Author: Adam Fowler

Softerra Adaxes Identity and Active Directory Management Review

Posted on January 19, 2016September 12, 2021 by Adam Fowler

I’ve been asked to review many products (both hardware and software) on this blog. Many of the things I write about here are triggered by my experiences, which I think adds to the usefulness of the posts. Usually I decline, because I either don’t have an interest in the product, or don’t have the time to invest reviewing something that I can’t get a personal benefit out of the product in question.

Softerra Adaxes was one of these companies. After giving it a quick once over, my interest had been piqued. After extensive testing, I was actually happy to write a review of what the product does, and how I can see it helping people in businesses… so here is my take on the product. This is a sponsored post, but written by myself with my honest view on the product after extensive testing.

What is Softerra Adaxes?

First and foremost, this is an Active Directory (AD) Identity Management piece of software. It will talk to your AD environment (don’t worry, no schema changes required!) and give you a framework to allow automation. I’d previously looked at System Center Orchestrator (SCOrch) to look at the automation of user accounts such as creation, change, deletion – but it was too complicated for my liking. Most things required you to write your own code (PowerShell, .NET etc) and use what I’d call strange variable calls, instead of plain old nice code. To me, you have to wear a developer hat to use SCOrch for anything beyond very basic workflows.

Adaxes takes a different approach. Instead of writing your own code (which you can do still), much of it is driven in a similar way to how Outlook rules work. You can use the Adaxes Console, or Adaxes webpage to perform tasks such as ‘Create User’ – but you define the rules. For example, think of the ‘City’ field in AD. These are the rules you can set for it:

Those rules then end up as the only choices via a drop-down menu:

Having a default value if > 50% of your users are going to be in a particular city is a time saver. Same applies to being able to list several cities, and have a dropdown list to select them from – removing human error from typos. Forcing the property to being required also means it won’t be missed. To me, this gives immediate benefit in the user creation process, if the time is spent setting it up correctly.

User Creation in Adaxes

Once a user is created with your template, ‘Business Rules’ can kick in. These are more rules based on an event happening – such as a successful user creation. For me, I created business rules based on the City. If they’re in Sydney, then do all these things that applies to a Sydney person. This can be the creation of a home drive, but also can hook into Exchange or Lync to create their account in that environment too.

The Exchange and Lync integration allow you to have a user fully set up without even needing to worry about it. The email alias can be pulled from the username, and normal email address policies apply for creation of SMTP addresses. You can specify which DAG the mailbox will be created on too. For Lync, it’s the same story. If you’re lucky enough to have Enterprise Voice, the user’s phone number can be used as a variable to create a Line URI for the user.

Other third party systems can be manipulated by running a PowerShell script or program easily enough, or if you want to start getting tricky… there’s the Adaxes SDK for API.

When it’s all done, you can even trigger an email to alert staff that a user has been created, which could be used to alert other departments of any manual processes they need to do once a user is ‘born’.

Even better, is the easy built-in security roles. You can give HR access to create a user via the native Adaxes web page. No software required, HR follow the bouncing ball of the webpage and see a prompt for any required field, and requests can be configured to require approval before being actioned too.

https://www.youtube.com/watch?v=GlgVcGF7gjA

What Else Can Adaxes Do?

I’ve focused on User Creation so far, because that was the first benefit I saw from Adaxes – but there’s a bunch more this software solution can do. Softerra themselves list many of the features of the product, but it’s a very open framework where you can make the software do what you need to happen.

Group Management

Due to the granular security model they use, you could consider end user management of groups. Email group management for end users is already possible from Microsoft Exchange, but you can’t do the same with security groups. I can see a big benefit in letting key users manage a selection of security groups which could allow things such as access to network drives and folders, access to software or permissions to an internal resource such as a SharePoint site and so on. If you’re in a Microsoft environment, everything should be security based via AD groups anyway, so this is a much nicer solution than giving those key end users an Active Directory User and Computers console.

Password Expiration Notifcation

There are several built in examples of ‘Scheduled Tasks’ – including some I’ve written my own script for! The ‘Password Expiration Notifier’ does exactly what I wrote here, which is to notify end users via email when they have certain days left before their password expires. My preference is to have all of these tools and triggers in a central location where all the right people can see what’s going on with ease, which is better than having Windows based scheduled tasks scattered around your servers being harder to find and manage.

Although I encourage everyone to know PowerShell, the reality is we all have different skills and priorities. Having middle-ware that manages the smarts, and shows you in an easily readable format reduces company risk in both managing automation as well as staff time in making changes should be at least investigated for it’s potential value. The above example out of the box had only the 7 day notification, so I copied and pasted the rules below it, and set the trigger to also happen at 1 day, matching my script. That was 10 seconds of work.

Clean Up Old Computer Records

Another example of a built in Scheduled Task is the ‘Inactive Computer Deleter’. Simply, it does a daily check for computer objects to see if they’ve been inactive for more than 12 weeks. If true, it changes the ‘When Marked Inactive’ property of the computer to the current date and time. It won’t delete the computer until it has approval, and you can tell it who to get the approval from. Tasks like this should save you time as well as helping to secure your network from rogue devices.

Office 365 User Management

There is also Office 365 support, which can automate tasks such as user creation, or license management. At the time of writing, an Office 365 CAL can’t be auto assigned to an Office 365 user when synced from Active Directory, but Adaxes can automate that step for you.

Conclusion

To me, the above is enough of a business case to at least consider Softerra Adaxes. Some time needs to be invested to make the software do what you want to do – every businesses’ user management processes are different. If you’re currently using just a PowerShell script, you could use that from Adaxes and build the workflow and web interface management around it for starters, then migrate tasks to Adaxes as you find time.

I can’t find many weaknesses in this solution – there’s provision for resiliency by having more than one server, the product seems secure and stable. I would like to see more built in options on what you can do out of the box (to Softerra’s credit, there is a lot of options already and is highly configurable). I noticed that I couldn’t specify some extra parameters in Lync beyond the basics of user creation, such as which policies to apply to a user. This will have to be done by calling a PowerShell script I’d write instead.

There’s also a bit of a learning curve around applying security and using the interface – not that it’s difficult, and the online documentation is extensive, but you’ll need to do a bit of tutorial reading to understand the product and how to configure it to your liking.

I also really like the potential of giving end users control over certain things. Empowering users that make decisions to act on those decisions themselves is a time saver – as is having an incredibly easy workflow approval process that doesn’t need a complicated workflow engine and a team of developers behind the scenes.

Overall, I really liked the product and the direction they have taken it. I personally recommend checking it out, and am actually in the process of implementing it in my current workplace as a result of this review, as a paid product!

Other Adaxes videos are available on YouTube, along with pricing available on their website (there’s also a 30 day trial – install is very simple).

Lenovo ThinkPad Yoga 260 Review

Posted on January 15, 2016September 12, 2021 by Adam Fowler

I managed to get my hands on a new Lenovo ThinkPad Yoga 260, so here’s my thoughts on the current Yoga situation and the Yoga 260:

Lenovo ThinkPad Yoga 260

Yoga History

The consumer series of Lenovo Yogas has been making leaps and bounds – from the Yoga Pro 2 I reviewed, up to the new Yoga 900S – many models have come out, all with their improvements from the previous, and attracting a lot of attention.

However, the Yoga 260 and 460 are the first ThinkPad series of Yoga laptops since the ThinkPad Yoga 14 (along with the 15 and 12 models) which were decent laptops, but didn’t get too much fanfare. It was a little on the hefty side for weight, and a little bit chunky which made other options such as the drool-worthy X1 Carbon more attractive, despite not having a tablet mode.

It was still an improvement however, over the earlier ThinkPad Yoga which was too weighty and thick to be a decent hybrid laptop. When I first saw one of these, it wasn’t really a consideration. At the time, the ThinkPad Helix seemed to make more sense with it’s proper tablet mode and crazy battery life, due to having a second battery in the keyboard base.

That has all changed – CES 2016 had a plethora of laptops launched, including the highly regarded ThinkPad X1 Yoga – but you can’t get those yet.

