Archive for category Infrastructure

Setting Up Secure Email with S/MIME

Posted by on Thursday, 9 April, 2015

Although often overlooked, many standard email clients (not web-based) provide the ability to send S/MIME secure email. S/MIME has been around for quite some time, but you typically only see it used by perhaps government employees or maybe security-minded folks.

What is S/MIME anyway? It stands for Secure/Multipurpose Internet Mail Extensions.

Using client certificates, similar in concept to server certificates, a user sending an email can do two major things:

1) Digitally Sign an email – this marks the email as having come from the actual sender and will show the receiver if the mail has been altered after the sender signed and sent the email. Nifty!

2) Encrypt an email – once two users both have S/MIME configured and have exchanged messages (thus exchanging public keys), they can exchange encrypted messages back and forth. Note that this is different in concept than TLS level transport encryption between SMTP servers. Transport level encryption ensures that while in transit the message is not sent in the clear. S/MIME level message encryption ensures that the only one who can read the message is the intended recipient – who of course has the private key.

What’s really nice is that a user on an email system or client that doesn’t support S/MIME will still be able to read the signed (but not encrypted) messages. They simply see a smime.p7s file attachment with the message.

Read the rest of this entry »

Wireless Network Design Tips

Posted by on Tuesday, 16 April, 2013

As we’ve helped clients deploy high-quality wireless networks, we thought we’d compile a list of some of the top tips to ensure consistent performance and security:

Read the rest of this entry »

Proper Syntax for Setting the PDC Emulator Time Source

Posted by on Tuesday, 15 January, 2013

The articles from Microsoft are all over the place with this one, but the correct syntax to add multiple servers as valid time sources to the PDC emulator is shown below. I typically use the pool servers in the US area of, but feel free to substitute as needed.

w32tm /config /,0×8 /syncfromflags:MANUAL /reliable:yes

Note that the begin quotation mark goes before the list of server addresses, but NOT the colon after /manualpeerlist. I’ve bolded the quoation marks in question to highlight them. This is the piece that many websites show incorrectly.

It doesn’t make sense to filter websites as blogs, and it hasn’t for at least half a decade.

Posted by on Friday, 4 January, 2013

Wow, time flies when you’re busy billing. As we enter 2013 it’s easy to see how neglectful we’ve been of this blog. 2012 was our busiest year yet, and we thank all our wonderful clients for all the great opportunities to help them solve their technical challenges.

One challenge that repeatedly comes up is in regards to permitted web browsing. A few of our clients work under a much larger entity that controls web access through proxy appliances, namely devices by Blue Coat. This isn’t to point them out specifically, as what I’m about to describe seems de rigeur across the web filtering industry niche.

These specific customers are troubled often when trying to research a technical issue. Perhaps they, like many of us, do a google search of the problem. They see in the results something germane to their issue. When they click on the link however, the proxy appliance that is maintained by the controlling organization’s IT team blocks access to the page, because that organization decided they wanted to block anything in the “Blogs/Personal Pages” category. (Click here to see the definitions for these categories used by Blue Coat)

So while researching the issue I noticed that Blue Coat’s own security blog was not classified as a “Blogs/Personal Pages” and pointed this out to them. They agreed that it should be put in this category according to their current definitions. Blue Coat helpfully pointed out that an IT Department could craft rules that would, for example, allow websites marked as “Blogs/Personal Pages” only if they were also categorized as “Computers/Internet.” While useful, the cold hard fact is that often IT teams don’t do this: it’s simply more effort on already overworked IT groups, and such groups are apt to want to keep things as simple as possible.

Read the rest of this entry »

Understanding Exchange 2010 Personal Archive Requirements

Posted by on Sunday, 20 March, 2011

We recently had a client who was looking to implement Exchange 2010 personal archives. For those that aren’t familiar with the feature, personal archives are essentially a second mailbox associated to a user’s primary mailbox. By creating a personal archive, companies can potentially get away from PST files for archiving of old mail. The personal archive can be stored on a different mailbox database, and isn’t cached if you’re running in cached mode. Nifty.

Of course it’s pretty well known that Microsoft requires a premium Exchange CAL to use Personal Archives, and that you also must be running the Enterprise Edition of Exchange Server 2010. Fair enough, even though I think personal archives is a feature that every company small or large can really benefit from and should be something Microsoft is pushing harder. What ends up being a confusing topic is what version of Outlook is needed to access the personal archive, and this is where our client ran into snags.

Read the rest of this entry »

A New Year with New Opportunities

Posted by on Tuesday, 11 January, 2011

What a rewarding 2010 it was here at Walker IT Group, LLC. First and foremost, we’d like to thank our customers over the past year that contributed to us getting off the ground. Your business was most appreciated, and we’re thankful for all the positive feedback and referrals to new customers.

It was a full year, and we’ve had the opportunity to work on some great projects such as Exchange 2010 migrations, Office Communications Server pilots, VMware migrations, and a host of other technology challenges. So busy in fact that it’s been tough to keep the blog up to date!

I’d like to share with everyone some exciting news. Every once in a while one of our customers comes to us and asks if we can procure hardware and software for them. The answer has always been that we can put them in touch with the right folks thanks to our industry connections, and we at Walker IT Group, LLC will help ensure everything is spec’ed out correctly.

This has happened often enough that after much consideration and planning, we are pleased to announce that we have officially become a reseller of IT equipment and software! We’ve put agreements in place with two distribution powerhouses: Ingram Micro and Tech Data. Through our relationship with these firms, we’re now able to offer our customers a wide selection of products from thousands of different manufacturers. When it’s time to purchase new equipment, please think of us, we’d love the opportunity to present you a free, no-obligation quote.

Additionally, we’ve also partnered with select companies that align well with our offered services in order to give the customers that ask for it the ability to have a “one-stop shop” for their IT Infrastructure needs. Please see our “Partners” page for more details on the current roster. We will periodically review our relationships and maintain a suitable mix based on the needs of our customers.

We of course recognize that many of our existing customers prefer to buy their equipment and software through their own sources, and we’d like to reiterate this doesn’t present a problem at all. The service you’ve come to expect from us will continue to be available regardless to where you’ve purchased your equipment or software.

Finally, while these partnerships are important to us, let me re-assure everyone that we primarily think of ourselves as a service provider. To that end, if the right solution for your business is from a vendor that we don’t have as a partner we won’t hesistate to recommend that solution for you – arriving at the right answer for our customer’s businesses is more important to us than proposing an alternate solution just because we happen to sell it. At the same time, we’ve carefully selected our current partners because we feel they offer some of the best solutions in the industry.

We’re excited about the opportunity to expand our offerings to our customers, and we weclome your feedback and comments.

Microsoft KMS Demystified

Posted by on Thursday, 15 July, 2010

In my travels recently (which explains the paucity of blog entries) I have noticed a lot of organizations seem to be struggling with Microsoft’s Key Management Services (KMS). Today I’ll briefly cover the technology and how it can help your business.

What is it?

Microsoft KMS is a service that companies who have volume licensing agreements for their Microsoft Products can activate installed copies of their software.

What’s covered?

As of this writing, KMS covers all volume licensing editions of Windows Server 2008, Windows Server 2008 R2, Windows Vista, Windows 7, and Office 2010.

Read the rest of this entry »