals suite and the creator Mark Russinovich, when I thought of an idea to keep track of all additions to my Windows installation. Any additions to it that had any effect on my boot process or that started any processes at startup. With this information I would be able to determine when I had additions I didn’t approved nor expected.  Then I could simple remove these binaries or uninstall the guilty application.

Now, I have a slightly different approach. Besides catching all additions to the auto-runs in my Windows installation I also would like to know what executables are signed or not and if these could be a threat to me. I'm thinking of malware and vicious code. I think autorunsc.exe can do a fantastic job here with all its features, especially with some of the new features and the combination with another awesome tool, also from Sysinternals, Sigcheck.

Some  of the  things Autorunsc do:

• List all drivers, processes, scheduled tasks, boot drivers , logon startups and auto-runs.

• Check if the image of the executable is signed or not.

• Check the hash of the image.

Link to Autoruns :https://technet.microsoft.com/en-us/sysinternals/bb963902

Some  of the  things SigCheck do:

• Verify signatures.

• Check the image against Virus Total, a free online virus, malware and URL Scanner.

Link to SigCheck:https://technet.microsoft.com/en-us/sysinternals/bb897441

With a combination of both:

Scan my entire system auto-runs against Virus Total, i.e. the things Autorunsc.exe collects:

• Boot execute.

• Codecs.

• Appinit DLLs.

• Explorer addons.

• Sidebar gadgets (Vista and higher)

• Image hijacks.

• Internet Explorer addons.

• Known DLLs.

• Logon startups (this is the default).

• WMI entries.

• Winsock protocol and network providers.

• Office addins.

• Printer monitor DLLs.

• LSA security providers.

• Autostart services and non-disabled drivers.

• Scheduled tasks.

• Winlogon entries. 

Powershell - There's nothing PowerShell can't do!

Powershell comes to help once again. By using PowerShell I built a wrapper around these two Sysinternals tools (Autrunsc.exe and SigCheck.exe) plus some GUI to provide you with notifications when you got new binaries on your system.

 The processs:

• Use Scheduled Tasks to run the script at:
  • Boot(Analyze autoruns) .
  • User Logon (Notifications).

• One Powershell script that does all the job.

• The script scan the machine with Autorunsc.exe.

• Generates CSV output.

• Compares CSV inbetween boots.

• The script finds any differences.

• The script sends the user notifications when:

  • New Unsigned Non-Microsoft Binaries added.

  • New Unsigned Microsoft Binaries added.

  • Files with New Hash and  Unsigned Binaries added.

  • New Non-Microsoft Binaries added.

  • New Microsoft Binaries added.

• Provide a UI to see the added files and a summary.

• With the list of additions you can run a check against Virus Total. 

The value this script provides

• Scan the entire system auto-runs with Virus Total.

• Creates an offline file for scanning entire system auto-runs with Virus Total, when no internet is available.

• Notifications when additions to the system are added.

• A Summary of additions over every boot.

• Summary of current additions with information about what kind of modifications done. 

Requirements

These are the requirements.

• PowerShell

• Sysinternals Autorunsc v13.51 (or newer) - Autostart program viewer.

• Sysinternals Sigcheck v2.50  (or newer) - File version and signature viewer.

• Internet connection if you will run a check against Virus Total.

• Important! Once run Sigcheck -v <any file> and accept the agreement with Virus Total, if you do agree of cause :). 

• Important!Agree to Autorunsc.exe EULA.

• Important! Agree to SigCheck.exe EULA.

Run the PowerShell script once and it will prompt you with the option to agree to the EULA and to use Virus Total.

Tip! :  I would recommend the nice script Update-sysinternals.ps1 to keep your Sysinternals tools updated.

Modify the following command in the script to something like this.

Update-Sysinternalshttp -ToolsLocalDir "c:\Sysinternals"

https://gallery.technet.microsoft.com/scriptcenter/Another-Sysinternals-Tools-aa288439 

Config

To run this you have to put these two files, Autorunsc.exe and SigCheck.exe,  in a folder on your drive,  the expected path is C:\Sysinternals but it's configurable.

 1.      First run must include the "-Analyze" switch . This is needed after each boot since it will collect all auto-runs.

Verify-Autoruns.ps1 -Analyze

Or

Verify-Autoruns.ps1 -Analyze -Dir <folder path to Autorunsc.exe and SigCheck.exe>

 2.      Once we have collected data we can run the script without scanning if we just want to get notifications and summary 

Verify-Autoruns.ps1 

Or if we want notifications even if nothing has happend: 

Verify-Autoruns.ps1 -Icon 

I also suggest you put the script in the same directory, but it is not a requirement ,though it must be configured in the scheduled task. 

You can schedule a task in that runs at every boot.

This is the action for the task:

Program: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Arguments: -ExecutionPolicy Unrestricted -File "C:\Sysinternals\Verify-Autoruns.ps1" "-Analyze"

If you want you can just import the exported Scheduled Task provided : Verify Autoruns - Analyze Boot.xml included in the attached file VerifyAutoruns_ScheduledTaskExports.zip 

You can also schedule a task in that runs at every logon to provide the user that logons with notifications.

