Dynamic Lock: Walk away securely.

Dynamic-LockOne of my pet peeves when walking through organizations that I consult for is seeing unlocked and unattended workstations.  I hate seeing this, knowing that anyone can sit down at their desk and do… whatever.  I know people who would sit down at these unlocked workstations, and send an e-mail to the entire organization (in the name of whoever’s workstation they was at), saying that they were buying beer, dinner, vacations, whatever.  Of course, *I* would never do that… it might be considered unethical.  But someone out there does it, and did it at a few companies I have worked at.  Funny, the behaviour seemed to stop when I left the company.  A weird coincidence, I know.

imageI have been saying for years that it would be a great feature if Microsoft could allow users to have a token – a key card or something – that would automatically lock their computers if the token were removed.  In Windows 10 Edition 1703 they have finally done it.

Dynamic Lock is a feature that is enabled in the Sign-in options, and is one of those great new features that I have not heard too many people talking about.  If you carry your smartphone around with you, and really, who doesn’t these days, then it is easy to implement and use.  Here’s how:

  1. Pair your smartphone to your desktop or laptop.  Oh, did I mention?  This will only work if both devices have Bluetooth enabled.
  2. Open Windows Settings, then select the Accounts option.
  3. On the left side of the window click Sign-in options.
  4. Click the check box under Dynamic lock.

image

That’s it… as simple as that.  Walk away with your phone (out of Bluetooth range), and within a minute your computer will lock down.  For those of us who are used to locking every time we walk away, this may not be an issue.  For the rest of you out there… set this up today!

Advertisements

Urban Armor: Protect your device!

Are all phone protector cases created equal?  I have discovered over the years that, much to my dismay, they are not.  Some cases look pretty and are sleek, but they do not do a very good job of protecting your phone.  Others are big and bulky, and your phone is safe… but you never want to carry it.  I have been looking for a compromise that will look and feel good, but still provide comfort.

There are actually two components to the phone that need to be protected – the case itself, and the screen.  And so, in addition to the protective case, we should really be investing in a protective screen covering as well… and because our phones are touch devices, it has to be a balance between protective and functional.

Last month I bought my new Samsung Galaxy S8 Plus phone.  It is the first non-Apple device I have bought in a few years; it is also the first phone I bought second-hand, thus no extended coverage warranty.  It is a very sleek phone, and from the very beginning I bought a protective case, as well as an explosion-proof tempered glass film.  I was satisfied that with the combination of both, I would be protected… until I tried to put the phone with the screen-protector into the case, and realized that the case was so tight that the two would not work together.  And so, the $50 investment in the protective case was out the door… unless I wanted to leave my screen unprotected.

Over lunch that day I shared my concern with a colleague, who suggested I look into Urban Armour Gear (UAG) cases.  I checked out their website, and found the case I wanted – the Monarch Series case features 2X drop-protection, and comes with a ten year warranty.  It is handcrafted with top-grain leather, a polycarbonate shear plate, armour shell, allow metal hardware, and impact-resistant rubber.  All of that sounded good on paper… but would it allow me to protect the screen at the same time?  I checked their FAQs, and realized that UAG also sells tempered glass screen protectors.  It stood to reason that they would fit with their cases, right?

And so, I placed my order.  A week later I received my Monarch Series Galaxy S8+ case, and I will tell you this, it was money well spent.  Worth every penny!  As expected it fit my phone like a glove… including the tempered-glass screen protector.  Unlike some other protective cases, it did not feel like I was carrying a brick in my hand… the protection was offered with a strong consideration to the sleek design of the phone, and so while the case does make the phone bigger in my hand, it is only slightly bigger, and not at all uncomfortable.

…but does it work?

I have always tried to be as delicate as possible with my phones, and try to be as careful as possible.  I have seen friends walking around with cracked screens and worse, and I have never wanted any of that.  But sometimes you cannot be as careful as you like.  I was carrying more than I should have to my car – suitcase, laptop case, gym bag, and a hanging garment bag.  I was also on an important call, and stupidly had my phone secured between my shoulder and my ear as I rushed to make it out on time.  I almost made it… but at some point, something had to give.  In this particular case it was my garment bag, and when I lurched to try to save it…

…the phone flew from its perch and dropped… and bounced… and bounced again… until it fell flat, face-down, on a pile of stones.  It flew several feet – easily ten feet from where I was standing, and so it fell from a height of nearly six feet, and bounced another ten feet.  I was not holding out hope.  I put my bags down, picked up my phone, and…

…RESUMED MY PHONE CALL.  All that potential for damage, and my phone did not even drop the call.  The screen was safe because of the protective shield, the phone was protected thanks to the UAG case, and all was good in the world.

