Adobe Acrobat freezes, hangs, crashes
article #1575, updated 46 days ago

Ran into this recently. First one then four more users at a site, encountered it. This page:

community.adobe.com/t5/acrobat-reader-discussions/adobe-reader-freezes-after-opening-a-document/m-p/3903334

has a fix with registry entries for version 2015. The fix reportedly works all the way up to the current (DC). Here’s Powershell to get the fix in; reportedly restart and/or reboot is required:

$RegistryPath = "HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown"
If (-Not (Test-Path -Path $RegistryPath)) { 
    "Adobe Acrobat DC is not installed; fix not appropriate or needs modification."
    exit
}
cd $RegistryPath
If (-Not (Test-Path -Path "cServices")) { 
    mkdir cServices 
}
cd cServices
New-ItemProperty -Path . -Name bToggleAdobeDocumentServices -Value 1 -PropertyType "DWord"
New-ItemProperty -Path . -Name bToggleAdobeSign -Value 1 -PropertyType "DWord"
New-ItemProperty -Path . -Name bToggleAdobePrefSync -Value 1 -PropertyType "DWord"
New-ItemProperty -Path . -Name bUpdater -Value 0 -PropertyType "DWord"

Categories:      

==============

Fixing Windows/Azure/365 User Connections with dsregcmd
article #1550, updated 55 days ago

Sometimes Windows’ relationship with 365, or a user’s profile, or just a user on a PC or terminal server, will not log into 365. This appears to be the result of corruption of cached credentials.

The most straightforward way is probably to nuke all User/Windows/Azure relationship and recreate. This would probably be very bad on a terminal server:

Remove 365 accounts from “Access Work and School”, then run these:

dsregcmd /cleanupaccounts
dsregcmd /debug /leave

from administrative CMD, and also from SYSTEM (paexec or psexec can do this), then reboot, then remove from Access Work and School if still there, then set up user relationship(s) again.

But today we have a report that dsregcmd /status did something, unknown, which fixed one terminal server user. Not sure what. Next time I plan to run many tests with this info:

ss64.com/nt/dsregcmd.html

And if you see error CAA5021, do this:

Search for Manage user certificates in the search bar and open it from Best match. Then navigate to Current User\Personal\Certificates and make sure the MS-Organization-Access and MS-Organization-P2P-Access entries are deleted.

No reboot needed for that last.

Categories:      

==============

.htaccess allows by IP, password authenticates if IP does not fit
article #1574, updated 63 days ago

There are multiple methods; this is reported to be undeprecated by Apache, possibly the only undeprecated way to do this.

AuthType Basic
AuthName "myserver publicname"
AuthUserFile "/myserverpath/.htpasswds/public/passwd"
require ip 11.12.13.14
require ip 11.12.13.15
require valid-user

Categories:      

==============

Test files and URLs for viruses
article #1573, updated 68 days ago

This very nice tool will download an executable from a web site and test it for bad actor behavior.

www.virustotal.com/

Categories:      

==============

Install Edge browser via Powershell
article #1491, updated 68 days ago

This works well as of this writing.

[Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls"
md -Path $env:temp\edgeinstall -erroraction SilentlyContinue | Out-Null
$Download = join-path $env:temp\edgeinstall MicrosoftEdgeEnterpriseX64.msi
Invoke-WebRequest 'http://go.microsoft.com/fwlink/?LinkID=2093437'  -OutFile $Download
Start-Process "$Download" -ArgumentList "/quiet"
# placeholder for "enter" autokeyhit

This is a change to a replacement URL, and it will hopefully be a more lasting kind than the previous. The above works for AMD64 Windows; the URL comes from here:

techcommunity.microsoft.com/t5/discussions/official-download-links-for-microsoft-edge-stable-enterprise/m-p/1082549

and there is support for other platforms on that page.

Categories:      

==============

Block real-name email spoofing
article #1572, updated 70 days ago

We see it fairly often. An email comes “From” a real name, but the actual email address is wrong, a spammer’s or scammer’s Gmail or worse. Once we saw this with a very slightly misspelled domain — let’s say “pondervorthy” instead of “ponderworthy”. I just learned of a way to handle it, when one has email filtration which can do it, and when it works for another reason:

Let’s say we’re protecting me. I know all of my email addresses, at work and home. If I set my email filtration system to consider spam everything From “Jonathan E. Brickman” and “Jonathan Brickman”, which does not come from any of my email addresses, that will take good care. The biggest risk is another person named Jonathan Brickman trying to email me. Reportedly, one should actually do it like this, scanning email headers:

FROM: Jonathan Brickman, FROM: "Jonathan Brickman

This is because some of the bad actors are adding spaces after the name text. So the final quote is not set up in the filter rule. It’s really two different FROM field lookups within headers of the email, OR’d, in this system.

Now there are a number of Jonathan Brickmans in the world, but I haven’t met one yet (if you are one, please do email me at jeb@ponderworthy.com, that way we both will have done so at least once); I’m not sure there are many Jonathan Edward Brickmans; but if I found that there were, I’d put in a nickname in parenthesis, set the filtration rule for it

FROM: Jonathan Brickman (JEB), FROM: "Jonathan Brickman (JEB)

and that should do the job nicely, giving me a unique “From” real name for filtration purposes.

There may be other “gotchas”, I will test this over time. It cannot do a comprehensive block, but can clearly help.

In Microsoft Outlook rules, some of the above logic seems to be missing: one cannot filter based on text or email addresses not in the header. I will be checking Exchange Online shortly. One third-party service is confirmed as working well for this.

Categories:      

==============

Restricting YouTube Video for Content
article #1571, updated 71 days ago

Simple web-filters often cannot do the job on YouTube, because YouTube is one big web site. To deny access to certain kinds of content, a worthwhile route is Group Policy for Chrome and Edge, to require YouTube restricted mode:

www.thewindowsclub.com/how-to-enforce-youtube-restricted-mode-in-chrome

www.thewindowsclub.com/youtube-restricted-mode-in-microsoft-edge

This plus cleanbrowsing.org DNS, seems to do the job very well.

Categories:      

==============

Disable "News and Interests" in Windows 10
article #1570, updated 75 days ago

Here is Group Policy:

Computer Configuration / Administrative Templates / Windows Components / News and interests

Categories:      

==============

Check web sites for active infections, via sandbox analysis
article #1569, updated 77 days ago

This tool does the job, it uses Crowdstrike and other major-player tools:

www.hybrid-analysis.com

Categories:      

==============

Download Microsoft Teams (newest)
article #1568, updated 81 days ago

Here’s the download page:

www.microsoft.com/en-us/microsoft-teams/download-app

This downloads an .MSIX, which one can usually double-click effectively. The link appears to be nicely static at this writing:

statics.teams.cdn.office.net/production-windows-x64/enterprise/webview2/lkg/MSTeams-x64.msix

Categories: