An Apple a Day…

broken appleLongtime readers of this blog will know that three years ago I made the jump from Windows Phone to the iPhone.  I have few regrets about the move… the selection of apps on the iPhone (as well as the quality of them) is infinitely better than what I had on the Windows Phone.  I can also FaceTime with my son while he studies overseas (and yes, I know that between Skype and Viber and WhatsApp and the myriad other options that compete with FaceTime, but this is easier).

My first iPhone was the iPhone 5 that I was given when I first visited Rakuten in Japan.  When I came back to Canada I sold my Windows Phone and bought my second iPhone 5 off eBay (used)… mostly because I expected to be going back to Japan shortly thereafter, and the Windows Phones were not supported on the Japanese carriers.

A year later I went into the Apple Store in Bellevue, Washington.  I outlined that visit in an article called Thank You For the Lousy Customer Service!… I can assure you that the article speaks very HIGHLY of the Apple Store.   Despite my having bought it used in a different country, they replaced the device for me.

That phone lasted me a few months and they was sold to a friend, and I bought the iPhone 6 Plus.  A few days later I exchanged that one (which was just WAY too big) with the iPhone 6.  That phone seemed to be the right size for me.

It was not quite a year later that another friend bought my iPhone 6 from me, and I ended up with my iPhone 6S… no longer the latest and greatest, but certainly close enough to count.

All of that to say that I have gone through six iPhones since October, 2013… an average of about one phone every six months (although that is not really how it worked).  I have stuck with it despite during that time people saying that Android is better now… I just prefer the Apple.

What I do NOT prefer, unfortunately, is having to go to the Apple Store when things go wrong.  It is, for me, one of the least pleasant experiences that I do NOT look forward to.  Why? I may like the device, but I still despise the Cult of Apple.

Recently I got to Montreal only to find out that the charging cable for my iPhone fried into the phone itself.  I had to go to the Apple Store at Dix-30, a mall on the south shore of Montreal.  Even though the problem was likely due to a faulty phone, and even though I had paid for the Complete Care Warranty, I still had to pay for a replacement, since the damage was considered physical.  I did not have to pay full price (I think it was $130), but even so, I am disappointed that my CCW did not cover it.

At least, as I sat there waiting for the privilege of having a ‘Genius’ help me, I was able to sit and use my Samsung phone to do whatever I could not do on my iPhone.

Advertisements

Windows.old is getting old…

Earlier today I was looking for a script to remove the c:\Windows.old directory from my computer following installation of a new version of Windows.  Unfortunately, in these times of “Windows 10 is the last desktop OS we will ever deliver, but we are updating it to a new version every six months,” this is needed now more than ever.

The script that I dug up I did not write.  I think I borrowed it from TechNet a few years ago.  However, it works well, so feel free to use it! -M

$path = $env:HOMEDRIVE+”\windows.old”
If(Test-Path -Path $path)
{
#create registry value
$regpath = “HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Previous Installations”
New-ItemProperty -Path $regpath -Name “StateFlags1221” -PropertyType DWORD -Value 2 -Force | Out-Null
#start clean application
cleanmgr /SAGERUN:1221
}
Else
{
Write-Warning “There is no ‘Windows.old’ folder in system driver”
cmd /c pause
}

Change the Page in Command Line

Have you ever wondered what happens when you format a server (or any Windows system) with a small bootable drive, and a large secondary drive?  Why would you?  It shouldn’t matter, right?

Recently a client of mine discovered different, when he formatted a server and then discovered that the Paging File was placed on the D drive, because it had more room.  If you try to use diskpart to clean a drive that holds the Paging File, it will fail.  Oops.

So, in Server with a GUI (or Desktop Experience, or whatever you want to call it) it is easy to open the Virtual Memory tab under Advanced System Properties and change the size, change where it sits, and so on.

image

Great… but what if we want to modify these settings in Server Core?  Or frankly, what if you have hundreds (or thousands) of systems that you want to configure?  The answer is, as usual, Command Line (PowerShell can do it too I am sure… I haven’t looked).

WMIC.exe is a command line tool that was developed to allow administrators to manage the Windows Management Instrumentation (WMI) from the command line (CLI).  It does myriad things, but for our purposes, we are going to use it to modify the Page File.

Step 1: See what you got!

From a command prompt, run the following command:

wmic.exe pagefile list /format:list

This will let you know where your page file is, and its usage.  The screenshot below shows that my Microsoft Surface Pro 4 has a page file of 2432 MB.  For a 16 GB laptop, that might be a little insufficient.

image

Step 1: Modify what you got!

