Author: Adam Fowler

Softerra Adaxes – Several Months In

Posted on by Adam Fowler

logo-1

Softerra Adaxes is an Active Directory management & automation tool which I’ve grown very fond of.

First I reviewed Softerra Adaxes, then I actually bought Softera Adaxes and even did a brief case study for them. I thought it would now be good to share how far we’ve come through using this tool, and what the experience is like for those considering this option of automation. Here’s my thought process and how I personally approached the rollout, along with my experiences along the way:

Initially to me, the idea of having an ‘Outlook rules’ style approach to building a system that automated user management was enough to me. We’d been creating accounts manually for a long time, and the process was documented but took 20 minutes or so to perform. There was also a lot of room for human error, especially when someone was interrupted while creating an account.

There was of course the ‘selfish’ reason of not wanting to do these user management tasks myself, but it’s hard to pass those tasks off with the inherit risks or lack of knowledge of the tools being used to ease the process. This is what had held me off writing my own giant PowerShell script to automate all the steps.

After mucking around with the Adaxes basics, I started to realise that this software solution seemed to actually deliver on what I was personally looking for – something that wasn’t complex, but also let me define whatever criteria, business rules and caveats to the user creation process that I wanted. On top of that, there was inbuilt webpages where I could deliver these options to other staff requiring no software installs, and the ability to show or lock down whatever I chose, to both control and protect the Active Directory environment.

It did take a few weeks to set up properly, but I wouldn’t have really spent more than an actual day’s worth of work in those few weeks doing it. That was just to create a new user in all the various systems I wanted, with our unique user setting requirements. I wouldn’t say the entire system is so simple and easy to navigate that you can get cracking, but it’s also not complex. Once you find the setting or understand how Adaxes achieves a solution, it’s not difficult to set things up.

The inbuilt functionality of website templates – where you can create multiple sites displaying whichever fields you like to whichever users you like – is a good way to deliver the solution to end users. You can have a page for IT and another page for Finance with completely separate functions to best fit each use case.

For me, it was great that I could create websites with zero programming requirements. It’s all driven by a GUI, and somehow it’s still very flexible in what it can do. It might be frustrating to someone who actually writes code, but that’s not who would normally be using this solution. I really feel it’s aimed at someone like me, the IT Pro/Sys Admin who wants to automate and allow others to use the tools, without needing to code or expect others to run PowerShell commands themselves.

adaxes1Basic site with one option – menu and right side options can even be hidden if required.

Once I’d finished the user creation process and published the method of doing so to a website, I had internal staff muck around with it and use it, purely for new user creations. The feedback I received was immediately positive – that 20 minute or so process had been reduced to a few minutes, and even generated out an email saying the account creation was done. This in itself to me was the tick of a successful project, and I knew I could do a lot more around automation and empowering others to do repeatable tasks.

Some of the problems I hit on the user creation automation were:

  • After upgrading from Lync 2010 to Skype for Business 2015, there were intermittent errors popping up for creating a SfB user. This was a known problem to Softerra, and took several months to resolve with a new version of Adaxes. I did have a workaround luckily, so it only took some rule modifying to work around it until a proper solution was found.
  • ‘User unknown’ – I ran into some problems where I’d create the user or enable them for Exchange, but then the next command wouldn’t find the account. Adaxes was faster than what other systems could replicate changes, so some tactful ‘start-sleep’ PowerShell command steps during the workflows to allow replication to occur before the next step triggered. This does mean that the overall process can take a minute or two, and the person who triggered the user creation has to wait for it to finish.
  • Not all functionality was available that I needed in the GUI. For example, creating a Skype for Business user is easy, but you can’t assign a policy. Instead you need to use PowerShell commands to do what you want. That took a bit longer and needed more testing, but wasn’t much of an issue once I found that out.
  • When a new user was created that already existed (e.g. another John Smith – john.smith) I hadn’t considered that scenario. I asked in the Adaxes forums and was told how to run some pre-checks to make sure the username and phone number were unique and bomb out if they weren’t, rather than half creating an account and having to clean it up afterwards.
  • The upgrade process isn’t painful when a new version of Adaxes comes out (which came out while I was doing the user creation and I wanted to try upgrading early on), but there’s a few more steps than next, next finish. An uninstall is required with backing up a few files, then a fresh install and importing what you backed up. I’m hoping that will be streamlined a bit in the future.