And so: we know that the case does a spectacular job of protecting my phone… but does it prevent any of the features?  Let’s run them down:

  • Large tactile buttons make the buttons easy to press.
  • Cameras (both front and back) are perfectly visible.
  • Fingerprint sensor is easily accessible.
  • NFC wireless charging and payments work perfectly.
  • Honeycomb traction grip makes it even more comfortable in my hands.

In other words… the UAG case allows complete functionality of the phone, combined with spectacular military-grade protection.

All in all, I would recommend this case to all of my friends and readers… and knowing that they make cases for all of my other devices as well (Surface Pro 4, iPhone 6S, iPad Mini), I will be looking into those UAG cases as well.  Now that their case has passed MY drop test, I am satisfied knowing that this is the case for me.

Rules for my sons…

These are now rules for both my sons! Thanks Peter!

I like these a lot!

Rules For My Unborn Son by Walker Lamond

1. Never shake a man’s hand sitting down.

2. There are plenty of ways to enter a pool. The stairs ain’t one.

3. The man at the grill is the closest thing we have to a king.

4. In a negotiation, never make the first offer.

5. Act like you’ve been there before. Especially in the end zone.

6. Request the late check-out.

7. When entrusted with a secret, keep it.

8. Hold your heroes to a higher standard.

9. Return a borrowed car with a full tank of gas.

10. Don’t fill up on bread.

11. When shaking hands, grip firmly and look him in the eye.

12. Don’t let a wishbone grow where a backbone should be.

13. If you need music on the beach, you’re missing the point.

14. Carry two handkerchiefs. The one in your back pocket is for you. The one in your breast pocket is for her.

15. You marry the girl, you marry her whole family.

16. Be like a duck. Remain calm on the surface and paddle like crazy underneath.

17. Experience the serenity of traveling alone.

18. Never be afraid to ask out the best looking girl in the room.

19. Never turn down a breath mint.

20. In a game of HORSE, sometimes a simple free throw will get ’em.

21. A sport coat is worth 1000 words.

22. Try writing your own eulogy. Never stop revising.

23. Thank a veteran

Should You Forgive a Drunken Attack?

SorryLast week Jews around the world fasted for Yom Kippur. The translation is Day of Atonement. In the days leading up to Yom Kippur we are meant to seek forgiveness from others for our transgressions against those we might have wronged. The thinking is that while G-d can forgive sins against him, it is only the people we have wronged who can forgive those wrongs. I have had a lot to seek forgiveness for over my life, and some of those wrongs will never be forgiven.

I do try to be a good person, and as such, when someone seeks my forgiveness, I try to forgive when I can. And so when, a couple of months ago, someone whose name may start with Q asked me to forgive him, I did. I did not let him off the hook easily, but I did say that I would give him a chance. He told me he did not know what had come over him, that even when others spoke against me he had told them that I was a good guy, that I had been good to him, and it must have been that he had been drinking. Still he had cut me off completely. When he asked forgiveness I was willing to accept his remorse.

Early this week something happened, and Q confronted me. I had not done anything, but it looked like I had. Even if I had done what I had been accused of, I still would not have harmed anyone… but someone who does not like me (and, again, someone who had been a false friend) used it as ammunition to talk bad about me.

Q decided he needed to get me to confess to him. I told him I hadn’t done anything, but he did not believe me – he would not believe me – and he spent a couple of hours yelling at me, threatening me, and in the end told me that he would take every chance possible to besmirch my name, both on-line and in person… not because I had done something wrong, but because I would not confess – even in confidence – to him. This, of course, was less than two months after he apologized for showing me he could not be trusted.

The next day, having let a few hours pass, I asked him why he had taken it so personal. His answer?

I was drunk to be honest I don’t know why I took it so personally….. I thought I was just chatting with you a bit.

And believe me or not, while I did unfriend you I never talked smack. You can ask <named two friends> or whoever.
I just thought it was ridiculous you were denying it to me but whatever.
It wasn’t like I was investigating for <edited out>, every one already knew it was you, I was just sending a message cuz j thought it was funny.

So if we read his words, he had no excuse for taking things so personally, but he was drunk. That is perfectly plausible – the initial conversation started after 9:00pm and with some breaks lasted over two hours. But this second conversation, in which he went on to again tell me he thought I was lying, took place at 3:00pm the next day. Is it possible he was drunk then too? Yes. Is it likely? Probably not – I believe he has a job, and was probably either at or just finished work.

So, was it the booze that made him so angry? Maybe. Was it the booze that made him promise to:

Hope I do see you soon, I’ll make a fucking point of coming to <A mutual friend’s house> next time your there….. not threatening anything, just want to put you on blast in front of other people

I don’t know if it was or it was not… but I will say this: In the same statement where he claimed to have been drunk the night before, he did not apologize for his behaviour, and he continued to call me a liar. Of course, he did not threaten to disrespect a mutual friend’s house by going there to make a scene, and he did not threaten to expose me and what a terrible person I was to everyone who would listen… so at least he was a bit calmer.

He was still the same person.

Q’s personality did not change when he was drunk, it was just enhanced. I have heard that so many times, but I don’t think I ever believed it… until now. People have been telling me for years that certain things – alcohol, drugs, old age – do not change who you are, it just magnifies some of the traits that are in you. Maybe that is why I have never started a fight when I was drunk. It is not who I am sober, so why should it be so when I am drunk?

Now… have I ever said things that really pissed someone off when I was drunk? Absolutely. THAT is a magnification of some of the traits I have worked over the past few years to fix in myself. Am I loud when I am drunk? I know that I am… and these are just a couple of the reasons I seldom drink to intoxication. It is also why I know I can trust someone sober, when they are a trustworthy drunk.

Will Q ever ask forgiveness again? I doubt it. Would I forgive him if he asked? Probably… but it is easier to forgive than to forget, and I will never forget, and I will never trust him again. That is not out of spite… it is simply because he has proven – twice now – that he does not deserve my trust.

Have a great weekend everyone.

Password Vault: Success!

I can’t believe it has been two years since I signed up for my password vault, but there it was in my mailbox… the reminder that it is time to renew my ‘premium’ service with my password vault service.  I did it gladly, giving over my credit card information.

Why premium, you ask?  Well, for one, I appreciate the ability to use my Yubikey to authenticate.  Multi-Factor Authentication (MFA) is extremely important in this day and age, especially when it comes to password safety.  As I wrote in this article, it took me a very long time to start trusting password management tools, and I did not want to trust my passwords to a simple… well, password.

With that said, there is something psychological to my decision as well.  I know it is wrong, but there is something in my mind that makes me distrust – or at least, not completely trust – any company that is giving me a service completely for free.  Maybe I am wrong, but I feel that if it is free, I have no right to complain.  Paying that yearly fee – even though it is only $1 per month – makes me feel that the company is accountable to me, and that if something goes wrong, I can pick up the phone and complain.

Am I right about this? I do know that when I had a problem with my Microsoft Account a few months ago (See article), it took me 107 days to get the problem resolved.  In fact, it took me the better part of a month to find anyone at Microsoft who would even take me seriously.  And really, what could I do?  Their reputation may be damaged in some small way for those people who read the article, but I cannot sue them.  I can yell and scream and curse and jump up and down, but because it is a free service, I can’t do anything else.

I don’t think I have had a single problem with my password vault, other than, for some reason, it thinks all of my computers are called Windows Chrome.  Other than that, all is good.  So I’ll keep using it, and for the extremely nominal fee, I will, for the next year, once more feel the false sense of security that, should something go wrong, I have the right to complain.

…and if you didn’t pay, you might not!

The New Mitch?

imageimage

The photograph on the left was taken in front of La Floridita on Calle Obisbo in Old Havana by Greg Starks in February, 2017.  The photograph on the right was taken in the same spot by Eduardo Bensusan in July, 2017.  Conclusion?  Eduardo is obviously a much better photographer than Greg, except that Greg had the good sense to tell me to stand up straight.

Okay, let me say what I have been up to, simply because I am getting far too many comments to keep it secret any longer.

Yes, I have been on a diet.  Yes, it has been an extreme one.  No, I am not doing it on my own.  No, I am not sick in any way, and no, I have not, nor do I plan to have, any sort of surgical procedure.

Yes, I have been writing about it… quite a bit actually.  My journal, which has been shared with very few people, is nearing forty-eight thousand words.  I have not been writing it in public for a few reasons, not the least of which is that I have over the past few years written publicly and enthusiastically about my weight-loss attempts… and very little about all of those failures.

I have been quite successful with this attempt… so far.  I am down several pants sizes, and as the pictures show I have been doing well.  However I am far from done.  I have a long way to go, and I do not want to fail.  The only reason I am writing this is because I have received so many messages on Facebook from friends commenting, many of which with worried tones, asking if I was ill.

No, I am not ill.  I am quite well – I am jogging again, I am in the gym a few times per week, and I am trying to keep up the diet.  It gets difficult, but I am trying.  I will continue to do so.

I have a favour to ask of you all.  Please don’t ask me about it.  I do not wish to discuss how I am doing, nor what diet I am on.  If you wish to offer words of encouragement, I will graciously accept.  However, should you try to get any further information out of me, I will likely either divert or end the conversation.

Thank you all for your support.  And now we can resume our regularly scheduled technical mumbo-jumbo that Rick only understands twenty-five percent of!

Happy 10th Birthday!

i started blogging at The President’s Blog for MITPro.ca about twelve years ago. However it was ten years ago today that The World According to Mitch went live, completely separating myself from my former position.

of course, back then the address was not http://www.garvis.ca – that would come later – but it was my own blog, running on DotNetNuke if I recall.

Ten years and over one thousand posts later, here we are. I want to thank all of you for your continued supports!

Touch: You can touch this!

Occasionally I am sent a press release about a new product, or a soon to be released product, that I think is worth talking about.  That happened this week when I received a kit about an upcoming product called Touch Earbuds.

touch-campaign-openers-v02The Touch Earbuds are the next generation of a product I looked at a few months ago called the Dot, which was a single earbud (although you could buy two and listen in stereo), which attached magnetically to a charging device (which in turn made a good key chain).  I made some recommendations to the company based on my experience, and here is the result: A pair of ear buds that have probably the best specs on paper that I’ve seen.  The charger is now an enclosed case (that simultaneously holds and charges the pair of buds), the Bluetooth 5 technology gives it an astounding 200m range from your device, as well as faster pairing, and the low energy functionality is perfect for devices that are needed to run for longer lengths of time.  They also did away with the button, and the Touch runs on just that – touch technology.

Did I mention that the Touch ear bud is 21mm long, making it a little shorter than an American quarter?  It fits in your ear smoothly and discretely, and stays in place even during rigorous physical activity.  They are sweat- and water-resistant, so you don’t have to take them out when it’s raining, or when you are working up a sweat.  They also come with various sizes of ear tips, to make sure they fit you perfectly.

The Touch is the world’s smallest ear buds, and they are due out in November, just in time for Christmas.  If you want to get in early though, you can back their Indiegogo campaign by clicking here.  There are more pictures, as well as data sheets and comparisons that you can look at.

I am really looking forward to trying these out… they will be the perfect fit for my long jogs and gym workouts, as well as for whenever I feel like listening to music… or chatting on the phone, because the noise reduction microphone makes it as easy as pie to chat as well as listen.

touch-video-overlay-v17

SCOM Unmonitored: Never Again!

In my last article I showed you how to enable the System Center Operations Manager (SCOM) Agent Proxy using PowerShell.  We used the cmdlet:

PS C:\> Get-SCOMagent | where {$_.ProxyingEnabled -match “False”} | Enable-SCOMAgentProxy

While this does work, it is what I call a point-in-time solution… that is, it enables the Agent Proxy on everything that exists today… but how do we go about switching it so that we don’t have to do this over and over again? Here we go:

PS C:\> add-pssnapin “Microsoft.EnterpriseManagement.OperationsManager.Client”

PS C:\> new-managementGroupConnection –ConnectionString:YourSCOM.yourdomain.com

PS C:\> set-location “OperationsManagerMonitoring::”

PS C:\> Set-DefaultSetting –Name HealthService\ProxyingEnabled –Value True

That should do it… have fun!

SCOM: Unmanaged?

Congratulations! You have installed System Center Operations Manager, and you have installed all of the management packs that you needed.  Unfortunately you are getting that big, ugly, EMPTY green circle… you know, the one that is supposed to have green check marks in them?  Yeah, it happens to me too.  Not Monitored

The solution, often enough, is as simple as enabling the Agent Proxy on all of your agents.  To do so, from the Operations Manager Shell type the following:

PS C:\> Get-SCOMagent | where {$_.ProxyingEnabled -match “False”} | Enable-SCOMAgentProxy

This should solve your problem.  Good luck!

SCM is gone… Say Hi to SCT.

For the past several years nearly every client of mine (that I have consulted on Active Directory) has been introduced to the Microsoft Security Compliance Manager (SCM), a great tool that helped create Group Policy Objects (GPOs) for any number of Organizational Units (OUs), including Default Domain Policy, Domain Controller Policy, Client Workstation Policy, and many more.

Last week Microsoft announced the retirement of the SCM, and the launch of the Microsoft Security Compliance Toolkit (MST) 1.0.  According to the download site, the MST is a set of tools that allows enterprise security administrators to download, analyze, test, edit and store Microsoft-recommended security configuration baselines for Windows and other Microsoft products, while comparing them against other security configurations. 

If you are wondering how this product is different from the SCM, you can read the write-up by Aaron Margosis here.

I like that Aaron points out that there are gaps in the new offering, and assures us that Microsoft is working to fill those gaps.

Hyper-V Server Clustering Network Issue: Validation Failed?

If I’ve told you once I’ve told you a thousand times… When you build a Failover Cluster on Windows Server make sure you run the Validation Tests… and make sure those tests succeed (or at the very least nothing FAILS… Warnings are acceptable).

So as I sit at a client trying to cluster two Hyper-V Server 2016 hosts, I am frustrated by the big red FAILED on my Cluster Report.

Failure

Should you ever encounter this error, it is important to note that the network vEthernet (Data) is not the same network as Data.  So the solution, which stymied me for about an hour, was simple:

Solution

In other words, I have to disable to TCP/IP v6 on the problematic binding, which I do with a simple PowerShell cmdlet:

PS c:\> Disable-NetAdapterBinding -Name “vEthernet (Data)” -ComponentId ms_tcpip6

(Remember that I have to put the “quotation marks” around the name because there is a space in it… otherwise I could leave them out.)

Also remember that because these hosts are Hyper-V Servers and not actual Windows Servers, I couldn’t use the GUI to do this.  (There actually is a netsh command to accomplish this as well… but PowerShell rocks!)

Once I ran this cmdlet on both hosts, I re-ran my Validation Tests, and bingo!

Validated

Everything comes up roses, and I can continue my day happily.

I hope this helps you!

Fifteen Tabs: Shut em all down!

helpThose of us who try to keep  the banging of our heads against a wall to a minimum will have long since learned that we don’t know everything, and more often than not there is someone out there who knows more than we do.

“But Mitch, how can you say that?  I read your blog religiously, and when I don’t know something about computers I can usually find the answer on your blog!”  I know, but even I have to go looking for the answers sometimes… in fact, more often than not.

The problem is, very often the answer is not so easy to find…

This week I found myself trying to solve a problem that concerned a High Availability SQL Cluster.  It was maddening… I spent three days trying to find the answer, and from very early on I knew that I was going to have to look to others for help. 

As a blogger, the first place I start looking is… other blogs of course!

FrustrationNow here’s the problem with that… when the answer is not as simple as a yes/no to track down, you may have to look through myriad blogs and articles and documents and forums before you actually find the answer… and often enough one blog or article or document or forum may not give you the solution, but it will point you in the right direction – either down a rabbit hole or sometimes into a snake pit.  Either way, I keep each page open in a new tab in my web browser, because often enough I will want to document how I got from zero to hero – or hero to bum, as the case may be.

