The computer restarted unexpectedly or encountered an unexpected error. Windows installation cannot proceed. To install Windows. click “OK’ to restart the computer. and then restart the installation

The work around for the boot issue is a quick registry edit: While at the above screen don’t click okay – instead hit Shift+F10, type registry.exe in the command box that comes up and change the value of HKLM/SYSTEM/Setup/Status/ChildCompletion/setup.exe to 3 then reboot. However, we wouldn’t want to do that with every single templated machine that we deploy.

The problem comes down to a race condition of the specialize phase during sysprep and the way Cloudbase-Init was installed on this template. When installing CBI its common to not use the option at the end of the installer to immediately perform a sysprep operation but that skips some of the logic that it does. To work around that we need to edit the Unattend.xml file as well as change the cloudbase-init service.

1. After the Cloudbase-init installation is complete, run the following in an elevated command command prompt or use services.msc to disable automatic startup of the Windows service

1. 1.    sc config cloudbase-init start= disabled
2. Edit the unattend.xml in C:\Program Files\Cloudbase Solutions\ file to enable automatic startup mode of the cloudbase-init Windows service. This command _must_ be set as <Order>1</Order> and the existing unattended cloudbase-init node set to <Order>2</Order> so that the re-enable command runs prior to the unattended instance of cloudbase-init, which requires a reboot.

<RunSynchronousCommand wcm:action=”add”>

<Order>1</Order>

<Path>sc config cloudbase-init start= auto</Path>

<Description>Re-enable auto start of cloudbase-init</Description>

<WillReboot>Never</WillReboot>

</RunSynchronousCommand>

1. Perform any remaining customization steps and application installs you need to do. For example we change the cloudbase-init config files to run particular plugins
2. Assuming you use the default install directories then create a batch file in C:\Program Files \Cloudbase Solutions\Cloudbase-Init\conf with the following”

1. 1. Cd C:\Program Files \Cloudbase Solutions\Cloudbase-Init\conf
   2. Ipconfig /release
   3. c:\windows\system32\sysprep\sysprep.exe /generalize /oobe /mode:vm /shutdown /unattend:unattend.xml

1. 1. Now is a good time to snapshot your VM
   2. Launch an admin command prompt. Navigate to ‘C:\Program Files \Cloudbase Solutions\Cloudbase-Init\conf’ and execute the batch file to sysprep and shutdown your template
2. Clone this VM and convert to a template or ingest it to whatever tool you’re using. That will leave you with the base VM you can quickly apply Windows patches to in the future and just run the batch script to sysprep next time without having to rearm it.

Note: If you are using dissimilar hardware between where you built the template and when its eventually deployed you may also need to remove the following from the Unattend.xml file <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls>

Here is an example modified unattend.xml

We hope this helps you in your journey to automating the cloud!

Reference Links:
https://social.technet.microsoft.com/Forums/windows/en-US/153f59d4-383c-4008-8f0e-3977dc3b14e5/sysprep-windows-could-not-parse-or-process-unattend-answer-file-for-pass-specialize?forum=win10itprosetup
https://bugs.launchpad.net/cloudbase-init/+bug/1407842 specifically the post from Curt Moore (jcmoore) on 2015-03-08
https://ask.cloudbase.it/question/693/reboot-loop-when-booting-a-glance-windows-image-with-cloud-init/

The post Troubleshooting Windows Server Sysprep Issues with Cloudbase-Init appeared first on Thrive.

In part two, we’re sharing a few more information technology acronyms that should be well-known, describe them, and explain how they impact your organization.

EPP: Endpoint Protection Platform

Focusing on prevention, an Endpoint Protection Platform is capable of providing security and blocking malware on end user devices (or endpoints), such as mobile devices, laptops, and related workstations. An Endpoint Protection Platform is a traditional anti-virus solution, and while it may solve some of the issues on the front lines, it should be paired up with Endpoint Detection and Response (EDR). While an EPP can prevent traditional malware, ransomware, and zero-day vulnerabilities from reaching devices, Thrive’s Managed Endpoint Security and Response offers real-time response and a more reliable security solution for organizations.

MDM: Mobile Device Management

As enterprises experience an increase in end users utilizing mobile devices to handle certain tasks, it is important to have a Mobile Device Management solution in place. If devices are left unsecured, it may expose corporate data and other vital information. As the workforce evolves, an integrated Mobile Device Management solution ensures compliance for devices and workstations. Thrive offers a targeted solution that provides comprehensive control over mobile devices within an organization on one platform.

