Refresh Your PC – Save your bacon!

November 19, 2012November 19, 2012 / Mitch Garvis / 2 Comments

Thursday morning I did something to my main laptop that I really should not have done, and the results were disastrous. I succeeded in completely wrecking my installation of Windows 8. I was able to boot into the OS, but as soon as I tried to launch any application my system went into an endless flash-loop, and was completely unusable.

I want to be clear that Windows 8 is a very solid and stable platform – it is built on the foundation of Windows 7 which most people agree was the most stable OS that Microsoft had ever released. Unfortunately when you tart to play under the hood (where the vast majority of users would never be) things can go wrong… and indeed that is what happened to my system.

Normally under these circumstances I would simply reformat the laptop, or at the very least re-install Windows on the existing partition (so as to not wipe my data). However because my system is protected with BitLocker I would have had to extract the BitLocker Recovery Key, which I have on file… somewhere.

Because my laptop has a Microsoft corporate image on it I could have gone to the IT Help Desk at the office and had them work it out with me… but it was Thursday, I wasn’t going to be in my office until Monday, and I had several presentations to do over the course of the week-end… not to mention blog articles, e-mail, and whatever else I might have had to do.

Since I was able to boot into Windows 8 I decided to try to Refresh my PC. This is a new feature of the OS that is found under Settings – Change PC Settings – General that refreshes my PC without affecting any files. Essentially it reinstalls the OS in place which restores anything that I would have messed up – and I know just how badly I messed it up. However it retains my data and settings for all users – including domain membership, files, desktop… everything.

Refresh is BitLocker-aware, and warned me before starting that it would temporarily disable my BitLocker protection and then re-enable it when the process was complete.

It took about 15 minutes. Refresh rebooted the PC a couple of times, fixed everything that was wrong, and when I booted back into Windows it prompted me to log on as b-mitchg – my alias in the Microsoft Active Directory. My password worked, and so did my PC. The desktop was exactly as I had left it – a little cluttered, although not as bad as it would have been on Windows 7.

Refresh restores all of your Windows 8 apps that were installed from the Windows Store; any applications that you installed ‘the legacy way’ will have to be re-installed. However that was a small price to pay considering that most of my apps (with the exception of Microsoft Office 2013) are all from the Store, so I didn’t have a lot of loss.

My settings were all correct, my documents were in their place, and my SkyDrive connection was intact. Everything was as it was before the refresh… except it all worked!

Of course there is a ‘one step further’ – Remove everything and re-install Windows. This will not preserve any of your files, settings, or even your account. Imagine you are selling your PC, giving it to your kids, or whatever. You don’t have to do anything but click through to the Settings – Change PC Settings – General tab and click the option to Remove Everything. You don’t have to go looking for your Windows media, it just takes care of everything for you.

Between these two options I can imagine that technicians will spend a lot less time trying to clean malware out of their PCs… the Refresh option is much quicker and just as effective.

I know it saved my bacon last week… it saved me from something far more dangerous than malware… it saved me from myself!

Backbone Magazine

September 24, 2012September 23, 2012 / Mitch Garvis / 2 Comments

When the editor of Backbone Magazine asked me earlier this year ‘Why should I my readers be getting excited about Windows 8?’ I told him… until the time had passed and we were both late for our next appointments. He asked me to write it into an article (or opinion piece) for him, and it was published this month. Here’s the link… I hope you enjoy it, especially as we wait with anticipation the GA (genera availability) date of October 26th!

http://www.backbonemag.com/Magazine/2012-09/five-reasons-you-will-like-windows-8.aspx

Let me know your thoughts!

USB Drives: Easily lost, but easily encrypted! (garvis.ca)

Two Factor Authentication for Office 365!

September 21, 2012September 20, 2012 / Mitch Garvis / Leave a comment

NOTE: I did not write this article; in fact, it is copied word for word from an e-mail I received from Scorpion Software. However it is a solution I do believe in. I am not selling for Scorpion Software, nor do I receive any benefit from their sales, nor are the links herein set to track you back to me. I am friends with the owner of the company and a couple of their developers, but have not been asked to post this (nor have I been promised any remuneration for doing so). –Mitch

—

You can now use AuthAnvil to protect and streamline access to the cloud. We’re offering the world’s first strong, fully independent two-factor authentication and single sign-on solution for Office 365.