Okay, it is fine for me that it is on the C drive, but I wish it was larger… and I no longer want it to be Automatically Managed. So:

wmic computersystem where name=”%computername%” set AutomaticManagedPagefile=False

The first step was to remove the automatic management.  That’s done.

Next, I want to  set my page file to have a 4 GB minimum and an 8 GB maximum.  Let’s do that:

wmic pagefileset where name=”C:\\pagefile.sys” set InitialSize=4096,MaximumSize=8192

Great, that is done.  Note, if my client wanted to change the location of the paging file, he would have changed it there.  If I had wanted to place it on the D drive, I would have done the following:

wmic pagefileset where name=”D:\\pagefile.sys” set InitialSize=4096,MaximumSize=8192

So there it is…  I ran these commands on my Surface Pro 4, and I should now have my 4-8 GB page file, right?

image

Wrong.  Anyone care to guess what is missing?  When do page files change?  Yes, a reboot is required.

I rebooted my system, and here’s what I got:

image

Success!  I achieved my goals… and with a bit of research, so will you.

Thanks to Microsoft MVP and fellow MCT Marcelo Sincic for reminding me the proper syntax!

Let’s Go: Creating a Windows to Go Hybrid Device

WindowsToGoRecently I wrote a review of the Apricorn Aegis Secure Key 3z Flash Drive, a spectacular USB key with some great security features, including a unique keypad that requires you to unlock your device before connecting it to your computer.  The same day I received a comment.  Anthony asks:

Would you be able to provide a link with the exact steps to create the Image of WTG on the USB key?

Anthony, it will be my pleasure.

Firstly, I reviewed my archives.  It seems that I have written a couple of articles on the subject.  The first one, when Windows 8 was in beta testing, showed how to do it from the command prompt… before there were GUI tools.  That article is here.

A couple of months later I wrote about doing it in Windows 8 RTM, with the GUI tools.  That article is here.

With that said, both of these articles are now over five years old, and both pertain to Windows 8.  I figure it is time to update them.  So we are going to do a couple of things here:

  1. We are going to create a new Windows to Go key ;
  2. We are going to modify the key so that we have a 15GB data partition.

I will be honest, I was going to go through the process of creating the Windows to Go key using PowerShell, but the preferred method (from Microsoft) is to use the Windows to Go creation tool.  I would rather use that.  If you want to use PowerShell, there are some articles I can point you to… but they are all a lot more complicated than they need to be.

Create Windows To Go

I have mounted the Windows ISO file (Windows 10 Build 1709)  to my E:.  My USB key is clean and virginal and ready to go.

1. Launch the Windows to Go Control Panel from the Start menu (or Cortana… just type in Windows to Go and it will come up).

image

2. Select the drive you want to use (only drives that are compatible will be displayed), and click Next.

In the next screen, you should have the option of Windows 10 Enterprise. 

image

If your screen is blank, perform the following steps:

  1. Ensure your Windows 10 Enterprise image is mounted;
  2. Click on Add search location;
  3. Navigate to the location where your .wim file is located (in my case, it is e:\sources\)
  4. Click Select Folder.

You should now see your image… and others, if the .WIM file contains different images.  Please remember, while you can select any of these, only Windows 10 Enterprise Edition will work for Windows to Go.

image

Click Next.

3. Now you can enable BitLocker and set a password for it.  I am not going to enable BitLocker for now, because I plan to resize my partition later.  If I did not plan on resizing, I would do it here, then click Next.

image

The next screen is the ‘Ready to create your Windows To Go workspace’ screen.  It will reassure you that this is not a two second process, and should take some time.  It also warns you that the process will wipe out any information on the drive.  That is why I generally like to use new keys for Windows To Go… or, you know… back my stuff up first!

image

When the process is complete, you will have the option to have Windows change your boot order, so that your system tries to boot from USB first.  I do not generally choose this option if creating from my desktop, simply because it is not uncommon for me to have three or more USB drives connected to some of my computers… and most of them are not bootable.  However if I am creating a key from my laptop, I do prefer it.

image

Okay, my Windows To Go key has been created, and I am ready to go… but not quite.

Create Data Volume

Okay… according to Windows Explorer, I have a 59.2 GB drive with 44.4 GB free space.

image

As I mentioned, I want to use this device as a hybrid… part Windows To Go, part portable storage.  So I am going to shrink the size of my Windows drive by 15 GB, leaving me a respectable 29.4 GB free on my WTG drive, and a 15 GB data partition.

This is one of the steps that is easier in the GUI.  I played around a little bit in PowerShell, and the following cmdlet worked:

Resize-Partition -DriveLetter “F” -Size 44.28GB

The reason I say it is easier in the GUI is simply because you can reduce by a certain amount (15GB, for example), whereas in PowerShell you have to reduce to a certain amount (44.28GB in this case).  Either way, it works… and I have 15GB of unallocated space.

image

We can simply create the volume in Disk Manager, but I would rather do it in PowerShell.