SSO: Single Sign-On

Single sign-on software allows users to access more than one database or application with one standardized set of credentials. SSO software is meant to provide simplified access to applications or programs without having to log in multiple times. Not only do SSO products improve ease of use for users, but IT administrators and developers will also enjoy centralized access management. Thrive ensures single sign-on software is properly implemented, with secure access to applications and data for users.

MFA/2FA: Multi-Factor/2-Factor Authentication

Multi-factor and 2-factor authentication, often used interchangeably, requires a user to provide multiple forms of verification to access an application or resource. 2FA is a subset of MFA, but maxes the number of factors at two, while MFA can be two or more. While an application or website requiring a password may seem safe, passwords are often far too easy to guess. Multi- or two-factor authentication may require a user to enter a pin from their phone, or provide a fingerprint verification to gain access to the application. One-time passwords (OTPs) are often used, too, which may be sent via email, text, or through a mobile app. If your organization requires users to access a corporate VPN or cloud-based application, MFA/2FA should be a part of your business strategy.

RPO: Recovery Point Objective

RTO: Recovery Time Objective

Recovery Time Objective (RTO) and Recovery Point Objective (RPO) are critical parts of any organization’s business continuity and disaster recovery plans. RPO defines the goal related to the maximum amount of data (measured by change over time) that may be lost just prior to the disaster. RTO defines the approximate or maximum time until the data and/or systems can be accessible again in order to continue business operations. RPO and RTO are parts of a business continuity plan, which is designed to help organizations understand where data is stored and who has access to it.

For more information about Thrive’s NextGen managed services, be sure to contact our experienced team today!

The post Information Technology Acronyms You Need to Know: Part 2 appeared first on Thrive.

At Thrive, we are always happy to spend our time developing targeted solutions for clients and providing necessary services. At times, however, all those acronyms can start to add up, which is why we are taking some time to explain what it means, for example, that your MSP is going to provide DR services to protect your organization and end users. (That’s a Managed Service Provider providing Disaster Recovery services, for those of you keeping track at home.)

Let’s take a closer look at some of the acronyms we use on a near-daily basis, what they mean, and what it means for your organization.

SIEM (pronounced “sim”): Security Incident and Event Management

This is a software solution that can collect data from across the IT environment within your organization, helping pick up on trends and detect threats. Thrive’s managed SIEMaaS (that’s Security Incident and Event Management as a Service) is a modern solution designed to monitor IT infrastructure and SaaS based applications without complicated hardware or a large, specialized security team required.

SOC (pronounced “sock”): Security Operations Center 

At a Security Operations Center, security professionals monitor network activity, tracking potential threats from around the globe. SIEM and SOC complement one another – the SOC team of analysts tracks any alerts coming from the SIEM, and take further action to remediate issues when required. Our 24×7 SOCs monitor infrastructure and threats for businesses.

vCISO (pronounced “vee see-so”): Virtual Chief Information Security Officer

For organizations not looking to hire a full-time CISO, a vCISO can fill operational and business gaps. This emerging role can be a good fit for start-ups and small- to medium-sized organizations. Our vCISO experts assist with developing and implementing a customized Information Security Program, ensuring you meet all regulatory, audit, and compliance regulations.

EDR: Endpoint Detection and Response

Endpoint Detection and Response brings together real-time monitoring and the collection of tangible endpoint data, with the ability to respond against threats and stop malicious activity. Traditional antivirus and malware technologies don’t go far enough, and don’t offer high levels of protection against suspicious activity. Thrive’s Endpoint Detection and Response offers the necessary round the clock real-time threat detection organizations need.

SD-WAN: Software-Defined Wide-Area Network

SD-WAN overlays on an existing network, helping provide better application engagement and simplifying operations at the WAN edge. Software-driven WAN provides better connectivity among varying network environments. Thrive offers Managed Secure SD-WAN Service capable of enabling application-based path selection from remote branch offices to the applications that drive your business, whether they reside in your data center or in the cloud.

DRaaS: Disaster Recovery as a Service

Should a natural or man-made disaster occur, Disaster Recovery as a Service (DRaaS) utilizes the Cloud to protect important applications and data. We partner with IT teams to create a comprehensive business continuity plan, with a DRaaS plan activated if needed. DRaaS ensures businesses limit downtime and return to regular business operations as soon as possible.

