HTH   Hope This HelpsAnchoriTunesSpotifyOvercastTwitterMastodonTwitchRSSReddit

HTH0025: Do The Roll-Up

Alternate episode name candidates:

  • You Were Very Emotional
  • The Tiffany Roast Hour
  • Help Is Available
  • I Survived IE1-11
  • Email Is Just DNS With A Lot of Fluffy Things
  • Everyone is Scared of DKIM, DMARC, and SPF

Boot up

  • Post-mortem on why HTH0024 was a bit shorter than other episodes (YouTube Music)
  • Dark clouds at Mozilla
  • Threat management team laid off
  • Mozilla to refocus on its own commercial products
  • Google contract extended
  • CORRECTION: Thunderbird isn't exactly a community-only project. Some things have also changed, Thunderbird was transferred to MZLA Technologies Corporation from the Mozilla Foundation.
  • CORRECTION/MINI THAT IS ACCURATE: Gmail Launched 4/1/2004.
  • August Patch Tuesday plop
  • Circle the wagons: CVE-2020-1472 | Netlogon Elevation of Privilege Vulnerability…especially bad if you have 2008 R2 as a DC. Extended support needed for the patch, otherwise you need to mitigate.
  • Patch Management comment: "The way I read it, Netlogon secure channel is what is used for user and machine account authentication, so basically, if you don't enable the GPO setting, your legacy domain joined clients will not be able to logon to the domain and will eventually fall off the domain because they will not be able to establish a secure connection with the domain controller. They also mention non-Windows devices being impacted, so I'm assuming authentication from non-domain systems (e.g. Linux SAMBA connections, etc) will also be impacted by this." --Brian McMahon
  • "It’s rare to see a Critical-rated elevation of privilege bug, but this one deserves it," said ZDI’S Dustin Childs. "What’s worse is that there is not a full fix available."
  • Win10 2004 no longer searches online for Drivers by default
  • "To download updated drivers from Microsoft’s catalogue you now have to go to Settings > Update and Security > Windows Update > View Optional Updates > Driver Updates."
  • Server 2012 update checking/service being bonkers lately
  • Troubleshooter always detects DIFFERENT problems and fixes DIFFERENT things..
  • Sfc /scannow and the DISM repairs do nothing to fix this
  • Working fix: Manually extract/installing the same month's SSU and latest Security Monthly Quality Rollup, which will bump the wuaueng.dll version number.
  • Attempting to instead use the Security Only Quality Update will NOT work!
  • CORRECTION: Steve tried removing the Catroot2 folder, not catroot (don’t touch catroot)
  • Link to a sample script that can do this
  • Bye-E11 - M365 no longer supports IE 8/17/21 HOPE YOU'RE READY!
  • Will MS have ported over IE-exclusive SharePoint features (WebDAV "Open in File Explorer" links?)
  • Teams in the browser / Teams rant
  • Inconsistent/buggy notifications in Firefox
  • Photos not showing - UserVoice
  • Tiff returns to the land of Macs.
  • macOS Catalina didn't learn from Vista

Exchange errors: Real or Fake?

  • Microsoft.Exchange.Data.Directory.SystemConfiguration.UnsupportedBrowser
  • Microsoft.Exchange.Data.Directory.SystemConfiguration.OverBudgetException
  • Microsoft.Exchange.Data.Directory.SystemConfiguration.OutOfMoneyException
  • Exchange 2019 System Requirements

Declassified Sysadmin Stories: Pocket Exchange

  • That time Steve built a portable Exchange 2010 server
  • Purpose: Teach people Outlook in a pre-cloud era at onsite trainings
  • Dell Latitude D630 running 2008 R2…4GB(?) RAM Core 2 Duo
  • (A later version was a newer Precision M4700 laptop and/or Thinkpad X201 running 2012 R2)
  • Server 2008 R2 Hyper-V VM running Exchange 2010
  • Exchange built according to a guide
  • Pre populate AD, users/mailboxes, and make fake sample content (e-mail, calendar events, etc) built to a Microsoft guideline
  • Server connected to a router, classroom laptops connect wirelessly (no internet access), static DNS manually set on laptops to point to router
  • Outlook configured on each laptop for a specific user
  • OOO wouldn’t work without massaging DNS/autodiscover, which needed manual fixing after restoring the snapshot every time (delete and re-add the autodiscover A record in DNS then bounce the DNS services)
  • A brief discussion on SPF, DKIM, and DMARC

That Is Accurate

Ask the Stiffs: Question of the Week

  • What was the worst password you ever created
  • What was your first password? ;)
  • Various computer nostalgia