So three days into trying to solve this problem, which took me to a dozen different articles, forums, and conversations on Facebook, Twitter, and LinkedIn (which indeed led me to three other articles), I found in four of those articles the pieces to the puzzle that eventually helped me to solve my issue.  It was done, I solved it… not alone mind you, but I solved it.

I looked at my desktop and sighed… I hadn’t rebooted in three days for fear of losing track of my path toward the solution… which of course I had to document for my client.  I could now close them all down.  Each browser tab (and yes, there were actually fifteen of them, excluding Facebook, LinkedIn, and Twitter) was now beckoning to me to shut them down.  One by one I clicked on the X in the top right-hand corner… and I was quite satisfied as they all disappeared into the ether.

As frustrating as technical problems may be – and I always tell people that knowing more will only lead to more technical and even more frustrating problems – when you solve them the feeling is truly euphoric.  That stress-relieving satisfaction that you fought AND WON.

Now how is that for a way to end a day? Happy Friday everyone, and have a great weekend!

Will you pay?

CPUsAn article showed up in my Inbox today: Intel Core i9: It’s not whether you need 12 cores, but whether you’ll pay for them.  It is an interesting read, and a very good question.

I have always liked ZDNet.  Their people do a good job of keeping a pulse on the industry.  Their question is a valid one… will people be willing to pay for 12 CPU cores (presumably on the desktop… people will definitely pay for them in servers).

I used to be very good friends with a man named Willem.  Willem is brilliant, and was (almost) always a positive influence on me.  He is an IT Professional who moved to Virginia some time ago, but until then he owned and operated a company in Montreal called Saturnus True Data Services.  They were not the first computer company I ever worked for… but they were certainly one of them.

One day in late 2005 I was talking to Willem about the new laptop I was buying, an Acer Ferrari 4000.  It was sleek, it was gorgeous.  It was the first computer I ever owned that had a 64-bit CPU.  When I told Willem about it he asked why I would ever need or even want a 64-bit CPU?  I admit I did not really have a good answer for him then.  Later on I would… starting with the 3.2GB limitation on 32-bit CPUs.  However, when he asked me in November of 2005 I couldn’t tell him why I would even need more than 3GB of RAM, because back then nobody really did.

Fast-forward nearly twelve years, and 64-bit CPUs are ubiquitous.  I haven’t tried in a while, but I doubt you could even buy a laptop today with a 32-bit CPU.

The hybrid laptop I am writing this article on – my Surface Pro 4 with an i7 CPU – cost quite a bit more than my Ferrari laptop did, and it has a 4-core CPU with 16GB of RAM.  Had Willem asked me 12 years ago why I would ever want 4 CPU cores on a hybrid laptop I would have answered honestly with a question: What’s a CPU core?  And yet, here I am and it is my go-to machine.

The way our world works is simple: Something is invented and it is expensive… at first.  As time goes on prices go down… usually as newer versions are invented.  Eventually they become obsolete, and if you are lucky they become collector’s items… usually they become junk.  The Ferrari that I paid over $1500 for in 2005 is now selling (used) on eBay for $200… and that is probably because of the Ferrari logo because equivalent laptops from other manufacturers are selling for much less than that.  One day my Surface Pro 4 will be nearly worthless too.

CPUSo Intel invented a desktop CPU (the Intel i9) with 12 cores.  Today nobody needs it.  In 20 years nobody will understand how we got by with such primitive technology.  The founder of that company, Gordon Moore, predicted in 1965 that “…the number of transistors on integrated circuits doubles about every two years.”  So 12 cores is simply what was next.  Our computers get faster and as they get faster they get more expensive.  Then something even faster comes out, and that other one becomes less expensive… until they become obsolete.

So who will pay for the 12-core CPU on a desktop?  Probably very few people… now.  But give them time; prices will come down, and we will see them out there.  Slowly at first, but eventually 12-core CPUs will probably become the standard desktop processors.

…Now who among us feels really old, and nostalgic about our 4.77MHz CPUs?

A New Perspective…

This blog is older than I ever thought it would be.  So every once in a while I like to give it a facelift.  This morning you should notice a big difference.

I picked a new template last week.  I have modified it though… the pictures in the cover are shots I took in Cuba this year.  I hope you like it!  Let me know if you don’t!

Mitch