Program: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Arguments: -Nologo -WindowStyle Hidden -ExecutionPolicy Unrestricted -File "C:\Sysinternals\Verify-Autoruns.ps1" "-Icon"

If you want you can just import the exported Scheduled Task provided : Verify Autoruns - Verify.xml  included in the attached file VerifyAutoruns_ScheduledTaskExports.zip 

Output from Verify-Autoruns

What will this powershell script generate:

• A CSV file with all the autoruns on the system in a folder called C:\AutorunsLogs (Can be customized). Example: AutorunsC_20160210-0925.csv

Verify-Autoruns.ps1  -LogDir <folder path to all logs>

• A CSV file with any new files added . This will require that you have at least two boot scans created, there's only going to be one file for each boot. Example file: AutorunsC_New_20160210-0950.csv

• A CSV file with the collected summary of all added files, i.e. the contents of all AutorunsC_New.. files.

• SigCheck input CSV file for offline systems that can not access to internet. This file can be moved and run on internet connected systems for checking with Virus Total.

• Notifications Icon.

• Ballon Notifications.

• Report Window.

• Summary Window. 

Notifications Icon

This Shield icon in the task bar let you access three things:

• The Report Window.

• The Summary of the last run.

• Windows Reliability Monitor (This tool can provide you with events on your system that might have caused one of the additions to the auto-runs)

Balloon Notifications

The following notifications are fired at detection. This will require that you have at least two boot scans created, there's only going to be one file for each boot.

• New Non-Microsoft Files that are not signed

• Files with new Hash that are not signed

• New Microsoft files that are not signed

• New Non-Microsoft files added

• New Microsoft files added

Report Window

Here can you view the files added to autoruns. You can also:

• View a summary of the last boot.

• View the logfile.

• Check the new files against Virus Total. Requires Internet. (Requires SigCheck.exe ver 2.50 in the same  folder as Autorunsc.exe).

• Check all current autoruns against Virus Total .Requires Internet. (This might take a while).

Summary Window

This list shows the results from the latest analysis.

Virus Total Check Window

This is a table with the results from Virus Total. The column VT Detection will let you know the detection ratio. How many indications of the binary to be "unsecure" in ratio with the number of sources of information.

This picture shows the Virus Total outcome of the new addtions to Windows from the latest boot.

Scan the entire systems auto-runs against Virus Total

If you like to scan all binaries that the system runs at boot and startup you can do it from the Report Window, just click "Check All System Autoruns with Virus Total", or you can do it directly from the Powerhshell command line.

Command:

PS C:\Sysinternals> .\Verify-Autoruns.ps1 -SystemCheck 

This action might take a while since there are many files to be checked over internet. 

Or if no internet connection is possible:

 PS C:\Sysinternals> .\Verify-Autoruns.ps1 -SystemCheck -Offline

The output from this command can be used with SigChekc on a internet connected system like this:

SigCheck.exe -o -v VTInput.csv > VTResult.csv

This output will file contain the VT Detection ratio for each file. It's a CSV file that's best suitable for opening in Excel or similar.

Summary

With this script running on my PC's I can easily determine all the auto-runs added, even over time. But the coolest feature according to me is that you can scan the entire systems auto-runs against Virus Total online or offline.

This script does of course not replace any antivirus or malware software. I use it on all my PC's as an additional control and nice to have.

The script is available at TechNet Script Center here.

Not that I'm counting but I just realized one of my blog posts actually is closing in on 100k views. For over four years its been averaging up to 100 views on weekdays. Along with all the positive feedback I receive in comments, and when I meet you somewhere in the world, when I see my posts refered to in official support answers, education tutorials, cited by Mary Jo Foley - those are the things that makes an old blog enthusiast happy.

You might want to check out some of the other popular blog posts. Not all of them are recent, mind you (can be close to five years old, things change). But some of them have updated 'cousins' - eg "Office 365 - comparing P, M and E plans" has a newer cousin "Compare the features in Office 365 across services"

One frequent reality in many intrusions is that attackers don’t target the data they are interested in directly; they target the security controls designed to protect them.  That is, the very solution InfoSec professionals craft to protect assets from risks become the means by which the attackers are able to access them.  They steal legitimate credentials of elevated accounts. They target the account management system.  They use security data such as access control lists and security group memberships to target users for compromise. How did the InfoSec solution become the InfoSec problem?

The Key Aspects that Undermine Security Controls

The protection of information in a network has been long studied by information security professionals. There are lengthy standards, numerous certification regimes, and a bevy of security control solutions for risk management problems.  It is the application of these InfoSec methods without due consideration of the following aspects that leads to networks where the choices in individual risk management decisions fail to create a defensible system:

1. Lack of recursive threat modeling

2. Security controls with dependencies that resemble a complex IT org chart

3. The difficulty in visualizing the security dependency graph, especially as it changes

This doomed security control system then becomes the interim target of intrusions because of its power over the assets the attackers ultimately seek.

Lack of Recursive Threat Modeling

Part of an information security program is defining critical assets and threat modeling risks.  These risks are then minimized by the application of one or more security controls—authentication, access control, vulnerability scanning, and so forth. A critical aspect, however, is that these controls have their own risks. Security controls are not a magical, impenetrable substance.  The controls to protect information and systems are themselves information and systems. 

For example, to protect a sensitive document repository, one might employ access controls and authentication (the access control list, account database, and secrets are information), deploy encryption technology (the keys, their storage, and escrowed instances are information), install a data loss prevention system (an appliance with its own operating system and information), and check for weaknesses with a vulnerability scanner (another system with its own information). 

The selection of controls must be recursively and holistically threat modeled for completeness.  This difficulty in doing this can be exacerbated if the subject matter expertise to do the threat modeling is different at every layer. For example, an InfoSec practitioner using a Data Loss Prevention solution to mitigate sensitive data leaving the network may be an expert on SOX, PCI, and categories of customer PII, but they may not be an expert on the security implementation requirements of a Linux based appliance they procured.  Controls come with risks and must be treated accordingly. 

