Author Archives: Justin

Windows Software Update Services

WSUS 3.0 Cleanup

The aim was to free up hard disk space on a Server running WSUS 3.0. Relocating the Windows Update Repository or WSUS Database wasn’t applicable as this relocates the data elsewhere and doesn’t remove it.

The WSUS Administrative Console (Found within Administrative Tools) has a built-in Server Cleanup Wizard (under Options) which allows you to remove any of the following:

  • Unused updates and update revisions
  • Computers not contacting the server
  • Unneeded update files
  • Expired updates
  • Superseded updates

Before running the Server Cleanup Wizard, however, I recommend some WSUS repository housekeeping to maximise the amount of space you will reclaim:

  1. Go to Administrative Tools > Windows Server Update Services > “Update Server Name” > Updates > All Updates.
  2. Change the Approval option to Any Except Declined and the Status option to Any and click refresh.
  3. Right-click one of the column headers and ensure that Supersedence is ticked, then order the list by Supersedence.
  4. Select all updates that are superseded by another update (including those superseded updates that also supersede other updates) and Decline them. By declining the updates, the Server Cleanup Wizard will remove the updates from the repository when it’s ran.

With the housekeeping completed, run the Server Cleanup Wizard to reclaim storage.

There are two key points regarding the Server Cleanup Wizard:

  • If you are running the Wizard infrequently or for the first time, it will take a long time to complete (potentially 48+ hours – regardless of whether or not you complete the WSUS repository housekeeping). Don’t panic, it is working, let it do its job. If time is an issue, run the Wizard in two parts – once with the top two Cleanup options selected and once with the bottom three Cleanup options selected.
  • If WSUS forms part of a Microsoft Small Business Server 2008/2011 installation you will, by default, receive an email notification once every half hour informing you that the Update Service has stopped, while the Server Cleanup Wizard is running. You can turn this notification off by going to the SBS Console > Network > View notification settings > Services and deselecting the tick box for the Update Service.

Gateway AntiVirus

Email & WatchGuard Firewalls

With Malware often being hidden within Zip files as an attachment to an email as an attempt to avoid detection by mail security software, it is important to have a solution in place that can interrogate these compressed files and determine whether their content is malicious or not.

The Gateway AntiVirus subscription service on a WatchGuard security device provides one such solution as it can temporarily decompress email attachments before scanning them.

To enable this feature you will need to do the following:

  • Go into Policy Manager > Subscription Services > Gateway Antivirus and ensure that the Gateway AntiVirus service is enabled for your SMTP Proxy.
  • Click Settings… > Enable Decompression before saving & writing the configuration to the device.

Further detail and other best practices can be found in this article > http://tinyurl.com/q3fyyzc

Branch Office VPN (BOVPN)

Connections with WatchGuard XTM Devices

A Client has a central office (Site A) and a satellite office (Site B) in different geographical locations. Site A has network resources that the users in Site B need to access and vice-versa.

With a WatchGuard XTM device at the Gateway of each office’s network it is possible to create a permanent BOVPN connection and transparently share data between both sites securely, with data exchanges authenticated and encrypted through the use of IPsec.

Please see the following article covering the process from the data gathering stage through to implementation > http://tinyurl.com/ns6y7ud

Whilst the above article covers the configuration of WatchGuard devices the concept is vendor-agnostic. Use of the feature is determined by the capability of your Router hardware.

Remote Desktop from my iPad or iPhone

VPN with IPSec with a iOS Device

The aim was to connect a iPad to an external corporate network via a VPN connection to use the Microsoft Remote Desktop app.

Please consider the following points when using the built-in Cisco IPsec VPN client on your Apple iOS device:-

> Force all Internet traffic to flow through the tunnel.
The VPN client on the iOS device does not support split tunneling.

> Phase 1 setting > Set the Security Associations (SA) Life to 1 hour.
The VPN client on the iOS device is configured to rekey after 1 hour.

> Phase 2 setting > Do not use PFS.
Perfect Forward Secrecy is not supported.

For this example I was using a WatchGuard XTM Firewall appliance and I was able to import VPN profile settings using the WatchGuard Mobile VPN app.  This allows an administrator to distribute a profile settings file (wgm) via email to end users to apply the VPN profile to their iOS device.

WatchGuard article:- Use Mobile VPN with IPsec with a Mac OS X or iOS Device.

UEFI Installing Windows 8.1

Create a Bootable UEFI USB Flash Drive (Windows 8 / 8.1)

UEFI stands for “Unified Extensible Firmware Interface”. The UEFI specification defines a new model for the interface between personal-computer operating systems and platform firmware.

1. Insert the USB flash drive (for Windows 8.1 64bit use a 8GB device)
2. Open an administrative command window (Windows Key + X > Command Prompt (Admin))
3. Type the following commands:-

> diskpart
> list disk (identify disk # number representing the USB device)
> select disk #
> clean
> create partition primary
> format fs=fat32 quick
> active
> assign
> exit

4. Open File Explorer, navigate to your Windows ISO file, right click and select Mount
5. Select all files (Ctrl + A), right click and select Send to and then select Removable Disk

That’s it your good to go… If your system supports UEFI boot mode, then attach your USB flash drive, restart and drill through the Windows setup…

Windows 8.1 Upgrade Checklist

Deciding on installing Windows 8.1…? Have you performed the following…?

> Install Windows / Microsoft updates

> Install App updates

> Verify and install driver updates

> Uninstall incompatible programs

> Back-up your critical data

> Create recovery image

As an example take a look at the following guide from Dell

I have successfully upgraded my personal Dell Latitude laptop using the Windows Store… Hurrah…!