Get-Disk

This shows us the number of the disk we are using. I determined it was Disk 2.  So:

New-Partition -DiskNumber 2 -UseMaximumSize –AssignDriveLetter

My new partition needs to be formatted, and I trust I don’t need to show you how to do that.

What’s Left?

Now that I have my hybrid key created, I want to remember to enable BitLocker on both partitions.  I want to set a strong password on both drives.  Remember, by definition, this is a portable device, and even though I may be using an Apricorn key with a numeric key code, I remember that Defense-In-Depth is how I sleep sound at night.

Conclusion

So… that’s it!  I know this article is a hybrid of GUI and PowerShell and such, but then… the word hybrid is right there in the title!  I hope it has helped, and that you will be able to go forward and create your own Windows To Go hybrid devices!

Corrections!

Earlier today I published my article called USB & Windows to Go: Key In! on this site.  Because of my eagerness to get the article out (recently I posted that I would be trying to post a lot more frequently), I have been informed that I made a number of minor errors.  Here are the corrections:

  1. The ASK3Z keys are available in sizes from 8GB to 128GB, and not 256GB as I had mentioned.  This has been corrected in the text.
  2. Apricorn offers larger capacity devices in their ASK3 line, including a 240GB and a 480GB model.  These devices run the identical firmware, and have all the same features as the ASK3Z.
  3. If the brute force is tripped, the drive will crypto erase the encryption key, so that the data cannot be accessed.  The drive itself is not actually wiped, but cannot be accessed.
  4. Because the key code is entered before the key is inserted into the computer, there is no possibility for a key-logger to steal the PIN.  (This is not a correction, but another point I should have mentioned because it is cool!)
  5. With regard to the rebooting, I am told that the Lock Override Mode is the best way to use the device as an OS host, so the Secure Key will disregard the Re-enumeration signal from the USB port while the system reboots.

Sorry for the misunderstandings, and thank you Craig for helping me out here!

M

USB and Windows to Go: Key in!

I have written in the past about several different Windows to Go (WTG) key options, and have leaned heavily toward the ones with Military Grade Security (MilSec).  They are all good, they all do just about the same thing.  Of course, there are differences with deployment methodology, as well as the tools that support them, but in the end, you plug a key in, you boot from it, you have Windows.

Recently I was introduced to a key that sets itself apart, and it is obvious from the first glance.  Just open the box of the Aegis Secure Key 3z Flash Drive from Apricorn Inc., and the first thing you will notice is that its top is covered with a numeric keypad, along with three lights.  The polymer-coated wear-resistant onboard keypad allows you to unlock your device with a numeric passcode before using it.  Wow.  This really does change things!

ApricornI had the opportunity to speak with Craig Christensen of Apricorn Inc. recently, and we discussed several of the features, as well as use cases, for the Aegis Secure Key 3z .  Some of the scenarios were obvious, but others really made a lot of sense.

It should be know that this key, available in sizes from 8GB to 128GB, was not designed special for Windows to Go.  In fact, according to Mr. Christensen, the vast majority of their users do not use WTG, and in fact the majority of customers who run a bootable operating system off the key are in fact using Linux.  Indeed, most of their customers are using the keys to store… well, data.

What sort of data?  Well, that would depend on the customer.  But with penetration into governments, military and defense contractors, aviation, banking, and many more, it is clear that the keys are in use by many serious people and companies for whom security breaches could mean more than a simple loss of competitive advantage.  Intellectual Property is certainly important to manufacturers, but when it comes to other sectors, the stakes get much higher indeed.

So let’s enumerate some of the unique benefits that these keys have over their competitors:

  • Separate administrator and user mode passcodes. as well as possible read-only passwords
  • Programmable individual key codes that can be unique to an individual, granting user-level access
  • Data recovery PINs in the event a PIN is forgotten… or in the event a user leaves the company on bad terms
  • Brute-force defense, wiping the device clean after a set number of wrong attempts
  • Unattended auto-lock automatically locks the device if not accessed for a pre-determined length of time
  • Self-destruct PINs allow a user under duress to enter a code that immediately and irretrievably wipes the device clean
  • Meets FIPS 140-2 Level 3 standards for IT and computer security
  • IP57 Certification means the device is tough, resilient, and hard to kill.  With its rugged, extruded aluminum crush-resistant casing, the Aegis Secure Key is tamper evident and well-protected against physical damage.

In short, this is a tough little device.