After the user creation process was settled, I started to create more automation tasks. Deprovisioning was an obvious one, and was a lot easier than user creation as well as taking a lot less time to set up. This command would clean up all the bits and pieces from an account, including home drives and Exchange settings (along with moving the mailbox to a different database). This was rolled out relatively quickly.

I should also note, the logging is very helpful. If someone triggers a command from the website, they can see if it was successful or not, or where it failed. It made testing easy to do, but I was also able to read through logs via the GUI on the server to find out more about what failed and why.

adaxes2Updating options on one of the web interfaces – no coding required.

I then decided to wait for common scenarios to come up and build them as needed. We often had ‘returning staff’ which if their Active Directory account still existed, I couldn’t use my user creation method when the account already exists. This took a rethink of how I’d designed my rules so far, and decided to re-do a lot of it in a more modular fashion. Because there’s the ability to copy and paste rules, this was a lot easier than I expected. The end result was that I’d have a list of modules to run against a task – e.,g. a new user would call commands such as ‘enable email’ and ‘enable Skype for Business’ which my new ‘returning staff’ would call ‘re-enable email’ but the same ‘enable Skype for Business’ command as a new user. This now meant I could move a mailbox from one database to another and unhide the user from the Global Address Book when they returned, but because all users have their Skype for Business disabled, that step was the same in either scenario.

Another valuable idea I had was to let users control the membership of Active Directory groups that they were the owner of. After some mucking around, I created a website solely for that purpose. The great part about it was that whomever logged onto the site (with passthrough authentication so no extra typing required) could only see groups they were an owner of, based on the Manager field in Active Directory. This gives anyone in the company who is in control of a group, the ability to add or remove members without any IT assistance required. Perfect for application owners who control who can get to their application or not via a security group.

My next task will be the automation of a user name change. With the updated modular design, I can copy out the steps that I need and modify them to my new requirements; of course finding the hour or two to build and test this is the hardest part. (Note: Between the week of writing this and publishing, I’ve now done it.

I’ll give praise to both the Adaxes forums and their helpdesk support via email- almost always, within 24 hours max (and usually 4-5 hours) I’d get a specific and clear answer on how to do something I couldn’t work out personally, and it was from someone who knew the product rather than a basic 1st level helpdesk type response.

I hope this gives a real impression of my experience and opinion of Softera Adaxes at a high level, after using it for an extended time. There’s no real gaps to the product that I’ve found. and you can pick and choose as to how much customisation you want to do through PowerShell scripting. I’m still happy with the product, and it will continue to evolve with us.

Google Pixel XL Review

Posted on by Adam Fowler

Google’s first phone” was released 20th October 2016 (apparently the Nexus series doesn’t count) with overall positive reviews. I happily bought one on release day by walking into a store and buying it – no lineups or fanfare for those picturing an Apple iPhone launch.

img_20161026_093902Pixel XL Box

There’s general reviews all over the place, so I’ll focus more on my opinion of the specs and features. I have the Pixel XL 128GB model, which will be the focus here.

I can’t start a review on this device without talking about the cost, a huge leap in price from the well regarded and mid range Nexus phones. By more than pure coincidence, the Australian pricing for the Google Pixel series is identical to the dollar of the Apple iPhone pricing:

Pixel 32GB – $1079AU
Pixel 128GB – $1229AU
Pixel XL 32GB – $1269AU
Pixel XL 128GB – $1419AU

It’s a hefty ask price wise, and the Australia tax has definitely been put on top when the top model in the US costs $869US – a bit over $1130AU after conversion at the time of writing. The price is by far the biggest drawback, but that doesn’t seem to stop people buying iPhones… so why should Google miss out on all that profit?

20161020_110631-customInside the Google Pixel XL Box

Price aside, the Google Pixel models have a bunch of extras that I hadn’t seen before, coming from a Samsung Galaxy S6 as well as playing with the Oppo R7s.

