Researching issues that several clients were having with slow Windows Roaming Profile logins and found that the common denominator was profiles being too large. Looked at Event Viewer and found nothing but Event ID 6005 – “The winlogon notification subscriber is taking long time to handle the notification event (Logon).” Looked at their Group Policy settings and found the folder that profiles were being saved in. Ran WinDirStat on the user.v6 folder and found some interesting details. It looks like downloads, Slack, Teams, and Zoom were taking up 13+GB of data that was then trying to be synced over the network. Looks like it is time to update the Group Policy to exclude some folders:If your company is looking to virtualize your servers or take them to the cloud, then contact us to setup migration evaluation.
GPO – Exclude directories in Roaming Profile
Open Group Policy Management
Edit the Roaming Profile policy
Open User Configuration > Policies > Administrative Templates > System > User Profiles
Enable – Exclude directories in roaming profiles
Add the following directories – Downloads;AppData\Roaming\Slack;AppData\Roaming\Microsoft\Teams;AppData\Roaming\Zoom
Ok your way out
Open Windows Explorer and navigate to the user.v6 folder and delete the following folders:
Wait 15 minutes for changes to propagate then reboot the effected machines and login again.
If your company is using roaming profiles to keep employees agile in the office, then contact us to setup a group policy evaluation.
This was a strange one, but I have done it now more than once for a Tier 3 / Co-Managed IT client. They use the Macrium Reflect software to do image backups of client servers. They are looking to virtualize these servers going forward and wanted to know if it was possible to restore from Macrium Reflect to a Synology VM. Here is the process that we found to make it work:
We assume that you already have a Synology device setup and functioning properly.
We assume that you already installed the Virtual Machine Manager app on the Synology
We assume you already went through the initial setup wizard of the Virtual Machine Manager app
We assume that you have been backing up the server and have a valid image backup file
We assume you know the network path to these backup files
We assume you already know (and possess on the Synology) the required amount of CPU, Memory, and HDD space.
Create Macrium Reflect bootable Rescue media
Open Macrium Reflect
Click on the Restore tab
Open Other Tasks on the left hand side
Choose Create bootable Rescue media
Browse to where the current backups are stored and save it there (this makes finding everything easier later)
Click Build (You may need to install some pre-requisites to make this possible, but Macrium Reflect with prompt you for it)
Create Virtual Machine
Open the Synology Virtual Machine Manager app
Click on Image
Click on the Add button
Find the Macrium Reflect Rescue media and add it to local storage
Click on Virtual Machine on the left
Click the Create button
Choose the Microsoft Windows option (if appropriate)
Select the proper storage amount
Give it a name, CPU, Memory (as needed)
Give it the needed storage amount(s)
Leave it connected to the default network
Download the Synology Guest Tools if needed.
Select Macrium Reflect Rescue media for the ISO file for bootup
Do not start the automatically
Edit the VM and change it to start from the CD ROM
Power it on
Restore from backup
Connect to the VM
Wait for Macrium Reflect Rescue media to boot (this can take awhile)
Click on the blue computer icon at the bottom
Click on the Map Network Drive icon
Type in need information and click OK
Go back to the Macrium Reflect window
Click on Browse for an image or backup file to restore
Find the appropriate file in the newly mapped network drive
Click on Restore Image
Select the target drive(s)
Click Next, Finished
Wait for restore to complete (this will take a long time)
Prepare restored image
Once completed, click on the ReDeploy restored image to new hardware
Add drivers if needed
Accept any drivers it finds
Accept the default options
Finish the wizard by closing
Power off the VM
Edit the VM Storage to make the disk a SATA controller instead
Edit the VM Others to make the BIOS UEFI
Edit the VM Network to Not Connected
Power on the VM
Login and install the Synology Guest Tools from the attached CD-ROM drive
Power off the VM
Edit the VM Network to use the default connection
Power on the VM if you are ready to deploy
If your company is looking to virtualize your servers or take them to the cloud, then contact us to setup migration evaluation.
As businesses have had to quickly pivot to new working environments, cyberattacks become an urgent concern. In this thought leadership article, you can learn some of best practices using Microsoft security that help ensure the best protection. Examples include secure access to cloud applications that protect sign-ins with security defaults, methods to manage and secure corporate data in approved apps on personal devices, and providing clear and basic information, including how to protect their devices, will help you and employees stay ahead of threats so they can remain productive.
Got a email from one of our co-managed IT / Tier3 / managed RMM clients that was having issues with DNS resolution. The network consists of a Synology NAS acting as Domain Controller / DNS Server and a VM on the Synology that runs the clients main application. Several of the workstations were having an issue where they could not browse to the IP address (\\192.168.0.11\sharename)of the application server at one time and could not browse to the UNC path (\\servername\sharename) of the same server on another day. First tried setting the external forwarders to Google DNS and the Forward Policy to Forward First, but the problem resurfaced. So we dug deeper into the DNS settings and found the following:
If you look closely the IP address of the server is 192.168.0.11 and the records for DNS servers associated with the domain above and below it point to servers outside the subnet of the application server (10.0.0.2). Upon further investigation this DNS server address was blocked by the firewall because it was an old IP address scheme that was no longer in use. The current good DNS server IP addresses are 192.168.40.10 and 192.168.0.10.
Turns out the stale DNS records were the problem. Made the needed changes to the DNS records and things are working great.
If your company needs a little extra help running the IT department, then contact us to setup a co-managed IT evaluation.
There has been a recent trend for companies to “negotiate” with the criminal terrorists behind wave of ransomware attacks across the world by paying the ransom. In a recent study some alarming statistics have been released:
Current Ransomware Stats
If Ransom is Paid: The global findings also show that only 8% of organizations manage to get back all of their data after paying a ransom, with 29% getting back no more than half of their data.
Cost of Ransom: The average ransom paid was $170,404. While $3.2 million was the highest payment out of those surveyed, the most common payment was $10,000. Ten organizations paid ransoms of $1 million or more.
Who is Paying the Ransom: The number of organizations that paid the ransom increased from 26% in 2020 to 32% in 2021.
The Brighter Side: While the number of organizations that experienced a ransomware attack fell from 51% of respondents surveyed in 2020 to 37% in 2021, and fewer organizations suffered data encryption as the result of a significant attack (54% in 2021 compared to 73% in 2020).
What is Being Done
There are now organizations trying to create a common framework to address this threat. The Institute for Security and Technology has created a Ransomware Task Force. This task force has been working to develop this framework and has published some guidance. Even though this is just the foundation work, it is good to see that efforts are being made.
If your company is worried about the threat of ransomware, then contact us for assistance setting up a multiple layer approach to security.
Qatari shipping and maritime company Nakilat has one of the world’s largest fleets of liquefied natural gas (LNG) carriers, transporting LNG from Qatar to global markets. To increase its competitive advantage, Nakilat wanted to improve employee productivity and mobility, without compromising on data security. It uses Microsoft 365 and Microsoft Cloud App Security to deliver highly secure cloud-first workplaces—shipboard and in the office. Nakilat also adopted the Microsoft Azure platform to optimize its operations and improve business continuity, reducing operating costs by 50 percent. See more in this video.
Attackers will cross multiple domains like email, identity, endpoints, and applications to find the point of least resistance. Today’s defense solutions have been designed to protect, detect, and block threats for each domain separately, allowing attackers to exploit the seams and threshold differences between solutions—leaving the business vulnerable to attack. Microsoft Threat Protection stops attack sprawl and auto-heals enterprise assets with built in intelligence and automation. Read on to learn more.