IT

New Addon Released

Posted on by Adam Fowler

0G6A8749

This is my excuse for the lack of updates to the blog this year. Meet Isaac, my new baby boy born only a week ago.

I don’t normally get too personal on here, but I think Isaac is allowed an exception. Mum and bubs are doing well, and we’re still adapting to the baby life – primarily the lack of sleep and working out which combination of actions will make Isaac sleep at 4am after a feed.

I have a new found respect for single parents out there to young children – it’s a tiring but rewarding task looking after a little one.

Relating it back to IT, it’s a troubleshooting process that doesn’t have a proven repeatable process, proving the same outcome!

If you’re reading this then I’m sure you love IT, but don’t forget the other important things in life – family, friends and happiness. Having a baby has highlighted this for me, but of course you can still be reminded of these things regardless of your life choices.

On that note, I’d better check the nappy situation.

20150216_163458

Security Group Management Script

Posted on by Adam Fowler

Over at eNow Consulting’s blog, I submitted an article and script on Exchange Group Management. It’s been working great for me, and hopefully will help others. I had a similar requirement around Security Groups, and this is the result.

The script itself is almost identical, but I wanted to share it anyway. I think it’s a great demonstration that you can really customise a script for whatever purpose you have. If you want to know how the script works generally, read my post at eNow, but there’s only one line different.

Instead of creating a “New Distribution Group”, it’s creating a New AD Group. The whole command is a bit different in syntax, but it’s still doing the same thing – creating a group. If you only wanted to manage existing groups, and removed the line altogether, you could manage both email and security groups from the single script (assuming a since csv file contains everything you want).

Here’s the script:

# Script to populate members of Security Groups
Start-Transcript -path C:\Scripts\Admin\Logs\securitygroups.txt
$data = import-csv C:\Scripts\Admin\securitygroups.csv
foreach ($group in $data){
New-ADGroup -name $group.GroupName -GroupCategory Security -GroupScope Universal -Path “OU=Security Groups,DC=mydomain,DC=com,DC=au” -Description “Automatically Managed by  @AdamFowler_IT’s Script”
$users = Get-ADUser -SearchBase “ou=Users,dc=mydomain,dc=com,dc=au” -Filter $group.filter
Get-ADGroup -Identity $group.groupname | Set-ADObject -clear member
Add-ADGroupMember -Identity $group.groupname -Members $users
}
Stop-Transcript

Ideally, you should intelligently create security groups based on criteria around how the business functions. For example, the Finance department can have their own security group, if their department is Finance. Makes sense right?

The catch though, is to NOT link any actual security to this group. You don’t want 30 different things (e.g. files, folders, sharepoint sites, anything you’d use a security group for) pointing to one group. What if the Finance folder needs to be accessed by the CEO of your company? You shouldn’t just add them to the group by adjusting the filter, because they’ll get access to the 29 OTHER things pointed at this group.

The way around this is to have a security group for every single separate thing you apply security to. Have a Finance drive? Then create an AD security group with a descriptive name, and then add the original Finance security group as a member. This way, if someone joins or leaves the Finance team, security will automatically apply. On top of that, if you need to give the CEO access to the Finance drive by this secondary group, knowing you’re only giving them access to that one thing.

One to one relationships on a security group and what it applies to, will make managing it in the future much easier. You could extend this even further, and have a security group for each job function – this would mean there is a CEO security group that contains the CEO, and you can then add that security group to anything they need. The biggest benefit of this is when your CEO quits and another one comes along, you can just add the new CEO to the CEO group and they’ll get the same access. Not sure what access the CEO gets? Check what the CEO security group is a member of, and all your smartly named security groups will be listed.

My last tip around security groups is to note down who’s in charge of the group in either the notes or description field. If a query comes up a year later, you may not remember who originally asked for the security. Having a person or a job title listed means you can quickly get approval for making membership changes to the group.

Thinking about how you’re going to manage things in the future and planning around it might be a bit more painful at the time, but it really pays off in the end.

Excel and Word Macros Broken with Windows Update

Posted on by Adam Fowler

A problem popped up recently where an Excel Macro file wasn’t working – there was a button to run the macro, but the button wouldn’t even click. This is despite all the security settings being their lowest – e.g. Enable all macros (not recommended; potentially dangerous code can run).

A friend pointed me in the right direction for this one, and the cuprit was Windows Update KB2553154 which I don’t think has actually been pulled yet (although InfoWorld reports others have). The patch is designed to fix a vulnerability.