The Org Chart of IT Creates a Graph of Security Dependencies

Once networks get to a certain size, IT organizations specialize. Endpoint management is handled by one team, whereas the data center is handled by another.  Vulnerability scanning is handled by a dedicated team and identity management by another.  These teams tend to have their own support infrastructure.    InfoSec controls are not separable from IT.  This matrix that exists at an organization level expresses itself as a graph of security dependencies at the information level.  For example, the vulnerability scanning systems may use a “god account” that has admin rights on every host in the network to scan for weaknesses.  The vulnerability scanners may be patched or backed up by a different IT team with admin rights to them.  The vulnerability scanner servers are accessed with admin rights from a set of endpoints that are managed by yet another IT team who has control over those endpoints.  The matrix of IT services arising from domain specialization creates a lattice of critical dependencies, each of which can present opportunities for lateral movement.  If the dependencies of the security controls resemble the complexity of the org chart, it’s time to simplify.

The Difficulty of Visualizing Security Dependencies

Security dependencies are often difficult to see.  Identifying the security dependencies of a host involves significant subject matter expertise to inventory the critical settings: the file servers hosting scripts run on every user logon, the background service that pulls down executables from upstream servers to update themselves, the network printers used by the host that cause it to download and install device drivers, and so on.  Networks are very dynamic.  The provisioning or decommissioning of systems affects the graph.  User login behavior and where credentials are used can vary.  Changes in network connectivity or domain trusts can affect it.  There are hidden edges in the graph—an unpatched server or appliance effectively creates new edges in the dependency graph.  The reuse of a password across different trust domains creates a hidden link.  If you can’t manage what you don’t measure, you can’t prune a graph you’re not visualizing.

This is exacerbated in many environments because the fulfillment of compliance requirements does not leave InfoSec professionals enough time to do the analysis necessary to protect a living network. Management support affects this greatly. If achievement of conformance with various InfoSec standards is all that management supports, then the talent, time, and analysis to ensure the details are right won’t be there.  Analysis of this kind requires whitespace from other compulsory activities.

How do Successful Defenders Cope?

Despite these obstacles, I find defenders at many organizations able to cope with these challenges.  Here are the practices I see in them:

1. They manage from the terrain, not the map.  They seek to know what’s truly running in their network, not just the services that IT officially manages.

2. They better manage isolation and compartmentalization leading to fewer spaghetti dependencies to manage.  They reduce the number of ingress and egress paths to remove duplication.

3. They have a bench of subject matter experts to do the required threat modeling.  They know they can’t secure things they don’t understand. Any technology indistinguishable from magic has no place on their network.

4. They have a keen appreciation of the difference between the risks of Murphy and Satan.  “Murphy risks” cause problems but ones that are not intentional in nature—for example an outage or commodity malware landing opportunistically on a host in the network.  “Satan risks” are risks with intent. There is an active adversary.  InfoSec security control selection does well against Murphy, but requires different thinking for Satan.

5. They have a heavy emphasis on detective controls that look for abuse of legitimate access. They “Assume Breach” and work from the assumption that their controls will be compromised and are prepared to work the kill chain starting at the end first.

6. They have management support for the whitespace required to analyze and defend a complex system. Compliance requirements, while mandatory, are seen as necessary but not sufficient.

7. They embrace the matrix and coordinate well across their peer IT teams and users of the network.

8. They employ penetration testing but instead of treating it as a report card, an output, they treat it as an input. They use pentesting in a diagnostic way informing a comprehensive security program.

9. They do attack research.  They know that knowledge on how to find vulnerabilities and assess their exploitability is just as valuable for defenders as it is for attackers.  Their blue teams bleed red and their red teams bleed blue.

10. They actively manage their graph. They reduce the number of standing administrators.  They consider the attack surface of their defense. 

Until InfoSec teams are better able to handle the aspects of recursive threat modeling, deal with the matrix effects of IT, visualize their security dependencies better, and find the whitespace to do it all, security controls will continue to be a primary attack surface targeted by attackers in intrusions.  InfoSec regimes also need to do a better job at documenting successful methods and practices for doing this kind of analysis.  It’s critical to get right, because that’s the Defender’s Mindset.

-----

This blog expands on a topic from this tweet: https://twitter.com/JohnLaTwC/status/699304590500634625

Thanks to Tal Be'ery (@TalBeerySec) from the Microsoft ATA team, Adam Shostack (@adamshostack), and Erica E for reviewing a draft of this post.

Is it possible to use the Configuration Manager migration feature to migrate objects from a Configuration Manager 2012 site to a Configuration Manager Current Branch site? 

In the past, the migration feature of CM has required that (unless you were migrating from CM 2007) that the source and target be the same version of CM 2012.  Reference here https://technet.microsoft.com/en-us/library/gg682006.aspx  "Beginning with System Center 2012 Configuration Manager SP1.....migrate from System Center 2012 Configuration Manager infrastructure to another deployment of Configuration Manager that runs the same version."

Suppose you are currently running CM 2012 and want to build a new parallel hierarchy to run CM CB and then migrate objects over.  This may be a common scenario due to OS requirements for CM CB (Server 2012 or later) and SQL 2012 (or later).  Now, CB 1602 will allow you to perform an inplace OS upgrade (say from Server 2008 to Server 2012) but most customer aren't comfortable with upgrading a server OS, they would rather start with a fresh install.  So, if the prior migration guidance still applies, you would have to either:

• upgrade source CM 2012 to CM CB, install target CM CB site, then migrate
• keep source site at CM 2012, install CM 2012 on target site, migrate and then upgrade target site to CB.

Those aren't bad solutions, just has some extra steps that would be nice to avoid.  Luckily, CM CB supports migration from a CM 2012 source site. Reference https://technet.microsoft.com/en-us/library/mt593351.aspx#BKMK_SupportedMigrationVersions&nbsp 

"You can migrate data from a source hierarchy that runs any of the following versions of Configuration Manager:

• Configuration Manager 2007 SP2
• System Center 2012 Configuration Manager SP2 or System Center 2012 R2 Configuration Manager SP1
• A System Center Configuration Manager hierarchy of the same or lesser version of System Center Configuration Manager"

That's great news.  I've tested this in my lab and seems to work on CB 1511 when I migrated from a CM 2012 R2 SP1 site.  Monitor the migmctrl.log and you will see lots of Query against Legacy Site messages.  I hope you find this helpful

Prêmio Maiores Revisores  Quem fez mais revisões individuais

#1 Lucas Samrsla com 16 revisões.

#2 Felipe Augusto L O com 8 revisões.

#3 Rafael Bandeira de Oliveira com 6 revisões.

Prêmio Artigos mais atualizados   Quem atualizou mais artigos

#1 Lucas Samrsla com 5 artigos.

#2 Rafael Bandeira de Oliveira com 2 artigos.

#3 Peter Geelen - MSFT com 1 artigos.

Prêmio Maioria dos artigos atualizados  A maior quantidade de conteúdo atualizado em um único artigo

O artigo a ter a maioria das mudanças esta semana foi Guia de sobrevivência da certificação MCSA/MCSE Windows Server 2012 R2, escrito por Salomão Ribeiro

O revisor desta semana foi Ed Price - MSFT,

O artigo a ter a maioria das mudanças esta semana foi Diferença de Software e Aplicativo, escrito por Mauricio Junior - MCP, MCAD, MVP Microsoft

O revisor desta semana foi Ed Price - MSFT,

O artigo a ter a maioria das mudanças esta semana foi Não é possível se conectar ao servidor via RDP, escrito por Rafael Bandeira de Oliveira

O revisor desta semana foi Ed Price - MSFT,

Prêmio Artigo com mais longa atualização  O artigo mais atualizado desta semana

O artigo que obteve maior atenção esta semana foi Guia de sobrevivência da certificação MCSA/MCSE Windows Server 2012 R2, escrito por Salomão Ribeiro

O revisor desta semana foi Ed Price - MSFT,

O artigo que obteve maior atenção esta semana foi Diferença de Software e Aplicativo, escrito por Mauricio Junior - MCP, MCAD, MVP Microsoft

O revisor desta semana foi Ed Price - MSFT,

O artigo que obteve maior atenção esta semana foi Não é possível se conectar ao servidor via RDP, escrito por Rafael Bandeira de Oliveira

O revisor desta semana foi Ed Price - MSFT,

Prêmio Maioria dos artigos revisados  Artigo com mais revisões em uma semana

Esta semana, a maioria que brincava com artigo é Instalação, escrito por Jorge Barata [JB]. Ele foi revisto 8 vezes na semana passada.

Os revisores desta semana foram Peter Geelen - MSFT& Lucas Samrsla

Esta semana, a maioria que brincava com artigo é F# - Conhecendo o mecanismo de Type Inference e a organização de arquivos, escrito por Felipe Augusto L O. Ele foi revisto 7 vezes na semana passada.

O revisor desta semana foi Felipe Augusto L O,

Esta semana, a maioria que brincava com artigo é Windows Server 2012 R2 – Windows cannot install required files. Error code: 0x80070570, escrito por Rafael Bandeira de Oliveira. Ele foi revisto 3 vezes na semana passada.

O revisor desta semana foi Rafael Bandeira de Oliveira,

Esta semana, a maioria que brincava com artigo é Como Manter Seu Computador Atualizado e Seguro, escrito por Luciano Lima [MVP] Brazil. Ele foi revisto 3 vezes na semana passada.

Os revisores desta semana foram Antero Marques& Ana Gauna

Esta semana, a maioria que brincava com artigo é Plataformas, escrito por Jorge Barata [JB]. Ele foi revisto 3 vezes na semana passada.

O revisor desta semana foi Lucas Samrsla,

Esta semana, a maioria que brincava com artigo é Como descobrir se um arquivo está corrompido, escrito por Rafael Bandeira de Oliveira. Ele foi revisto 1 vez na semana passada.

O revisor desta semana foi Rafael Bandeira de Oliveira,

Esta semana, a maioria que brincava com artigo é Desenvolvedor, não se Prenda a Tecnologias, escrito por Thiago A. C. Vidal. Ele foi revisto 1 vez na semana passada.

O revisor desta semana foi Thiago A. C. Vidal,

Esta semana, a maioria que brincava com artigo é Agenda de Publicações no Blog Wiki Ninjas Brasil, escrito por Fernando Lugão Veltem. Ele foi revisto 1 vez na semana passada.

O revisor desta semana foi Renato Groffe,

Esta semana, a maioria que brincava com artigo é Segurança, escrito por Luciano Lima [MVP] Brazil. Ele foi revisto 1 vez na semana passada.

O revisor desta semana foi Lucas Samrsla,

Esta semana, a maioria que brincava com artigo é Windows 10 - Como desativar a reprodução automática de mídias, escrito por Marcelo Strippoli. Ele foi revisto 1 vez na semana passada.

