As an IT Support
professional, I often hear from my family members and friends about how their printer freezes up and the queue does not respond. Here are a few steps that you can take to try and resolve this issue (before you kick it(, without being a certified IT professional
or a managed services provider.
Go into the ‘Start' menu and select ‘Run'. When the run window pops up, type in ‘services.msc' and press enter.
Once in the Services window, scroll down until you see the ‘Print Spooler'. Right-click on ‘Print Spooler' and select ‘Stop'. This will stop the computer process that contains your print queues.
Next, you will need to clear the jam. Now that the Print Spooler service is stopped, open an Explorer window and type ‘C:\WINDOWS\system32\spool\PRINTERS' into the address line. Delete all of the files in this folder.
Now that the jam is cleared, you will need to restart the Print Spooler service. Go back to the services window, right-click on ‘Print Spooler', and select ‘Start'.
Problem Solved. Thanks Trigon!
I am employed with a company that specializes in IT support
, and after the daylight savings time updates that were enacted a while back, I decided to share my experience with NTP and network devices. The recent change to DST prompted a quick audit of NTP settings and time on the network devices that I manage. I work mostly on Cisco equipment, so that is the types of hints I will share with everyone today. I am sure that other equipment is similar in settings if the commands are different.
First, I should go over the importance of NTP when it comes to network equipment and security for an IT solutions company. Most Cisco equipment does not include a battery to keep the internal clock running when the power is reset. So power outages, IOS upgrades, and scheduled maintenance that requires a reboot of the device will reset the clock. Second, if you are logging anything for either audit trails, security breaches, or penetration attempts, the logs are almost no help in establishing a timeline if the clock isn't accurate.
Now what is NTP? It's an acronym, for starters, that stands for network time protocol. For some interesting reading, hit it up on Wikipedia sometime. For the needs of this article, it is a way to update time on a device across the internet. Windows uses this to keep the time up to date on all their OS, and all workstations get their time from the domain controller responsible for getting the time from the internet. Now, as I asked before, what does this have to do with keeping good time on network devices? We can point our network devices to a public time server, and after every reboot, a fresh update is gathered and like magic time is up to date.
Ok enough with this babble, how do you know if a server is set and working on a Cisco switch, for instance, you may ask. Easy, with a couple commands I will share with you, you can quickly login to your devices and check if everything is working fine. The first new command in your arsenal is just the good old show clock. This is a quick easy way to see if the clock is even close to being correct. If it is not even close, the next thing you should take a look at is one of these two commands: show ntp associations, or show ntp status. These are your go to commands, and remember the ‘?' is your friend. Now if everything is looking good, you have nothing to worry about, but if you don't have a server set at all, never fear, I am going to cover just a few of the important configuration commands you need to get everything working.
The first thing I want to mention is you will need to enter configuration mode to make changes to the NTP configuration. I suggest you look up a public NTP server and a backup you plan to use and write them down. You will need that information to make the configuration. Get their IP address, if you have a DNS name this will help for the configuration. Now, to set the server you just need ntp server x.x.x.x . Nothing to it at all, and that will get a server configured and your time set in a short amount of time.
Next, if you are in an area that participates in DST, you need to configure that setting and at this point you should configure your time zone. The last two commands you need are clock summer-time EST recurring, this configures the clock for EST and that it happens every year, and then clock timezone EST -5. Both of those commands are to be run from configuration mode, and you should have perfect time in no time. Just verify that your clock is now up to date with a quick show clock and just feel better knowing that your timestamps and logging are in good shape.
Have you ever been involved in a conversation (or overheard a conversation) and have no clue what was being said because of all the acronyms being used? You are not alone! Acronyms are used all the time especially in IT Support
. They make great time savers for streamlining communications. But for the uninitiated they may cause confusion, frustration, aggravation, bewilderment and even headaches. Bring on the ibuprofen. How about these:
I need to RDP into your W2K8 R2 server and check the RPC service.
What URL should I use to FTP you the MMR?
My SMB is having problems. What should I do?
If you are an IT Support professional, the first two examples may make perfect sense. If you are not an IT Support professional, good luck.
However, even an IT Support professional cannot be 100% sure what the third example means. Are the problems with the Service Message Block protocol or the System Management Bus? It may even be non-IT Support related. What if the person is referring to a Small to Mid-sized Business or even the Society for Mathematical Biology? The only way to be sure is to ask.
Clear communication is essential. Don't be afraid to ask what an acronym means. You may feel momentary embarrassment but it will be beneficial to everyone involved in the long run.