AuthAnvil for Office 365 provides maximum access security for your cloud-based services, plus the efficiency of logging in just once to access Office 365 throughout the day:

Available for all Microsoft’s Office 365 plans, including their P1 and P2 plans for small businesses.
Doesn’t require ADFS or DirSync – Microsoft’s complex system that requires extra servers and can take days to implement.

We invite you to attend our free webinar and visit our AuthAnvil for Office 365 page to learn more.

Email: sales@scorpionsoft.com
Phone: 1-888-407-4285 ext. 701
Free webinar: Introducing AuthAnvil for Office 365
We invite you to attend our free webinar and get a hands-on look at how you can gain
cloud-based trust with on-premise control.
September 24 at 10am PDT
Sign up for the free webinar >>

User Account Options in Windows 8

August 29, 2012August 28, 2012 / Mitch Garvis / 3 Comments

Earlier today I discussed the Picture Password and PIN codes in Windows 8. What I didn’t mention is that for non-corporate users (who will still continue to log on using domain accounts) you have a new option in Windows 8… and that is to use your Microsoft Account to log on to your system.

Cool, huh?

Of course, there are going to be people who do not want to do this, and that is fine… all they have to do is go to the Users page under PC Settings and click Switch to a local account.

My personal preference is to stick to the Microsoft Account… it means one less password to remember… and to remember to change every 4-6 weeks Winking smile

Of course, just like in previous versions of Windows just anybody could not log onto your computer; an account had to be created for them first. Let’s assume for the time being that almost everybody out there has a Microsoft Account (previously Live ID, nee Microsoft Passport). You may remember it as your Hotmail address Smile If not, then you have to go on-line and create one.

If they do have one, all you have to go is go to the same Users screen under PC Settings and scroll down… at the bottom of the screen you have the option to Add a user. Click on that, and when prompted type in the e-mail address of that person.

You don’t have to know that person’s password… but the first time they log on to Windows 8 they will have to be connected to the Internet to cache their credentials.

It’s as simple as that! You can share your PC with anyone, whether they use a local or a Microsoft Account. Each person, in turn, can use a password, PIN, or Picture Password.

Cool!

Windows 8 Support is Here! (garvis.ca)

Logon Options in Windows 8

August 29, 2012August 28, 2012 / Mitch Garvis / Leave a comment

The three-fingers salute is gone.

Okay, that is not entirely true, but if your computer is not domain-joined, you will no longer need to press Ctrl-Alt-Del to log onto Windows. That doesn’t mean that you won’t be asked for a password…

However, built into Windows 8 there are two new ways to log on:

PIN (Personal Information Number)

Your PIN, just like for your bank or your voice mail, is a four digit code that logs you in, rather than having to remember your complete password.

‘So if four numbers will let me in, why don’t I just set my password to be a four-digit code that I will always know?’

It’s simple, really… you will still have a password, but the PIN will, from the local keyboard or screen, authenticate that password. Anyone trying to log on remotely will still have to type in your full (and hopefully long & complex) password… which means that hackers, unless they have physical access to your computer, still need to get around that.

Picture Password

The Picture Password is cool… if not really secure. Just like your PIN it is tied to your complex password. However you can choose a picture (any picture of your choosing) and select three points, lines, or gestures on that picture to be your password. For example, if you were to use the following picture as your basis:

Your first gesture could be a line across the bow of the boat, the second might be a circle around the Sea-doo, and the third one could be a dot on the top of the man in blue’s head. Once you complete the gestures, your computer will unlock.

While I do not consider this to be a very secure method of protecting your computer, there are some restrictions… your lines and circles must go in the same direction in which they were set Smile

In order to set your picture password or PIN:

Swipe from the right side of your screen and click Settings. If your computer does not have a touch device then drag your cursor to the bottom-right corner of the screen, and click.
Click Change PC settings.
Under Users navigate to Sign-in Options.

