Monthly Archives: April 2022

• Things that annoy me – Windows 11 edition

  Posted on April 29, 2022 at 21:56 CDT by Susan Bradley • Comment in the Forums

  You can tell that Microsoft is starting to react to some of the feedback on Windows 11, well at least their Enterprise customers.  In the Insider release comes new group policies:

  What’s new in Build 22610
  Additional new MDM and group policies for IT administrators
  We are introducing new policies so that IT administrators can simplify their Windows 11 experience across Start, taskbar, and the system tray. The following policies are available today:

  Disable Quick Settings flyout
  Disable Notification Center and calendar flyouts
  Disable all taskbar settings
  Disable search (across Start & taskbar)
  Hide Task View from taskbar
  Block customization of ‘Pinned’ in Start
  Hide ‘Recommended’ in Start
  Disable Start context menus
  Hide ‘All apps’ in Start
  To configure these new group policies locally, open the group policy editor and navigate to User Configuration > Administrative Templates > Start Menu and Taskbar. You can also deploy these policies via Microsoft Endpoint Manager as well.

  Let me know if you want any of these options in registry keys?  As typically if you can do it via group policy, you can also do it via a registry key in Home versions.

  You know what slows me down in Windows 11 the most?  The Cut and paste function in the File explorer.  It’s now hidden in the “show more options” section of the right mouse click

  

  Once you click on “show more options” then you see copy and paste.  Now yes, I can do control C and Control V, but that typically means I have to move my fingers off my mouse and over to the keyboard.

  Windows 11 Patch Lady Posts

• Today’s edition of things that annoy me

  Posted on April 27, 2022 at 14:31 CDT by Susan Bradley • Comment in the Forums

  Today’s edition of things that annoy me in Microsoftland:

  1. Whom did you get your feedback from?

  Peter Deegan writes on Microsoft’s latest huh move. In a recent post to their alerts, they indicate that they are going to move people from the semi-annual enterprise channel to the monthly channel because people in the monthly channel “Customers on a monthly feature update cadence, such as those on Monthly Enterprise Channel, have reported higher satisfaction than those receiving semi-annual feature updates.”  I don’t know about you but I hardly ever click on Office smiley face feedback so exactly whom did you speak to?  Note this does not impact consumer 365 subscribers, just business subscribers.

  2. The dribble changes

  Microsoft announces changes in their platform but then doesn’t push things out right away. So weeks go by and suddenly things change for some – but not all – of your computers and you have to figure out what change occurred. If you suddenly see your search results change, remember I wrote about this a bit back.

  Right-click the Windows taskbar, select Search from the popup menu, and then click Show search highlights.

  I prefer the second option, setting a Registry key because options set like this in the Registry tend to stick — further updates to this “feature” should not turn them back on. To block the external content, add the key Windows Search, add another dword key called EnableDynamicContentInWSB, and set it to 0. This is represented by the following:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search\EnableDynamicContentInWSB=0

  To make it easier for you, I’ve coded up an easily installable registry key to place the block in your system. To install the block, merely click here and then click on Open file in your browser’s download dialog. Click to run the program, and then click yes to install the registry key.

  Bottom line, every day there’s something new to be aware of.  We try to keep you informed!

  Office News Patch Lady Posts

• MS-DEFCON 4: Protect yourself with patches

  Posted on April 26, 2022 at 02:45 CDT by Susan Bradley • Comment in the Forums

  

  ISSUE 19.17.1 • 2022-04-26

  

  By Susan Bradley

  I’ve been holding my breath.

  For the past few weeks, I’ve been watching for attacks that researchers indicated would be coming due to a vulnerability in all versions of Windows. All I’m seeing so far are theoretical attacks, not actual attacks.

  CVE-2022-26809, the headline vulnerability of the April updates that impacts Windows 7 through Windows 10 — as well as Windows Server versions — sounded like it had the potential of being a worm inside a network. Microsoft complicated the matter when it first indicated that this vulnerability was triggered by SMB file sharing. Then it clarified that the original researcher had provided a proof of concept that used SMB file sharing, but that additional methodologies could be used in attacks.

  Anyone can read the full MS-DEFCON Alert (19.17.1, 2022-04-26).

  AskWoody Plus Alert, MS-DEFCON AskWoody Alert, MS-DEFCON, MS-DEFCON 4, Patch Lady Posts

• Removing MFA

  Posted on April 25, 2022 at 02:45 CDT by Will Fastie • Comment in the Forums

  

  ISSUE 19.17 • 2022-04-25

  Look for our special issue on Monday, May 2!

  MICROSOFT 365

  

  By Will Fastie

  How many times have articles in this newsletter told you that multifactor authentication (MFA) was a good idea and suggested that you turn it on?

  A lot. It’s good advice.

  Just the other day, I turned on Microsoft 365 MFA for one of my clients. It’s too embarrassing for me to describe the mistake I made. Suffice it to say that it was an accident, because I didn’t intend to turn it on.

  Read the full story in our Plus Newsletter (19.17.0, 2022-04-25).
  This story also appears in our public Newsletter.

  AskWoody FREE Newsletter, AskWoody Plus Newsletter, Microsoft 365 AskWoody Plus Newsletter, Microsoft 365, Multi-factor Authentication

• Apple’s M1 processors are shaking up how you compute

  Posted on April 25, 2022 at 02:44 CDT by B. Livingston • Comment in the Forums

  SILICON

  

  By Brian Livingston

  After defining the smartphone market with its iPhone for years, Apple Inc. has shaken up the tech territory by designing its own M1 silicon to revive the Mac product line.

  With the original M1 appearing in MacBook Air shipments as of November 2020, the latest shipment in March 2022 of the so-called M1 Ultra — with performance rivaling that of some longtime powerhouse leaders — has created an entirely new class of personal computers.

  Read the full story in our Plus Newsletter (19.17.0, 2022-04-25).

  AskWoody Plus Newsletter, Silicon Apple Silicon, AskWoody Plus Newsletter

• Get more OneDrive with these tips

  Posted on April 25, 2022 at 02:43 CDT by Peter Deegan • Comment in the Forums

  MICROSOFT 365

  

  By Peter Deegan

  There are a few tricky ways to beat the 365 plan quota, to get more than one terabyte of OneDrive space for nothing and save local disk space by pushing files to OneDrive.

  Most Microsoft 365 plans, including Family, Personal, and most Business plans, include one terabyte of OneDrive storage. That’s 1,000 GB, more than enough for most people. But if you need more, there are cheaper – or even free – options available that are legitimate, inside the bounds of Microsoft’s rules.

  Read the full story in our Plus Newsletter (19.17.0, 2022-04-25).

  AskWoody Plus Newsletter, Microsoft 365 AskWoody Plus Newsletter, Microsoft 365, OneDrive, tips

• Gearing up for cyberwar

  Posted on April 25, 2022 at 02:42 CDT by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  Once upon a time, I used to publish maps showing the location of each water pump in the city where I live.

  Fresno residents rely on the underground water supply and pump much of the drinking water from various wells throughout the city. And then Fresno — like every other city — realized that publishing information about critically important infrastructure items, such as drinking water, probably wasn’t wise. That was especially driven home after 9/11; governments realized that they were handing over helpful data to those who might use it to attack us.

  Read the full story in our Plus Newsletter (19.17.0, 2022-04-25).

  AskWoody Plus Newsletter, On Security AskWoody Plus Newsletter, cybersecurity, On Security, Patch Lady Posts

• Are you prepared?

  Posted on April 23, 2022 at 22:25 CDT by Susan Bradley • Comment in the Forums

  It’s Saturday night or Sunday morning where you are and I’d like to challenge you to test that you can restore a file that has been damaged, deleted or removed or worse yet, you got hit by ransomware.

  So first step is to move a file to a different location on your computer. Next launch your backup software. Launch the recovery window and see if you can restore that file.

  Ransomware is now being used by commercial attackers and they are using zero days to gain access into systems.

  One-third of all hacking groups exploiting zero-days in 2021 were financially motivated criminals as opposed to government-backed cyberespionage groups, according to Mandiant’s research. During the last decade, only a very small fraction of zero-days were deployed by cybercriminals. Experts believe the rapid change has to do with the illicit, multibillion-dollar ransomware industry.

  For businesses, they are going after VPN software, Exchange on premises software among other vulnerabilities.

  So I challenge you tonight/tomorrow to test a backup and restoration process.

  Security

• From remote? From local?

  Posted on April 19, 2022 at 16:08 CDT by Susan Bradley • Comment in the Forums

  Alex posted earlier about UEFI vulnerabilities in certain models of consumer Lenovo laptops.

  The official notice is here at the Lenovo site.

  I try to weed out the hype and get to “how will I be attacked”?

  If the attack has to occur locally I discount the attack.

  According to Lenovo there are three vulnerabilities:

  One local access the other two described as “attacker with elevated privileges”

  CVE-2021-3970: A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.

  CVE-2021-3971: A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable.

  CVE-2021-3972: A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

  I can’t figure out from reading the details from the ESET site if the attacker modifying the boot settings would manifest itself into some other side effect that you and I would then take action to reinstall the operating system? Or some other drastic action?

  What the realistic risk here?

  Windows Security Patch Lady Posts

• Making connections between computers and monitors

  Posted on April 18, 2022 at 02:45 CDT by Ben Myers • Comment in the Forums

  

  ISSUE 19.16 • 2022-04-18

  HARDWARE

  

  By Ben Myers

  With four different standards for video ports and cables, as well as some “mini” ports, it can be downright confusing to come up with the right cables to connect your computer to a monitor.

  In the best of all possible worlds, we would all want to buy a computer and a monitor at the same time, ensuring that they connect to one another and work well together with the right cabling. In our real world, a computer meets an untimely demise and an upscale monitor is still exactly what we need. Or maybe the monitor fails to light up, it becomes too dim, you punch out the screen in anger, or it is simply time for a larger monitor. Possibly you want to attach a monitor to your laptop, duplicating the laptop screen on a larger viewing area or using dual screens to see more information.

  Read the full story in our Plus Newsletter (19.16.0, 2022-04-18).
  This story also appears in our public Newsletter.

  AskWoody FREE Newsletter, AskWoody Plus Newsletter, Hardware AskWoody Plus Newsletter, DisplayPort, Displays, DVI, hardware, HDMI, Standards, Thunderbolt, VGA

• Protect yourself from iPhone and Android spying

  Posted on April 18, 2022 at 02:44 CDT by B. Livingston • Comment in the Forums

  PUBLIC DEFENDER

  

  By Brian Livingston

  As technology marches forward, there are more and more things for us to watch out for. One thing you might not be aware of is how easy it is for someone to listen to everything you say through a smartphone, such as an iPhone — even if the device is turned off.

  That’s right. That innocent-looking glass slab on the next table could be picking up everything you say and transmitting it 100 meters or so to an Apple AirPod earpiece, in the case of an iPhone, or to any wireless headphones, by using an app for Android phones.

  Read the full story in our Plus Newsletter (19.16.0, 2022-04-18).

  AskWoody Plus Newsletter, Public Defender Android, AskWoody Plus Newsletter, iPhone, Spying

• Lance Whitney: Taking center stage

  Posted on April 18, 2022 at 02:43 CDT by Chris Husted • Comment in the Forums

  PROFILES

  

  By Chris Husted

  When a person with 25 years’ experience as a technology writer has some wisdom to impart, it pays to listen.

  Lance Whitney has been a full-time freelance tech journalist for “only” the past 12 years, but that comes after decades of working in IT first as a technician, then as a consultant, and today as a writer of tech articles scripted especially for IT professionals and for the everyday user, as AskWoody readers already know.

  Read the full story in our Plus Newsletter (19.16.0, 2022-04-18).

  AskWoody Plus Newsletter, Profiles AskWoody Plus Newsletter, Profiles
• « Older Entries