Let’s go through some of the specs:

Screen – 5.5 inches, QHD AMOLED at 534ppi
Coming from a 5.1″ screen there’s still a noticeable difference in size, and I think the 5.5″ is a better size for a smartphone these days. The quality of the screen was great, I can’t fault it.

20161020_111743-customGoogle Pixel XL Ready To Go

Dimensions – 54.7 x 75.7 x 7.3 ~ 8.5 mm
Nothing amazing here, it’s an average thickness and bezel size for the screen size.

Battery – 3,450 mAh battery, Fast charging: Up to 7 hours of use from only 15 minutes of charging
Fast charge is the norm now on new phones. It’s a great feature, but you do need the right power adapter to make use of it.

20161020_110709-customPower Adapter Specs

Memory – 4 GB LPDDR4 RAM
At the higher end of what you’ll find in a phone now, which should give it a longer life overall.

Storage – 32 or 128GB
Another page out of Apple’s book here. To me, 64GB is the perfect size for a phone as 32GB fills up with apps, high resolution photos and videos. The lack of external SD Card support is disappointing too, which is why I chose the 128GB option.

Processor – Qualcomm® Snapdragon™ 821 2.15Ghz + 1.6Ghz, 64Bit Quad-Core
Another new standard which provides more than enough grunt.

Main camera 12.3 MP and Front camera 8MP
Does anyone choose a phone based on the camera quality? It’s great that this has the best camera in a phone yet quality wise, but as long as it’s good people seem to be happy. Bonus that it’s better than good!

Pixel Imprint – Back-mounted fingerprint sensor for fast unlocking
I’ll talk about this more later, but it works REALLY well.

Ports and slots – USB Type-C™ and 3.5 mm headset jack
One thing Google didn’t copy from Apple was abandoning the 3.5mm headset jack which I think is a good move. Having to have an adapter or special lightning cabled earphones is a bit of a pain, and so is making sure wireless earphones are charged.
The USB Type-C is the way of the future too, so get ready to change over all your cables. Biggest benefit is that just like the lightning cable in iPhones, there’s no upside-down way of trying to put the cable in.

OS – Android 7.1 Nougat
It’s nice to have the latest OS from Google, and with this phone you’ll always get it first. As the specs say – Two years of OS upgrades from launch, Three years of security updates from launch. That’s better than no guarantee, and hopefully they’ll do more than the minimum.

My impressions

Out of the box, the whole ‘migrating from another phone’ implementation was actually pretty good – all the cables required were in the box, it happened quickly and made the new Pixel phone setup a bit easier. It still took me hours to get it the way I wanted, because it doesn’t copy across apps; it just tells your new Pixel what apps you had before and downloads them again, along with syncing contacts and accounts you had saved. Maybe one day we’ll be able to migrate to a new phone and all the settings will be in the cloud?

After the basic setup, Google makes sure you know about it’s voice recognition abilities and recommends you do some training. I declined that as I didn’t want to talk to an inanimate object, but later I did try the weird ‘Lucky Trivia” game show which went on a bit, but was still an amusing novelty.

Setting up the device and navigating around was a bigger change than I expected coming from the Samsung Galaxy S6, and I dare say a Nexus user would have a similar experience. Google have put their own flavour on top of Android – which seems weird when they’re the ones who make Android, but there you go. The home screen is fairly blank when you first start using the phone; swipe left to get a modified Google Search page along with weather, news and calendar updates. Swiping right from the home screen shows an even blanker page for you to fill with your favorite shortcuts. Swiping up however, gives you a single long grid of all your apps that go down a single page with a search option – this seems to make more sense than the pages and pages of apps to swipe through.

