General

A catch all category for posts that are neither specific to a Microsoft technology which has its own dedicated category or posts that aren’t based on a Microsoft technology, as rare as those are.

Polycom VVX Phones and UK Daylight Savings Time

This weekend just past, the UK observed the end of daylight savings time for another year, bitterly welcoming in the cold weather and the start of the dark months. With that comes the day that many administrators dread in fear that their devices and equipment will fail to update with the proper time. Suffice to say, I have learnt lessons from previous years and my servers and network equipment all survived to tell the tale, however, I noted this morning that my Polycom VVX 500 desk phone had not.

I was surprised by this as I had all the proper configurations in place to ensure that the phone was using the correct time zone, however, upon investigation, the phone does not link the DST setting to the time zone: DST is configured separately. After a couple of minutes tweaking it via the web interface, I extracted the configuration, made it pretty and here it is.

Please feel free to use this on your own Polycom Provisioning Server configuration file if you have found your own phones now behaving. The configuration does a few things and hopefully, it should be clear enough for you to modify for your own needs in other locales.

  • Forcibly enable DST
  • Forcibly set DST to occur on a fixed schedule
  • Set DST to start on the last Sunday of the third month (March)
  • Set DST to end on the last Sunday of the tenth month (October)
  • Set DST to begin at 1 a.m. and end at 2 a.m.

 

<tcpIpApp.sntp.daylightSavings tcpIpApp.sntp.daylightSavings.enable="1" tcpIpApp.sntp.daylightSavings.fixedDayEnable="1" />
<tcpIpApp.sntp.daylightSavings tcpIpApp.sntp.daylightSavings.start.month="3" tcpIpApp.sntp.daylightSavings.start.dayOfWeek.lastInMonth="1" tcpIpApp.sntp.daylightSavings.start.time="1" />
<tcpIpApp.sntp.daylightSavings tcpIpApp.sntp.daylightSavings.stop.month="10" tcpIpApp.sntp.daylightSavings.stop.dayOfWeek.lastInMonth="1" tcpIpApp.sntp.daylightSavings.stop.time="2" />

Scouting UK Web Colours

For any regular readers here, this is a pretty off-topic post, however, I decided it was worthy of submission. As some may know, I volunteer with a local Scout group, the 1st Chineham to be specific. As a group, we are exploring getting a website up and running; I will have more to post on this subject in the future.

Whilst navigating the branding guidelines and documentation for Scouting UK at http://members.scouts.org.uk/comms_centre/zip/Brand_Guidelines.pdf, I discovered that the official colour palette for Scouting UK is only advertised in RGB and CMYK and Pantone. This is great for working in Office apps (RGB) or print (CMYK) but does not help for web implementation. Using an online RGB to Hex converter, I have pulled together all of the colours. If you are struggling to find them yourself, please feel free to use this as a reference:

  • Scout Purple #4d2177
  • Scout Green #84a40b
  • Scout Mauve #8b0066
  • Scout Orange #ed7703
  • Scout Blue #006990
  • Scout Brown #9d552d
  • Scout Grey #415a68
  • Scout Black #001323

Home Brew Z-Wave Wireless Door Bell

In case you haven’t gathered from previous posts, I’m quite into Z-Wave and Home Automation right now. Our existing wireless doorbell gave up the ghost a little while ago and I thought it was the perfect opportunity to get a Z-Wave doorbell so that I could integrate it into some areas of the house instead of just a dumb chime unit nowhere near the living areas where we stand a chance of hearing it.

I used the article Do You Sell a Z-Wave Doorbell over at my favourite Z-Wave UK reseller, Vesternet for a little inspiration but since the article was written things have moved on a little.

If you have a wired doorbell running on mains voltage then this is actually a bit easier to accomplish as you can use the Fibaro Binary Sensor however I don’t have an existing wired doorbell as there is no wiring to support one so it’s wireless all the way. Since speaking to Vesternet about the project originally, Fibaro have released the new Universal Door and Windows Sensor which is a Generation 5 Z-Wave device meaning longer range and improved battery life so this is obviously the device I purchased for the project. It also has some differences from the previous model.

Follow me beyond the fold for the what parts I used and how I bond them all together.

Read more…

Philips Hue Scene Control with Vera Z-Wave Scenes

For a little while now, I have been buying Philips Hue light bulbs for home. I haven’t gone too overboard just yet but one of the starting factors was being able to set some coloured lighting in the living room and in the kitchen to be able to provide a bit of flashing light action for those long summer nights with a drink or two and friends.

At Christmas, I was able to get myself a Vera Edge Z-Wave controller as I really wanted to start making better use of the Hue bulbs and integrating it with Z-Wave to setup some nice home automation scenarios. After getting Vera online and getting the Hue2 plugin installed and control of the bulbs, I started to struggle. What I quickly noticed was that when trying to use Z-Wave Scenes in Vera to operate groups of Hue bulbs, I wasn’t able to and instead had to chain up actions which had an undesired effect of each bulb turning on in order with a second or so delay between each. Compared with Hue scenes where you press it and the whole room lights up, this wasn’t great.

Tonight however, I managed to find the answer and get it working just so with a little bit of effort here and there. I wasn’t able to find this information easily on the MiCaseVerde forums so I thought I would post it here in the hope that someones Google search turns it up for them.

Read more…

Working Hard on Web Security

As anyone who visits my site on a regular basis may have noticed, I’ve been working hard on securing up this blog to make it follow more best practices and more in keeping with modern web security given it’s been quite a while since I’ve touched that side of the site, and there have been numerous things that I have implemented and I thought I would give a little run down of them.

Read on after the fold for the low down on each of the features and how it works.