Before all those were launched, the ThinkPad Yoga 260 started coming out in Q3 2015 (not that I could get one until Q1 2016!) and were the first ThinkPad Yogas along with the larger ThinkPad Yoga 460 to feature Intel’s 6th Gen CPU, codenamed Skylake.

It is worth pointing out, that any Lenovo laptop under the ThinkPad name are incredibly robust, and have standards to Mil-SPEC and beyond Mil-SPEC, which is impressive that they now have such thin devices that still meet these standards.

ThinkPad Yoga 260

So here I am, with a Yoga 260 sitting next to me. First impressions of the device are that it’s not as small as I expected for a 12.5″ device, but it’s still reasonably light. I’ve spent some time playing around with it, so I’ll try to cover the bits and pieces I’ve found interesting about this particular model.

Hardware

I’ve put all the specs at the bottom of this post, as there’s a lot of them! Points of interest are:

Keyboard – it’s a nice keyboard, the standard I’d expect from a ThinkPad. Keys are nicely spaced and easy to type on. The trackpad is very clicky which I like – it’s a proper click when you press into it rather than a light click. It has the two proper left/right buttons for those who prefer it, but the standard gestures and left/right click work on the main trackpad too.

ThinkPad Yoga 260 Keyboard

Screen – I don’t like the lower end 1366 x 768 option, but love the 1920 x 1080. Perfect res without being over the top (I don’t think you need more than this on a 12.5″ screen). It doesn’t have a particularly thin bezel, comparing against a 3 year old X1 Carbon, the Carbon is a lot thinner. I’d be curious to know what reasons the engineers chose to not go thinner. At the same time it’s not too thick, but makes the laptop more of what I’d expect from a 13″ size overall.

ThinkPad Yoga 260 12.5″ Screen

Pen – The Yoga 260 comes with an inbuilt powered pen. It’s a supercapacitor stylus using Warcom technology. I calibrated it once after turning on the laptop to improve the accuracy, and it’s very accurate (video below). It’s compact, but personally I prefer the bigger Microsoft Surface Pen – but, I don’t know if that would actually fit inside the laptop. Lenovo’s pen fits snugly into the base of the laptop and you wouldn’t know it was there unless you looked. They’re different use cases I believe – Lenovo’s pen is better for ad-hoc use, where Microsoft’s pen is more designed as a mouse replacement. I also tested, you can’t use a Microsoft Pen on the Yoga 260 :)

The pen requires charge, but uses a super capacitor rather than a battery. Engadget has a great supercapacitor stylus of the technology. It will go for 2 – 4 hours and then need a charge; 15 seconds of charging will give you 80% of the life back, or full capacity in 5 minutes.

Ports – Apart from the discreen pen slot (which I’m calling a port because it charges the pen), there’s quite a few ports on this device. There’s the micro SD slot which is handy if you have another device that uses one (such as a camera), and a SIM slot so you can have 4G straight from your laptop. The other ports are standard, there’s both HDMI and Mini DisplayPort which is nice for options, and the newer dock connection along with 2x USB3. There’s also a very long slot for a card reader, but as this is an optional addon I don’t think mine has the internal card reader.

ThinkPad Yoga 260 Pen and right hand side ports

ThinkPad Yoga 260 left hand side ports

Yoga Mode – As with all Yogas, this laptop does a full 360 on the screen to put it into tablet mode.

Yoga 260 doing a Yoga pose

When in Yoga mode, the keys will sink in to the chassis and not protrude at all:

… and when it’s taken out of Yoga mode, the keys pop back up again:

The laptop itself is very nice to use – the 6th Gen CPU is great, and it’s a nice size to slip into the bag for travel. If you have any questions please post below!

Update 18th Jan 2016:
This has a OneLink+ dock port, which is an upgrade from the older OneLink. They aren’t directly compatible. You can get an adapter if you have a OneLink+ dock and an older OneLink laptop, but that doesn’t help you if you already have a OneLink dock – you’ll need to get a newer OneLink+ dock!

