Earlier today I published my article called USB & Windows to Go: Key In! on this site.  Because of my eagerness to get the article out (recently I posted that I would be trying to post a lot more frequently), I have been informed that I made a number of minor errors.  Here are the corrections:

  1. The ASK3Z keys are available in sizes from 8GB to 128GB, and not 256GB as I had mentioned.  This has been corrected in the text.
  2. Apricorn offers larger capacity devices in their ASK3 line, including a 240GB and a 480GB model.  These devices run the identical firmware, and have all the same features as the ASK3Z.
  3. If the brute force is tripped, the drive will crypto erase the encryption key, so that the data cannot be accessed.  The drive itself is not actually wiped, but cannot be accessed.
  4. Because the key code is entered before the key is inserted into the computer, there is no possibility for a key-logger to steal the PIN.  (This is not a correction, but another point I should have mentioned because it is cool!)
  5. With regard to the rebooting, I am told that the Lock Override Mode is the best way to use the device as an OS host, so the Secure Key will disregard the Re-enumeration signal from the USB port while the system reboots.

Sorry for the misunderstandings, and thank you Craig for helping me out here!



A quick teaser…

As many of you know, I have always had a soft spot for Windows to Go (WTG), a technology that Microsoft introduced in Windows 8.  I have written reviews and how-to articles on the topic dating back to June, 2012.  While I do currently have a favourite device, I have three (3) of them on a key ring that I use for different reasons.

I am excited.  Yesterday I had a conversation with a representative of a company that makes a secure key that supports (but is not certified for) Windows to Go.  While it may not be certified by Microsoft, it does have some very interesting features that are unique among its competition.  I am looking forward to receiving a unit to evaluate, so I can tell you how it goes.  I will not give you any spoilers, but I also promise that I will not be giving any marketing spiel whatsoever… my review will be technical, and accurate.

Stay tuned!


DCPromo No More… PowerShell!

I needed to build a new domain controller for a friend’s company recently.  It is something that I have done so many times over the past two decades that some things are just instinctive… like typing dcpromo to create a domain controller.


Right… I had forgotten about that.  dcpromo has been deprecated.

You could go through the process of doing it through the Server Manager, but it really is more work than is needed.  Instead, try the following PowerShell script::

# Script to create Active Directory Domain Controller.
# Written by Mitch Garvis for Cistel Technologies Inc.
# Enjoy!

# Install Active Directory

Install-WindowsFeature AD-Domain-Services -IncludeManagementTools

# Create Domain Controller

Import-Module ADDSDeployment
Install-ADDSDomainController `
-NoGlobalCatalog:$false `
-CreateDnsDelegation:$false `
-CriticalReplicationOnly:$false `
-DatabasePath “C:\Windows\NTDS” `
-DomainName “” `
-InstallDns:$true `
-LogPath “C:\Windows\NTDS” `
-NoRebootOnCompletion:$false `
-SiteName “Default-First-Site-Name” `
-SysvolPath “C:\Windows\SYSVOL” `

That should do it… just change where it says ‘’ to whatever domain you want to use.  Run it.  In a couple of minutes, you will be asked to enter a Safe mode Admin password.  A few minutes after that, you should have a brand new domain controller.

Remember, depending on the size of your Active Directory, it may take several hours to replicate to the new DC… so give it time 🙂

Urban Armor: Protect your device!

Are all phone protector cases created equal?  I have discovered over the years that, much to my dismay, they are not.  Some cases look pretty and are sleek, but they do not do a very good job of protecting your phone.  Others are big and bulky, and your phone is safe… but you never want to carry it.  I have been looking for a compromise that will look and feel good, but still provide comfort.

There are actually two components to the phone that need to be protected – the case itself, and the screen.  And so, in addition to the protective case, we should really be investing in a protective screen covering as well… and because our phones are touch devices, it has to be a balance between protective and functional.

Last month I bought my new Samsung Galaxy S8 Plus phone.  It is the first non-Apple device I have bought in a few years; it is also the first phone I bought second-hand, thus no extended coverage warranty.  It is a very sleek phone, and from the very beginning I bought a protective case, as well as an explosion-proof tempered glass film.  I was satisfied that with the combination of both, I would be protected… until I tried to put the phone with the screen-protector into the case, and realized that the case was so tight that the two would not work together.  And so, the $50 investment in the protective case was out the door… unless I wanted to leave my screen unprotected.

Over lunch that day I shared my concern with a colleague, who suggested I look into Urban Armour Gear (UAG) cases.  I checked out their website, and found the case I wanted – the Monarch Series case features 2X drop-protection, and comes with a ten year warranty.  It is handcrafted with top-grain leather, a polycarbonate shear plate, armour shell, allow metal hardware, and impact-resistant rubber.  All of that sounded good on paper… but would it allow me to protect the screen at the same time?  I checked their FAQs, and realized that UAG also sells tempered glass screen protectors.  It stood to reason that they would fit with their cases, right?

And so, I placed my order.  A week later I received my Monarch Series Galaxy S8+ case, and I will tell you this, it was money well spent.  Worth every penny!  As expected it fit my phone like a glove… including the tempered-glass screen protector.  Unlike some other protective cases, it did not feel like I was carrying a brick in my hand… the protection was offered with a strong consideration to the sleek design of the phone, and so while the case does make the phone bigger in my hand, it is only slightly bigger, and not at all uncomfortable.

…but does it work?

I have always tried to be as delicate as possible with my phones, and try to be as careful as possible.  I have seen friends walking around with cracked screens and worse, and I have never wanted any of that.  But sometimes you cannot be as careful as you like.  I was carrying more than I should have to my car – suitcase, laptop case, gym bag, and a hanging garment bag.  I was also on an important call, and stupidly had my phone secured between my shoulder and my ear as I rushed to make it out on time.  I almost made it… but at some point, something had to give.  In this particular case it was my garment bag, and when I lurched to try to save it…

…the phone flew from its perch and dropped… and bounced… and bounced again… until it fell flat, face-down, on a pile of stones.  It flew several feet – easily ten feet from where I was standing, and so it fell from a height of nearly six feet, and bounced another ten feet.  I was not holding out hope.  I put my bags down, picked up my phone, and…

…RESUMED MY PHONE CALL.  All that potential for damage, and my phone did not even drop the call.  The screen was safe because of the protective shield, the phone was protected thanks to the UAG case, and all was good in the world.

And so: we know that the case does a spectacular job of protecting my phone… but does it prevent any of the features?  Let’s run them down:

  • Large tactile buttons make the buttons easy to press.
  • Cameras (both front and back) are perfectly visible.
  • Fingerprint sensor is easily accessible.
  • NFC wireless charging and payments work perfectly.
  • Honeycomb traction grip makes it even more comfortable in my hands.

In other words… the UAG case allows complete functionality of the phone, combined with spectacular military-grade protection.

All in all, I would recommend this case to all of my friends and readers… and knowing that they make cases for all of my other devices as well (Surface Pro 4, iPhone 6S, iPad Mini), I will be looking into those UAG cases as well.  Now that their case has passed MY drop test, I am satisfied knowing that this is the case for me.

Rules for my sons…

These are now rules for both my sons! Thanks Peter!

I like these a lot!

Rules For My Unborn Son by Walker Lamond

1. Never shake a man’s hand sitting down.

2. There are plenty of ways to enter a pool. The stairs ain’t one.

3. The man at the grill is the closest thing we have to a king.

4. In a negotiation, never make the first offer.

5. Act like you’ve been there before. Especially in the end zone.

6. Request the late check-out.

7. When entrusted with a secret, keep it.

8. Hold your heroes to a higher standard.

9. Return a borrowed car with a full tank of gas.

10. Don’t fill up on bread.

11. When shaking hands, grip firmly and look him in the eye.

12. Don’t let a wishbone grow where a backbone should be.

13. If you need music on the beach, you’re missing the point.

14. Carry two handkerchiefs. The one in your back pocket is for you. The one in your breast pocket is for her.

15. You marry the girl, you marry her whole family.

16. Be like a duck. Remain calm on the surface and paddle like crazy underneath.

17. Experience the serenity of traveling alone.

18. Never be afraid to ask out the best looking girl in the room.

19. Never turn down a breath mint.

20. In a game of HORSE, sometimes a simple free throw will get ’em.

21. A sport coat is worth 1000 words.

22. Try writing your own eulogy. Never stop revising.

23. Thank a veteran

Should You Forgive a Drunken Attack?