From this screen you can change your password, set a PIN, or select a picture password (and set the swipes). In order to do this you must know your actual user password though!

Note:

These options are disabled until you activate your Windows 8 OS.

Once your new sign-in Options are configured, you can lock your Windows screen, and try it… By default you will still be asked for your password, but underneath the password box there will be an option

Sign-in options

. Click on that, and you will see three icons appear (if both the picture password and PIN are configured). Select the appropriate one, and you are done!

It is important to remember that while they may make life more convenient for you, both of these options drastically reduce the level of security in your PC. I will not be surprised to see corporate IT departments banning these in a big hurry. However for your personal

PCs

and tablets it’s an easy alternative to typing your password all the time!

Managing Your SMB-IT Without Server

July 3, 2012July 2, 2012 / Mitch Garvis / 2 Comments

You have a small business. You have been running Windows Small Business Server 2003 for six years, and you know that it is time to retire it. The question is, what should replace it?

Before you make any definitive decisions, why not review what you need your server to do:

File Server
Mail Server
Internet Portal
Centralized Management

For the past several years you have paid a consultant to manage the server and your client PCs, and have primarily called him in for break-fix issues. Maybe you were industrious and decided to learn the basics of IT so you could do a lot of the maintenance yourself. You might even be a small-business IT consultant who has been managing and maintaining SBS environments for your clients.

You have heard so much about the cloud that you are in a bit of a fog… you know that people are talking about cloud-services, but haven’t quite figured out how they can work for you… to save you money, to earn you money.

Replacing the Server

For most small businesses I still recommend a centralized server; Active Directory is still the best mechanism you will find for centralized user management, and Group Policy allows you to lock down your environment.

With that being said, many of the functionalities offered in Microsoft Small Business Server are now available as part of two cloud-services offerings from Microsoft. Microsoft Office 365 offers all of the functionality listed above (File Server, Mail Server, Internet Portal) and much more. It is actually all of the following products in the cloud:

Microsoft Exchange Server
Microsoft SharePoint Server
Microsoft Lync Server
Microsoft Office Web Access

Office 365 allows you to have the functionality of all of these tools… without having to purchase or maintain them. It also means that you will always have the latest versions of all of these… without having to upgrade. ‘Your servers’ will be maintained by the Microsoft IT team, without your having to pay them hundreds of dollars per hour. If any of your services go down (and admittedly they do occasionally) you can rest assured that before you even discover the outage the people who know the products best will already be well on their way to fixing the issues.

Managing the Desktop

Between the operating system and the applications, there is a lot of work that goes into the proper maintenance of your PCs. That includes anti-malware, patch management, policies, and more. Additionally being able to generate and view reports is a huge benefit – as I always say If you cannot measure it, you cannot manage it!

So Before we get into application side of things, let’s discuss the benefits of the second cloud-services offering, Windows InTune. InTune installs as a simple agent on your Windows PC, and the list of benefits is amazing:

Upgrade rights to Windows 7 Enterprise
Windows InTune Endpoint Protection (centralized anti-malware solution)
Centralized Patch Management
Policy Deployment
Application Deployment
Device Reporting
Alerts
License Management

When you subscribe to Windows InTune (per-PC subscription) you get the right to upgrade your legacy Windows client (Professional/Business/Enterprise SKUs) to Windows 7 Enterprise. Right there you have the basis for the common operating system required to simplify management.

Windows 7 Enterprise Edition includes two features that Business Edition does not:

Multiple language support; and
BitLocker drive encryption technology

With the preponderance of mobile computing these days, as well as organizations doing business around the world, there is no question that Windows 7 Enterprise is an easier feature-by-feature sell than the lower-priced options, but that lower price seems to be a deciding factor so often. With the Use Rights in Windows InTune you don’t have to settle.

