Pacific Computer Wizards - Repository ....

An information repository of … thoughts, data, sharing, and ideas, posted.
    – Use the information in these posts at your own risk.      
                                The ideas, thoughts, and expressions posted here are for my own use.                 
                                 
  -President & Chief Wizard                                                        


Cyber Safety -

posted Sep 7, 2018, 10:53 AM by Andrew Chadick   [ updated Sep 7, 2018, 10:54 AM ]

1) YOU ARE YOUR DATA


Criminals need 2 things to perpetrate cyber crime: Your Personal Identifying Information(PII), and access to a Point of Compromise(PoC). 


Examples of Personal Identifying Information (PII):

Names/Usernames

Date of Birth

Mother's Maiden Name

Address(es)

Phone Number(s)

Email Account(s)

Passwords

Social Security Number

Account Number(s)


Examples of Points of Compromise:

   Physical Items -

      Dumpster diving, mail theft, check fraud, burglaries, purse/wallet snatching


   Technology -

      Skimming, Shoulder Surfing, Gas Pumps, Point of Sale (POS) devices, Radio Frequency Identification (RFID)


   Computer and Internet -

      Social Media, Email, Unsecure Websites, Online Shopping, Classifieds, Unsecure Wifi, Filesharing, Bot Nets, Data Breach


   Mobile Devices -

      SMS Phishing, GeoTagging, Spyware, Malware, Bluejacking, Near Field Communication (NFC), Quick Response Codes


 

2) IF IT HAS A LOCK, USE IT


Secure Points of Compromise- Balance convenience versus safety/security

   Physical Items

      Use physical locks, purge, shred, secure mail


   Technology

      Credit versus Debit versus Cash (Pin number versus Zip Code)


   Computer and Internet

      Strong Passwords - A password as a lock (15 digits or more, Caps, lowercase, Number, Symbol!)  StrongPassCodes@HomeBEasy693.us

      Two Factor - If a dual authentication method is available USE IT


   Mobile devices

      Limit access, use passcodes/finger prints/application locks/pin access to applications


3) WHEN ASKED FOR PII, ASK WHAT FOR?


Practice responsible sharing!


   ASK:

      WHY do you need my PII?

      WHAT are you going to do with it?

      HOW will you protect my data?

      HOW can I monitor my data?

      WHAT will you do when you are done with the data?


Plan for Safety -

        It costs more NOT to pay attention 

               Use technology to monitor and protect your data

               Educate yourself on emerging technologies

               Be mindful of safety versus convenience when accessing technology


Resources for Remediation:

Federal Trade Commission:  File a complaint: 1-877-FTC-HELP or  1-877-382-4357  http://www.ftc.gov

Identity Theft Resource Center: 888-400-5530  http://www.idtheftcenter.org

Privacy Rights Clearinghouse:   http://www.privacyrights.org

These tips provided by NOVA - National Organization for Victim Assistance 1-800-879-6682.

Facebook feed on Chrome isn't loading correctly

posted Sep 7, 2018, 9:09 AM by Andrew Chadick   [ updated Sep 7, 2018, 9:30 AM ]

Chrome is an interesting browser, like IE back in the day, there are lots of configuration options, and lots of things that can break it.  You have to learn the areas that Google has placed all the switches that give it functionality.  One of the things that gives it more ability, is also one of the things that breaks it most, and that is the Browser Extension area.  

Google built in a function called Incognito, which in essence, is the browser, with just default settings, no add-ons, no changes to the way it works.  It also doesn't track you.

So, Facebook, it's a site that requires a pretty barebones browser to work correctly.  If there are too many extensions, or just the wrong function in the way, it doesn't load correctly.  For me, I had Grammerly enabled, and it was getting in the way.  So, when I encounter this issue, I disable it, using this shortcut method.  It can be a pain, or you can simply have a browser with as few mods as possible.  It's your choice.  Anyway, this is a quick run through on making a short cut that is for Incognito, and using it to switch on and off Chrome Extensions.


1. First, make a copy of your Chrome shortcut, that way you can access the browser as you normally would, once you’ve fixed the problem you’re having.

2. Find your copied Chrome shortcut, right click on it and select “Properties”. Be sure to Name it “troubleshooting” or something similar.

3. Select the “Target” field and add  “–incognito” to the end of the command.

4. Click “Apply” and then “Ok” to save the changes.

5. Now, double click on the new shortcut to enter into a “Safe Mode/Incognito Mode” Chrome browser.  

6. In the address bar, put “chrome://extensions” (minus the quote marks) into the browser’s address bar to view and change the extensions.

7. Disable each extension either all at once, or one at a time if you’re unsure which extension broke Chrome, simply switch them on and off, back and forth, until you figure out which one did it, using both shortcuts.


Delegation of Contacts - Groups within Contacts - The New Interface (9 dots)

posted Aug 29, 2018, 4:02 PM by Andrew Chadick   [ updated ]

In general,  Google Apps, and most everything Google is pretty cool.  
.............But I'm going to be scratching my head on what happened here on this one for a while...

In the enterprise, you are used to a certain configuration for your email, contacts and contact groups.  You have your contacts, and within contacts you have groups.  Those groups may be board members, committees, internal and external employees, or what-have-you.  You open an email, and you send a message to boardmembers@domain.com and all your board members that are in that group receive the email.  Clean and easy - Everything managed from one contact manager interface.
In an enterprise setup, you also have assistants that help manage contacts and groups on behalf of their managers.  
These are Delegates to the owner of the account, be that the CEO, Director, or Manager.
  
Within Google Apps, it used to be, that you would assign a delegate (assistant) within settings on behalf of a master account (ie manager/owner/CEO), and the delegate would manage the contacts and members of the groups within, from their own account under it's own contact interface.  
It Was really straight forward once delegation was configured.  

But it's all changed with the new Google Apps Mail interface.  

The contacts were moved from:

Over to:

Within the new contacts(Preview), you were, up until not long ago(the last couple of months?), very limited to what you were able to do (import, export, delegate, merge, were all functions you had to drop out of preview to do); so you would be forced to go back to the old interface in order to get full functionality.  Note: as I update this post, I'm noticing a lot of changes.  So this post is changing along with it.... 

When you reverted back to the classic "old version" of the interface these functions like import / export would work. So you would tend to stay in the Classic interface...  Under the Classic Contact interface, you will even now still see your Groups listed that were pulled from the old Contacts during the change over.  However, the Groups listed here are only email addresses associated with the Group names from your contact group objects that were created in Contacts.  You can't add/edit/delete contacts to these group names from within a contact email address now, as they are simply an email address now.  You might as well go through and purge them.  They are pretty much useless the way things have changed.

While playing with this, since the migration/changes.... I figured out a few things.  

Your contact groups from the migration are not totally gone per se.  They have been split, in to an email address within contacts, and a group migrated to a new location of the same name.  

Groups are now also within the 9 dots, but under the Groups icon within (they are now "email list groups".  Contact Groups are now like the very old "Listserv" System Groups from yesteryear and treated much the same way, with members, permissions, posts, notifications of membership and opt-out options. 

 

The new contact group, now, not only has members of it, like it did before, under contacts, but now requires many new permissions to be set up, including changes to the way your delegate has to be defined. See the "Roles" area. See snip below with permissions/changes.

Note to Google Dev's: 
Contact Groups were a very simple set up, you had contacts, and groups within contacts.  You had a delegate that could make changes for you. 

Now you have a mess of details to hash through; email list membership, permissions(what is and isn't allowed), and managers/owners that have to be defined, along with various restrictions that just aren't necessary in this particular type of group.
  
I can understand using "Groups" as you have for "listserv-like" functionality, where you have posts and topics, and the like.  But a listserv is completely different to an enterprise setup of members of a contact group that can be managed by an assistant.  

This new way of doing groups is truly broken. Someone at Google needs to revisit the way contacts are configured, managed, and delegated.   

Another downside to this new way of handling members of the group, is that your delegate needs to be added and be part of the group in order to be able to have them assigned/listed as a 'manager' of it.  
It muddies the make up and membership in the various groups, and makes it more than a bit strange.  

Imagine if you will,  your board of directors as the members of the "Board@domain.com" group; and your assistant listed in there too as a "member" of the group - just so you can identify him/her as the the manager/delegate in a different section.  

... I'm really baffled by whomever thought all of this was a good idea.

Anyway, this post is just so others can figure this out, and make sense of what and where everything went...
------------- - -----------------------
***Old Contact Interface***  After the migration to the Nine dots; under the Classic Contacts interface, you will still see the option to create a new group (see below), and you can still add members to the group, much the same way you used to, and it will create the group under contacts under a heading, that indicates 'groups' by indenting them under your 'My Contacts'. You can click the group and see it's members.
These groups are not the same as they were, when you direct an email to them, they auto-populate the members of the group and the group name just goes away. The email address just vanishes.  It's more like an alias now, than a group name with a specific email address associated with it...

Further; These new group names created here will not automatically migrate into the "Groups" icon under the 9 dots.  You will not be able to manage the members and permissions.  It is now completely separate, and just makes all the changes seem a bit more confusing.

After playing with this, and learning that the new Preview interface has been updated to include Import/Export/Merge of contacts, I really see no reason to still be using the "classic" interface.  It's now just a broken shell of it's former function.  

-- - -------------------------------
So, now, dropping the old, and only working with the new... Stuff changes, you just get over it, and move on... right?

The biggest problem that I can see with this "new" Group method, is that it's changed the Contact Group object into a Listserv style Group Object; now making a host of options/permissions necessary to configure a group. 
Also; when you invite members to the group, either as "Invite members" or as "Direct add members", an email goes out to each member of your group.  There is no way around it.  So, while you are organizing your next board leadership group, and each committee group for the new year, you will be sending out emails to each member letting them know they are being added to a group name, possibly emailing the same individuals multiple times while you work through your list of committees, and other member groups.   Do you really want your board members to be flooded with emails showing your work flow as you add them to the various lists you use in your org

Check out what the simple contact group object has become: 
  The above is just insane and wholly not necessary.

Contact groups should be very simple: (like this:)

CEO's Computer:
Master Account Name: CEO@domain.com (example)
Contact Group Name: Board Members 2018
Members: Board Member Email 1, Board Member Email 2, Board Member Email 3
Delegate: Assistant email address (assigned and given "full access to edit"-Nothing more).

Assistant on their Computer:
Assistant on their account, and in their Email Interface, Opens Contacts, selects delegated CEO Contacts/Groups as the manager of those contacts.
Selects Group Name (Board Members 2018), then manages the contact members under that group, makes a change.  Pushes SAVE.  Then, it's Done.
(There is no division of a contacts icon and groups icon, no special permissions, it's plain and simple.)

As indicated above; I think Google needs to revisit this.  A Contact Group is very much different than a Listserv Group.  
They both need to be managed, they both need to have a delegate option, but they both don't need to be managed or handled the same way.

Lumping the types of groups together like this is needlessly complicated and pointless. 

BMC iDRAC Logs

posted Aug 28, 2018, 10:47 AM by Andrew Chadick   [ updated Aug 28, 2018, 2:32 PM ]

This is older info: Logged here for archival purposes

To clear LED or LCD error you need to clear BMC/iDRAC sel logs. You can run following ipmitool command to clear SEL log.

ipmitool -I lanplus -H <BMC/iDRAC IP> -U <BMC user name> -P <BMC Password> sel clear

Default BMC username and password is root and calvin

Exchange to PST Export

posted Aug 28, 2018, 10:23 AM by Andrew Chadick

This routine was drafted up for Exchange 2007 - Documenting for archival purposes

To List all mailboxes, use this command at the Exchange Shell:
Get-Mailbox -Database "Exchange2007\Mailbox Database"


To Export to PST Files for Each User, use this command:
Get-Mailbox -Identity "Domain\UserN" | Export-Mailbox -PSTFolderPath E:\PST\ -Confirm:$false

To Execute ps1 batch file use  ".\NameFile.ps1"  the .\ allows execution of the batch


[PS] C:\Windows\system32>Get-Mailbox -Database "Exchange2007\Mailbox Database"

Depending on Server load, you can script these, or run each of the ones below as a single command.

Get-Mailbox -Identity "Domain\AName1" | Export-Mailbox -PSTFolderPath C:\PST\ -Confirm:$false
Get-Mailbox -Identity "Domain\AName2" | Export-Mailbox -PSTFolderPath C:\PST\ -Confirm:$false
Get-Mailbox -Identity "Domain\AName3" | Export-Mailbox -PSTFolderPath C:\PST\ -Confirm:$false
Get-Mailbox -Identity "Domain\AName4" | Export-Mailbox -PSTFolderPath C:\PST\ -Confirm:$false

3D Printing with Burning and CNC Capability

posted Aug 3, 2018, 7:11 AM by Andrew Chadick

This is probably one of the coolest 3D printers I have seen.  For all of you with maker hearts.

UI Options Chrome://flags/#top-chrome-md

posted Jul 26, 2018, 2:27 PM by Andrew Chadick   [ updated Jul 26, 2018, 2:29 PM ]


Sophos UTM – SSL Web Proxy Scanning Configuration and GPO Deployment

posted Jul 20, 2018, 8:38 AM by Andrew Chadick   [ updated Jul 20, 2018, 10:58 AM ]

This article comes from TCPTechs.  Copied here for my own reference.
https://www.tcptechs.com/sophos-utm-ssl-web-proxy-scanning-configuration-and-gpo-deployment/

This document will provide instructions on how to implement SSL Scanning to filter websites that use HTTPS on a Sophos UTM firewall.

Requirements:

– Access to manage the Sophos UTM
– A test computer on the network subnet that SSL Scanning is being enabled for.
– Access to the Active Directory Server and GPO management.

  1. Log into the clients Sophos Router https://SophosIPAddr:4444
    1. Use your credentials to log in
  2. Go to Web Protection, Web Filtering, HTTPS CAs and click on Download under Signing CA
    DO NOT CLICK REGENERATE. If you do then the existing certificate deployment will fail and you will have to do this all over again.
  3. Use export type PEM. Click Download.
  4. Now that we have the SSL certificate that is needed to enable HTTPS scanning we will need to import it into group policy. Open Group policy and edit the default domain policy if you want it to apply to the entire domain. Or you can create a new GPO and link it to whatever OU you want it to apply to.
  5. Go to Computer Configuration, Policies, Windows Settings, Security Settings, Public Key Policies, Trusted Root Certification Authorities
  6. Here you can see I already have a Proxy CA certificate. Yours might be called something else but it will have the word proxy in it. Since I need to reimport it, so I will go ahead and update this. If you need to update it, first Delete the existing Proxy CA. Then right click and select import.
  7. Click Next and browse for the certificate you just downloaded. When you browse you may have to select All Files to see the certificate. Use the date modified to your advantage because sometimes you might have multiple certificates show up.
  8. Make sure Trusted Root Certification Authorities is selected and click next.
  9. Click Finish
  10. Now we have the Proxy CA
  11. Verify all the Domain Controllers replicate this.
  12. Now we need to check and make sure they do not have block inheritance on any OUs with computers. Typically people don’t use this but you need to double check and make sure. Here you can see the blue exclamation marks which means they have block inheritance on. That means these OUs will not get the default domain policy. DO NOT CHANGE ANY OU settingsDo not use Enforced settings. Just make the changes explained in this document that need to be made to get the certificate installed. Do not make any changes that can impact users.
  13. So in this example, Netbooks, Student, Tablets, Windows 8, need to have the newly created group policy linked. Fo each OU and Link the new Install Proxy Certificate. Remember this certificate is install on the computer level not user level. So the Students OU wouldn’t matter since it just contains student accounts.
  14. Now that we have the certificate deployed to Active Directory we need to have all computers restarted. When they restart they will install the certificate. Restart your test computer. Alternatively you can run gpupdate /force from command line.
  15. Now we need to enable SSL scanning. In the Sophos UTM, go to Web Protection, Web Filtering Profiles, Filter Profiles.
  16. Edit All of the profiles and select HTTPs and select Decrypt and Scan and click Save.
  17. Make sure you enabled Scan HTTPS for all of the profiles. Now on the test computer open up internet explorer and go to https://www.bankofamerica.com. If you get a certificate not trusted warning then you need to restart.
  18. If you are using a Standard Proxy instead of Transparent, you need to make sure you have a “FallBack” filter profile. This profile is used to ensure that anyone without proxy settings at least gets filtered transparently. So under Webfiltering Proxy Profiles in this screen shot you can see that there is a proxy fallback profile.

    If you don’t have one then follow these steps
    1. Click New Proxy Profile
    2. The name should be called fallback. The position should be bottom. We want this to be very last. The network should be the LAN internal Network
    3. Make sure Fallback action is set to the most restrictive Filter. This is important! Then make sure operation mode is transparent. Authentication type is none. Full transparent is UN-CHECKED. Make sure Decrypt and Scan is checked in HTTPs tab.
    4. Click Save.
    5. So now if you go to a device that does not have proxy settings in internet explorer and view the Sophos Live Log you should see that device profile listed as fallback.
  19. Now if you need to install the certificate on the IPADs then go to http://passthrough.fw-notify.net/cacert.pem. When the IPAD tries to access that site behind the Sophos it will pop up with an option to install the certificate. Note an IPAD may require the PKCS cert exported from step 2.
  20. The client should do some extensive testing to ensure the sites the need to access work.
This article comes from TCPTechs.
https://www.tcptechs.com/sophos-utm-ssl-web-proxy-scanning-configuration-and-gpo-deployment/


Importing the Certificate on Mac OS X

Follow the steps below to manually import the certificate on Mac OS X.

  1. Open the Keychain Access application - Use the spotlight search to easily find this app.
  2. Click the lock symbol to unlock the key chain for changes.
  3. Open the File menu and select Import Items.
  4. Select the CA certificate exported from the UTM.  (At this point you should see the certificate in the keychain with the message "This root certificate is not trusted")
  5. Double click the certificate and expand the trust section of the dialog box. In the first dropdown box called "When using this certificate" select always trust.
  6. Close the dialog boxes and exit the keychain access application.
Related Links:
https://community.sophos.com/kb/en-us/115315


Global Phones - Bands

posted Jul 18, 2018, 11:24 AM by Andrew Chadick

Gearbest and Banggood offer some very cool phones.  But you have to make sure it's compatible.
Start by searching for "Global" or "International".

AT&T
GSM 1900  = B2
GSM 850   = B5
LTE 700   = B12
LTE 1700  = B4
LTE 2100  = B4


Checkout what Google is tracking on your account

posted Jul 13, 2018, 6:11 AM by Andrew Chadick   [ updated Jul 16, 2018, 11:28 AM ]

1-10 of 172

Comments