How secure is your password??

I find people asking me how complex their password needs to be all the time. This is a genuinely valid question. Sometimes this is a matter of opinion from network engineers, so here's my opinion on what I've found.

(A Complex Answer / Microsoft Recommendation) Microsoft recommends:

A) Password does not contain any part of a user's name (Display Name/Account Name/etc.)

B) Must be at least 7 characters

C) Should be changed every 42 days, minimum

D) Must contain 3 of the 5 following: An uppercase, a lowercase, a digit, a symbol, and/or a unicode character.

(My simple answer) I recommend:

Passwords need to be secure, but easy to remember. Of course "T8iL#)iuwr*3A~~!!" is going to be very secure, but who's going to remember that? So, of course, you're going to document that somewhere right? Sheet of paper? Excel document? Notepad document? When you need to document it, how do you secure that document?

So, what is more secure? "T8iL#)iuwr*3A~~!!" or "D0g...................." (Capitol D, Zero, g, +20 periods)? Which one are you going to remember better? Believe it or not, "D0g...................." (23 characters) is going to take quite a bit longer than "T8iL#)iuwr*3A~~!!" (17 characters) to crack.

Here's a nice site I stumbled upon a few weeks ago that shows you just how long it might take to crack a password: https://www.grc.com/haystack.htm

Enjoy!

Exchange 2010 Certificates - The Cheap Way

So, every now and then, I run into people that don't want to pay $80/year for a UCC / SAN Certificate for their exchange environment. While there are ways around this to put in a regular certificate, it's highly recommended to just get the UCC/SAN Cert.

If you do end up getting the cheap, one-domain name certificate, here's a few items you'll have to update through Exchange Management Shell. These will help make everything work more smoothly and prevent certificate / password prompting in Outlook:

Modify the Autodiscover URL in the Service Connection Point. The Service Connection Point is stored in the Active Directory directory service. (This one is missed the most) To modify this URL, type the following command, and then press ENTER:

Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri https://mail.yourdomainname.com/autodiscover/autodiscover.xml

Modify the InternalUrl attribute of the EWS. To do this, type the following command, and then press ENTER:

Set-WebServicesVirtualDirectory -Identity "CAS_Server_Name\EWS (Default Web Site)" -InternalUrl https://mail.yourdomainname.com/ews/exchange.asmx

Modify the InternalUrl attribute for Web-based Offline Address Book distribution. To do this, type the following command, and then press ENTER:

Set-OABVirtualDirectory -Identity "CAS_Server_name\oab (Default Web Site)" -InternalUrl https://mail.yourdomainname.com/oab

Expand the local computer, and then expand Application Pools.

Right-click MSExchangeAutodiscoverAppPool, and then click Recycle.

And that should be all you need to do on the back end to get it working.

InstallShield 2011 Bug - 256 Colors

Spent about 2 hours to try to figure this one out. Installing an application, remotely, for a client. One of my personal best practices is that when I use remote desktop, I use it in 256 color mode. Generally when I'm connecting remotely somewhere, it's for system maintenance, updates, or something techie. Only when it requires me to actually be able to see pictures to click on something or if say a PDF comes through garbled will I turn it to 16-bit. Overall it's a better "experience" for me, especially if I have to download something for said client.

Well - tonight was no different. Had to wait for something to download for a client, remoted in tonight, tried to start the install, ran a .exe that auto-extracted itself then auto-ran the setup program. Got an error

Unhandled Exception

Error Number: 0x80004005

Description: Unspecified error Setup will now terminate

Tried various multiple well-known tricks. "Run as Admin", Run in Comparability Mode, Unpacked .exe, then ran the real setup, ran that as admin, ran it from the remote desktop "/console", and searched the internet with no real result.

The solution? InstallShield 2011 has a bug. If you try to run any install that was packed with InstallShield 2011 and the screen has 256 colors or less, the install will fail. Supposedly this has been fixed in InstallShield 2012.

http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Q212301&sliceId=1&docTypeID=DT_ERRDOC_1_1&dialogID=111488957&stateId=0%200%20111486483

Hopefully this might help someone else out looking for the same error. PS: This was a Sage application.

But I can't find my USB Drives

So - I was at a client this week.  New computer install.  Plugged in my portable USB powered drive into the front of the PC and the PC couldn't find drivers for the USB drive.  After some long searching (which included running sfc /scannow).  I ended up having to tell Windows to find the drivers at C:\i386 (several times).  Although, while on the way to finding the solution, I found this cool page that has a lot of USB drive troubleshooting tips on it.  http://www.techspot.com/vb/topic122125.html

First Post!

Hey - Welcome to my new blog.  I guess I should but in the "First Entry Requirement" - just a little info on what you'll be able to find on this blog.  To start out, I'm a MCITP Certified Network Engineer.  I have been in the IT field since 2000 and work with a lot of various technologies from Windows to Linux/Unix to Mac and Desktop to Servers to networking to eMail.  Anything that I find useful or come across or a fix to a problem that I might need later sometime, I'll be blogging it here.  Anyway, that's a brief summary of what you can find.  Hope someone out there can find it useful.


And no blog post could be complete with some IT wisdom - so, here's a site that I travel to a lot - www.tclient.com - it always seems to have links to downloads I use a lot and it gets kept updated quite a bit.