Once the Windows InTune agent is deployed on a PC it will start populating the individual computer’s information to the InTune system, and you will be able to get a better idea of what you have. On the Devices screen you will be able to see:

Computer Name	Total Disk Space	CPU Speed
Chassis Type	Used Disk Space	Last User to Log On
Manufacturer & Model	Free Disk Space	Serial Number
Operating System	Physical Memory	Last Hardware Status

Included in the Windows InTune installation is the Windows Intune Endpoint Protection engine, which will protect your PCs from malware. It uses the built-in patch management system to keep the definitions up to date, and offers real-time protection, as well as centralized reporting and e-mail alerts to the Help Desk / Support Team / IT Guy when a computer is infected.

InTune 2.0 added the ability to centrally deploy applications to client PCs. InTune 3.0 adds an extra to this – the ability for end-users to install published applications on-demand. The new Company Portal allows users to help themselves on-line, before eventually ‘escalating the call’ to you.

Users can also deploy their own client from the portal, assuming they have the proper credentials. This allows them to download a client using their corporate credentials, rather than you having to send them the file (along with the ACCOUNTCERT file) which would allow anyone (in theory) to install on any device that would automatically be managed by… you.

By far the most common application suite found on desktops in the workplace is Microsoft Office. The most common complaint I hear about Office is the cost (followed by the difficult to understand SKUs). Of course, with Office in the name it is no wonder that it is part of Office 365.

Of course there are several different SKUs to Office 365, and each one has different offerings. The small business SKU (P1) costs $6/month, and does not include the installable suite. However it does include Office Web Apps, which means you can create and edit Word documents, Excel spreadsheets, PowerPoint presentations, and of course use OneNote… all within your web browser. This is great if you work on multiple systems, or if you are ever remote and need to work on a document. The convenience loses its thrill when you realize you cannot work if you don’t have an Internet connection.

The E1, E2, and E3 SKUs do come with the client software, so if that is a requirement then those SKUs (which cost quite a bit more) are probably better for you.

Why you should consider maintaining a server on-site

Our mail server is gone… so are our SharePoint and File Servers. Why then would I still recommend a small server in a small business environment? There are several reasons.

Active Directory. As I mentioned earlier in the article, AD is a great way to centralize security and credentials. Additionally there are plenty of hooks from Active Directory into Office 365 (which can be covered in a later article).
Deployment Server. Microsoft Deployment Toolkit 2012 is the perfect companion to your new Windows 7 Enterprise licenses. In under an hour you can create a deployment point that will deploy Windows and all of your applications (including the Lync Client and the Windows InTune agent) in fifteen minutes (or less). It is by far the easiest way to deploy Windows to your desktops, laptops, and even tablets!
Hyper-V. Although many of our applications will be installed directly onto the laptop, many companies still have server-based applications that require an application server. Hyper-V is the best way to create those servers on-site, for a plethora of reasons that have been outlined ad nauseum previously at www.garvis.ca, and countless other sites. Of course, your virtualized application servers can run any version of the Windows Server operating system, but they can also run any supported client OS, as well as several iterations of Linux (supported and enlightened) and any other x86-based OS (neither supported nor enlightened).
Group Policy. Although Windows InTune v3 has much better policy support than its predecessors, there is no denying that Group Policy is the best way to granularly control, configure, and secure your client and server environments. Whether you want to enforce secure passwords, BitLocker, or simply set a centralized screen saver and desktop wallpaper, the best way to do it is by creating a GPO in Active Directory.

As you see the combination of cloud-based services from Microsoft and an on-line Windows Server are the best way to manage your entire SMB IT infrastructure, but even if you are not going to maintain an on-premise server the cloud-based services can manage most of the needs of most SMBs.

By the way, there is one more advantage to these solutions… you will always have the latest and greatest. Right now the Windows InTune subscription comes with use rights for Windows 7 Enterprise. When Windows 8 is released, you will automatically have access to that platform. Office 365 comes with Office 2010… but when the next version is released you will have that version right away too!

Interested in hearing more? Drop me a line and we’ll talk… or you can check out www.windowsintune.com and www.office365.com to download 30-day trials of each!

Refreshing Options in Windows 8

June 28, 2012June 27, 2012 / Mitch Garvis / Leave a comment

I love cleaning out my PC. When I can reimage and start from scratch I am a happy man. Why? Everything runs smoother. It is, in many ways, the same as getting your car washed and detailed. It is a known fact that cleaner cars run better than dirty ones. In reality, as we use our computer the OS can, over time, get kludgy. I could go into the reasons for this, registry bloat and infestation and all that, but this is not an article for the 300-level types who need to know these things, it is for the average man or woman – the one who knows that his or her computer ran faster when they got it than it does today.

When I say this is not for the 300-level types, it is because at that level there are both more roadblocks to this, as well as better tools to accomplish the end goal. We’ll talk about the Microsoft Deployment Toolkit, User State Migration Tool, and other fun stuff in other articles. This, my friends, is an article for my mother-in-law… an end user who does not tend to install applications on a regular basis, who uses the same Microsoft Office Home and Student, maybe a game or two, and the Internet.

Windows 7 has a great tool in it called Windows Easy Transfer. In short, it captures your user profile to an external device, and restores it to your newly installed PC. It is great for when you get a new PC, or when your PC needs to be re-imaged. Before I begin any repair work to the PCs of friends or family I begin by taking a quick WET image. It doesn’t save your applications, but those can be reinstalled. Lost data, on the other hand, can be quite costly both in terms of financial and emotional expense.

Windows 8 has two new tools on the General tab of the PC Settings screen that are really exciting.

Refresh your PC without affecting your files. Although Windows 8 promises real improvement in the kludginess factor (it is, as I have stated in recent articles, really really fast!) I am sure that there are things that will affect your PC that will cause it to slow down over time. Whether that be malware, errant code, or anything else that may affect the speed and performance of your PC. the Refresh Your PC option will literally clean out everything… except your data. It will restore all of your settings, it will wipe out all applications, and then restore all applications that were installed from the Windows Store. This is a long-thinking view, because right now most of our applications are installed from media, but the plan is that this will (over the course of several years) change to most apps being installed from the Store, just like apps for the iPhone and iPad are from the iStore.
Remove everything and reinstall Windows. This will restore your PC to the factory settings, as it were. OOBE away! This is useful for several scenarios, not the least of which is ‘Ok, I’m upgrading to a new PC and don’t want whoever gets (or buys) my old one to have my data and apps.’

While neither of these are features that anyone will be using every day, they will make restores and clean wipes much easier than they ever were. Just be careful not to press either of these by accident… although there are fail-safes in place (notice the big CANCEL option!) it is just as easy to press the wrong button and end up wiping the lot. While it will not prevent it from happening, I strongly suggest a good backup strategy, and of course storing your data in the cloud never hurts – the new SkyDrive app will make that much easier for end users and IT Pros alike.

Mac vs. PC… Does my sister have a point?

June 23, 2012June 27, 2012 / Mitch Garvis / 9 Comments

Image representing Apple as depicted in CrunchBase

Image via CrunchBase

It was the end of the week, my class was winding down, and my friend Peter Wolchak was baiting me into another ‘PC versus Mac’ debate on Facebook. All in all, nothing all that unusual about it… until one of the most unexpected things happened. My sister chimed in on the Mac side.

Oh brother of mine, who I do love dearly, Mitch Garvis, shall I remind you that I can get an extra 2-3 years out of my macs for every PC I replace for Ron or work or Mom? More expensive? I don’t think so…

Jennifer has been a Mac person for as long as I can remember… and while she and I do not subscribe to the same school of thought I do respect her right to that opinion. However to hear her chime in on the side of ‘Macs are less expensive than PCs’ surprised me… I thought she was smarter than that!

Of course, she does make an interesting point. Mac users do seem to keep their Macs longer than PC users keep their PCs. I started to think about some of the reasons for that.

Here is a list I came up with. I would love to hear your thoughts on this but remember: ‘Because they are better’ is not a legitimate argument. I want to know why you think they are better!