The advent of text messaging has generated a myriad of new acronyms. I can only imagine the number of carpal tunnel surgeries that have been avoided by the implementation of idk, bff, cul, lol, etc......Sorry docs. If the acronym is new or unique even an uber-texter might have difficulty understanding a text message.
My recommendation to those using acronyms is to be aware of your audience.
1. If you are using a non-verbal communications medium with someone outside of your business it is particularly important to make sure your message is understood. The first time you use an acronym explain it. e.g. RDP (Remote Desktop Protocol), RPC (Remote Procedure Call), SMB (Small to Mid-sized Business.) This will be appreciated by the receiver and show that you as an IT Support professional understand their pain.
2. What should you do if speaking to someone and you are not sure if they are familiar with your line of business? Make them feel at ease by stating up front to let you know if they need an acronym defined. Better yet, refrain from using acronyms if you are unsure of your audiences AQ (Acronym Quotient).
Concise communication can be a benefit to everyone. Clear communication is imperative.
In my previous blog, I had gone on about passwords and how people really don't use good ones. Working in IT Support
, I constantly think about this kind of stuff, and this time I am going to question the "secret question" that is used in password resets.
Why even use the secret question? It has never struck me as a good idea. There are vulnerabilities inherent in its use. If you set up your answer to the secret question truthfully, the answer could be figured out by someone doing a bit of research on you. If you set up the answer to the secret question with false information, you might forget it or get it wrong when you need to use it.
There have been several examples of how this method of password recovery has failed in the last year. Twitter had an incident which lead to exposure of internal company information, a certain Alaskan Governor was a victim which lead to internal government and personal information being leaked, and I even found reports of gamers getting their accounts hacked, all because someone figured out the answer to the secret question.
Now I am not here to offer a good solution, nor am I here just to complain about it. What I want you the reader to get out of this is a quick and dirty understanding that the secret question is a HUGE IT security hole that can be exploited. Some companies now have you answer several secret questions. That seems only to delay the hacking and annoy the user trying to recover the password with two questions to remember. It still leaves the possibility that someone could find out the info on you. The only way I see around this is to provide false information on the question that would not be figured out. Sorry Mom, on the next secret question I get, your maiden name is now Vader......ooops.
For more information on how Philadelphia IT Support Company, Trigon, and how its IT Services can help your business, contact us at solutions@TrigonIT.com or call 1-888-494-TRIGON.
To see part one of this blog, read An In Depth Look At Password Security - Part 1
To verify that people are ultimately lazy with passwords, and think their accounts will never be hacked, I did my own limited survey of password use. I asked co-workers, client users, family, and friends if they used any variation of the 123456 password, names, slang, important dates, dictionary words. I found that those not in the IT Support field used names and dates as passwords, I even had one person admit to using 123456. Those in the IT field mostly used names with numbers, capitals, and non standard characters or substitutions. Only two people indicated they used abbreviated phrase based passwords (more on that later). So even in my Monkey Sphere (look it up if you don't know this) I found people taking the easy way.
Those of us in the IT Services field know how to fix this: using the technology provided to restrict the usage of simple passwords and require more complex passwords and training users.
The report also references NASA's password policies. I took a look about the internet and found a FAQ from NASA about their password policy and found that they apply the following criteria:
- The password must have a minimum of 12 characters.
- The password must contain at least one character from at least three of the four following sets of characters:
- o Uppercase Letters (A, B, C, etc.)
- o Lowercase Letters (a, b, c, etc.),
- o Special Characters (~, !, @, #, $, etc.)
- o Numbers (1, 2, 3, etc.).
- You may not reuse any of your previous 24 passwords.
- Password changes are set for every 60 days (That's up to four years till you get to use the same password again.)
WOW! That is restrictive! I love it, and I know the average user would hate it. Do you think this would be acceptable at your average client...probably not?
One tactic that both the report and NASA brought up was using password phrases. I have switched over to these recently and it is very easy to remember passwords based on this.
Basically it goes like this:
Take a sentence and turn it into a password, for example: "Passwords should be complex and hard to hack" might become pwSbc@h2h, that's a nine character password that is not in the dictionary. Picking a sentence that is easy to remember and utilizing substitution, capitalization, and maybe a random character will make a strong password (write that down in your IT Security notes).
All this is not new information to anyone in IT. But it could be new information to the users who just don't know better or new to the work force. It is our responsibility to provide not only the restrictions to make sure the passwords are strong, but the training to the users so they can understand why we have fits when we find passwords like 123456.
I can hear you all say "You can lead a horse to water, but you can't make it drink". Well I say, if the password complexity restrictions are leading the horse (the user) to the water, the training will be me pouring the water over the horse... eventually some water will get into the horse.
If you're located in the Philadelphia area and you were interested in the tips and information in this article, call Trigon, a Philadelphia IT Support company that can help you with IT Security and other IT problems through our PinnacleCare Managed Services Program!
I recently came across a report on password security that was...well.... disturbing. Especially since I work in IT Support.
The report was conducted by Imperva and can be found here.
The report was based on a password study of 32 million passwords, yes 32,000,000. Let's put that number into perspective because it is a large number. If each person in NY City had one password, 32 million passwords would be 3.8 NY Cities!!! A more local comparison would be the same criteria applied to the city of Philadelphia which would work out to be 20.7 Philadelphias!
The passwords were from a hacker who obtained them and posted them in clear text on the internet. Imperva points out that this is a rare opportunity to get actual passwords to study, most password studies are conducted via surveys not actual data. This is the raw data they got to study, not coy answers from people.
The study produced several key findings:
- About 30% of the users chose passwords which had lengths equal or below six characters.
- o Let me do the math to you, 30% of 32 million passwords is 9.6 million passwords. That is everyone in NY City and some of the surrounding areas all having a single insecure password with six or less characters.
- Almost 60% of the users chose passwords for a limited set of alpha-numeric characters.
- o Read: Variations of 123456. Again, I can do the math for you....works out to be....19.2 million passwords. That everyone in NY City and some of the surrounding areas times two!
- Nearly 50% of the users used names, slang words, dictionary words, or trivial passwords (consecutive digits, adjacent keyboard keys, and so on).
- o That means 16 million of those passwords were based on criteria that can easily be discovered through brute force attacks.
- These results compared to another password break 10 years ago which provided a large amount of passwords to be studied and a 1990 Unix password study showed there has been little improvement in user's selection of passwords. The same issues found in the 2009 study are also in the 1999 and 1990 studies.
Why did I find all this disturbing...well it shows something we all know is true, but never to this scale. People are lazy....particularly, lazy with passwords. They will always choose the simple password to remember rather than some obtuse password that is secure if you let them. No matter how often they hear about accounts getting hacked they seem to take the "it won't happen to me" and "remembering is hard" viewpoints.
Be sure to check out Part 2 of this blog later this week! If you need further information on IT Services or IT Security, feel free to contact Trigon!
Have you even heard about USB 3.0 yet? If not, I am sure you will in the near future (besides reading this blog). Well, the 1.0 specification for the new technology has been out for almost a year now, so at some point there will be devices that support the latest version of the USB standard (nicknamed SuperSpeed USB).
According to this website (http://www.everythingusb.com/superspeed-usb.html), there are a number of ways in which USB 3.0 will be better than its predecessors. For one, it will be backwards compatible with both USB 1.1 and USB 2.0. Other improvements upon the USB 2.0 specification will be: higher transfer rates (theoretical maximum of 4.8 Gbps vs. 2.0s limit of 480 Mbps), more power available to devices, power management features, full-duplex data transfers (as opposed to the half-duplex of USB 1.1 and 2.0), and new connectors and cables for devices.
A couple of the drawbacks of USB 3.0 is that it will be more expensive than USB 2.0, due to the necessity of including USB 2.0 support (a separate interface for USB 2.0 is needed, rather than being included in the new connections), and there is not the wide-spread support yet for USB 3.0 that there is for USB 2.0. In coming months, there will most likely be devices and controllers that will be coming out that will aid in the increase of USB 3.0 but as of right now, even the newly released Windows 7 Operating System does not support USB 3.0 (most likely will be included in the first Service Pack).
Negative items aside, this will improve the performance of externally connected devices that require more than the existing USB 2.0 can provide. The biggest area that this will improve will be in the multimedia and data storage realms. Video will be more streamlined and audio performance will be enhanced. Large data transfers will take much less time and allow new devices to be put into use that it would be pointless to implement over USB 2.0 (such as large externally-connected RAID systems).
I am sure that it will take time for USB 3.0 to be more prevalent than USB 2.0, but once devices start coming out that take advantage of the higher throughput and power features, it will only be a matter of time. Similar to DVDs and CDs, I think that USB 2.0 will still be around for quite some time once USB 3.0 is available due to the nature of cost and usefulness. After all, how many more seconds are you going to save transferring a 100MB file onto a USB 3.0 flash drive than you will onto a USB 2.0 flash drive?
Want more info on upgrading your IT Solutions?