Sunday, February 26, 2023

Strengthening Security

Windows Weekly is one of my favorite podcasts. Recently it has added a new co-host of Richard Campbell. He also has his own podcast at RunAsRadio. Of course, I added that to my podcast list.


Jess Dodson was a recent guest on the RunAsRadio podcast.

Here's the synopsis of the podcast:
How do you improve the security of your organization? Richard talks to Jess Dodson about the current security environment we're living in and what you can do to improve your security posture. Jess talks about how breaches happen and what you can do to detect them early before things get worse. The conversation dives into getting more resources - in most cases, improving security means having the time to work on preventative measures, like implementing multi-factor authentication, security information and event management, and setting up Just Enough Administration. And you need the time to review the activities in your network to let you stop a breach before it turns into something worse!
It's well worth your 40-odd minutes.

But Jess had a couple of points that I want to emphasize.

At 21:34 she says:
I hope I'm preaching to the choir on that one. Here's an earlier post of mine.

And then at 33:15 she says:
I think that is an excellent way to explain to management the objective.

Sunday, February 12, 2023

Windows 11 Upgrade Issues

My "Trump" PC server is getting long in the tooth. It won't run Windows 11 so I set out to replace it sometime down the road.

I clearly wanted the new PC to run Windows 11 so I carefully selected a tower system that supported that. In a future post, I'll detail what all I've done.

But when I began to run through Windows Update on the new system, it consistently told me that it wasn't capable of running Windows 11. I ran "msinfo" (archive.org) and it showed that all the requirements were met. Then I ran "PC Health Check" (archive.org) and it too said that Windows 11 was supported.

So I Googled "windows update says no windows 11 but pc health check says yes" and BINGO!


I'll cover the solution later but first look at that page (archive.org). It was created 16 months ago. 421 users had said "I have the same question" AND Microsoft has locked that topic to stop new posts.

tl;dr - Ignore Windows Update. Use the Installation Assistant (archive.org) to download Windows 11.

You would think that Microsoft would fix that in a year.

But my story doesn't end there.

I ran the Installation Assistant and it churned away. Then I got this screen.


Back to Google "We couldn't update the system reserved partition." and BINGO!

I'll cover the solution later but first look at that page (archive.org). It was created almost 2 years ago. 299 users had said "I have the same question" AND Microsoft has locked that topic to stop new posts.

And worse, the problem isn't new. That page links to a Windows 10 installation page (archive.org).

Unfortunately, there is not a tl;dr solution.

Microsoft warns:
Caution: these steps are complicated, and carry some risk. This is best done by advanced users with experience using the command line. If you make an error in entering these commands, you could put your device in a no-boot situation, and possibly lose data you have stored on the device.
Here's the solution:
  1. Search for cmd. Press-and-hold or right-click on Command Prompt in the results, and select Run as administrator.
  2. At the command prompt, type mountvol y: /s and then hit Enter. This will add the Y: drive letter to access the System Partition.
  3. Switch to the Y drive by typing Y: and press Enter. Then, navigate to the Fonts folder by typing cd EFI\Microsoft\Boot\Fonts. Once there, type del *.* to delete font files. The system may ask you if you are sure to continue, press Y and then Enter to continue.
The solution worked and Windows 11 installed with no more problems.

C'mon Microsoft. You can make this simpler than this.


Sunday, February 05, 2023

You Need a Side Channel

Here we Microsoft go again! There's a list of Microsoft availability problems here. Don't think I'm all doom and gloom on Microsoft. It's just that even HUGE organizations struggle with subtleties.

Microsoft's latest incident affected Azure, Teams, and Outlook for hours.


Microsoft recently released their postmortem. I applaud Microsoft for publishing this. Could your company have done such a thorough job so quickly?
As part of a planned change to update the IP address on a WAN router, a command given to the router caused it to send messages to all other routers in the WAN, which resulted in all of them recomputing their adjacency and forwarding tables. During this re-computation process, the routers were unable to correctly forward packets traversing them.
Maybe your network isn't so large that this "re-computation process" wouldn't saturate your network equipment.

Regardless there is a learning here.
Due to the WAN impact, our automated systems for maintaining the health of the WAN were paused, including the systems for identifying and removing unhealthy devices, and the traffic engineering system for optimizing the flow of data across the network.
Their network management system, including device security,  ran ACROSS their network. So when the network was impacted their network management system was ineffective. Basically, Microsoft had to watch and wait for the network to settle down.

A side channel network management solution would have mitigated that. And introduced a myriad of other problems, principally security.

Tough choices.