Now that you are up to date on your acronyms and our solutions, we invite you to contact our experienced team to assist with your NextGen managed service needs!

The post 7 Must-Know Information Technology Acronyms appeared first on Thrive.

By the end of 2020 there will be more than 26 billion active IoT devices such as Ring doorbells, Nest cameras, digital assistants and Smart TVs. While these devices provide the latest in smart home technology and convenience, they also provide a massive attack surface that cyber adversaries are actively exploiting for nefarious purposes.

This past week, Ring made news headlines after it was reported by the Washington Post that perpetrators had compromised home security cameras to terrorize young children. Cyber criminals target IoT devices because they are often rushed to market with security features disabled in the interest of simplicity and functionality. Once compromised, these devices provide a means to gain access to other connected devices within the home network.

Due to the proliferation of IoT devices, the FBI recently issued guidance on securing IoT devices within home networks. For employees remotely accessing company data from home it is essential to implement proper cyber hygiene to mitigate firm risk and maintain personal privacy. It is important to understand how to mitigate this risk by following a few essential steps.

Five Essential Steps for Improving IoT Home Security

1. Change all default passwords to a unique password for each device and enable MFA (multi-factor authentication) wherever possible.
2. Configure privacy settings for IoT devices and apps.
3. Ensure home IoT devices are running on the latest firmware and if supported, enable automatic updates.
4. Segregate IoT devices on a network that is isolated from computers with access to client data or your corporate network.
5. Be mindful of microphone and camera usage and settings.

The post IoT Devices: Your Data is only as Secure as your Weakest Link appeared first on Thrive.

There is a big misconception that cyber security ends when you leave your place of employment. The fact of the matter is that our new connected, and always on lives are prime targets for cyber criminals. One often ignored aspect is our home networks. While most people have nothing of value in their home network when compared to the treasure trove of information that can be gathered from a giant corporation; individuals are still a prime target for cybercrime. Why would someone target a home user who has nothing but pictures and documents on their family computer? The answer is very simple, because home users are easy targets, and those pictures are extremely valuable to that family. The same goes for the personal information possibly stored in those documents, everything from social security numbers, to banking information. Second, home users don’t have security teams watching their home networks for malicious activity and blocking or remediating discovered issues. Finally, home users are more likely to pay to get their data back. Let’s discuss some of the common holes in home security and how to plug them.

1. Home Wireless

This is probably the biggest and easily exploitable hole in the home network. While most other systems inside your home require you to gain access to the actual premises, your home WiFi signal is broadcasting outside your own house. This means that a skilled individual can sit outside and brute force your WiFi security. Once he has access to your WiFi, he can then access all your other IoT connected devices and anything else on your network. WiFi security is always evolving, and this means that newer security options are released to further secure your network. But most end users never update their WiFi routers, and thus never gain the benefits that come with the enhancements. Couple that with the fact that people will reduce their security protocols to make it easier for them to have a Wi-Fi password that they can remember. WiFi routers have come a long way since the days when most people had Linksys or NETGEAR routers at home. Most of those devices were found to have security holes in them but not many were replaced. Today’s more modern routers come with the ability to automatically download and update firmware which in turns gives access to enhancements and better security protocols.

2. IoT Devices

Let’s face it, as consumers we love connected devices; everyone dreams of a smart home. These days you can find smart versions of almost every home appliance as well as newer smart enabled devices/hubs. All these devices use your home WiFi to connect, but they also introduce their own level of vulnerabilities into your home network. For example, I read a story last year about a smart home thermostat that was compromised, and the home user locked out. The device would not allow the temperature controls to be accessed until a ransom was paid. There are also stories about home baby monitors and video surveillance cameras that have default passwords, and because of this vulnerability it allows someone to listen in or monitor your activities, as many come with built-in cameras now. This covers all devices in your home that have a network or internet connection. Especially those that are accessible from outside the home.

3. Home Computer

Another big hole in the home network is the actual home computer. In an enterprise environment there are teams of people who ensure that your operating system is up to code with the necessary updates and anti-virus software. However, at home, this process is left up to you, the consumer. This is even more important if you have a computer that is shared by a family; as many malicious sites target simple things like misspellings of legit site names, or users who don’t know to look for unsecure sites.

