Author: Adam Fowler

Printers Showing Offline with Print Server

Posted on by Adam Fowler

Quick one here which I thought was notable:

I had an issue where printer queues on Windows Server 2012 were showing as Offline. They worked perfectly fine though. I could ping the printers, so it wasn’t that SMNP was being blocked.

The strange fix was to go into the Printer Properties > Ports tab > Configure Port button. From there, I had to tick the option ‘SNMP Status Enabled’ and press OK (it was off by default). That didn’t fix it, but going back in and turning that option off again and pressing OK, fixed it. The printer I tested this on came online. After doing it to several more printers, each one changed it’s queue status to “Ready”.

SNMP Status Disabled:printer

SNMP Status Enabled:printer

SNMP Status Disabled again:printer

I have no idea why this was needed, or why it worked – but it did, and was reproducible many times. If you run into this problem, it might be the quick fix you need.

queue

It’s more advanced than turning off and on again, as there was the extra step at the start of turning on :)

Conspiracy theories as to the real reason for this are welcome in the comments

 

 

 

 

Azure AD B2B

Posted on by Adam Fowler

Azure AD B2B has been a lifesaver for me, in giving external clients access to SharePoint Online portals.

There’s a great TechNet article on how it works and how to do it, as well as a great Channel 9 video demoing how it works if you want to dive deeper, but here’s an overview:

Azure AD B2B lets you invite external people via their email address, to use your Azure resources. For me, that’s SharePoint Online, but you can grant access to other Azure resources too.

The process is really simple – you need to fill out a very basic CSV file with each person’s email address and full name, along with a few basic details such as the site you want them to be redirected to, and an ID of the resource you’re granting access to.

The people you’re inviting don’t need their own Azure AD instance which is the best part – if they do, then they just get invited to your instance with the set permissions… but if they don’t, on the fly a pseudo-Azure AD gets set up by Microsoft for the domain their email address is on, and again they’ll get invited to your instance.

This method eliminates the need to do extensive account management, all you have to worry about is inviting them and giving them the permissions they need (which I do via group membership). Password resets they can do themselves, and get a code sent to their email address to use as part of the reset process.

On top of this, there’s no licensing required, which means if you are already covered for SharePoint Online through your Office 365 sub, this is a very cheap way to make customer facing portals to share information with, that’s locked down and hosted in the HA environment of Office 365.

I was surprised at how simple it was to invite, and even from the end user’s perspective of receiving the invitation – the process is very easy.

At the time of writing, Azure AD B2B is in public preview and may have a few bugs.

Playing With Intel’s 3D Camera with RealSense Technology

Posted on by Adam Fowler

Intel kindly provided me with a Intel® RealSense™ Camera (R200) Developer Kit to muck around with. It was my job to work out what to do with it!

3D cameras have been around for a while, but Intel has continued to invest in this technology for several reasons. A RealSense camera is actually made up of three cameras acting together – a 1080p HD camera, an infrared camera, and an infrared laser projector.

The normal 1080p camera is for capturing the actual images you’re seeing, just like any other camera. As I understand it, the infrared camera picks up infrared light being broadcast by another part of the RealSense camera, in a mesh series of dots – which then measures the distances and surfaces between those dots to work out. A 3D mesh can be worked out based on this, which can then be used to fully render objects in 3D. Intel have some information that will give you an idea on this.

There’s a few free bits of software that can be downloaded for the camera I was provided, one of them being itSeez3D Scanner. By pointing the camera at someone (or something) and walking around them, you can create a 3D model of the whole person, or just their bust. Of course I had to have a 3D scan of myself:

Weird but very cool! Soon you’ll be able to send off your 3D scan, and get back a 3D printout of yourself.

This sort of technology leads to some pretty amazing and novel things. You can put your face in a game, such as NBA 2K16. Scanning in an object, and then sending it off or having a local 3D printer to make a copy of it has a lot of implications for the way we think about doing things.

The accuracy of these sort of cameras leads to Windows Hello which uses all these technologies to make sure it’s you looking at the camera of your PC to unlock it, rather than a 2D photo of yourself which can trick 2D cameras.

Another cool thing I found was the Chroma app which scans a person, and lets you replace the background with something else.

One idea would be to take a photo of your office, and if you’re actually at the beach, make it look like you’re at your desk :)

This particular camera didn’t support Windows Hello, otherwise I would have played with that too.

The Intel RealSense Camera should be turning up in more PC devices as well as tablets, so keep an eye on this space for a lot more awesome ways people come up with to use this technology.

Fix Wrong Domain for Users Azure Active Directory

Posted on by Adam Fowler

I ran into a problem where a user couldn’t sign into Intune, which uses Azure Active Directory to authenticate users.

After checking the user in question on the Azure Active Directory portal, I noticed the domain was wrong:

aad

The user was being synced from On Premise Active Directory, so I had a look via Users and Computers to see what was going on. The user’s User Principal Name domain field was set differently to other users – instead of the proper mydomain.com, it was set to mydomain.local – another valid internal domain to Active Directory, but not one that Azure Active Directory knew about:

aad2

The unknown domain caused Azure Active Directory to disregard it, and instead use it’s default tennancy domain of wrong.onmicrosoft.com. I thought just changing the dropdown menu to mydomain.com instead of mydomain.local would fix it, but a forced Azure Active Directory Sync sync reported the change was successfully synced, but didn’t actually change the value.

I’m going to guess this is by design, as you don’t usually want logins changing. There is an easy way to change the via PowerShell instead.

Once you’ve run the standard ‘Connect-MsolLService‘ cmdlet, you can use ‘Set-MsolUserPrincipalName‘ to change the user. The full command is:

Set-MSolUserPrincipalName -userprincipalname “[email protected]” -NewUserPrincipalName “[email protected]

Pretty simple, and the change is immediate.

I then realised there may be other users with the same problem, so dediced to use the Active Directory PowerShell Module with this command:

get-aduser -filter * | where {$_.userprincipalname -like “*local*” -and $_.enabled -eq “true”} | select name

This showed all the users who had ‘local’ in their UPN. As there were only a few, I changed them all one by one with the first command above.

The same check can be run against Azure Active Directory users with this command:

get-msoluser -all | where userprincipalname -like “*local*”

Easy!

Your Personal Information Has Been Leaked

Posted on by Adam Fowler

Opinion: The below is all my personal opinion, and although any company examples I give are true, this cannot be taken as 100% guaranteed evidence of a data leak.

Yep, you read the heading correct. If you’ve been online and signed up to even a handful of services, chances are some of your data has been stolen.

Troy Hunt’s website https://haveibeenpwned.com/ hosts some details on many millions of records that have been leaked one way or another from companies such as Adobe, Sony and Yahoo. Those are just known leaks though, where the data has been made publically available one way or another, and is only a snippet of what’s really out there.

How do I know this with such conviction? I’ve signed up to a LOT of things over the years, and using my methodology, each signup has a unique email address.

That unique email address per service gives me a pretty quick insight into who’s somehow lost my data. On a daily basis, I can have a look around my Google Apps spam folder, and see what email addresses were used to send spam to.

Often I’ll see the same email 15-20 times, sent to different email addresses on my domain. That’s pretty clear these spammers are finding multiple chunks of breached data, because my different email addresses aren’t going to be registered to a single site.

Today’s spam had the local part of the email address (the bit before the @) in the subject too, so here you can see what these emails were sent to:

spam

I tend to see a mix of gibberish (such as asYOyuPq) and leaked emails. In this example chunk of spam, there’s Adobe – which I know was leaked as confirmed on haveibeenpwned, but there’s also plenty of other worrying ones. Penguin is from Penguin Books Australia, Dropbox is obvious, Coles, Dell, and others.

Looking down my list in the last few days, I can see others like fringebenefits – an Adelaide Fringe run discount tickets I signed up to a couple of years ago. Viator, a service I booked a tourist attraction on when visiting the US a few years ago.

Then there’s ebay – that one I don’t know so well, because email addresses get passed around when you buy and sell things through a platform. Maybe I contacted a seller and they had my email address because of that, and was lost from there.  Acertabletforum from a few years ago when I downloaded custom ROMS for an Acer Android tablet. Umart, from when I bought some PC components a few years ago too. 

At this stage, you might be wondering how I know the problem isn’t me. As I said, I’ve signed up for probably thousands of services over the years, and continually only see a subset of addresses that get spam. If I was leaking the data somehow, I should see a big mix of everything I’ve used, or at least everything up to a certain point in time. This is definitely not the case.

On top of all these email addresses, I have no idea what other data was leaked with them. My name, date of birth, first pet’s name, my home address? I can’t remember which services required which pieces of info, nor will most of these data leaks ever be publicly known – so I have no idea.

I don’t know what the answer is to all of this. I called out one company recently asking if they had a data breach, as I started to get spam on the email address I’d signed up to their online store with, which resulted in them calling my personal mobile phone, finding me on Facebook, naming my wife and son to me and threatening to send friends around to my place of residence, which he had obtained from my domain registrar details. This happened 2 years after I explicitly requested the company delete all my details, which I happened to blog about here.

It’s a pretty sorry state of affairs, and I don’t see anything getting better soon. If you want real privacy, use a fake name, a PO box, a pre-paid mobile phone and so on – because as soon as you hand your details out to someone, the world’s going to know about it.

Thanks to Troy Hunt for giving me the idea to write this up.