I decided to have a little bit of fun with the key this weekend.  The first thing I did was to create a WTG key.  Like my other WTG keys, I got the 64GB model, although they are available in much higher capacities.  So once Windows was installed, I was left with about 50GB of free space on the drive.  I have realized over time that unless I plan to use the key as my primary PC (I do not), that is more than plenty,  Yes, I will install Office 365 and Live Writer and SnagIt, as well as a dozen other applications I can’t live without, but I will still never need more than 35GB of that.  Possibilities…

Okay, Let’s shrink my Apricorn’s volume by 15GB.  It is now about a 45GB volume (formatted).  I then created another volume for my Data.  of course, I have both partitions Bitlocker encrypted, because Defense In Depth is important to me.  So now, the partition table on my key looks like this:

image

In short, I have my 350MB System volume, a 44GB Boot volume, and a 15GB data volume.  Why would I want that?  Remember when I said that the majority of customers use the Apricorn keys for data and not for Windows to Go?  Well, doing things this way, I can have the best of both worlds.  I can use the key to boot into my environment, but I can also use the 15GB MDG-Data  volume as a regular, highly encrypted and protected USB drive.

Of course, I had to test that theory.  I made sure I was able to take the key to another pre-booted installation of Windows, key in my code, plug the key in to that computer, enter my Bitlocker password, and use the key.  Yessir, it worked.  Woohoo!

So let’s see… My Apricorn key, which is rugged and not going to break, can boot into a secure Windows 10 environment; it can be used as a secure data thumb drive; it can be used as a combination of both.  Nice!

At USD$159, the 64-GB key is competitively priced.  Unlike many competitive devices, the prices are cited right on the web page, and you can even buy direct without having to set up an account and speaking with a salesperson.  If you are a company looking for volume discounts, you can also buy them from distributors such as Softchoice, TechData, Canada Computers, and many more.  For a clearer picture of where to buy from in your region, visit their Where to Buy page.

I have been working with the Apricorn drive as my primary workspace today, and there are only two very minor drawbacks that I have found:

  1. The drive does get hot.  This is no different from the other WTG keys I have discussed in the past.
  2. If your USB port loses power for a split second on reboot (most of them do), then you have to shut your computer down and unlock the key again.  However, if your USB port is persistently powered, this will not be an issue.

Whether you want it for Windows to Go, for data storage, or for a combination of both, the 256-bit AES XTS hardware-encrypted Aegis Secure Key 3z Flash Drive from Apricorn Inc. is certainly a must-have.  I know that going forward, this is a key that will always be in my pocket!

A quick teaser…

As many of you know, I have always had a soft spot for Windows to Go (WTG), a technology that Microsoft introduced in Windows 8.  I have written reviews and how-to articles on the topic dating back to June, 2012.  While I do currently have a favourite device, I have three (3) of them on a key ring that I use for different reasons.

I am excited.  Yesterday I had a conversation with a representative of a company that makes a secure key that supports (but is not certified for) Windows to Go.  While it may not be certified by Microsoft, it does have some very interesting features that are unique among its competition.  I am looking forward to receiving a unit to evaluate, so I can tell you how it goes.  I will not give you any spoilers, but I also promise that I will not be giving any marketing spiel whatsoever… my review will be technical, and accurate.

Stay tuned!

WTG

A New Year… A new me?

Happy-New-year-2018

You may have noticed that although this article is all about the new year, it is not my first article of 2018.  In fact, the article I published prior to this one was written the week between Christmas and New Years… and I felt that publishing then might have been less than beneficial.

So as I type these words it is Tuesday January 2nd, and I am back in my office in Ottawa, after having enjoyed a wonderful week (10 days really) in and around the GTA (That’s the Greater Toronto Area, for those of you unfamiliar).  I spent time with friends, family, and loved ones.  I did more driving than I would have liked, and did not eat nearly as well as I would have liked.  I relaxed, I ran around.  All in all, it was a typical holiday week.

I have a lot of plans for this year, and I am hoping to be able to achieve a lot of goals.  I am not one for New Years Resolutions… but I am hoping to get a few things going.  One of these is to blog more often than I have been.  I remember the dedication I put into this site when I was at my peak, and the past two years I have, compared to 2012-2014, been positively neglectful.  That stops now.  I cannot promise a blog article every day, but I would like to aim for two articles per week… one technical, one non-technical.  Let’s see how that goes.

Once again, I would like to thank my loyal readers… without you, I am nothing!

DCPromo No More… PowerShell!

I needed to build a new domain controller for a friend’s company recently.  It is something that I have done so many times over the past two decades that some things are just instinctive… like typing dcpromo to create a domain controller.

dcpromo

Right… I had forgotten about that.  dcpromo has been deprecated.

