Patch Lady – remoting into a desktop without VPN

If you are a small or medium business – or an IT consultant who helps small or medium businesses here’s a thought of a way to temporarily allow folks to remote into their desktops at the office without introducing more risk.  Many IT consultants are setting up Virtual Private Network connections from potentially insecure home pcs that are not secure to the firm network and may introduce more risk.  Especially if you have an unpatched Windows 7, this could introduce MORE risk to the network.

Here’s an alternative:

First off you’ll need either a spare server or spare room in a HyperV server.  You’ll need a domain with workstations joined to that domain.   Next download a trial version of either Windows Server 2016 or 2019.  Download an ISO to that hyperV Server.  Then follow these instructions (*)to set up a RDServer on that trial version.  That trial version – and the Remote desktop cals – will work for 180 days.

Now from a home pc – even a Mac computer – launch the remote desktop connection program.  In the computer name section put in the name of the computer you want to remote into.  Click on show options.  Click on the advanced tab.  Click on the connect from anywhere settings box.  Click on use these RDgateway settings and put in the url of the server name you’ve created from the instructions above.

Now click on “Use my RDGateway credentials for the remote computer.  Click on the experience tab and change the performance setting to modem (this will thin down the remote connection so that you get the best experience).

Back on the first tab

Back on the first tab you put in the actual workstation/computer name you want to get to and for the user name you put in DOMAINNAME\user name.  The remote user can now get to his or her exact workstation and remotely print.

Note to anyone using SBS 2011, SBS 2008, Essentials Server 2012, Essential Server 2016 those servers all have RDgateway set up by default and you can use the same process above to bypass the RWA portal and go directly to the workstations.  Note this also works for Mac workstations as long as you download the new RDP client

PC name would be the PC you’ll want to remote into.  In the Gateway setting, you’ll click on that blue icon on the right and put in the rdgateway url just like you do for the Windows machines.

Again, this will work to let workers remote straight into the exact desktop they use, so it’s best for office workers and those have have a single computer assigned to them.

Note if you have excess server computing power on that HyperV you can also use this to set up RDweb apps.  Put the date on your calendar as this will only work for 180 days or be prepared to license it before then.  But bottom line – this temporary solution can give your smaller clients a secure way to remote back into their offices with the Work from Home orders.

Also remember if you are like me where you are suddenly putting an ancient Windows 7 back into remote service, you can still buy ESUs from Amy.

(*) Huge thanks to Richard Kokoski for allowing me to post his step by step instructions.

Note that this only works with “normal” GUI server 2019 not Essentials 2019.  Microsoft removed the RDgateway bits from Essentials 2019 so do not attempt to do this with that version.

If you need a good VPN solution check out using OPENVPN.

Help us test the new AskWoody FREE Newsletter

We’ve hit more than a few snags along the way, but all now seems set for the re-appearance of the old Windows Secrets Free Newsletter, now cleverly renamed the AskWoody FREE Newsletter.

And, yep, it’s free – unlike the AskWoody Plus Newsletter, which goes out to folks who make a donation.

For you Plus Members, it won’t have any remarkable new content — the main article in the FREE Newsletter will be one of the articles in the Plus Newsletter, and “Best of the Lounge” will come across — but it’ll be arranged a little differently. Most of all it’s an absolutely free way for folks to see what we’re all about. With a little luck, FREE subscribers will decide to donate — or at the very least, sign up here on AskWoody.com and join the merry, no-bull crew.

If you’d like to help test, there’s a very simple signup form here. (Yes, we’ve brought across the signups from our last effort to get the FREE Newsletter off the ground. No need to sign up twice.)

Expect the first, beta test version, to arrive in your mailbox later today.

Your comments, criticisms, suggestions, and off-the-wall ideas are most welcome here in the comments.

Calling all Teams, Slack and Zoom gurus

There’s lots of competition right now for free collaboration/meeting software.

Microsoft says that use of Teams has spiked 40% in the past week.

Slack says it’s added 7,000 new users in the past seven weeks.

Zoom hasn’t released any usage numbers lately (at least none I’ve found), but I’m seeing lots and lots of references to it. Kids in my son’s school are all over it.

And, yes, I know there’s Skype for Business and Cisco. Go boomers.

Each is different, and there are certain situations where each has obvious benefits.

What I want to know is if you have specific, real-world experience with any two of them and, if so, which did you end up using more frequently? Why?

Yes, you can install the latest Win7 security patches

Even if you don’t have the official Extended Security Update package.

@abbodi86 has details and a batch script that does the trick.

No guarantee the script will work after this month’s crop of Win7 patches. But it works fine for now.

Patch Lady – Covid-19 Impact on Microsoft Patching

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/revised-end-of-service-date-for-windows-10-version-1709-october/ba-p/1239043

We have been evaluating the public health situation, and we understand the impact this is having on you, our valued customers. To ease one of the many burdens you are currently facing, and based on customer feedback, we have decided to delay the scheduled end of service date for the Enterprise, Education, and IoT Enterprise editions of Windows 10, version 1709. This means devices will receive monthly security updates only from May to October. The final security update for these editions of Windows 10, version 1709 will be released on October 13, 2020 instead of April 14, 2020.

Patch Lady – Chrome patching impacted by “work from home”

https://www.zdnet.com/article/google-pauses-chrome-and-chrome-os-releases-due-to-coronavirus-outbreak/

Interesting side effect of this disruption, Google is pausing Chrome feature updates due to the virus outbreak

“Due to adjusted work schedules at this time, we are pausing upcoming Chrome and Chrome OS releases. Our primary objectives are to ensure they continue to be stable, secure, and work reliably for anyone who depends on them. We’ll continue to prioritize any updates related to security, which will be included in Chrome 80. Please, follow this blog for updates.”

Security updates will still come however.  Wonder if Microsoft will do likewise with the Windows 10 feature release?

This month’s “optional, non-security, C/D Week” updates are rolling out

I see 12 new patches in the Microsoft Catalog. Notably KB 4541331 for Win10 1809. There’s nothing out for Win10 version 1903 or 1909, which is common – those usually come later.

The Win 8.1 Monthly Rollup Preview, KB 4541334, doesn’t seem to include anything except the by-now-familiar:

Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.

In other words, you don’t need it or want it.

No acknowledged bugs as yet.

I don’t see anything for Win7.

Of course, we’re at MS-DEFCON 2: There’s no reason to install any of the March patches yet.

P.S. If you’re running an Exchange Server and haven’t yet installed the February patches, you’re in for an unpleasant surprise. Catalin Cimpanu at ZDNet has details of an active attack.

Man, I needed that

I try not to post direct links to Twitter on the main page – the link brings with it a bunch of tracking garbage – but I just couldn’t resist with this:

we all – and i cannot stress this enough – need this right now. possibly the greatest short film ever made. https://t.co/FzvtrmC70D

— Hannah Jane Parkinson (@ladyhaja) March 16, 2020

We’ll get through this. I guarantee.

Patch Lady – protecting your loved ones

Spotted this twitter post and loved it…

A message from me and my dad, @Melbrooks. #coronavirus #DontBeASpreader pic.twitter.com/Hqhc4fFXbe

— Max Brooks (@maxbrooksauthor) March 16, 2020

Also on CSOOnline I have some tips for businesses suddenly having to work from home.

(edit:  Note if you don’t want to sign up you can view the video here)

Everyone keep safe and sane out there.

(and after this always have toilet paper in stock so you don’t have to go crazy and buy out Costco)

MS widely expected to announce “Microsoft 365 Life” on March 30

No, it’s not an attempt to make you rent Windows. At least, not yet.

Mary Jo Foley has the details on ZDNet:

The Microsoft 365 Life bundles will largely be a rebrand of the existing Office 365 Personal and Home products and, as of right now, are expected to retain the same pricing as the existing O365 consumer subscription bundles, my sources have said.

In spite of the name, it’s not a Life… time subscription. Mary Jo has a description of the name, and notes that Yusuf Mehdi is officially “Corporate Vice President of Modern Life, Search and Devices.”

Cue the jokes about signs of intelligent life on… oh, nevermind.

Win10 hits its goal: One beeeeeeeelion monthly active devices

Yes, that includes speakers and game consoles, but still…

Yusuf Mehdi just posted on the Windows blog:

Today we’re delighted to announce that over one billion people have chosen Windows 10 across 200 countries resulting in more than one billion active Windows 10 devices. We couldn’t be more grateful to our customers, partners and employees for helping us get here.

There’s a mixed definition lurking in the details, but nevermind. Still, it’s quite an accomplishment.

P.S. Journalist Emil Protalinski just revealed that there are 17.8 meeeeeeeelion Windows Insiders. Not bad for a marketing beta program, but about 17.795 million too many for an effective “real” beta testing group.

Hard drive runs almost continually

LANGALIST

By Fred Langa

An AskWoody Plus subscriber’s new PC is bogging down from hard-drive saturation … but why?

A little spelunking with Task Manager will usually identify the problem.

Plus: Another reason for “PC screen continually goes dark”

Read the full story in AskWoody Plus Newsletter 17.11.0 (2020-03-16).