Fight against Ransomware

At the moment a major risk is endangering businesses worldwide: Ransomware.

Most common types of ransomware encrypt all user’s data – wherether it’s stored on local computers or on network drives. Even unmounted network shares are not safe, as long as the user has access to it’s contents. This elevates ransomware to a high business risk.

In order to mitigate the risk in Microsoft Windows environments a couple of built in technologies help to achieve a safer Corporate-IT.

A couple of days ago I stumbled over a promising technique – published by Matt Hopton. But it involves some manually performed actions. Let’s add some PowerShell magic 🙂

This script will

  • add FSRM Windows-Feature, if required
  • configure FSRM mail settings
  • get currently known ransomware file pattern list from ThePhoton (GitHub)
  • add file screen for path given
  • create file group update script
  • create update task

Just set the settings according to your need. You can run this script several times for different $ScreenPaths, if necessary.

If $AutoUpdate is set to $true, the script Update-FsrmKnownRansomware.ps1 will be run every day at 7am to update the FSRM file group with newest ransom ware file patterns.

Once a ransomware tries to save a file matching the known file group patterns all shares are set to block the originating user.

After cleaning the user’s computer, unblocking can be done by PowerShell, too:

For details see Matt Hopton’s blog post.

Please remember: You have to apply this on every file server and user accessible directory. It does not prevent the encryption of a user’s client computer, nor does it eliminate the risk of infection/loss of data. Script is given without any warranty.

Get low-battery push notification from your notebook

Imagine the situation while presenting your newest PowerPoint slide show in front of your customer, when your notebook’s screen suddenly goes black.
Reason: You missed the “Your battery is running critically low on power” message.

But you’re lucky: If you are an owner of a Microsoft Band (or any other push-compatible smart wear), here is a tiny proof-of-concept solution, preventing such a blame: Continue reading

SharePoint – Providing operations on Azure?


A recent question attracted our interest:
Can we utilize Microsoft® Azure and extend our service portfolio to provide operations?

Before answering this question, let me introduce the problem.
As a successful solution provider for Microsoft® SharePoint and SharePoint based applications, we neglected operations. Mainly, because we cannot – could not – provide the necessary hardware and Service-Level-Agreements (SLA), and secondly, because we were never asked to provide such measures. Furthermore, cloud-based solutions were not available especially because Microsoft® explicitly did not support cloud-based SharePoint farms. Until now.

Today things are changing rapidly – and customers usually do not apply the brakes to their business. This is when we were asked if we could provide SharePoint as a hosted or managed service. And it’s exactly when we started to analyse the capabilities of Microsoft Azure as related to our customer’s needs:

Technical service scenarios

We examined four possible service scenarios:

  1. Hosted SharePoint
    Azure provides Infrastructure as a Service (IaaS), the service provider deploys and maintains Active Directory (AD) and SharePoint VMs and customers use “SharePoint as a Service”.
    Customers have no administrative rights on the VMs and have defined access rights to SharePoint.
  2. Managed
    Azure provides IaaS, we deploy and maintain AD and SharePoint VMs as stipulated by contract, customers maintain and use the system.
    Customers have defined administrative access rights to the SharePoint farm.
  3. Dedicated
    Azure provides IaaS, we set up AD and SharePoint VMs as stipulated by contract, customers maintains and use the system – or delegate maintenance the service provider. Further services are provided as agreed.
    Customers have full administrative rights.
  4. Testbed
    Azure provides IaaS, service provider sets up AD and SharePoint VMs, depending on customer’s testing requirements

Figure 1 illustrates the mentioned service scenarios, showing the level of responsibility and influence of the participating parties, with Microsoft always being responsible for Azure itself.

Responsibilities by service scenario on Azure

Figure 1 – Responsibilities by service scenario on Azure

Despite these scenarios three more use-cases should be considered:

  • Azure enables service providers to scale a SharePoint farm instantly, depending on current load and/or needs – without charging customers unnecessarily during calm phases
  • It is now reasonable to operate a second backup-farm for failover purpose
    e.g. a local disaster or outage can be rescued by a cloud-mirrored SharePoint
  • With full Hyper-V-compatibility provided by Azure, a customer can easily move his virtual machines over to Azure

Advantages and possibilities for customer’s business

In the past, both cases required a higher need of greatly expensive resources (hardware, software, housings, infrastructure, energy, maintenance, etc.). Today, with cloud-based IaaS, business can concentrate on its main priorities by turning capital expenditure into scalable running expenses. This results in effective productivity and flexibility.

Let’s focus on the opportunities for your business, divided into the service scenarios:

A hosted SharePoint farm/service offers the highest ROI for a customer’s business and let’s focus on a company’s core business. It is not mandatory to invest in hardware and care about operations. The service provider will deliver a worriless SharePoint experience. That’s why hosted SharePoint is a value for small business, too. But if customers are looking for a higher grade of flexibility…

Flexibility is more in focus on a managed SharePoint farm and offers the technical personnel larger freedom in supporting their company’s business workflows. Without any need of high investments, though.

Does an enterprise want or need a steady hand on the tiller? Then a dedicated SharePoint solution is the goal: The IT department keeps full control, with the necessary support and configuration, provided by us.

Even if a customer just needs a safe and isolated testbed for update evaluation, backup-and-restore-tests, or the like, Azure can serve as you well!

What all of these solutions have in common is to seamlessly connect to an enterprise on premise network via secured VPN. Furthermore the cloud-based farm can be synchronized with the on premise Active Directory and SharePoint farm.

Finally we conclude: Yes, Azure has the potential to extend our portfolio in a way that allows you to focus on your customer’s business, and thereby enabling us to provide you with the best chance in concentrating on your business!

Finally, one thing is for sure: If you are in need of a competent SharePoint solution provider – feel free to contact us!