There’s a great post on StackOverflow about this, along with a fix from user John W  that I can confirm works:

From other forums, I have learned that it is due to the MS Update and that a good fix is to simply delete the file MSForms.exd from any Temp subfolder in the user’s profile. For instance:

C:\Users\[user.name]\AppData\Local\Temp\Excel8.0\MSForms.exd

C:\Users\[user.name]\AppData\Local\Temp\VBE\MSForms.exd

C:\Users\[user.name]\AppData\Local\Temp\Word8.0\MSForms.exd

Of course the application (Excel, Word…) must be closed in order to delete this file.

I actually just deleted everything in the Temp folder. The user didn’t need to log off or anything, just opened up the Excel Macro template and it instantly worked.

You could use group policy preferences to delete these .exd files if you don’t want to manually remove it, but hopefully you don’t have too many people in your company affected by this. Otherwise, it might be a good idea to hold off on 2553154 as MS may release a hotfix or re-patch the patch.

Updated: Affects Word also.

 

Lumia 830 vs Lumia 930 Review

Posted on by Adam Fowler

Microsoft have provided me with a new Nokia Lumia 830 to roadtest, so I was keen to compare it against the current flagship model – the Nokia Lumia 930. The 830 is a mid-range phone though, so there are many differences between the two. I reviewed the Lumia 930 a few months ago, so we’ll cover the 830 mostly with some comparisons to the 930.

OS
The Lumia 830 is one the first phones to ship with Lumia Demin, following on from the Lumia Cyan release (they go up alphabetically, like Ubuntu releases). Microsoft list the features here, and there’s a few nice additions. For Australians such as myself, along with Canadians and Indians, we have alpha Cortana support.  I’ve started to test this, and speech recognition is definitely better than it was previously. The other more important benefits relate to certain Lumia phones only, which mostly focus on camera improvements, as well as features for the glance screen.

Screen
Yes, the glance screen is back! This was one of the biggest features missing from the Lumia 930, but due to the 830 using an LCD screen rather than the 930’s OLED. Grabbing your phone out your pocket and just looking at it to know the date/time along with a second piece of information is simple but efficient. I’d like to see more options around this – I don’t like choosing between weather OR my next meeting, I’d like to see both. Hopefully as glance screen matures, it will become even more customisable.

Despite both phones having a 5 inch screen, resolution wise, the 830 runs at 720 x 1280, which is much lower than the 930’s 1080 x 1920. I couldn’t visibly tell the difference in general day to day use, so although more pixels is better, I’d be happy enough with the lower res (which is still quite high).

Hardware
Physically this is a lighter, less robust phone than the 930. There’s only 17 grams of difference between the two, but the 830 is also thinner. The micro usb port has moved to the top left of the phone, rather than the bottom middle. I’m not sure which is a better spot – I’m tending to believe that the top is more convenient, so you can lean the phone upright against something if you had to, while charging or copying data. Wireless is where it’s at though, and just like the 930, wireless charging is built into the native backplate. I have mentioned this in previous reviews, but once you are set up for wireless charging, you’ll miss it when you don’t have it.

The battery is removable in the 830, along with an internal micro sd card slot – neither of which the 930 has. I prefer these options as it gives flexibility in being able to swap things around, but also allows for sleeker protective covers due to the back plate clipping completely off – a complaint I had about the official Nokia 930 cover making the phone too bulky.

Camera
The inbuilt camera for the 830 runs at 10 megapixels, much less than the 930’s 20 megapixels. Camera quality is still good as per any decent smart phone these days, and there’s plenty of people who have made comparison shots in details, so look those up if you’re interested. The camera doesn’t really extrude out the back of the phone (unlike the Lumia 1020’s 43 megapixel beast), but the cover does curve slightly to protect it, not that it bothered me.

One interesting thing I found was under Settings > Applications > photos+camera, you can choose which application launches by default when pressing the camera button. This was set to Nokia Camera, but changing it to Microsoft Camera resulted in a much faster loading time when pressing the camera button, as well as quicker pictures being taken. I’m not sure how this relates to the Lumia Camera app that’s also due for release very soon, but they do seem to be different programs:

wp_ss_20141202_0006Nokia Camera

wp_ss_20141202_0005Microsoft Camera

Photos in a darkened environment aren’t terrible – they’re nowhere near as good as the 930, but they’re passable. Washed out, but still better than what I’d expect without a flash being used. Here’s an example of a photo in a reasonably dark room:

WP_20141202_19_20_33_Pro

Other bits
For Australians and possibly others, the Lumia 830 has the new 700Mhz band which Optus and Telstra are in the process of releasing. This should give better coverage and faster 4G speeds. The Lumia 930 doesn’t have this band, which is a consideration.

Should I Buy One?
If you’re trying to decide between the Lumia 830 and 930, then you need to pick between the main factors. The 830 is reasonably cheaper, has a swappable battery and micro sd slot, and glance. The 930 is faster cpu wise, has a higher res screen and a much better quality camera. Those are the selling points between the two, so pick the one that makes the most sense to you.

If you’re thinking of upgrading from an older Lumia handset, then unless it’s so old that it won’t run Windows Phone 8.1, then there’s no huge benefit in upgrading. I had to use a Lumia 920 for the last few weeks while my 930 was repaired, and it didn’t feel like I was going backwards.

This is a really nice solid phone, it’s light to hold and smooth to use. I don’t have any complaints about it, which shows that Microsoft/Nokia seem to know what they’re doing now. If I had bought this outright, it’s definitely not something I would regret.

How to unlock a linked iPhone/iPad

Posted on by Adam Fowler

Apple in their wisdom, have implemented a way of reducing iPhone and iPad theft – by linking an iOS device to an Apple ID (aka iTunes account, or iCloud account). This is good, because there is no way to wipe and reuse the device without providing the correct Apple ID username and password. eBay is full of these too, selling them for parts only.

iphone lockedAn example locked iPhone from eBay

This is also bad though, particularly for businesses. You can dish out iPhones to all your staff, but unless you disable the use of Apple IDs, or manage the credentials with email accounts you have access to, this is out of your control. Staff can use their personal Apple ID on a device, and when they leave for whatever reason, you get handed back a completely useless device.

Some companies can enforce this as part of someone’s contract or terms of employment; return the phone in working order, or you’ll be charged for it. This is a big hassle to chase up though, and you can still be left with a non-functioning phone at the end of it.

After researching the locked iOS device problem, and calling around… there is a way you can reset these phones to be in working order again. The problem with this process is that you need Apple to press a magic button, and will have to convince them to do so.

Here’s a step by step on how I managed to get a few phones unlocked

1. Call Apple. You don’t need a valid AppleCare support or anything like that, and tell them you have a locked device, along with saying if it’s business or personal. They’ll then transfer you through to the local area that looks after locked devices

2. The local area will raise a case for you, and want to know the IMEI or serial number of the device.

3. You’ll then receive an email from a ‘do not reply’ Apple address, similar to this:

Please review the Form below and complete or correct any needed information. Afterwards please copy and send to [email protected] using “xxx” as the subject, and attach any and all Proof of Purchase documents, unless confirmed by advisor. A reply will be sent within 2 to 10 business days.

To be considered valid, the receipt must include the following information:

1. Reseller’s name
2. Reseller’s address, phone number or website URL
3. Date of purchase when the product was originally sold
4. Product serial number, IMEI number or MEID number

The serial number can be typed or handwritten. If the reseller didn’t provide the serial number on the receipt, you can write the number on the receipt before you send it. For help finding your product’s serial number, see this article:

How to find the serial number of your Apple hardware product
http://support.apple.com/kb/HT1349

4. Find your proof of purchase (receipt or invoice). For me, there was no IMEI or Serial number referenced, so I handwrote the serial number on the invoice and scanned it in.

5. Email your invoice to the address provided on the last email

6. For businesses at least, you’ll then receive an email like this:

Hi Adam,

Thanks for contacting AppleCare for your unlock request for Find My iPhone: Activation Lock. To complete your request, we’ll need more information. Please fill out the following Statement of Ownership and Authority.

UNLOCK AUTHORIZATION STATEMENT: “I [CUSTOMER NAME] representing [BUSINESS/INSTITUTION NAME] authorize Apple, Inc. to unlock the devices listed.”

Reply to this email with the completed form. We’ll confirm we received your email within 2 business days and continue to work on your request. For faster turnaround time, please keep the case number in the subject line of your reply.

We look forward to hearing from you.

For consumer, you may need to have a signed declaration from a Justice of the Peace (J.P.).

7. Send back your one liner ‘unlock authorization statement’, then wait a few days. 2 business days for companies, but I was told it’s a week or longer for consumers.

8. If all goes well, you’ll then get the final email stating that the lock has been removed:

Thanks for sending the proof of purchase for this product:

Product: IPHONE XXX
Serial number: XXX

After reviewing the provided documentation, we have turned off Find My iPhone Activation Lock on your device. You can now perform a recovery-mode restore to erase the device and set it up with a different Apple ID.

For more information on how to perform a recovery-mode restore, see this article:

iOS: Unable to update or restore
http://support.apple.com/kb/HT1808

Warning: When you restore the device and remove the current Apple ID, all data associated with that Apple ID will be deleted from the device and will not be restored when you set up a different Apple ID. This includes, but is not limited to, iTunes and App Store purchases, content stored in iCloud, and any iMessage conversations.

Please contact us by phone if you have any other issues or questions. To find the right phone number, see this article:

http://support.apple.com/kb/HE57

Thanks for contacting AppleCare.

9. Try your phone again, and it should check with the Apple servers and be completely unlocked.

Please comment if this process has worked or failed for you.