SorryLast week Jews around the world fasted for Yom Kippur. The translation is Day of Atonement. In the days leading up to Yom Kippur we are meant to seek forgiveness from others for our transgressions against those we might have wronged. The thinking is that while G-d can forgive sins against him, it is only the people we have wronged who can forgive those wrongs. I have had a lot to seek forgiveness for over my life, and some of those wrongs will never be forgiven.

I do try to be a good person, and as such, when someone seeks my forgiveness, I try to forgive when I can. And so when, a couple of months ago, someone whose name may start with Q asked me to forgive him, I did. I did not let him off the hook easily, but I did say that I would give him a chance. He told me he did not know what had come over him, that even when others spoke against me he had told them that I was a good guy, that I had been good to him, and it must have been that he had been drinking. Still he had cut me off completely. When he asked forgiveness I was willing to accept his remorse.

Early this week something happened, and Q confronted me. I had not done anything, but it looked like I had. Even if I had done what I had been accused of, I still would not have harmed anyone… but someone who does not like me (and, again, someone who had been a false friend) used it as ammunition to talk bad about me.

Q decided he needed to get me to confess to him. I told him I hadn’t done anything, but he did not believe me – he would not believe me – and he spent a couple of hours yelling at me, threatening me, and in the end told me that he would take every chance possible to besmirch my name, both on-line and in person… not because I had done something wrong, but because I would not confess – even in confidence – to him. This, of course, was less than two months after he apologized for showing me he could not be trusted.

The next day, having let a few hours pass, I asked him why he had taken it so personal. His answer?

I was drunk to be honest I don’t know why I took it so personally….. I thought I was just chatting with you a bit.

And believe me or not, while I did unfriend you I never talked smack. You can ask <named two friends> or whoever.
I just thought it was ridiculous you were denying it to me but whatever.
It wasn’t like I was investigating for <edited out>, every one already knew it was you, I was just sending a message cuz j thought it was funny.

So if we read his words, he had no excuse for taking things so personally, but he was drunk. That is perfectly plausible – the initial conversation started after 9:00pm and with some breaks lasted over two hours. But this second conversation, in which he went on to again tell me he thought I was lying, took place at 3:00pm the next day. Is it possible he was drunk then too? Yes. Is it likely? Probably not – I believe he has a job, and was probably either at or just finished work.

So, was it the booze that made him so angry? Maybe. Was it the booze that made him promise to:

Hope I do see you soon, I’ll make a fucking point of coming to <A mutual friend’s house> next time your there….. not threatening anything, just want to put you on blast in front of other people

I don’t know if it was or it was not… but I will say this: In the same statement where he claimed to have been drunk the night before, he did not apologize for his behaviour, and he continued to call me a liar. Of course, he did not threaten to disrespect a mutual friend’s house by going there to make a scene, and he did not threaten to expose me and what a terrible person I was to everyone who would listen… so at least he was a bit calmer.

He was still the same person.

Q’s personality did not change when he was drunk, it was just enhanced. I have heard that so many times, but I don’t think I ever believed it… until now. People have been telling me for years that certain things – alcohol, drugs, old age – do not change who you are, it just magnifies some of the traits that are in you. Maybe that is why I have never started a fight when I was drunk. It is not who I am sober, so why should it be so when I am drunk?

Now… have I ever said things that really pissed someone off when I was drunk? Absolutely. THAT is a magnification of some of the traits I have worked over the past few years to fix in myself. Am I loud when I am drunk? I know that I am… and these are just a couple of the reasons I seldom drink to intoxication. It is also why I know I can trust someone sober, when they are a trustworthy drunk.

Will Q ever ask forgiveness again? I doubt it. Would I forgive him if he asked? Probably… but it is easier to forgive than to forget, and I will never forget, and I will never trust him again. That is not out of spite… it is simply because he has proven – twice now – that he does not deserve my trust.

Have a great weekend everyone.

The New Mitch?


The photograph on the left was taken in front of La Floridita on Calle Obisbo in Old Havana by Greg Starks in February, 2017.  The photograph on the right was taken in the same spot by Eduardo Bensusan in July, 2017.  Conclusion?  Eduardo is obviously a much better photographer than Greg, except that Greg had the good sense to tell me to stand up straight.

Okay, let me say what I have been up to, simply because I am getting far too many comments to keep it secret any longer.

Yes, I have been on a diet.  Yes, it has been an extreme one.  No, I am not doing it on my own.  No, I am not sick in any way, and no, I have not, nor do I plan to have, any sort of surgical procedure.

Yes, I have been writing about it… quite a bit actually.  My journal, which has been shared with very few people, is nearing forty-eight thousand words.  I have not been writing it in public for a few reasons, not the least of which is that I have over the past few years written publicly and enthusiastically about my weight-loss attempts… and very little about all of those failures.

I have been quite successful with this attempt… so far.  I am down several pants sizes, and as the pictures show I have been doing well.  However I am far from done.  I have a long way to go, and I do not want to fail.  The only reason I am writing this is because I have received so many messages on Facebook from friends commenting, many of which with worried tones, asking if I was ill.

No, I am not ill.  I am quite well – I am jogging again, I am in the gym a few times per week, and I am trying to keep up the diet.  It gets difficult, but I am trying.  I will continue to do so.

I have a favour to ask of you all.  Please don’t ask me about it.  I do not wish to discuss how I am doing, nor what diet I am on.  If you wish to offer words of encouragement, I will graciously accept.  However, should you try to get any further information out of me, I will likely either divert or end the conversation.

Thank you all for your support.  And now we can resume our regularly scheduled technical mumbo-jumbo that Rick only understands twenty-five percent of!

Happy 10th Birthday!

i started blogging at The President’s Blog for about twelve years ago. However it was ten years ago today that The World According to Mitch went live, completely separating myself from my former position.

of course, back then the address was not – that would come later – but it was my own blog, running on DotNetNuke if I recall.

Ten years and over one thousand posts later, here we are. I want to thank all of you for your continued supports!

Hyper-V Server Clustering Network Issue: Validation Failed?

If I’ve told you once I’ve told you a thousand times… When you build a Failover Cluster on Windows Server make sure you run the Validation Tests… and make sure those tests succeed (or at the very least nothing FAILS… Warnings are acceptable).

So as I sit at a client trying to cluster two Hyper-V Server 2016 hosts, I am frustrated by the big red FAILED on my Cluster Report.


Should you ever encounter this error, it is important to note that the network vEthernet (Data) is not the same network as Data.  So the solution, which stymied me for about an hour, was simple:


In other words, I have to disable to TCP/IP v6 on the problematic binding, which I do with a simple PowerShell cmdlet:

PS c:\> Disable-NetAdapterBinding -Name “vEthernet (Data)” -ComponentId ms_tcpip6

(Remember that I have to put the “quotation marks” around the name because there is a space in it… otherwise I could leave them out.)

Also remember that because these hosts are Hyper-V Servers and not actual Windows Servers, I couldn’t use the GUI to do this.  (There actually is a netsh command to accomplish this as well… but PowerShell rocks!)

Once I ran this cmdlet on both hosts, I re-ran my Validation Tests, and bingo!


Everything comes up roses, and I can continue my day happily.

I hope this helps you!

A New Perspective…

This blog is older than I ever thought it would be.  So every once in a while I like to give it a facelift.  This morning you should notice a big difference.

I picked a new template last week.  I have modified it though… the pictures in the cover are shots I took in Cuba this year.  I hope you like it!  Let me know if you don’t!


Firewalls: Trust me!

I have several clients who have multiple sites, as well as multiple Active Directory (AD) forests.  As security is so important they want to lock things down the best they can, but they also need to open up the necessary ports to allow the domain trusts to work.  The ports required for this are:

Port Number Protocol Traffic Type
53 TCP/UDP Domain Naming Service (DNS)
88 TCP/UDP Kerberos
445 TCP Server Message Block (SMB)

These ports should work for every version of Active Directory dating back to Server 2000, but I have not tried anything earlier than 2012.

A Big, HUGE Microsoft Security FAIL.

(NOTE: This article was written December 7, 2016. Not one word has been changed since that date.  To understand why it can only now be published, read the article on this site called 107 Days: A Microsoft Security Nightmare. -MDG)

For reasons that will become obvious, I am going to delay posting this article until the issue has been resolved.

A few days ago a colleague of mine discovered the password to my Microsoft Account.  I won’t go into the how and why… I knew that my password had been compromised and I took the immediate steps to change it.


Ok, I understand that things break… I tried a few times, and then I decided to follow the advice and try later.  I trust my colleague not to actually use my password, so even though I felt uncomfortable with it being compromised, I knew I could wait a couple of hours.

Throughout the evening I tried (unsuccessfully) to change my password.  As I was sitting with my father having dinner, as I had drinks and cigars with my friends… no joy, I still got the same message.  ‘There’s a temporary problem with the service. Please try again. If you continue to get this message, try again later.

I want to be clear… if my network had an error that was preventing users from changing their passwords I would consider it reasonably important, and I would take immediate steps to fix it.  But having trusted Microsoft for so many years, I assumed this would be fixed eventually.

Four Days Passed.

Yes, it was literally four days before I decided that my passivity would not eventually lead to a solution.  I sat down and figured out how to request support. I was hoping to be able to speak with a human being.  Before I could, however, the Virtual Support Assistant got me to try this link and that link.  It then made me go through seventeen steps to finally confirm that the account in question was mine… and once it confirmed that I really am me, it tried to reset my password… and I ended up with the same error message that ‘There’s a temporary problem with the service. Please try again. If you continue to get this message, try again later.

Okay, it’s been nearly an hour… and I am chatting with someone who is quite obviously not their first round draft pick.  After all, I asked for help with, not with something that people actually pay for.  I spent twenty minutes explaining to him the situation, and the added (and I assume rare) complication that I have two accounts with the same address… my Office 365 account and my Microsoft Account are both the same address that are completely different.  ‘Please don’t touch my Office 365 Account, I only want to change my Microsoft Account.’  This led to another five minute discussion on the meaning of the word change.

He had me fill out another form on-line.  I did.  At the end of that form I got a message that said that the product team would contact me within 24-48 hours to help me.  I told the Support Agent that I had filled out the form.  He told me that now I had to wait until they contacted me.

All in all, my Microsoft Account (which is the account I use for my MCT & MCP Benefits, Skype, and myriad other features) will have been compromised for the better part of a week… and there was nothing I could do about it.  Yes, I could have contacted Answer Desk a few days earlier, so it would have been compromised for only three days.  I want to know in what world is that considered an acceptable delay to be able to change a compromised password?

Some time ago I started using Multi-Factor Authentication (MFA) for many of my most important systems, which is why I am never concerned that my blog or my password vault could be compromised.  For various systems I have a hard key (Yubikey) and soft keys (Google Authenticator and Microsoft Authenticator) which keep most of what I do safe.  But most of the Microsoft systems do not support MFA and I am stuck with only a password.  I use reasonably complex passwords so I usually am not concerned, but in a case where my password is compromised and I am not able to change it, I wonder how it is that a company as advanced as Microsoft (in this case) does not allow me to use MFA.  I would love to be able to require my Yubikey in order to log in to Windows and many of the on-line systems I use, but it is simply not an option.

I am disappointed by Microsoft this week… and I hope that they take the lessons learned from this experience to improve.  However I sit here today, thinking of the myriad occasions I stood on stage in over a dozen countries on five continents and defended Microsoft’s security systems as among the best in the world; I was always sure in my knowledge that I spoke the truth.  Today I would not feel comfortable making that claim… and my faith in their systems, like shattered glass, will not be easily fixed.

Outlook / Hotmail Issues Acknowledged

When I posted my last couple of posts Microsoft was reporting that ‘All is Well.’  Dashboards were green, nothing to see here.  That has now changed:


So we know now that the issues are pretty serious… at least, serious enough that they are now acknowledging them.

As for me, I have been having an issue with my Microsoft account that has been ongoing since December 5th.  I have held off talking about it for security reasons, but with all that has been going on today, and the fact that yesterday my account might have been hacked, I am planning on writing about it tonight.  And boy are you guys going to be shocked.  All I will say for now is this: DO NOT TRUST MICROSOFT SECURITY. 

Yes, I said it.  For a decade I have been espousing the virtues and benefits of Microsoft’s security.  Unfortunately I have had to change my position on this, and in a very big way.  DO NOT TRUST THEM.  It has cost me terribly, and I will tell you about it tomorrow.


Outlook / Hotmail Down: Update

So the worst fear of hundreds of millions of computer users has been realized today.


As I reported a little while ago, and are down.  But it goes much deeper than that.  If is down (see screen capture) that also means that OneDrive, Skype, and even XBox Live are out as well.  If you are a Microsoft Certified Trainer and you were planning to download courseware today, that’s not available either.  In fact, any service that requires authentication with a Microsoft Account is down right now.  We are still awaiting word from Microsoft as to when these services might be restored.  But for now, you (and I) will simply have to wait… in the figurative dark.