Home

Digitalwelcomemat continues to provide IT support as usual, there is currently no change to support services. As usual I try to minimize onsite support. This is because, remote support is significantly more timely efficient, which means a better service and more cost effective for everyone but also has the added bonus that it helps with social distancing. However as usual I am available for onsite support as required.

Should this situation change I will let you know.

Providing remote access for users direct to their PC is as simple as setting a fixed IP address for that PC then opening a firewall port (specifically for that user) and they can logon.

However scaling this solution up does present some challenges the first challenge is that the router will only support a certain number of port redirections and one has to be set up for each PC that needs to be accessed remotely In addition it becomes quite cumbersome to manage the fixed IP addresses for all the PC's and confirm that the right user has the right port number, record all that information and make sure that that information gets passed onto the user.

I've been looking for a better solution for this for some time Microsoft offer a product called remote desktop gateway which is very complicated in cumbersome to manage an I have been looking for a solution which provides the same functionality but is a lot less complex and onerous to manage plus be cost effective.

Today I have evaluated TSX gateway by thinstuff.com I have been aware of these guys for several years but haven't had a specific requirement to use any of their products.

The way that this product works is you install it in one location on your network, on an existing server and then all of the users connect from outside the network to that one [gateway] server, authenticate to that server and then connect to their own PC based only on the PC name. this means that no specific port number and no set of remote desktop icons is required. Also if user needs to use another PC or gets a new one it's just as simple as them using the other PC name that they would like to connect to and so long as I have given them access to that PC they can connect without further requirement for support or interaction with me.

There are another couple of benefits to this product as well:

• A reduction in support costs to manage this scaled out remote desktop solution
• The data is now transferred over the web using HTTPS (Port 443) which should allow users to connect from locations that would normally block traditional remote desktop connections. This is because HTTPS is the same protocol that the normal modern internet web pages use. For example if you are connecting from a library, a coffee shop or McDonald's hotspot you should be able to connect as usual without impediment.
• Closing port numbers 3389, 3391, 3392… etc should also reduce hammering attacks (where someone on the internet constantly tries to connect to your PC using usually random names and passwords) this will offload this task from the PC meaning that each PC no longer needs a product such as https://rdpguard.com (approx. US$50-70 *per PC*) plus install and maintenance costs associated with that. Base in mind that any hammering would now happen at the gateway.
• Additionally, the software allows [requires], for creation of one central SSL security certificate to identify the gateway server end. Once all the PCs are aware of this certificate it is probably not feasible for a hacker to "pose as" your remote desktop PC, intercept your password and store that to allow connection later. Although that would be a very unusual and quite complex thing to do under normal/current circumstances it's a benefit to be able to secure the system with a certificate. This does mean that you require a basic certificate in place for this purpose. You have 2 options for the certificate:

The free included certificate which the gateway software creates itself. This needs to be manually (but easily) installed on each PC that will connect remotely.

Or, alternatively you can purchase a public certificate for about $50 per year which means that any PC on the Internet (for example staff home PCs) can connect to your remote desktop PCs so long as they have the password without any setup requirement.

The software is US $259.00 for unlimited connections and can install on one of your existing servers.

This blog post has been provided for the benefit of digitalwelcomemat IT customers.

Treat this information as informative only and do not take actions or make decisions on the basis of the information contained here. All IT decisions and actions should be made after consultation with your chosen IT professional taking into account all the of the relevant factors.

Issues with Netflix performance? Check your internet speed direct from Netflix by using this Netflix tool:

https://fast.com/

MS is pushing Office *64 bit* version as the default install now for office 365 installs and its creating havoc with many customers. A major software update is meant to be carefully planned and not just forced on us by Microsoft.. 

If you are looking for maximum compatibility install the 32 bit version of Office (regardless of your Windows version) details here https://digitalwelcomemat.com/index.php/how-to-guides/51-how-to-install-microsoft-office-from-the-web-office-365-version

URGENT ALERT: If you receive an email that links to this screen do not enter your details. A customer has reported that they have received an email containing a link which brings them to a fairly convincing but bogus Microsoft office 365 logon. Once they did that their email account was compromised and used to send spam.

Don't get scammed, hover before you click...

For Office 2013 standalone (perpetual license) applications you won't get upgraded at all, if you were to want to upgraded you would need purchase the next Office 2019 standalone package or more sensibly now subscribe to office 365. The reasoning for that recommendation is below.

Now that the new version is out, that pushes Office 2016 to the "old version" and 2013 to "the really old and nearly forgotten version". Microsoft has a habit of only supporting the current version and the one before only so I am expecting that at some point office (Outlook) 2013 will stop working with office 365 mail.

No action is required just now but any new installs, significant changes or investment in time needs to bare all of this in mind, its fairly complex once you start talking about MS office in a business environment.