I went through the settings and enabled some nifty features like ‘Night Light’ which can tint your screen red and take a lot of the blinding brightness out of the display, something you don’t need when all the lights are out. The best setting I found by far though, was enabling the fingerprint reader to swipe for notifications. Ah yes, the fingerprint reader… it seems weird to place it in the back middle of the phone, but I found that the index finger sits exactly there when holding the phone, and by touch only you can easily find the right spot to unlock the phone with. However, the fingerprint reader can also be used to bring up your notifications with a small swipe. A second small swipe will expand the notifications to an even bigger view. Apart from seeing who’s liked your Instagram photo, you can now respond to SMSes, Skype messages etc right in the context of the notification pane. This seems to be implemented really well and saves you opening a notification to go to the app to respond. Nexus owners already have a fingerprint reader on the back, but don’t and won’t have swipe on it.

Some features such as having a battery % on the top of the screen are really hidden away, requiring a 10 second press on the settings button to unlock several hidden options, including this. I couldn’t work out any way of re-organising the shortcuts in the notification bar (e.g. flashlight, wifi), and the inbuilt widgets I found were feature lacking compared to what my Samsung Galaxy S6 had (one for alarm clock and one for calendar). Also encryption seems to be finally at the hardware level and not optional, hooray for that one! Also with Google’s apparently new security model, expect to see a lot of allow/deny options for every app you run. It’s good to control what app can do what, but I can see people getting annoyed by it.

Here’s a screenshot of how my home screen ended up looking:

screenshot_20161024-172119My Google Pixel XL Home Screen

The camera app also has some cool inbuilt tricks – burst pictures and picks the best one out, automatically makes a collage for you or an animated gif… as well as

burst_cover_collage_20161021065811Burst Collage of my son stealing and eating an apple

img_20161024_161744Keyboard photo

burst_cover_gif_action_20161024201144Animated Gif Test

Conclusion

Is this a must have phone? Not really. Is it worth the price? Not really. But then again, I’d say that about upgrading from an iPhone 6S to a 7. They’re overpriced for what they are in my opinion. It’s still a high quality phone with a lot of cool functions (albeit not waterproof!) and the best way of making sure you’ll get Google’s updates to the Android platform. It also has the Google Assistant which I really can’t be bothered with – yes it works, but I have to verbally give my phone a command. I may as well start wearing a manbun and ride around on a hoverboard.

It’s hard to differentiate the features between Android 7.1 and Google specific – probably by design, to help with the launch. Despite this, it’s a very slick, clean and fast user experience with great battery life (getting close to 2 days for me) and a device that should give you a bit of future protection, due to Google having control over the hardware and software.

The Google Pixel XL is a very good quality phone with good software and good features, but I don’t believe it has anything to make it stand out against the competition. It’s a premium Android at a premium price point. I’m happy that I have it  but I’m unconvinced it’s worth double or triple many of the other Android phones out there.

Google Pixel on the Google Store

 

Guest Post: Laurie Love’s Asperger Syndrome

Posted on by Adam Fowler

I don’t have Asperger’s as far as I know (which is in the spectrum of Autism) but a friend of mine gave me their article to share. They’d prefer to stay anonymous. I really like the topic and it brings up some great points on the UK case around hacker Laurie Love, who may be extradited to the US. It’s of interest especially for the IT industry that contains many people with Asperger Syndrome, so here are their thoughts on the situation:

By Anonymous:

I have Asperger’s. However, I don’t hack the US government infrastructure looking for little green men and such.  Laurie Love is claiming that he shouldn’t be extradited to the United States due to his mental status and partly because he has Asperger’s syndrome.

In the case I find myself truly torn. On the one hand I have no love for the US government, their treatment of whistle-blowers such as Manning, Snowden et al. I fully support the work of the ACLU, EFF and other privacy groups.  I also support the rule of law.

However the computer world now finds itself in somewhat of a “McKinnon II” situation where Mr Love is concerned. Each time this scenario crops up it makes us Aspies look that little bit weirder and therefore having to work that bit harder to not be tarred with the same brush that is used by most uninformed media outlets.

Whilst it is completely understandable that Love wouldn’t want to be sent to the US to stand trial with what most people would see as an extremely one-sided justice system with excessive sentencing in a much maligned prison system, he does a dis-service to other Asperger’s suffers and people with mental illness by using it as a means to avoid what many now see as an inevitable trial in the US.

Let me set the record straight about Asperger’s from a first hand point of view.

Most critically, on a macro scale we (people with Asperger’s) know right from wrong. Sure, we can be a bit more curious than perhaps we should be occasionally but we have the capacity to understand that actions have consequences.

When was the last time you heard someone plead not guilty to GBH because they had Asperger’s? Just because its seen by his supporters as a victimless crime does not mean it isn’t a crime.  Admittedly the GBH scenario is extremely unlikely in an Aspie world because we tend to not be inclined to violence or even much toward social interaction!

We are however programmed to ask why. We take things apart, we fiddle with them and such but to go breaking into military computers invites a world of hurt.

We (Aspies) are not where or how people but Why. Why does this thing “x” work the way it does? We need to find out! We can’t just leave it. This may go some way as to explaining why Love did what he did.

Laurie Love undoubtedly knew that trying to hack the military computers of a super power state was not a wise move and it would have dire consequences if he were to be caught. Although I may not agree with the US sentence put forward, the methods used or some aspects of the prosecution I believe that the US have a reasonable right to extradite him. He (allegedly) broke the law and not in a trivial way.

To now turn around and claim, as his father has, that his son isn’t prepared to go to the US to face charges under any circumstances smacks of blind arrogance. His father, a prison chaplain, claims that he sees people with such illness commit suicide.

As a group, people affected with Asperger’s do tend to look on the negative side of things and have a slightly higher risk profile than then general populace. His family portray him as a suicide risk. Anybody who faced ninety-nine years in the US federal prison would be the same I suspect, Aspergers or no Aspergers.

Most people would have the same mind-set given the situation. The human mind is trained to look for solutions to problems and suicide or taking yourself out of the situation is one solution to a (usually temporary) problem.

The presiding judge, Judge Tempia addressed this issue by noting that she was suitably assured that the US could provide for the medical needs of Love. I do however disagree with the stance that he should be held in solitary. I along with most believe this to equate to a cruel and unusual punishment.

If you want to see the US in action just look at the treatment of Kevin Mitnick. He could launch missiles by whistling down a phone the less IT inclined people repeated in ignorance.

I personally have gotten inquisitive about a site or two that I was asked to provide extremely confidential information to on behalf of another party.  I did some digging with information that was absolutely public domain, if you knew how to use the tools correctly. I stopped before I crossed the line.

There are however alternatives to this US/UK stalemate including a prosecution by the NCA or secondly serving his sentence in the UK. Love obviously would prefer the whole thing to go away. Being prosecuted by the British Government removes the whole question of going to the US to stand trial, the jail, the lengthy sentence. It negates almost all the issues raised by the Love team.

More importantly at a personal level it means the presence of Asperger’s becomes mute in terms of it becomes a get out of jail free card. He could use it in court but at the same time he gets a trial and can be cross-examined on the role of Asperger’s in his situation.

Essentially it somewhat mutes that entire line of questioning. Getting the US to agree to such a deal a high profile case however would not be an easy battle.

No matter which side wins or how it unfolds, it does people with Asperger’s no favours. The whole McKinnon/Love scenario makes us as a group look rather pathetic and unwilling to face the results of our actions.

In reality we are highly motivated, intelligent and we are an asset rather than a liability (Just ask GCHQ. There are more than a few of us that work there!). We as a group don’t all go round breaking into computers then using Asperger’s as a mechanism to try and avoid the long arm of the law.

Only time will tell the real outcome but Love needs to grow up and face up for his actions and not blame it on the condition.

Win a Lenovo ThinkPad E560 – AU/NZ Only

Posted on by Adam Fowler

Several weeks ago, I compared the Lenovo ThinkPad E560 vs HP ProBook 450 G3 where both laptops came out pretty evenly well, with a few pros and cons depending on your preferences.

I’ve decided (with Lenovo’s blessing) that the Lenovo ThinkPad E560 should be given away as a prize to an Australian or New Zealand resident!

Sorry to other countries, but I’m personally paying for shipping on this and don’t know how much postage would cost to all corners of the globe, plus the power pack has the Australian/New Zealand connector on it :)

The laptop you might win!

I’ve personally reset the PC and put it back in it’s box, ready to be shipped at the end of the month.