Tech Specs

As taken from Lenovo’s website, here are all the specs. I’ve underlined the parts where there are options to show what I’m using:

ThinkPad Yoga 260 Tech Specs

DESCRIPTION	THINKPAD YOGA 260 CONVERTIBLE ULTRABOOK
Processor	6th Gen Intel® Core™ i3-6100U Processor (3M Cache, 2.3GHz) 6th Gen Intel Core i5-6200U Processor (3M Cache, 2.3GHz), Turbo Boost 2.0 (2.8GHz) 6th Gen Intel Core i7-6500U Processor (4M Cache, 2.5GHz), Turbo Boost 2.0 (3.1GHz)
Operating System	Windows 10 Home 64-bit Windows 10 Pro 64-bit
Display	12.5″ HD (1366×768), anti-glare, 300 nits, 16:9 aspect ratio, IPS, 10-point Multi-Touch 12.5″ FHD (1920×1080), anti-glare, 300 nits, 16:9 aspect ratio, IPS, 10-point Multi-Touch
Digitiser pen (optional)	ThinkPad Pen Pro, active pen for multi-touch display
Hinge / mode	Yoga hinge, 360 degree / Laptop, tent, stand and tablet
Graphics	Intel HD Graphics 520 in processor only, supports external digital monitor via HDMI, Mini DisplayPort; Supports dual independent display Max resolution: 3840×2160 (Mini DisplayPort)@60Hz 4096×2160 (HDMI)@24Hz
Memory	Up to 16GB, 2133MHz DDR4, one DDR4 SO-DIMM socket (8GB)
Webcam	Integrated, HD720p resolution, fixed focus
Storage1	128GB / 192GB / 512GB SSD, SATA3 256GB SSD, SATA3 Opal 2.0 Capable

Dimensions (W x D x H)	309.9 x 220 x 17.8 mm
Weight	Starting at 1.32kg
Case material	Carbon-Fiber Hybrid
Case colour	Midnight black
Battery	4-cell Li-Polymer battery (44Wh)
Battery Life2	Up to 10 hours3
AC adaptor	45W or 65W AC adapter
Keyboard	6-row, LED backlit, spill-resistant, multimedia Fn keys
UltraNav™	TrackPoint® pointing device and multi-touch with 3+2 buttons click pad

Fingerprint reader	Touch style fingerprint reader on the keyboard bezel
Audio support	HD Audio, Conexant® CX11852 codec, Dolby® Home Theater® v4 / stereo speakers, 2W x 2 / dual array microphone, combo audio / microphone jack
Security chip	Trusted Platform Module, TCG 1.2-compliant and Software TPM 2.0
Light sensor	Ambient Light Sensor
G-sensor	3D accelerometer and 3D magnetometer, 3D compass, 3D gyrometer

Wireless LAN	Intel Dual Band Wireless-AC 8260, 2×2, Wi-Fi + Bluetooth® 4.0, no vPro

SIM card	Yes

Mil-Spec test	MIL-STD-810G military certification
Ports	2 x USB 3.0 (one Always On) Mini DisplayPort™ HDMI OneLink+ connector microSD, supports UHS-I SD card Combo audio/microphone jack Security keyhole Optional Card Reader Note: Build your own with USB 3.0 Ethernet dongle, or purchase with a ThinkPad USB 3.0 Ethernet adapter (4X90E51405). Otherwise, use Ethernet (RJ45) port via optional OneLink Dock / Universal Port Replicators.

New Year 2016 Resolutions

Posted on January 2, 2016January 6, 2016 by Adam Fowler

New Years Resolutions aren’t something I normally do. I don’t like the idea of using an excuse of something arbitrary such as the year change to start or stop something.

In this case though, it’s the catalyst for a few things that have been bouncing around in my mind for a while – maybe that’s the case for others too?

(As an aside this is my first blog post I’m writing straight from mobile… Swype these days gets the WPM count closer to what I can do on a keyboard which is less frustrating :) )

In the order that I think of them, here are some things I’d like to change:

1. Be more personal in what I do (selectively).

I guess I do this a little bit, and put my own flair on blog posts and tweets – but in my mind it’s still very reserved. A technical ‘how to’ I’m happy with my current methods, but I’ve previously taken a rather non-personal approach I believe.
One of the reasons this has come front of mind is due to the roundabout way @thisaintrachel’s blog post was written. I really enjoyed reading the personal side, and without going back to my own write up, i’m sure it was nowhere near as personal as I could have made it.