Read more…

Modifying the Nano Server Pagefile

This weekend, I’ve been working on a little pet project using an ultra-small form factor PC that I’ve got setup running Nano Server and Boot from VHD.

The setup is great and ideal for my use case however there is a problem when using Boot from VHD and that is that the operating system you are booting cannot host a pagefile inside the VHD file. When you boot a PC using a native boot VHD file, the pagefile will be automatically created on the physical partition with the most available free space and set to System Managed which means that the pagefile will swell and shrink according to demand and not perhaps on the disk or partition you want it to be on.

I started the journey trying to modify the pagefile configuration however I quickly discovered that even the PowerShell Cmdlets recommended by many other people online to use with Server Core don’t work because they rely on using WMI to modify the parameters and if you try these, you’ll very quickly find that Nano Server only accepts and extremely small subset of WMI PowerShell Cmdlets, presumably down to the compressed WMI database in Nano.

Luckily, I found one set of Cmdlets that do work on Nano Server and allows you to configure your pagefile as you desire.

Set-CimInstance -Property @{AutomaticManagedPageFile = $False}

$PageFile = Get-CimInstance -ClassName Win32_PageFileSetting
$PageFile | Remove-CimInstance

New-CimInstance -ClassName Win32_PageFileSetting -Property  @{Name= "$("P"):\pagefile.sys"}
Get-CimInstance -ClassName Win32_PageFileSetting | Set-CimInstance -Property @{InitialSize = 4096; MaximumSize = 4096}

As you’ll see, I’m using P as my pagefile drive volume and I’m setting the initial and maximum sizes to 4096MB. Simply change these to suit your needs and job’s a good one.

Set a Registry Value Using PowerShell Containing a Forward Slash

I don’t normally blog about PowerShell as it’s just a day-to-day thing that we all do and use (you do all use PowerShell right) but I came across a problem today that I thought I would share as I had to run the net to find the solution for myself.

A co-worker came to me today asking for help with some PowerShell code for a script he is writing. The script is to apply some registry settings to machines for a piece of security hardening work which includes disabling some of the less secure SSL and TLS cipher suites. All is going well until he gets to the line of the script that tries to disable the DES 56/56 cipher suite and PowerShell throws it back at him. The reason for it is because PowerShell is treating that forward slash character as a separator for a multi-value string.

Here is the line of code that you would run normally to create the registry key for DES 56/56:

New-Item -Path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56"

When this runs, PowerShell creates a registry key for DES 56 but then it creates a sub-key for the second 56 as it’s seen as a separator which obviously isn’t what we want. I tried all sorts to get around it such as changing the double quotes for single quotes and first placing the path into a variable and calling in the variable but it just would not have it.

I managed to eventually find a way around this but it means that we can’t use the PowerShell Cmdlet New-Item but instead, we have to use the .NET way of things. Here’s the code sample to make it work:

$Writable = $True
$Key = (Get-Item HKLM:\).OpenSubKey(“SYSTEM”, $Writable).CreateSubKey(“CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56”)
$Key.SetValue(“Enabled”, “0”, [Microsoft.Win32.RegistryValueKind]::DWORD)

 

Enterprise Windows 10 Migration Article

Recently, via my work at Fordway, I was asked to write an article for the website ITProPortal on Windows 10 migration from an enterprise perspective.

The article got published on October 30th and judging by the social share buttons on the site, it has received quite a warm reception. You can read the article, entitled Migrating to Windows 10: It’s all about the preparation at http://www.itproportal.com/2015/10/30/migrating-to-windows-10-all-about-preparation/.

Skype for Desktop Installation Switches

Some time ago, I was working to perform a silent installation of Skype for Desktop via a task sequence with Configuration Manager. Skype for Desktop is provided as an executable and the installation switches are pretty hidden for the most part which makes using SCCM to install it difficult.

A post on the Skype Blog at http://community.skype.com/t5/Windows-archive/Unattended-install/td-p/184628 details all of the installation switches that we can use to help with installing the client in a managed environment where we don’t want the user to be prompted to interact with the installer or we want to configure certain options such as to disable one of the browser plugins for example.

I hope this helps someone out there trying to deploy Skype for Desktop.

Hiding Users from the Essentials Dashboard

I use Windows Server 2012 R2 Essentials at home as my server and one problem that I have lived with for a long time is that I have a number of service accounts created to run some applications that I run centrally on the server itself. A problem with this is that these users will appear on the Essentials Dashboard which looks a bit unsightly. This isn’t something which has particularly bothered me but I accidently stumbled this morning on a blog post by Robert Pearman. His original post is at http://titlerequired.com/2014/09/18/quick-fix-hide-users-from-essentials-2012-r2-dashboard/ in which he provides the PowerShell Cmdlets for hiding users from the Dashboard.

In his example, he is using it to hide Exchange service accounts but the same principle applies. The first example below will hide the account for the service account SRV_SomeApplication.

Set-WssUserDashboardVisibility SRV_SomeApplication -Hidden

Replacing the -Hidden parameter with -Visible will unhide the account and allow it to be shown on the Dashboard once again.

As I have a number of service accounts and we all love PowerShell scripts for the sake of them, I decided to hide all my accounts in one go as I use a standard naming syntax for my service accounts. Sadly, the Wss Cmdlets don’t seem to support data received via the pipeline so whilst we would normally complete this as a one-liner by piping the get command into the related set command, this doesn’t work so we have to use a quick ForEach loop to achieve the same result.

$Users = Get-WssUser | Where-Object {$_.UserName -Like 'SRV_*'}
ForEach ($User in $Users)
{
   Set-WssUserDashboardVisibility $User.UserName -Hidden
}