How can we better protect our home networks? The steps outlined below, while not a 100% guarantee, will keep you ahead of the curve and increase your cyber security footprint beyond just work.

1. If your router is more than 3-5 years old, it might be time to replace it with a new router that benefits from better antenna technology and security. This will allow you to increase your WiFi security to WPA2 / PSK instead of the more commonly used WPA.
2. Find out how to update your router and other IoT devices firmware and set a calendar appointment for quarterly updates of your devices. Treat them like your computer operating system and understand that they need regular updates too.
3. Maintain a current build of your operating system. This ensures that you are patched for vulnerabilities and don’t fall behind. Microsoft has announced that it is ending support for Windows 7 in January 2020. If you are on an older build of Windows, it might be time to start looking at upgrades.
4. Keep your anti-virus updated and current. Many people will ignore when their AV subscriptions run out, and not realized that new virus’ and threats come out each day. Treat your pc like a human body, it needs vaccines and booster shots from the AV software to keep it from getting and infection.
5. Change default passwords on IoT devices. For example, many home security cameras or routers have well known and published default administrator credentials, update yours to be unique.

Want more tips on keeping your data safe at home? Check out some of Thrive’s other blogs.

The post Protect Your Home from Cybercrime appeared first on Thrive.

What Differentiates a VEC from a BEC?

VEC attacks are similar to, but potentially much more dangerous, than a typical BEC.  A VEC attack typically targets a CEO or CFO using similar methods as a BEC such as spear phishing, password spray attacks, credential stuffing, and social engineering.  Regardless of the method the goal is to gain access to the email accounts of an organization’s executives or high-level employees.  Once the account has been compromised hidden mail forwarding rules are established on the backend.  This allows a copy of every sent and received email to be forwarded to the attacker, unbeknown to the account holder.

Over a period of weeks and in some cases months, the emails are analyzed allowing the attacker to learn about customer billing cycles and typical invoice amounts. The attacker studies the exact format of emails, email signature, logos and leverages this information to create highly realistic fraudulent invoices for just the right amount at just the right time.  The fraudulent invoices are then sent a few days before payment would usually be made.  To a casual observer there is no noticeable difference between a genuine and fraudulent invoice except a subtle change to the usual payment destination.

A VEC attack is extremely effective because the fraudulent email is sent from a genuine and trusted email account matching past invoice deliveries to the letter.

Six steps to take to mitigate this threat for your organization

• Establish a security awareness training program for all employees
• Employ an email security layer that includes advanced impersonation detection techniques
• Implement proper systems oversight with logging, monitoring and alerting for email platforms
• Leverage user behavioral anomaly detection services for email access
• Enabled multi-factor authentication for email access
• Disable weak and less secure mail protocols

To learn more about these services, please contact Thrive today.

[1] Agari Cyber Intelligence Research Division

The post The Cyber Security Threat Predicted to be the Most Costly in 2020 & Six Steps to Prevent It appeared first on Thrive.

Some will argue that they have been safe so far, but global digital security firm Positive Technologies reports that there were 765 million accounts affected by data breaches in 2018 for the months of April, May and June alone. This number is only climbing with breaches reported almost weekly from various companies. To top it off, the breaches are usually not reported to the public for months. This means your information has already made its way to the Dark Web before you are even notified. For the end user the answer is very simple, end to end protection on their online accounts. There are many free authenticator apps out there that are cross application and give you a single collection of your secure tokens. Two of the most popular ones are the Microsoft Authenticator and the Google Authenticator.

Try using these simple rules:

• Enable 2FA or MFA on all your email addresses and other web-based logins.
• If the app does not support one of the authenticator or 2FA methods above opt for the SMS option. While SMS is not as secure it is still a better option than no secondary authentication factor.
• Separate passwords for work and personal life.
• Create passwords tiers so that if one account is affected by a breach it doesn’t automatically lead to all the others being affected.

Remember it is no longer about convenience, but about protecting your identity.  The cost of repair far exceeds the hassle of entering in a code to grant access. If you’re interested in implementing 2FA in your company, contact Thrive today.

The post Enable Two-Factor Authentication appeared first on Thrive.

It was 2:30am one weekday night when my smoke alarms started going off at home. They are all connected together, so the whole house was a nice alarm bell. It was a weird fall night when it was warm outside and very foggy. We have had a lot of work done in the house, and I assumed it was a malfunction because of the dust that had been kicked up and the humidity outside. I disconnected the alarm that started this noise and got the family back into bed. 

