Replies

Anybody noticed when the annoying banner at the top of the Settings page appeared?

I’m using a Local Account, not a Microsoft one. And I don’t want to use one to login. Yet Microsoft only wants me to jump in the “everyone does it so it must be worth it” bandwagon…

Martin

1 user thanked author for this post.

jburk07

One key folder to back up is the user’s AppData hidden folder. That’s where most settings and application data is stored, unless your app is “weird”. The best thing to do is to back up the entire Users folder, this way you have Firefox/Chrome/Outlook/Thunderbird/etc data for the whole computer. You can usually copy those folders back and restore user settings after a Windows re-installation.

Martin

I think what you described ressembles Windows Server 2019… I downloaded a copy to “play” with it, and it is pretty bare. It does, however, use the 1809 core and updates, so their bugs will still affect you.

Martin

It will appear here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36934

The CVE was reserved yesterday, give it time.

1 user thanked author for this post.

kbecker1213

[ve2mrx]

Disabling VSS would cause many backup software to have issues, but that’s not what the workaround does. It “fixes” the permission (possibly to pre-1809 permission) and flushes VSS copies with the bad permission.

As far as breaking backup software by using the work-around, backup software worked fine before the permission was mis-set…

Martin

Updated: the work-around is Microsoft-Official

• This reply was modified 1 year, 10 months ago by ve2mrx. Reason: Added link to Microsoft CVE page

2 users thanked author for this post.

AlexEiffel, EricB

Secure Boot builds on TPM but I don’t know if you can have it without some form of TPM.

You can, however, use TPM independently of Secure Boot (like for storing fingerprints/passwords used to boot the machine).

Secure Boot disables CSM because there’s no way to maintain the security of the boot chain if you use it to boot. TPM is not involved directly in the boot chain but is a “library” of security tools/certificates used by the boot process (and later OS) if present. You can use TPM while CSM is enabled but Secure Boot can’t be used. However, the machine and the OS can still benefit from the presence of the TPM.

Martin

Windows bootable USB drives are formatted as NTFS with Rufus, use the “UEFI-NTFS” option and it should boot fine if your BIOS isn’t broken. This has no connection to partitions on the installation drive, but once installed, the OS must use GPT partitions.

Secure Boot is something that the boot image makes possible as it is pretty much validation of the integrity of the bootloader (it is signed). It has to be baked in the image and Microsoft has baked this in since Windows 7 (I used Windows 7 in Secure Boot). All you need to do is deliver the image in a way acceptable to the BIOS for the signature to be verified and boot to begin.

It will create a Windows bootable device compatible with UEFI Secure Boot as it always has!

Martin

This is why:

DOCSIS modems are meant to be sold to ISPs who in turn will test firmware updates and verify the impact on their networks before distributing them to customer equipment.

The newer update hasn’t been approved (yet?), so it was reverted to an approved version? I don’t use cable modems and haven’t since 2017, but if I was an ISP, I’d want to be sure an update doesn’t cause quality of service to my customers before releasing it to the masses!

I only manage a few small networks (5 networks and 11 machines) and I do test upgrades and updates before I update everyone. Just a few days ago, a test antivirus upgrade had issues and was reverted. I’d have a few unhappy customers if I’d pushed it to the 11 business machines! Imagine if I was an ISP with hundreds of thousands of customers!

Martin

My ThinkPad P52 + Synology DS920+ can transfer an actual 925Mbps during backups (3h for 1TB). I admit that if my P52 storage was fully loaded, it would take 10h+ to do a 3.5TB full backup.

At that point, some files I keep local would be permanently hosted on the NAS (like my software package archive) and I would do less Full backups and more Differentials/Incrementals and off-site Full backups. Use good backup software and *TEST YOUR BACKUPS*, of course! A good backup solution will encapsulate, transfer and verify your data.

If NAS aren’t the solution, what is? Do you know high-capacity (20TB) storage arrays that can be used to backup multiple computers automatically at a similar price point?

Martin

Bingo! DOCSIS modems are meant to be sold to ISPs who in turn will test firmware updates and verify the impact on their networks before distributing them to customer equipment.

Nowhere is the customer meant to update the firmware as it could cause network instability or, heavens forbid, bypass data caps.

In other words, the law forces the ISP to offer you the possibility to bring in a device not provided by them but never demanded they support devices they didn’t provide you. And you are unable to support your device without the ISP.

The law was written as if software vulnerabilities never existed because those  who wrote it don’t understand IT one bit. Please blame them!

Martin

In a way, the fewer features offered, the smaller the attack surface is and in theory the easiest it is to maintain and to secure the code. Of course, you can still have great hardware with “barely works” code underneath and you will never know until hacked. Just like the WD networked disks.

Support is always the expensive part. And where quality greatly varies overall.

Martin

1 user thanked author for this post.

AlexEiffel

Sorry, somehow I had forgotten about that incident… Possibly because I was already careful about the information I was giving them and was also using TFA with an app (NEVER sms or phone).

I know I wouldn’t use Belkin (so no Linksys), Cisco, D-Link, Asus, Microtik and nothing vital with a forced online account (so many others eliminated). Nothing ISP either, too weak (I use PPPOE pass-through, so I guess I can still be spied on by the ISP modem/router/AP blob?).

What does that leave in the low cost/high performance networking equipment market? I’d say that I don’t know once I remove Ubiquiti.

In many ways, networking equipment is no different than all the IoT crap plugged into their ports.

Can someone name me a unicorn and throw me a rainbow? I would really appreciate it!

1 user thanked author for this post.

AlexEiffel

Yes, but Microsoft says they can’t confirm it as “properly licensed” 😉

Meaning the only way you *know* it is properly licensed *by Microsoft’s point of view* is you buy a new machine with it installed or buy an official copy somewhere.

So, it works, Microsoft won’t close the hole, but they say it is not “properly licensed” :-p Yeah, right…

Martin

It depends on the storage mode used by the drive, most are basically USB big floppy/Zip mode and don’t have/use a partition table. You can change this to USB fixed disk and use partitions however.

Martin