That doesn’t necessarily mean I’ll write more posts that way, but when I do I’ll put more into it. Same applies to Twitter.

2. Get less caught up in particular individuals or situations.

This one plagued me in the later half of 2015, but it’s definitely happened plenty of times in my life.
There will be someone or something that irks me in what they say or how they act, and I’ll just focus on it too much. It will rattle around in my brain with over analysis.

What I need to do instead is just ‘let it go’ (I hope we are all mentally singing that now). Put it down to just “that’s how that person is” and continue on. I don’t know why certain scenarioa bother me so much, but I know I have an inner sense of righteousness that becomes irritated at certain times. Especially if it’s someone i regarded highly!

I know all that is vague, but the few who know me well probably have heard at least one story where I’ve either confided in a frustration, or got in trouble for getting carried away on trying to “right a wrong” where I should have just given up (if you’re that curious, feel free to ask me privaely!). The intetions are always good, and it’s not even a ‘choose your battles” thing as I already turn a blind eye to many frustrations…

3. Be more positive

This is one that I’ve already been trying, but there is room for improvement. I like having a positive mantra, but it is so much easier (and often funnier) to take a swing at something instead.
I’ll continue those funny swipes (at least in my mind they’re funny) and Twitter is a great platform for that… but it shouldn’t go any further, and should be shared around.
Again I’m not too bad for this, only the very rare situatuonal anti-Apple tweet is made, but I’m going to make more of an effort on the positive side.
I love receiving encouragement, and usually it’s just as meaningful from a random follower as it is froms someone you interract with frequently… so I shall give this more of a conscious shot.

A lot of positive things have happened out of the Twitter tech community for me, and I want to continue this on and pass it onto others.

4. Get more involved in communities

The wheels are slowly turning on this – I did a brief of the Microsoft Ignite conference two User Groups in December, but I really should do more.

And, I know I’m capable. I still need to relax in front of a group of people, but it’s an aquired skill. I know I’m not bad at it (I have previously done things like MCing a quiz night, and will be MCing a wedding!). I’ve had a lot of support in doing this too from different people Ive spoken to – family, friends and people in the tech community – so I really should put some effort in to making this happen. (I’m making a point of not calling people out in this big post – those call outs will happen more personalised and when things happen, or I’ve already done it).

There were several inspirational people at Microsoft Ignite AU 2015 that either directly or indirectly gave me an extra nudge too – and those actions I’m taking on board to try and do the same.

This also flows onto having more interractions with others – I’ll put more of an effort into this one too, and feel free to call me on it!

5. Helping others
I already do this one a lot, so really it’s a ‘continue on’ for number 5. It’s a big part of my job as well as online persona, so I hope (and actually believe) people see and appreciate it. Not that I’m doing it for recognition of helping of course – but recognition does serve as a gague that you’re doing it right.

6. Do more writing

I enjoy writing so I need to do more. It died off a lot in 2015, as it was replaced by my awesome little son and a lack of sleep (if you want photos then just find me on facebook!)

He is getting better at sleeping, so this should give me a bit more time to get back into it. Some paid, some blog posts. I’m still selective on what I choose to write about, I won’t take a paid gig on something that either doesnt interest me or is too far out of my personal experiences and kmowledge – but I could easily find more work if I wanted it. Luckily this is just on the side to my main job, so ‘more work’ isnt that much :)

I still dont think it’s something I’d want to do full time, but I have seen others make very successful careers from several online techy persuits, so maybe one day. Definitely not 2016!

I can’t tell how much I’ve written on WordPress for Android so I’ll just call it there. I do care what others think so if you have any feedback for me I’d love to hear both positive and constructive criticisms – either comment here or privately let me know however you find me :)

Hope you all have a positive and enjoyable 2016 and please say “hi”!

Logon and Logoff Security Event Viewer Auditing

Posted on December 22, 2015July 30, 2022 by Adam Fowler

Update 30th July 2022 – TechNet links no longer work, but updated the script link to a github copy.

Original post:

Logon and Logoff events for a PC running Vista or above are logged to the Security section of Event Viewer. If you’re looking for a particular event at a particular time, you can browse through manually with a bit of filtering in the Event Viewer GUI and find what you need.

On a larger scale though, this doesn’t make sense. If you’re looking at multiple users or multiple events, the task gets tedious very quickly.

Logon and Logoff events on a domain will be logged against the closest domain controller, but unless you’re piping these logs elsewhere (which I briefly talked about here on Tech Target), the DC’s logs will quickly fill up and cycle off. Also, the user may have authenticated against multple DCs, or other scenarios such as an offline laptop user first logging in locally before being on the network.

A PC keeping only it’s own security logs will go back a lot further (over a month hopefully!) so there’s a lot of data to obtain.

There’s an older Microsoft Technet article that covers this briefly called Tracking User Logon Activity Using Logon Events which has some useful information, includoing the Event IDs:

Logon Event ID 4624
Logoff Event ID 4634

Now, you can filter the event viewer to those Event IDs using Event Viewer, but you can’t filter out all the noise around anything authenticating to and from the PC you’re investigating.

One way of doing this is of course, PowerShell.

There are two commands I found for this – Get-EventLog(link now dead) and Get-WinEvent(link now dead). I used Get-Eventlog as it seemed to be a bit easier to get the data I needed…. but I couldn’t get it exactly to work.

Then I read this Technet article – PowerShell Get-WinEvent XML Madness: Getting details from event logs (link now dead) which backed up what I was experiencing, such as “The bad: All of a sudden reading event logs gets complicated. The filtering in particular requires some crazy syntax.”

This all started to get too hard, and I couldn’t get my head around the code or get it to work!

Finally, I found someone who’d created a very nice script that did everything I wanted: Security Log Logon/Logoff Event Reporter

The script doesn’t need any parameters to run, just asks for which PC, date range, if you want to only see failed logins (which I don’t for this scenario), and then how to display the information.

Sometimes it takes a lot of research and time to just use someone else’s script and be done with it :)

Update:
As @GirlGerms pointed out, many people just lock their workstation rather than logging off/on. In that case, these are the two Event IDs:

Workstation Locked Event ID 4800
Workstation Unlocked Event ID 4801

The script I found doesn’t include these, but appears very easy to adjust to see those results too. None of this works if the person doesn’t lock their PC, and never logs off so it’s hardly an all encompassing method.

Lync is Experiencing Connection Issues with the Exchange Server

Posted on December 16, 2015December 16, 2015 by Adam Fowler

We are still running Lync 2010 server and client, so I’m not sure if this is an issue in later versions (or Skype For Business now) – but this problem still occurs in the most patched versions of Lync 2010.

The error “Lync is Experiencing Connection Issues with the Exchange Server” can be caused by many things. The Bytemedev wesbsite lists a lot of common client corruption type solutions to get around the problem.

Checking Lync client logs didn’t help much, and Lync connectivity in Configuration Information just showed an issue in connecting to EWS without any helpful details.

For my case (which has come up more than once), those fixes weren’t the issue. Another blog post got me onto the right track from NetworkAdminSecrets around having a corrupted contact. Lync will fail if it doesn’t like all the contacts in someone’s Contacts – and this includes the Suggested Contacts!

Above is the bad contact I found. Often it won’t like an Asian or European character, but this time it was a space (or some other symbol that’s just being represented by a space). It wasn’t even the saved address, it was the display name. This single record caused the problem.

The painful method I used to find the record was first to scroll through the entire list, looking for a weird character. Since I couldn’t find one, I then moved half of the contacts out, and seeing if the Lync client still complained after a logout/login. Repeating this processed kept narrowing down the contacts until I was left with a few, and could find what I was looking for.

Deleting or fixing the contact was all that was needed to resolve the issue!

Share this:

ThinkPad Yoga 260 Tech Specs

Share this:

Share this:

Share this:

Share this: