IE6 check

Wednesday, June 12, 2013

Data Leakage Prevention in your Microsoft infrastructure

Data Leakage is a real problem and sometimes a threat in today’s corporate environment. This is e.g. discussed in this year's Verizon Data Breach Investigation Report (available here).

Yesterday, I had the honor to present a talk on the very subject. Scope of the presentation was to give insights on how to approach DLP with only Microsoft gear. It is indeed surprising how much is available from Microsoft - tools that are not necessarily costing you an arm and a leg - that allow you to go a long way a preventing data from leaving your enterprise, whether accidentally or on purpose.

Topics treated during my talk were
  • DLP project approach
  • Data Classification
  • Data Protection using Dynamic Access Control, AD RMS, Bitlocker To Go, and, EFS
If you're interesting in accessing a copy of the slide deck I used, head over to Skydrive:


Wednesday, May 1, 2013

Getting your Apple USB Ethernet Adapter to work on your Windows 7/8 64-bit computer

My dear spouse just came back from a business trip and bought me a "nice" present: a shiny Apple (remind me to somehow hide the logo) USB Ethernet Adapter. The people in the store told her it would work just fine with her computer (and mine - A Microsoft Surface Pro, which doesn't come with Ethernet, but which of course has USB). Of course, it didn't.

So, I plugged it in the Surface Pro. As expected, no drivers :-(

Searching the internet did not reveal immediately a (good) solution - I did find some hacked about archive containing drivers for Win98 to WinXP, but nothing suitable. Which got me thinking for 5 minutes. All these iSheep using their Mac with Bootcamp must be able to use this thing. So, I headed over to the Apple support website, where you can download the Bootcamp support software ( This is one huge archive containing all drivers you would need to get your Mac to work with Win7/8.

So, one task remained: finding out where the driver for my shiny new adapter was to be found. Again, this was made more difficult than necessary: Apple couldn't simply name the directories referring to the device names, but instead had to use the manufacturer of the chipset ... A little poking revealed that the driver I needed for this Apple thingy is found in the Asix folder. After you extract and execute the single .exe in that folder, you have your driver nicely installed. No need to play games with unsigned drivers and the like.

All in all, more difficult than necessary ... hope this helps someone else facing the same hurdles.

Friday, October 5, 2012

Free Windows Server 2012 training

Windows Server 2012 is a hot subject these days. Therefore, IT Pro's will want to get all the training they can get.

A nice collection is available at Microsoft's Virtual Academy

The deal gets even better when you are in Belgium:

In order to profit from this deal, go to:

This is what you will need to do to get your ticket:

Windows Server 2012 launch event in Belgium

This week, I had the honor to present at Microsoft's Windows Server 2012 launch event held in Antwerp, Belgium.

On my schedule, two presentations:

1. Windows Azure IaaS - How it works:

2. Windows Server 2012 ADDS Virtualization Safeguards:

As the event was recorded, I'll update this post as soon as recordings are available.

In the meantime: enjoy!

Tuesday, September 25, 2012

Surfing and privacy

Those of you who have been following me for a while, know that I'm always on the lookout for privacy issues on the web. The recent "Do Not Track" controversy triggered me to look a bit deeper into this again.

Security-conscious people have been aware for a while about the tracking protection offered by various browsers, whether or not that feature is configured by default by the browser or not (hurray for IE10!). Turns out that this is of not much help since the web server pretty much does what it wants with it.

Then my eye fell on a nice little free utility (browser plug-in) from a company called "Abine". The utility is called "Do Not Track Plus", and allows you to go one step further. It is available for download here.When downloading, you are informed that the tool is not supported on IE10, which is my main browser. I can confirm however, that the tool works without a problem in IE10.

Go download! Be Private!

Have Server Core, Will Upgrade (Part 2)

In my previous post, I showed how to enable the upgrade to Windows Server 2012 Core from an application point of view (the application being the Active Directory).

To continue my story, you need to know that my Hyper-V server is still running Windows Server 2008 R2 (of course I could upgrade my host first, but hey, we want to learn something, don't we?)

Not immediately it is obvious that if you intend to keep your host on this release, you are going to face some issues.

A first problem - which you may or may not encounter depending on how you update your servers - is described in the following KB Article: "You cannot run a Windows 8-based or Windows Server 2012-based virtual machine in Windows Server 2008 R2". This article explains that there is an issue occurs because the Hypervisor does not handle the one-shot synthetic timer correctly. This can cause the virtual machine to stop responding and/or cause you to receive stop error messages which makes the computer and all running VMs to stop (which sounds to me like a blue screen). A patch that you run on your Hyper-V server can be obtained here or by going to the article mentioned above.

The second problem you most definitely will encounter, and which you could already see in my previous post, is the following:

The compatibility report shows that there is a device that might not work properly (the Microsoft Emulated S3 Device Cap). While setup allows you to continue installing Windows Server 2012 (whether on Core or on GUI), your installation will not be successful and you will need to roll back your installation.

The solution is relatively simple: if you are on a full version of Windows Server, you simply go to device manager and you disable the offending "Microsoft Emulated S3 Device Cap" system device:

If you are on Server Core, obviously you would need to do the same from the command line. Entering the following command will disable the device:

sc delete s3cap

The system should then answer you with:

[SC] DeleteService SUCCESS 

After rebooting your server, you can then restart the upgrade process. The Compatibility report will then give you a clean slate:

 This allows you to successfully upgrade your server ...