You could go through the process of doing it through the Server Manager, but it really is more work than is needed.  Instead, try the following PowerShell script::

#################
#
# Script to create Active Directory Domain Controller.
# Written by Mitch Garvis for Cistel Technologies Inc.
#
# Enjoy!
#
#################

# Install Active Directory

Install-WindowsFeature AD-Domain-Services -IncludeManagementTools

# Create Domain Controller

Import-Module ADDSDeployment
Install-ADDSDomainController `
-NoGlobalCatalog:$false `
-CreateDnsDelegation:$false `
-CriticalReplicationOnly:$false `
-DatabasePath “C:\Windows\NTDS” `
-DomainName “domain.com” `
-InstallDns:$true `
-LogPath “C:\Windows\NTDS” `
-NoRebootOnCompletion:$false `
-SiteName “Default-First-Site-Name” `
-SysvolPath “C:\Windows\SYSVOL” `
-Force:$true

That should do it… just change where it says ‘domain.com’ to whatever domain you want to use.  Run it.  In a couple of minutes, you will be asked to enter a Safe mode Admin password.  A few minutes after that, you should have a brand new domain controller.

Remember, depending on the size of your Active Directory, it may take several hours to replicate to the new DC… so give it time 🙂

Renaming Files en Mass…

Nikon D5100I take a lot of pictures… not only with my phone, but also with my Nikon DSLR camera.  It is one of my hobbies… I am not very good at it, but I enjoy it nonetheless.

Keeping track of hundreds or thousands of pictures is easy, as long as you copy them into the appropriate directory in your computer.  It is easy to keep track, so I might have the following files in a directory:

Volume in drive E is SWMI Blue-2T
Volume Serial Number is 9ED7-318E

Directory of E:\Holiday Snaps

2017-12-19  03:26 PM    <DIR>          .
2017-12-19  03:26 PM    <DIR>          ..
2017-12-19  03:26 PM                 0 dir.txt
2008-05-25  03:54 PM         3,102,650 DSC_0001.JPG
2008-05-25  03:55 PM         3,107,741 DSC_0002.JPG
2008-05-25  03:54 PM         3,102,650 DSC_0003.JPG
2008-05-25  03:55 PM         3,107,741 DSC_0004.JPG
               5 File(s)     12,420,782 bytes
               2 Dir(s)  280,903,417,856 bytes free

That is great… except for the fact that if I search my hard drive for a file named DSC_0004.JPG, I might have hundreds of them, depending on how my camera is configured. So what I like to do is rename all of my files from a specific event, like so:

E:\Holiday Snaps> ren DSC_0*.* HolSn*.*

E:\Holiday Snaps> dir

Volume in drive E is SWMI Blue-2T
Volume Serial Number is 9ED7-318E

Directory of E:\Holiday Snaps

2017-12-19  03:30 PM    <DIR>          .
2017-12-19  03:30 PM    <DIR>          ..
2017-12-19  03:26 PM               553 dir.txt
2017-12-19  03:30 PM                 0 dir1.txt
2008-05-25  03:54 PM         3,102,650 HolSn001.JPG
2008-05-25  03:55 PM         3,107,741 HolSn002.JPG
2008-05-25  03:54 PM         3,102,650 HolSn003.JPG
2008-05-25  03:55 PM         3,107,741 HolSn004.JPG
               6 File(s)     12,421,335 bytes
               2 Dir(s)  280,903,417,856 bytes free

Great… I now have my files named HolSn (for HOLiday SNaps).  If I only go on holiday once in my life, I am set.

What I want to be able to do is to rename the files with more descriptive names… like Havana July 20170001.JPG, and so forth… and if I only have four or five pictures, that is easy enough.  With hundreds and often thousands of pictures, it can be ridiculously laborious.  So instead, we are going to use some old Command Prompt/Batch Magic.  Watch this:

E:\Holiday Snaps>for /f %a in (*) do ren “%a” “Havana July 2017 %a”

E:\Holiday Snaps> dir

Volume in drive E is SWMI Blue-2T
Volume Serial Number is 9ED7-318E

Directory of E:\Holiday Snaps

2017-12-19  03:42 PM    <DIR>          .
2017-12-19  03:42 PM    <DIR>          ..
2017-12-19  03:42 PM                 0 dir.txt
2008-05-25  03:54 PM         3,102,650 Havana July 2017 DSC_0001.JPG
2008-05-25  03:55 PM         3,107,741 Havana July 2017 DSC_0002.JPG
2008-05-25  03:54 PM         3,102,650 Havana July 2017 DSC_0003.JPG
2008-05-25  03:55 PM         3,107,741 Havana July 2017 DSC_0004.JPG
               5 File(s)     12,420,782 bytes
               2 Dir(s)  280,903,409,664 bytes free

That is more like it.  So when you want to rename your files in a Command Prompt, just follow those easy steps.

POWERSHELL

Yes, I know… Command Prompt is out, PowerShell is in.  Also simple…

Get-ChildItem | Rename-Item -NewName { “Prefix_” + $_.Name }

This will do the same thing, but you have to be running a version of Windows with PowerShell… so, not Windows XP! Smile

PS E:\Holiday Snaps> ls

    Directory: E:\Holiday Snaps

Mode                LastWriteTime         Length Name
—-                ————-         —— —-
-a—-       2008-05-25   4:54 PM        3102650 DSC_0001.JPG
-a—-       2008-05-25   4:55 PM        3107741 DSC_0002.JPG
-a—-       2008-05-25   4:54 PM        3102650 DSC_0003.JPG
-a—-       2008-05-25   4:55 PM        3107741 DSC_0004.JPG

PS E:\Holiday Snaps> Get-ChildItem | Rename-Item -NewName { “Havana July 2017-” + $_.Name }
PS E:\Holiday Snaps> ls

    Directory: E:\Holiday Snaps

Mode                LastWriteTime         Length Name
—-                ————-         —— —-
-a—-       2008-05-25   4:54 PM        3102650 Havana July 2017-DSC_0001.JPG
-a—-       2008-05-25   4:55 PM        3107741 Havana July 2017-DSC_0002.JPG
-a—-       2008-05-25   4:54 PM        3102650 Havana July 2017-DSC_0003.JPG
-a—-       2008-05-25   4:55 PM        3107741 Havana July 2017-DSC_0004.JPG

PS E:\Holiday Snaps>

I hope this helps…. now if you don’t mind, for some reason I am thinking I should book a vacation!

Dynamic Lock: Walk away securely.

Dynamic-LockOne of my pet peeves when walking through organizations that I consult for is seeing unlocked and unattended workstations.  I hate seeing this, knowing that anyone can sit down at their desk and do… whatever.  I know people who would sit down at these unlocked workstations, and send an e-mail to the entire organization (in the name of whoever’s workstation they was at), saying that they were buying beer, dinner, vacations, whatever.  Of course, *I* would never do that… it might be considered unethical.  But someone out there does it, and did it at a few companies I have worked at.  Funny, the behaviour seemed to stop when I left the company.  A weird coincidence, I know.

imageI have been saying for years that it would be a great feature if Microsoft could allow users to have a token – a key card or something – that would automatically lock their computers if the token were removed.  In Windows 10 Edition 1703 they have finally done it.

Dynamic Lock is a feature that is enabled in the Sign-in options, and is one of those great new features that I have not heard too many people talking about.  If you carry your smartphone around with you, and really, who doesn’t these days, then it is easy to implement and use.  Here’s how:

  1. Pair your smartphone to your desktop or laptop.  Oh, did I mention?  This will only work if both devices have Bluetooth enabled.
  2. Open Windows Settings, then select the Accounts option.
  3. On the left side of the window click Sign-in options.
  4. Click the check box under Dynamic lock.

image

That’s it… as simple as that.  Walk away with your phone (out of Bluetooth range), and within a minute your computer will lock down.  For those of us who are used to locking every time we walk away, this may not be an issue.  For the rest of you out there… set this up today!

Urban Armor: Protect your device!

Are all phone protector cases created equal?  I have discovered over the years that, much to my dismay, they are not.  Some cases look pretty and are sleek, but they do not do a very good job of protecting your phone.  Others are big and bulky, and your phone is safe… but you never want to carry it.  I have been looking for a compromise that will look and feel good, but still provide comfort.

There are actually two components to the phone that need to be protected – the case itself, and the screen.  And so, in addition to the protective case, we should really be investing in a protective screen covering as well… and because our phones are touch devices, it has to be a balance between protective and functional.

Last month I bought my new Samsung Galaxy S8 Plus phone.  It is the first non-Apple device I have bought in a few years; it is also the first phone I bought second-hand, thus no extended coverage warranty.  It is a very sleek phone, and from the very beginning I bought a protective case, as well as an explosion-proof tempered glass film.  I was satisfied that with the combination of both, I would be protected… until I tried to put the phone with the screen-protector into the case, and realized that the case was so tight that the two would not work together.  And so, the $50 investment in the protective case was out the door… unless I wanted to leave my screen unprotected.

Over lunch that day I shared my concern with a colleague, who suggested I look into Urban Armour Gear (UAG) cases.  I checked out their website, and found the case I wanted – the Monarch Series case features 2X drop-protection, and comes with a ten year warranty.  It is handcrafted with top-grain leather, a polycarbonate shear plate, armour shell, allow metal hardware, and impact-resistant rubber.  All of that sounded good on paper… but would it allow me to protect the screen at the same time?  I checked their FAQs, and realized that UAG also sells tempered glass screen protectors.  It stood to reason that they would fit with their cases, right?