It wasn’t until 20 minutes later that I realized my mistake. I assumed I knew what the problem was, but I didn’t verify. Off I went checking every corner of the house to make sure I was in fact correct, and there was no fire, (which gladly there was not); but those 20 minutes could have been disastrous. I needed a plan.

Every business should have an incident response plan. Something to follow at 2:30 in the morning when you are not fully awake and thinking clearly; allowing you to contain the problem and not make it worse. A well thought out plan will help you limit downtime and increase confidence in your systems. But a good plan is not enough, you need to test it. This will help you find out what doesn’t work and allow you to replace equipment, software, or adjust policies prior to something happening. This is where table top exercises come in. You declare a disaster (email is broken, DNS provider goes down, Azure AD offline, etc) and you follow the plan to resolution.  That’s when you find out that the phone tree doesn’t work when nobody has access to the file server. Without testing, you really never know if it will work.

When this is done, a postmortem should be reviewed. What are the lessons learned? What do you need to change for next time? My family and I have done that with our alarm scenario, and I have since bought new fire alarms. We have a plan and if it ever happens again, we all know exactly what to do. While you hope a disaster never strikes, if it does, a well thought out plan will help you get through it.

Step one is making your plan, and step two is testing it – Thrive can help with both. Contact us today if you’d like to speak with an expert on how to best protect your business.

The post Test Your Cyber Security Readiness appeared first on Thrive.

“When in Doubt, Throw It Out” – Why is this phrase so important as it relates to Cybersecurity?  Let’s start with a staggering statistic from Verizon’s 2018 Breach Investigations report that found 92 percent of malware is still delivered via email and one of the most common methods is via phishing emails.  This means that young, working, and elderly people that use email are susceptible to receiving malicious files or content. The reality is that tweets, online posts, text messages, online ads, etc. all entice the user into doing something that leads them down a path where something bad could potentially happen.  Often the phishing emails look like they come from a colleague, friend, or an organization that the recipient inherently trusts which makes the statement “When in Doubt, Throw It Out” even more perplexing for the recipient.

If you receive an email, tweet, text, etc. that seems strange then “When in Doubt, Throw It Out” comes into play.  If you feel an urge to open it, but have a funny feeling that something does not see right, pick up the phone and verbally confirm that the sender of the message really did send you the request.  Whether at work or sitting on your couch watching Sunday afternoon football games, while looking at your phone or computer make sure you remember “When in Doubt, Throw It Out… Call and Confirm!”

Please contact Thrive or call us at 866-205-2810 for more information on the managed options that are available to proactively protect your user and businesses from the bad stuff that is still primarily coming in via email.

The post When in Doubt, Throw it Out – Or Call and Confirm! appeared first on Thrive.

• 73% of cyber-attacks were done by outsiders, and 50% of those are organized criminal groups.
• 76% of breaches are financially motivated. Cryptolocker, stealing data, etc – it all comes back to money.
• 4% of people will click on any given phishing campaign. According to the Verizon Breach Report, people who click once, tend to click again.
• 68% of breaches took a month or longer for the company to act. Since most breaches happen within a few minutes, time is of the essence.

All of those numbers are fairly scary, but there are things you can and should do to protect your company.

What should you be doing?

• Monitor your network for abnormal behavior by looking at your Logs. Anything out of the norm could be an indicator of a vulnerability that cyber-criminals can take advantage of.
• Train your people! Security awareness training does work and if you are not doing it, you should be!
• Patch your systems – an unpatched system is asking for someone to hack it.  Make the cyber-criminals work for their money.
• Setup Two-Factor authentication on everything – this includes your domain account!
• Encrypt your hard drive. Every modern operating system allows you to do this, so do it.
• If you are a bank, financial institution or retail, pay attention to physical security.  About 34% or more of your criminal activity is done physically.

Cyber security is hard, but ignoring it doesn’t make it go away.  The only thing you can do is take a realistic view of your systems and determine the best way to protect them.  A cybersecurity professional can really help in this instance. Professionals should be able to assess the vulnerabilities in your environment and make the best recommendations that are unique to your business. If you would like Thrive to assist in securing your organization, contact us today to set up a consultation.

The post Welcome to Cyber Security Month appeared first on Thrive.