Microsoft has said here: https://products.office.com/en-au/office-system-requirements

Office 365 is designed to work with the latest browsers and versions of Office. If you use older browsers and versions of Office that are not in mainstream support: Microsoft won't deliberately prevent you from connecting to the service, but the quality of your Office 365 experience may diminish over time.
Microsoft won't provide code fixes to resolve non-security related problems.
See the Microsoft Support Lifecycle Policy site for Office mainstream support dates."

Office 2013 *is* out of mainstream support.

However, as I have already blogged about here. In 2020, Microsoft has specifically said it will block non subscription based Microsoft Office products from accessing Office 365 mail.
I do notice that on this page https://products.office.com/en-au/office-system-requirements they appear to be saying that they will in fact allow office 2016 and 2016 perpetual (Non- subscription) to access office 365 mail. I don't know if that's a softening of their stance or not.

"Effective October 13th, 2020, Office 365 services (e.g. Exchange Online, SharePoint Online) will only support Office client connectivity from subscription clients (e.g. Office 365 ProPlus), or the following Office perpetual clients: Office 2019 and Office 2016. See the Microsoft Support Lifecycle Policy site for Office mainstream support dates."

However regardless of the above statement being carried through or the policy being changed (again) I think it's time to move to subscription based. Say goodbye to 7-10 years of MS Office for $169 per PC, it will now cost you around AU$10 a month* (or AU$840 for 7 years) per user. On the flip side you do get 5 MS office installed FOR THE LICENSED USER (not purchase one user and install it for 4 of your other staff), so you can have full function MS office on your PC, laptop, phone, tablet and other PC.

One thing to bear in mind is that Office 2019 will only install on Windows 10, if you have any Windows 8.1 or 7 PC's the new 2019 version will not install, we had the same pinch point situation with Office 2010 and office 365 mail.

So that may mean a new MS office update, triggers a new MS Windows install, which may trigger a new PC as well depending on how sensible it is to invest time in an old windows 7 or 8 PC hardware. Roaming Windows profiles won't roam between Windows 7/8 either so that triggers a need to recreate and reconfigure roaming profiles for all staff if you upgrade windows version.

Roaming Windows profiles between different versions of MS office:
If you have roaming user profiles in your office to allow users to seamlessly move between PC's bear in mind that office (specifically Outlook) won't properly roam between different PCs that have different versions of MS outlook.

Microsoft access 2019 run time is now available free for those of you who have custom access databases I haven't invested any time in testing it yet but this open the gateway to being able to use the latest version of MS office *and* the access runtime.

This blog post has been provided for the benefit of digitalwelcomemat IT customers.
Treat this information as informative only and do not take actions or make decisions on the basis of the information contained here. All IT decisions and actions should be made after consultation with your chosen IT professional taking into account all the of the relevant factors.

There is a Roaming user profiles known issue that Microsoft describes as follows: 

On a computer that's running Windows 10 Version 1803, you experience logon or logoff delays when you use roaming user profiles. You also receive the following error message: Your roaming profile was not completely synchronized. See the event log for details or contact administrator".

https://support.microsoft.com/en-au/help/4340390/roaming-profile-was-not-completely-synchronized-error-and-logon-logoff

If think you are experiencing this issue please let me know.

This blog post has been provided for the benefit of digitalwelcomemat IT customers.
Treat this information as informative only and do not take actions or make decisions on the basis of the information contained here. All IT decisions and actions should be made after consultation with your chosen IT professional taking into account all the of the relevant factors.

 Today would be a good day to consider if all your servers and PC's are protected by an uninterruptible power supply (UPS), more detail here:

https://www.digitalwelcomemat.com/index.php/home/entry/every-pc-deserves-a-ups

No UPS = unmitigated serious risk of catastrophic hardware failure and data loss in the event of a power surge or sag.

The Microsoft Surface Pro is now available with built in 4G as an option. Just grab an extra shared sim card and no more need to worry about shared Wi-Fi or hotspot when you're in and out of the office. This has been available on the low powered Atom based Surface [Standard] previously but this is new for the Surface Pro which is a full powered PC just like a laptop. (12.3" screen)

Although Surface starts AU$1,199.00 inc GST, sadly it's only the at AU$2,199.00 model that has 4G for now. (Special pricing for eligible students, parents and teachers is available on all models).

Microsoft office 2019 which will be released later this year, as the traditional one-off purchase model or via office 365, will require Windows 10. 

It won't install on Windows 7 or 8. 

Normally I try to keep my posts here not too technical but I am getting this question a fair bit so here goes:

IP addresses on a local network vs "my" IP address on the internet simplified into one "easy to understand" diagram.

 Tech journalists have been reporting in the last few days that:

"Microsoft is readying multi-session support for Windows 10 [for remote desktop/remote access]
Microsoft looks poised to add a new Multi Session option to Windows 10, likely this fall, which will allow IT to provide multiple users with remote access to desktops/apps without relying on Windows Server [for that role]…"

http://www.zdnet.com/article/microsoft-is-readying-multi-session-support-for-windows-10/

More information as it comes to hand later in the year, at the end of the day its really all about the total licensing cost so we will have to see if there is any real change for business.