O revisor desta semana foi Ed Price - MSFT,

Prêmio do Artigo mais popular  Colaboração é o nome do jogo!

O artigo a ser atualizado pela maioria das pessoas desta semana é Desenvolvedor, não se Prenda a Tecnologias, escrito por Thiago A. C. Vidal

O revisor desta semana foi Thiago A. C. Vidal,

O artigo a ser atualizado pela maioria das pessoas desta semana é Como descobrir se um arquivo está corrompido, escrito por Rafael Bandeira de Oliveira

O revisor desta semana foi Rafael Bandeira de Oliveira,

O artigo a ser atualizado pela maioria das pessoas desta semana é Windows Server 2012 R2 – Windows cannot install required files. Error code: 0x80070570, escrito por Rafael Bandeira de Oliveira

O revisor desta semana foi Rafael Bandeira de Oliveira,

Welcome back for another analysis of contributions to TechNet Wiki over the last week.

First up, the weekly leader board snapshot...

As always, here are the results of another weekly crawl over the updated articles feed.

Most Revisions Award   Who has made the most individual revisions

#1 Steef-Jan Wiggers with 111 revisions.

#2 Ed Price - MSFT with 73 revisions.

#3 Ken Cenerelli with 40 revisions.

Just behind the winners but also worth a mention are:

#4 Peter Geelen - MSFT with 30 revisions.

#5 Ripon Kundu with 23 revisions.

#6 .paul. _ with 19 revisions.

#7 Erdem Avni SELÇUK with 16 revisions.

#8 Lucas Samrsla with 16 revisions.

#9 Eldert Grootenboer with 15 revisions.

#10 Jeff Ingalls with 10 revisions.

Most Articles Updated Award   Who has updated the most articles

#1 Steef-Jan Wiggers with 59 articles.

#2 Ed Price - MSFT with 37 articles.

#3 Ken Cenerelli with 31 articles.

Just behind the winners but also worth a mention are:

#4 Erdem Avni SELÇUK with 16 articles.

#5 Peter Geelen - MSFT with 11 articles.

#6 Ripon Kundu with 6 articles.

#7 Eldert Grootenboer with 5 articles.

#8 Lucas Samrsla with 5 articles.

#9 Recep YUKSEL with 4 articles.

#10 Richard Mueller with 3 articles.

Most Updated Article Award   Largest amount of updated content in a single article

The article to have the most change this week was Microsoft Azure Tool Inceleme (2 tool) (tr-TR), by Hasan DANIS - Cloud Computing

This week's revisers were Recep YUKSEL& Hasan DANIS - Cloud Computing

Hot off the press is this publication from Hasan. With a little input from TNWiki legend Recep, the TR community goes from strength to strength!

Longest Article Award   Biggest article updated this week

This week's largest document to get some attention is ASP.NET MVC User Role Base Menu Management Using WEB API And AngularJS, by SYEDSHANU

This week's revisers were SYEDSHANU, Steef-Jan Wiggers& Ken Cenerelli

An awesomely useful article here from Syed. A really good piece, with input from the best of the rest.

Most Revised Article Award   Article with the most revisions in a week

This week's most fiddled with article is VB.Net: OOP Calculator - calc2, by .paul. _. It was revised 16 times last week.

This week's revisers were .paul. _& Peter Geelen - MSFT

Some sensational VB.Net here from Paul, thanks for all your hard work!

Most Popular Article Award   Collaboration is the name of the game!

The article to be updated by the most people this week is TechNet Guru Contributions - February 2016, by XAML guy

Wow and wow again! Some great content coming in from some great authors! Pop over to the page and have a read through this month's contributions!

This week's revisers were lanax, Gaurav Kumar Arora, Eldert Grootenboer, Steef-Jan Wiggers, Ed Price - MSFT, Emiliano Musso, Brian Seekford, Pierre-Alexandre Braeken MCSE, Shreeharsh Ambli, Rakhi Jain& .paul. _

As Guru often wins, the article to be updated by the SECOND most people this week is System Center Configuration Manager (current branch): List of Public Microsoft Support Knowledge Base Articles, by RSC_phat

This was a good choice from the 3 edited articles. A great resource, worth bookmarking! Thanks RSC_phat!

This week's revisers were RSC_phat, Ken Cenerelli& Peter Geelen - MSFT

Ninja Edit Award   A ninja needs lightning fast reactions!

Below is a list of this week's fastest ninja edits. That's an edit to an article after another person

• Revision 32 of MIM 2016: Privileged Access Management (PAM) - FAQ was saved by Jeff Ingalls just 13 minutes after Ken Cenerelli
  
  Congratulations to Jeff Ingalls! Thirteen minutes is an easy win, well done Ken ;)
  Also in the top ten are:
  
  
• Revision 3 of VB.Net: OOP Calculator - calc2 was saved by Peter Geelen - MSFT just 29 minutes after .paul. _
• Revision 4 of VB.Net: OOP Calculator - calc2 was saved by .paul. _ just 30 minutes after Peter Geelen - MSFT
• Revision 31 of MIM 2016: Privileged Access Management (PAM) - FAQ was saved by Ken Cenerelli just 48 minutes after Jeff Ingalls
• Revision 24 of TechNet Guru Contributions - February 2016 was saved by .paul. _ just 85 minutes after Steef-Jan Wiggers
• Revision 28 of TechNet Guru Contributions - February 2016 was saved by Pierre-Alexandre Braeken MCSE just 264 minutes after Steef-Jan Wiggers
• Revision 34 of TechNet Guru Contributions - February 2016 was saved by Eldert Grootenboer just 317 minutes after Steef-Jan Wiggers
• Revision 26 of TechNet Guru Contributions - February 2016 was saved by Shreeharsh Ambli just 382 minutes after Rakhi Jain
• Revision 11 of Introduction to BizTalk360 Version 8.0 was saved by Eldert Grootenboer just 424 minutes after Steef-Jan Wiggers
• Revision 33 of TechNet Guru Contributions - February 2016 was saved by Steef-Jan Wiggers just 428 minutes after Ed Price - MSFT

Winner Summary   Let's celebrate our winners!

Below are a few statistics on this week's award winners.

Most Revisions Award Winner
The reviser is the winner of this category.

Steef-Jan Wiggers

Steef-Jan Wiggers has been interviewed on TechNet Wiki!

• 07 Nov '11: interview-with-a-biztalk-mvp-wiki-ninja-steef-jan-wiggers
• 11 Nov '13: interview-with-biztalk-guardian-steef-jan-wiggers-integration-mvp-and-technet-guru-medal-winner

Steef-Jan Wiggers has featured articles on TechNet Wiki!

• 15 Sep '13: Provisioning BizTalk Services Using the Microsoft Azure Management Portal
• 09 Oct '13: BizTalk Server 2013: Connect to Window Azure Blob Storage
• 13 Nov '13: BizTalk Server 2013: WCF-SQL Executing a Stored Procedure in Windows Azure SQL Database
• 30 Nov '13: Windows Azure BizTalk Services EAI Bridges – Diagnostics
• 12 Dec '13: BizTalk Server 2013: Connect to Window Azure Blob Storage
• 02 Jan '14: Azure BizTalk Services Operations: Backup and Restore
• 22 Jan '14: Azure BizTalk Services EAI Bridges – Diagnostics

Steef-Jan Wiggers has won 22 previous Top Contributor Awards. Most recent five shown below:

• 20 Feb '16: Most Revisions Award
• 20 Feb '16: Most Articles Updated Award
• 30 Jan '16: Most Revisions Award
• 30 Jan '16: Most Articles Updated Award
• 17 Jan '16: Ninja Edit Award for wiki-ninjas-blog-authoring-schedule

Steef-Jan Wiggers has TechNet Guru medals, for the following articles:

• In Jul '13: Provisioning BizTalk Services using the Windows Azure Management Portal
• In Jul '13: BizTalk Server 2013: Sign and verifying a message
• In Aug '13: BizTalk Server: Importing Certificates
• In Sep '13: BizTalk Server 2013: WCF-SQL executing a stored procedure in Windows Azure SQL Database
• In Oct '13: BizTalk Server 2013: Connect to Window Azure Blob Storage
• In Nov '13: Windows Azure BizTalk Services EAI Bridges – Diagnostics
• In Dec '13: Managing Windows Azure BizTalk Services with REST API
• In Jan '14: BizTalk Services Bridges – Troubleshooting
• In Feb '14: Windows Azure BizTalk Services Operations: Backup and Restore
• In Mar '14: Windows Azure BizTalk Services: Pulling Messages from a Service Bus Queue
• In Apr '14: Testing WCF Service endpoints hosted in BizTalk with SOAPUI
• In May '14: Exposing data through BizTalk Service Hybrid Connections
• In Jun '14: BizTalk Server: Custom Archiving
• In Jul '14: Securing BizTalk endpoints leveraging Sentinet API Management Part 1
• In Oct '14: Securing BizTalk endpoints leveraging Sentinet API Management Part 3
• In Nov '14: BizTalk Server 2013 - SQLExecute Oracle 11g XE using the BizTalk Adapter Pack
• In Dec '14: Custom pipeline optimization using the Virtual Stream class
• In Jan '15: BizTalk Server 2013 R2 JSON support and integration with Cloud API's
• In Feb '15: BizTalk Server 2013 R2 Instrumenting a custom pipeline component with ETW
• In Feb '15: BizTalk Server 2013 R2 Instrumenting BAM Activity Tracking with ETW
• In Feb '15: BizTalk Server 2013 R2 Instrumenting a custom pipeline component with ETW
• In Feb '15: BizTalk Server 2013 R2 Instrumenting BAM Activity Tracking with ETW
• In Mar '15: BizTalk Server 2013 R2 Instrumenting an orchestration with ETW
• In Mar '15: View BizTalk Send Port Subcriptions
• In Jun '15: BizTalk De-batching Options
• In Jun '15: Microsoft Azure: Building a Logic App
• In Aug '15: Azure WebJobs: ServiceBusTrigger

Steef-Jan Wiggers's profile page

Most Articles Award Winner
The reviser is the winner of this category.

Steef-Jan Wiggers

Steef-Jan Wiggers is mentioned above.

Most Updated Article Award Winner
The author is the winner, as it is their article that has had the changes.

Hasan DANIS - Cloud Computing

This is the first Top Contributors award for Hasan DANIS - Cloud Computing on TechNet Wiki! Congratulations Hasan DANIS - Cloud Computing!

Hasan DANIS - Cloud Computing has not yet had any interviews, featured articles or TechNet Guru medals (see below)

Hasan DANIS - Cloud Computing's profile page

Longest Article Award Winner
The author is the winner, as it is their article that is so long!

SYEDSHANU

SYEDSHANU has been interviewed on TechNet Wiki!