Here’s the specs on this particular laptop (taken from Lenovo AU’s E560 site and only relevant specs left in):

DESCRIPTION THINKPAD E560 LAPTOP
Processor
  • 6th Gen Intel Core i5-6200U Processor (3M Cache, 2.3 GHz), Turbo Boost 2.0 (2.8 GHz)
Operating System
  • Windows 10 Home 64-bit
Display
  • 15.6″ HD (1366 x 768) Anti-Glare, 220 nits
Ports
  • 3 x USB 3.0
  • 4-in-1 card reader (MMC, SD, SDHC, SDXC)
  • Lenovo OneLink Docking Port
  • VGA
  • HDMI
  • Combo audio/microphone jack
  • Ethernet (RJ45)
  • Security keyhole
Graphics
  • Intel HD Graphics or Intel HD Graphics 520
  • AMD Radeon™ R7 M370 2GB GDDR5
Memory
  • 8GB, PC3-12800 1600MHz DDR3L
Webcam
  • 720p HD Intel® RealSense™ 3D Camera
Storage 3
  • 1TB 5400 RPM HDD
Optical Drive (optional)
  • DVD Burner, fixed, not removable, tray-in
Dimensions (W x D x H)
  • 377 x 255 x 23.8~27.1 mm
Weight
  • Starting from 2.3kg
Case colour
  • Graphite Black
Battery
  • 6-cell Li-Ion battery – 75+ (48Wh) internal battery
Battery life
  • Up to 9 hours
Keyboard
  • 6-row, spill-resistant, multimedia Fn keys
UltraNav™
  • TrackPoint® pointing device and multi-touch with 3+2 buttons click pad
Audio support
  • HD Audio, Dolby® Advanced Audio™ v2 certified / stereo speakers, dual array microphone, combo audio/mic jack
Ethernet
  • Gigabit Ethernet
Wireless LAN
  • Intel Dual Band Wireless-AC 3165 (1×1 WiFi, 802.11ac) with Bluetooth 4.2
Warranty Expires
  • 2017-03-29

 

How do you win this laptop? Do one or more of the below actions to enter! (a like on my Facebook page would be nice, but isn’t mandatory. It’s a feed of the posts I publish here)

Win a Lenovo ThinkPad E560 Laptop!

Note: if you’re having problems with entering, try turn off your adblocker for a moment.

Windows 10 – Time To Get On Board

Posted on by Adam Fowler

Windows 10 has been publicly available since 29th July 2015. Since then, Microsoft have been encouraging users to upgrade in many ways – consumers had a year window to upgrade from Windows 7/8/8.1 for free, along with Windows Update prompts reminding consumers that they can do so.

There’s always going to be complaints with any new operating system, but the in-place upgrade process has been the best yet from Microsoft. Gone are the days when any IT professional would strongly avoid it, it’s a much more stable and revertable method.

The upgrade has been optional, but we’re now getting much closer to being forced to go Windows 10 (not that I think this is a bad thing). The two big ways this is happening are:

New PCs with Windows 7 or 8.1 are going to be much less common come November 1, 2016. The top OEM vendors won’t be allowed to do this anymore (E.g. Lenovo, HP, Dell). You could still go to a whitebox builder and buy an OEM version of Windows 7, it just won’t be a pre-packaged option anymore. Windows 7 is very old now, and it’s unrealistic to expect Microsoft as well as all the hardware manufacturers to continue supporting it with new drivers.

The other main driver is Intel’s 7th generation of i series chip, Kaby Lake. This has already been released and seen in some laptops, with desktop CPUs due to be released early 2017. Microsoft is drawing a line in the sand and saying there will be no support at all if you’ve got this new CPU. I have yet to get my hands on a device with these new CPUs to try, so it will be interesting to see if anything breaks with this combination of OS and CPU.

Windows 7 has had a very good run, with great reasons; but the vast improvements that have taken us to Windows 10 (not to mention the better security architecture), as well as internal support for cloud services means this is the way of the future.

If you haven’t started the transition to Windows 10 it’s time to get planning, before you hit the above roadblocks and haven’t put the planning and preparation into the change.