Take away message: Find out when your traditional phone services are being cut off due to the NBN and take some action well before then.

"Homes and business have 18 months to migrate to the NBN once it is available to them, after which traditional copper and cable services in the area are severed — cutting off fixed-line phone and internet access."
https://www.nbnco.com.au/learn-about-the-nbn/device-compatibility/services-that-will-be-switched-off.html

You can check your address here (https://www.nbnco.com.au/connect-home.html) and you may see advice similar to as follows:
"The disconnection process for the old phone and internet network in this area is scheduled to begin on July 2018"

You can also find additional information about timing via the Telstra wholesale website which has some downloadable spreadsheets searchable by suburb.
https://www.telstrawholesale.com.au/nbn/nbn-rollout-schedule.html

For some information on what will be turned off the following web sites list services that will be cut of or need to be considered:
https://www.acma.gov.au/Citizen/Phones/Landlines/The-NBN-and-you/phone-and-internet-disconnection-schedule
https://www.finder.com.au/nbn-copper-cut-off

What will be turned off?

• Home/business PSTN landline phone services

• All ADSL, ADSL2 and ADSL2+ Internet services from all providers
• Telstra BigPond cable Internet services
• Optus cable Internet and cable phone services

"As well as phone and Internet, it's important to consider other services running off the old copper-based network that will be affected after the switch-off date. These include:"

• Medical alarms, auto diallers or emergency call buttons

• Security alarms
• EFTPOS or health-claim terminals
• Monitored fire alarms
• Lift emergency phones
• Fax and teletypewriter devices

Of most concern for most businesses is the phone lines and existing phone system. Note that you almost universally do NOT need to purchase a new phone system or sign a new contract with Telstra to maintain your lines regardless of what Telstra the sales people may tell you. In fact with the Telstra demotion from network owner and maintainer to "Just another player in the marketplace" I would suggest that Telstra may not be the best provider for phone line services going forward (mobile services excluded from that statement).

Once the NBN has rolled out and your phone lines have been converted, phone calls will be made over the internet. In reality you should not notice any difference you can typically use the same phones or phone system that you have now.

For your existing phone system (PABX) you will need to look at getting a SIP gateway device, which is similar to a set-top box when we moved from analogue to digital TV. Once you have this in place, the new phone lines connected, and the number(s) transferred over. Your old phone system should be able to make and receive calls just as you always have but using SIP or Voice Over IP (VoIP) as the underlying technology.

If you do need or want a new phone system for whatever reason a more sensible approach to replacing a system where the concept hasn't really changed much since the 1970's, is a virtual PABX. There are a number of significant benefits to this and it will probably work out a *lot* less expensive upfront and ongoing.

I will be contacting all of my customers individually to discuss this further.

This blog post has been provided for the benefit of digitalwelcomemat IT customers.
Treat this information as informative only and do not take actions or make decisions on the basis of the information contained here. All IT decisions and actions should be made after consultation with your chosen IT professional taking into account all the of the relevant factors.

There is a new product available that looks promising. It is able to monitor and/or protect data leakage via email, USB backup drive, cloud uploads and also monitors other undesirable activity's using the organisations computers that can be indicative of an emerging problem.

If this is something that you are concerned about please let me know and we can discuss further.

Laptop purchase price vs satisfaction index; Although this *is* an accurate indication of my experience in terms of feedback received, this information is meant to be taken as tongue-in-cheek. Make your own investigations and consider your own unique needs and preferences and don't rely on this information for your purchasing decisions.
 

If you receive an unexpected support request or offer for help from "Microsoft" its probably a scam. Here is one of the more sophisticated ones, so much so that I cant tell without detailed digging if it is or isn't a scam (well I have a pretty good idea). This content was contained in an attached PDF.

If in doubt don't click, so I have taken my own advice.

The Windows 10 Fall creators update is available now if you don't want to wait for the staged automated install .

For a single PC just go to the following web site and click "update now". If you have multiple PCs you can also create an install disk either on USB or ready to burn to DVD.

https://www.microsoft.com/en-us/software-download/windows10

This will need to be done from an administrative account and I suggest you plan to let it run overnight. As always make sure you have good backups if you store data on the PC that's getting updated.

Worth mentioning a couple of important security practices:

• DON'T REUSE PASSWORDS for different services, otherwise if www.sarahsmuffins.com.au gets hacked because Sarah doesn't know much about security then the bad guys will get access to all your accounts on the entire internet. Consider a password manager like LastPass or RoboForm.
• Don't just click on links in emails, at least hover first to see where the link goes, if its an email from Telstra and the link is to www.getyourvirushere.com then don't click. If you are unsure just don't click it at all. Phone or email the sender from a new clean email seeking more details.

Details are here:
https://www.troyhunt.com/inside-the-massive-711-million-record-onliner-spambot-dump/

 "Telstra" phishing email. don't click. ALWAYS "hover" before you click...