And so, I placed my order.  A week later I received my Monarch Series Galaxy S8+ case, and I will tell you this, it was money well spent.  Worth every penny!  As expected it fit my phone like a glove… including the tempered-glass screen protector.  Unlike some other protective cases, it did not feel like I was carrying a brick in my hand… the protection was offered with a strong consideration to the sleek design of the phone, and so while the case does make the phone bigger in my hand, it is only slightly bigger, and not at all uncomfortable.

…but does it work?

I have always tried to be as delicate as possible with my phones, and try to be as careful as possible.  I have seen friends walking around with cracked screens and worse, and I have never wanted any of that.  But sometimes you cannot be as careful as you like.  I was carrying more than I should have to my car – suitcase, laptop case, gym bag, and a hanging garment bag.  I was also on an important call, and stupidly had my phone secured between my shoulder and my ear as I rushed to make it out on time.  I almost made it… but at some point, something had to give.  In this particular case it was my garment bag, and when I lurched to try to save it…

…the phone flew from its perch and dropped… and bounced… and bounced again… until it fell flat, face-down, on a pile of stones.  It flew several feet – easily ten feet from where I was standing, and so it fell from a height of nearly six feet, and bounced another ten feet.  I was not holding out hope.  I put my bags down, picked up my phone, and…

…RESUMED MY PHONE CALL.  All that potential for damage, and my phone did not even drop the call.  The screen was safe because of the protective shield, the phone was protected thanks to the UAG case, and all was good in the world.

And so: we know that the case does a spectacular job of protecting my phone… but does it prevent any of the features?  Let’s run them down:

  • Large tactile buttons make the buttons easy to press.
  • Cameras (both front and back) are perfectly visible.
  • Fingerprint sensor is easily accessible.
  • NFC wireless charging and payments work perfectly.
  • Honeycomb traction grip makes it even more comfortable in my hands.

In other words… the UAG case allows complete functionality of the phone, combined with spectacular military-grade protection.

All in all, I would recommend this case to all of my friends and readers… and knowing that they make cases for all of my other devices as well (Surface Pro 4, iPhone 6S, iPad Mini), I will be looking into those UAG cases as well.  Now that their case has passed MY drop test, I am satisfied knowing that this is the case for me.

Rules for my sons…

These are now rules for both my sons! Thanks Peter!

I like these a lot!

Rules For My Unborn Son by Walker Lamond

1. Never shake a man’s hand sitting down.

2. There are plenty of ways to enter a pool. The stairs ain’t one.

3. The man at the grill is the closest thing we have to a king.

4. In a negotiation, never make the first offer.

5. Act like you’ve been there before. Especially in the end zone.

6. Request the late check-out.

7. When entrusted with a secret, keep it.

8. Hold your heroes to a higher standard.

9. Return a borrowed car with a full tank of gas.

10. Don’t fill up on bread.

11. When shaking hands, grip firmly and look him in the eye.

12. Don’t let a wishbone grow where a backbone should be.

13. If you need music on the beach, you’re missing the point.

14. Carry two handkerchiefs. The one in your back pocket is for you. The one in your breast pocket is for her.

15. You marry the girl, you marry her whole family.

16. Be like a duck. Remain calm on the surface and paddle like crazy underneath.

17. Experience the serenity of traveling alone.

18. Never be afraid to ask out the best looking girl in the room.

19. Never turn down a breath mint.

20. In a game of HORSE, sometimes a simple free throw will get ’em.

21. A sport coat is worth 1000 words.

22. Try writing your own eulogy. Never stop revising.

23. Thank a veteran

Should You Forgive a Drunken Attack?

SorryLast week Jews around the world fasted for Yom Kippur. The translation is Day of Atonement. In the days leading up to Yom Kippur we are meant to seek forgiveness from others for our transgressions against those we might have wronged. The thinking is that while G-d can forgive sins against him, it is only the people we have wronged who can forgive those wrongs. I have had a lot to seek forgiveness for over my life, and some of those wrongs will never be forgiven.

I do try to be a good person, and as such, when someone seeks my forgiveness, I try to forgive when I can. And so when, a couple of months ago, someone whose name may start with Q asked me to forgive him, I did. I did not let him off the hook easily, but I did say that I would give him a chance. He told me he did not know what had come over him, that even when others spoke against me he had told them that I was a good guy, that I had been good to him, and it must have been that he had been drinking. Still he had cut me off completely. When he asked forgiveness I was willing to accept his remorse.