• 14 Dec '15: interview-with-a-wiki-ninja-author-and-net-expert-syed-shanu

SYEDSHANU has won 4 previous Top Contributor Awards:

• 20 Feb '16: Longest Article Award for asp-net-mvc-user-role-base-menu-management-using-web-api-and-angularjs
• 06 Feb '16: Longest Article Award for asp-net-mvc-user-role-base-menu-management-using-web-api-and-angularjs
• 06 Dec '15: Longest Article Award for dynamic-pivot-grid-using-mvc-angularjs-and-web-api
• 07 Nov '15: Longest Article Award for mvc-angularjs-masterdetail-crud-filter-and-sorting-using-web-api-2-with-stored-procedure

SYEDSHANU has TechNet Guru medals, for the following articles:

• In Sep '15: Windows 10 Universal App Development for Name Puzzle Game
• In Sep '15: DataGridView Gantt style chart using C# Winform
• In Oct '15: Group Messaging For Samsung Gear Using MVC Web API And AngularJS
• In Oct '15: Audio, Video and YouTube Video Player in C# Windows Forms
• In Oct '15: Master Detail DataGridView C# Winform

SYEDSHANU has not yet had any featured articles (see below)

SYEDSHANU's profile page

Most Revised Article Winner
The author is the winner, as it is their article that has ben changed the most

.paul. _

.paul. _ has been interviewed on TechNet Wiki!

• 28 Jul '15: interview-with-a-wiki-ninja-amp

.paul. _ has featured articles on TechNet Wiki!

• 04 Apr '14: masterMind Game

.paul. _ has won 7 previous Top Contributor Awards. Most recent five shown below:

• 20 Feb '16: Most Revised Article Award for vb-net-oop-calculator-calc2
• 17 Oct '15: Ninja Edit Award for c-finding-common-multiple-and-highest-common-factor-lcm-hcf
• 25 Aug '15: Most Popular Article Award for c-triangle-solver
• 26 Jul '14: Most Revised Article Award for simple-database-login-system
• 26 Apr '14: Most Revised Article Award for mastermind-game

.paul. _ has TechNet Guru medals, for the following articles:

• In Aug '13: searchableComboBox Control
• In Sep '13: Maths Revision V1.0
• In Sep '13: VerticalLabel Control
• In Nov '13: Shapes - Areas + Volumes
• In Jan '14: DataBinding
• In Apr '14: masterMind
• In Jul '14: Simple_database_LogIn_system
• In Oct '14: Image balloonTips
• In Oct '14: Image Arrow Pointers
• In Dec '14: Hexagonal Grid Patterns
• In Jan '15: tictactoe
• In Jan '15: Console BlackJack cs
• In Mar '15: Factorizing Quadratic Equations (practice and solver)
• In May '15: Multi-page DGV Printing
• In Jun '15: Decimal Places / Significant Figures
• In Jul '15: Triangle Solver
• In Jul '15: C# Triangle Solver
• In Aug '15: Household Budgets
• In Aug '15: Creating Custom Controls
• In Sep '15: CheckBoxColumn Select All Demo
• In Oct '15: LCM-HCF
• In Oct '15: LCM-HCF cs

.paul. _'s profile page

Most Popular Article Winner
The author is the winner, as it is their article that has had the most attention.

XAML guy

XAML guy has been interviewed on TechNet Wiki!

• 23 Oct '12: interview-with-2-wikininjas-peter-laker-amp-ana-paula-de-almeida
• 28 Oct '13: interview-with-quot-xaml-guy-quot

XAML guy has featured articles on TechNet Wiki!

• 11 Nov '12: TechNet Wiki Widget (Windows 8)
• 23 Nov '12: Blackboard Design Pattern: A Practical Example - Radar Defense System

XAML guy has won 101 previous Top Contributor Awards. Most recent five shown below:

• 20 Feb '16: Most Popular Article Award for technet-guru-contributions-february-2016
• 14 Feb '16: Most Popular Article Award for technet-guru-contributions-february-2016
• 06 Feb '16: Most Popular Article Award for technet-guru-contributions-january-2016
• 30 Jan '16: Most Popular Article Award for technet-guru-contributions-january-2016
• 17 Jan '16: Most Popular Article Award for technet-guru-contributions-january-2016

XAML guy has TechNet Guru medals, for the following articles:

• In Jun '13: WPF: How to manage available/selected lists. Simple examples. MVVM and Code behind
• In Jul '13: WPF Data, Item and Control Templates - Minimum code, maximum awesome
• In Aug '13: Best ComboBox Tutorial Ever
• In Oct '13: WPF: Watermarked TextBox and PasswordBox
• In May '14: TechNet Guru Competition: Judge System Explanation
• In Jun '14: History and Technology Behind the TechNet Wiki Ninja Belt Calculator
• In Mar '15: Convert and Edit Microsoft Office Live Meeting Recordings

XAML guy's profile page

RSC_phat

This is the first Top Contributors award for RSC_phat on TechNet Wiki! Congratulations RSC_phat!

RSC_phat has not yet had any interviews, featured articles or TechNet Guru medals (see below)

RSC_phat's profile page

Ninja Edit Award Winner
The author is the reviser, for it is their hand that is quickest!

Jeff Ingalls

Jeff Ingalls has won 2 previous Top Contributor Awards:

• 20 Feb '16: Ninja Edit Award for mim-2016-privileged-access-management-pam-faq
• 06 Feb '16: Ninja Edit Award for technet.microsof

Jeff Ingalls has not yet had any interviews, featured articles or TechNet Guru medals (see below)

Jeff Ingalls's profile page

Things seem to be picking up round here!

Some really amazing content coming in lately!

Looks like we need to start hiring some of these folks!

Thank you one and all contributors. Your efforts are not going unnoticed... ;)

Best regards,
Pete Laker (XAML guy)

• More about TechNet Wiki Ninja Belts
• Get nominated for a TechNet Wiki Featured Article
• More about being interviewed on TechNet Wiki blogs
• And if you want to get listed HERE, you'd better get busy! :D

Period of time Microsoft release Update rollups for SCOM system.

[Kevin Holman write post "step by step update" - http://blogs.technet.com/b/kevinholman/archive/2016/01/12/ur8-for-scom-2012-r2-step-by-step.aspx ]

After you finish to running the updates for all server roles, all agents that installed remotely or configure 'remotely managed = true' in DB' are enter to Pending management and waiting that you push the Update Rollup to agents remotely.

Agents that installed locally because you cannot open the entire desired ports, you must to transfer the update msp file, and running it locally on agents.

In this post you learn how to push this update automatically [without distribution software like SCCM] by using SCOM rule and file share that all servers have access to it.

1. Extract the msp file from Agent Update Rollup folder to folder in file share.

2. Create new rule that "execute a script": Config schedule and write VB script:

Uncheck 'Rule is enabled'

Configure your schedule

Write this script, in <> insert the path of the 'file share' that all servers can access it.

And select Create.

 3. Create dynamic group for Override the filter is: select Agent class and add condition "Path List – Does not match - *UR<Number of this update rollup>*"

Select Agent class, and 'Add', the condition is "Where Patch List Does not match wildcard *UR<X>*"

This group include only the agents the Last update rollup does not installed.

Patch List property - under Operations Manager folder in Agent by Version view

4. Find the rule that you create in section 2 and override on this group.

5. Because the agent's service run on Local system and LS don't have permissions to running installation from share, you need to create run as profile with account that have permissions, and configure this rule to running with this profile.

Now in the next interval the script run locally on every agent that does not update and after the update installed, agent out automatically from group and the script don't running on it again.

Today's post and the next in this series continues on the Windows Server Datacenter focus, but this time round the emphasis is on the reasons why you may have deployed it traditionally, versus tomorrow's requirements. I will address the current on-premises Microsoft technologies you may have been using, as well as moving through the various stages of using different Microsoft cloud technologies alongside your existing infrastructure.

Starting with the tradtional uses of Microsoft products in virtualised environments we usually see workloads such as Remote Desktop Services, Line Of Business Applications that might have a SQL Server requreent, Exchange Server and Domain Controllers split out into seperate virtual machines where possible, and for many organisations these are elements that still make sense. For customers with a requirement for a high speed local file server and Active Directory providing services such as Group Policy to domain joined machines, these aren't necessarily things that your internet connection can provide, unless you happen to be blessed with bandwidth outside of the scope of most Australian SMB customers.

There are some workloads, however, where the impact of removing them from the on-premises insfrastructure, and taking advantange of cloud scale and accessibility make sense for many, such as migrating email capabilities to Exchange Online in Office 365. Then you can also start leveraging the other capabilites in Office 365 that may have been out of reach of the budget of the typical SMB customer, such as SharePoint and Skype For Business, just to name two additional components of Office 365.At this stage your virtualisation requirements may start changing, especially when you start looking at leveraging additional capabilities Microsoft provides in their range of online services.

If we go back to when Small Business Server was available in the marketplace, there were alsways interesting additional products that could be added to the network, but sometimes getting an official response about supportabilityu in an SBS environment were hard to find. Something may have been happy to run alongside SBS, but the support story would change if you asked about installing this on the SBS hardware or virtual machineitself, as opposied to running the new service on dedicated hardware or its own virtual machine. Some of these questions even started being raised around whether or not the Microsoft software for synchronising from on-premises Active Directory to Azure Active Directory (upon which Office 365 relies upon) could run alongside the other services that Small Business Server ran.

Why the confusion? First of all, it was never explicitly stated whether or not SBS was a supported platform, instead it refered to various versions of Windows Server. Those who played it safe would read that as saying SBS definitely was not supported, while those looking to minimise costs would look at from the point of view that SBS was not called out by name as not being supported. In cases like this, you need to generally need to focus on what is being explicitly listed as supported, which SBS was not. Where this was made more confusing for some was that changes were made to allow the directory synchronisation software run on a domain controller, which of course grabbed the attention of those running SBS, as it was a definitely a domain controller.

However, SBS was much more than a domain controler. Ignoring everything else that SBS did, even if we just focus on the other major piece of software that was running, Exchange Server, it was never mentioned or suggested anywhere in system requirements that directory synchronisation would run alongisde Exchange Server. In a production environmnt this isn't the type of risk most would be willing to make, and would understand that isolating workloads defintely had a role to play.. We even run into a similar situation with the Windows Server Essentials role and product, which I'll explain next.

With SBS having reached end of sale a while back, and now having the Essentials role being available to Windows Server 2012 R2 and available as a seperate product, there may be times when you need to run the latest version of the Azure AD/Office 365 synchronisation tool, Azure Active Directory Connect, we find the following information on its requirements page - "Azure AD Connect cannot be installed on Small Business Server or Windows Server Essentials. The server must be using Windows Server standard or better." This makes it clear that even at this point we still need to thinkg about workload isolation, and that's what we get with the virtualisation rights of Windows Server Datacenter.

In the next post I'll focus on the adoption of new cloud workloads, and how integrating them with on premises technologies can affect your virtualisation requirements.