Update: Intel has reported that customers with certain CPUs are experiencing random reboots after applying firmware updates to patch this vulnerability. I can’t say this enough but TEST before rolling these out!
By now, you have likely heard about recently disclosed vulnerabilities called Spectre and Meltdown. If not, TechCrunch has a detailed article about them that will get you up to speed. The vulnerability affects most modern operating systems and processors. It also affects other systems such as iOS, MacOS, Android, Chrome, etc.
I have found that many IT people I talk with do not understand what needs to happen to address these vulnerabilities. I think this is (at least partly) because unlike many previous vulnerabilities, simply installing a Windows update does not fix the problem. The fix also requires registry keys to be set and firmware updates released by the hardware manufacturers to be applied.
After reviewing what needs to happen to protect enterprise systems, I have pulled together some information so you can protect yourself as well. While this is not an all-encompassing guide, it should point you to many of the resources needed to address the vulnerabilities. Rather than this blog post being extremely long and repetitive, you will find many linked items below to already created documentation that will be helpful in patching your systems. Continue reading →
Microsoft released a Rollup Update for Configuration Manager v1702 this week to address multiple issues. One specific issue that affected many deployments was related to operating system deployment:
Starting with System Center Configuration Manager, version 1702, unknown computers that are started from media or PXE may not find task sequences targeted to them. This issue may occur if the Previous button on the “Select a task sequence to run” page is selected on the unknown computer.
There are already great examples of how to install this update, but there are a couple of key gotchas I ran into during deployment.
On March 14, 2017 Microsoft officially launched Teams for Office 365. While all users who were licensed with a qualifying Office 365 license automatically received the Teams tile in the app launcher, Microsoft provided a global way to control access. The default setting was OFF. Additionally, a note was included that the control was only temporary.
“Temporary” is subjective, and in this case (at least for Education customers), seems to Continue reading →
With the role based administration controls (RBAC) in SCCM 2012 and above, a common way to grant access to reporting is using the built-in security role Read-Only Analyst. This role grants access to view Configuration Manager objects, but also to run reports. However, it does not grant permission to create subscriptions to these reports. Subscription permissions are tied to other built-in roles. For example, adding the Operating System Deployment Manager security role to a user would add the ability to create subscriptions to reports about OSD. The only built-in role that grants permission to schedule Power Management reports, though is the Operations Administrator role. Using custom permissions, we can grant the ability to create a subscription for all reports including Power Management. These custom permissions will still honor any Security Scopes and Collections that are assigned to the Administrative User. Continue reading →
One, two, three, and to the four. Snoop Doggy Dogg and Bill Gates are at the door. What is the connection between Snoop and Bill Gates? How can witchcraft help with technology? Take a look at you my most interesting (or useful) findings from the technology world And One piece of maybe not so tech news. Continue reading →
The 1st week of 2016 has come and gone so the time seemed right to start the recurring “Tech And One” post. In each post, you will find my most interesting (or useful) findings from the technology world and one piece of maybe not so tech news. Without further ado, here is this week’s Tech And One!
I recently ran into a problem with an invalid phone number showing up on the Lync contact card for a user. The Lync contact card pulls info from a number of sources – Active Directory, SharePoint, personal contacts, phone numbers defined directly in the Lync client, etc. In order to narrow down the problem and find where the bad phone number was stored I wanted to see what Lync had in the address book database for the user. Continue reading →