Early this week something happened, and Q confronted me. I had not done anything, but it looked like I had. Even if I had done what I had been accused of, I still would not have harmed anyone… but someone who does not like me (and, again, someone who had been a false friend) used it as ammunition to talk bad about me.

Q decided he needed to get me to confess to him. I told him I hadn’t done anything, but he did not believe me – he would not believe me – and he spent a couple of hours yelling at me, threatening me, and in the end told me that he would take every chance possible to besmirch my name, both on-line and in person… not because I had done something wrong, but because I would not confess – even in confidence – to him. This, of course, was less than two months after he apologized for showing me he could not be trusted.

The next day, having let a few hours pass, I asked him why he had taken it so personal. His answer?

I was drunk to be honest I don’t know why I took it so personally….. I thought I was just chatting with you a bit.

And believe me or not, while I did unfriend you I never talked smack. You can ask <named two friends> or whoever.
I just thought it was ridiculous you were denying it to me but whatever.
It wasn’t like I was investigating for <edited out>, every one already knew it was you, I was just sending a message cuz j thought it was funny.

So if we read his words, he had no excuse for taking things so personally, but he was drunk. That is perfectly plausible – the initial conversation started after 9:00pm and with some breaks lasted over two hours. But this second conversation, in which he went on to again tell me he thought I was lying, took place at 3:00pm the next day. Is it possible he was drunk then too? Yes. Is it likely? Probably not – I believe he has a job, and was probably either at or just finished work.

So, was it the booze that made him so angry? Maybe. Was it the booze that made him promise to:

Hope I do see you soon, I’ll make a fucking point of coming to <A mutual friend’s house> next time your there….. not threatening anything, just want to put you on blast in front of other people

I don’t know if it was or it was not… but I will say this: In the same statement where he claimed to have been drunk the night before, he did not apologize for his behaviour, and he continued to call me a liar. Of course, he did not threaten to disrespect a mutual friend’s house by going there to make a scene, and he did not threaten to expose me and what a terrible person I was to everyone who would listen… so at least he was a bit calmer.

He was still the same person.

Q’s personality did not change when he was drunk, it was just enhanced. I have heard that so many times, but I don’t think I ever believed it… until now. People have been telling me for years that certain things – alcohol, drugs, old age – do not change who you are, it just magnifies some of the traits that are in you. Maybe that is why I have never started a fight when I was drunk. It is not who I am sober, so why should it be so when I am drunk?

Now… have I ever said things that really pissed someone off when I was drunk? Absolutely. THAT is a magnification of some of the traits I have worked over the past few years to fix in myself. Am I loud when I am drunk? I know that I am… and these are just a couple of the reasons I seldom drink to intoxication. It is also why I know I can trust someone sober, when they are a trustworthy drunk.

Will Q ever ask forgiveness again? I doubt it. Would I forgive him if he asked? Probably… but it is easier to forgive than to forget, and I will never forget, and I will never trust him again. That is not out of spite… it is simply because he has proven – twice now – that he does not deserve my trust.

Have a great weekend everyone.

Password Vault: Success!

I can’t believe it has been two years since I signed up for my password vault, but there it was in my mailbox… the reminder that it is time to renew my ‘premium’ service with my password vault service.  I did it gladly, giving over my credit card information.

Why premium, you ask?  Well, for one, I appreciate the ability to use my Yubikey to authenticate.  Multi-Factor Authentication (MFA) is extremely important in this day and age, especially when it comes to password safety.  As I wrote in this article, it took me a very long time to start trusting password management tools, and I did not want to trust my passwords to a simple… well, password.

With that said, there is something psychological to my decision as well.  I know it is wrong, but there is something in my mind that makes me distrust – or at least, not completely trust – any company that is giving me a service completely for free.  Maybe I am wrong, but I feel that if it is free, I have no right to complain.  Paying that yearly fee – even though it is only $1 per month – makes me feel that the company is accountable to me, and that if something goes wrong, I can pick up the phone and complain.

Am I right about this? I do know that when I had a problem with my Microsoft Account a few months ago (See article), it took me 107 days to get the problem resolved.  In fact, it took me the better part of a month to find anyone at Microsoft who would even take me seriously.  And really, what could I do?  Their reputation may be damaged in some small way for those people who read the article, but I cannot sue them.  I can yell and scream and curse and jump up and down, but because it is a free service, I can’t do anything else.

I don’t think I have had a single problem with my password vault, other than, for some reason, it thinks all of my computers are called Windows Chrome.  Other than that, all is good.  So I’ll keep using it, and for the extremely nominal fee, I will, for the next year, once more feel the false sense of security that, should something go wrong, I have the right to complain.

…and if you didn’t pay, you might not!