First and foremost let’s be honest: Apple makes a great machine. I would be lying if I said otherwise. Is their hardware better than all PCs? No. Is it better than the vast majority? Yes! PC makers have to step up to the plate if they are going to compete, and models like the HP Envy and the Samsung Slate 7 are incredible, but they are a small minority in the field.
Apply OS X requires less maintenance than Windows does, but with the majority of PCs (or close to them) still running Windows XP and Windows Vista, there is no doubt that OS X is easier. Windows 8 will be even easier than Windows 7, but the legacy OSes… yeah, they were tougher.
Apple wants people to fall in love with their macs (and iPads, and iPods, and iPhones…). Microsoft and PC makers want you to use theirs.
Apple controls the gamut, from the OS to the hardware and, in the case of iDevices, the applications as well. There are fewer cooks in the kitchen as it were – fewer sets of hardware enabling drivers to worry about. Microsoft (until the Surface devices come out) work on a different model, and anyone can make a compatible device, then program the drivers badly. Hence they are quicker to crash, no doubt. Does this mean that Macs don’t crash? HELL NO. They just, as the great video by Hunter Cressall (sp?) states, they just Crash Different.
You get what you pay for, even in the PC world. You can buy a cheap, consumer-grade PC laptop for $399 (or less). They will probably not last as long as the higher-end consumer or corporate ones. My mother’s HP Pavillion is very nice, but it is indeed her third PC in five years (For the record her previous laptops worked just fine, she just wanted new PCs). While I do go through a new higher-end laptops every few months, I also have many of the older ones – dating back to the Dell XPS M1530 which I got in 2007, and despite some physical issues (cracked case, etc…) that are easily fixed is still going strong. Frankly I wish I still had my Acer Ferrari laptop which I got in 2005, and I am sure would still be working perfectly today! All of this to say that if you buy a Mac for $1300 versus a PC for $500 you can replace the PC halfway through the life of the Mac, and still get a better ROI. When you buy a pricier laptop (my HP Envy (base model without all of the fancy upgrades) would have cost the same as the Mac, and would last just as long.

I have gotten off track a little, but I do not want to sound defensive. I am glad though that PC makers are starting to make ‘sexier’ machines. The two that stand out in my mind are the Samsung Series 7 (I got to play with the newest model in Redmond last month and it was SWEET… slimmer than a MacBook Air and less expensive) and the Dell XPS 13 (which I have seen but not played with). I have it on good authority that PC makers will be releasing a truly new line of laptops when Windows 8 releases, unlike the unimpressive refresh from the Windows 7 launch.

Also Microsoft has put the PC makers on notice with the announcement of the Microsoft Surface Tablets. As a lot of writers and bloggers have pointed out, Microsoft is telling OEMs ‘Hey, if you want us to compete with Apple then you have to wow them… and THIS is how you do it!’ These next-generation tablets will have something going for them that the iPad and MacBook do not: they will run the same operating system and same applications on the tablet as they do on the desktop and laptop. Hopefully the PC makers like HP, Dell, Lenovo, and the rest will take their cue and step up to the plate, just like Samsung did recently with the Slate Series 9.

I want to hear your thoughts though… do you prefer Mac or PC, and why? Let me know in the comments section, and I will give out prizes for insightful answers. Yes, I will even try to dig up a couple of Mac prizes!

The World According to Mitch

The day to day ramblings of an IT Professional and Community Leader

Personal computer

Refresh Your PC – Save your bacon!

Backbone Magazine

User Account Options in Windows 8

Managing Your SMB-IT Without Server

Refreshing Options in Windows 8

Mac vs. PC… Does my sister have a point?

Rate this:

Share this:

Like this:

Related articles

Rate this:

Share this:

Like this:

Rate this:

Share this:

Like this:

Related articles

Rate this:

Share this:

Like this:

Rate this:

Share this:

Like this:

Rate this:

Share this:

Like this:

Rate this:

Share this:

Like this:

Rate this:

Share this:

Like this: