Tag Archives: users

Oracle Autonomous JSON Database takes on MongoDB, Couchbase

Oracle’s new Autonomous JSON Database is generally available, providing users with a cheaper version of its cloud database that is specifically focused on JSON as a document database.

JSON, a widely used protocol for data interchange, is the foundation of document databases. Oracle already supported JSON within its Autonomous Database, the company’s flagship cloud database offering that supports multiple formats.

The move to create a separate JSON document database offering intends to help serve developers who don’t need all the capabilities of Oracle’s main Autonomous Database offering, but still want the scalability and cloud management that Oracle provides.

Oracle’s latest release is also about market competition, as there are multiple cloud-based JSON document database services, including MongoDB Atlas, Couchbase and Amazon DocumentDB.

“My view is that the main effect of this development will be to prevent existing Oracle customers from going to MongoDB, Couchbase or some other JSON document database for new workloads and for cloud migrations,” IDC analyst Carl Olofson said. “This is partly aimed at migrations, but also new projects, which is why the low-cost Oracle Database for JSON is so important.”

Autonomous JSON Database is priced at less than 25% of Oracle’s full Autonomous Transaction Processing database, according to the company’s website.

Oracle Autonomous JSON database
Oracle now enables its cloud users to create an Autonomous JSON database as one of the optional deployment choices.

How Autonomous JSON cloud database works

At the core of the new Autonomous JSON Database is an open source document store API known as Simple Oracle Document Access (SODA).

The SODA API has been part of the Oracle Autonomous Database since 2016 and provides an interface that developers can interact with and query without the need for SQL, Oracle product manager Gerald Venzl explained. While users do not have to use SQL to query data in the document database, Venzl noted that SQL queries are supported as an option.

“We still allow people to use SQL on top of JSON,” Venzl said. “It gives developers choice and flexibility.”

The main effect of this development will be to prevent existing Oracle customers from going to MongoDB, Couchbase or some other JSON document database for new workloads and for cloud migrations.
Carl OlofsonAnalyst, IDC

JSON document database use cases

JSON database workloads are increasingly common, Venzl noted, though not all developers and users have been aware that Oracle supports that capability in its Autonomous Database cloud platform. By separating out JSON as a separate service, he said the goal is to raise awareness for the feature to attract more users.

The Oracle Autonomous Database is what is known as a multimodel database, supporting different models, including full transaction database, JSON and graph database approaches. Venzl noted that some users might have questioned why they should pay for the full-featured database, when all they need and use is JSON. As such, he expects that the new Autonomous JSON Database will help serve those users who only want to run a document database.

Oracle could potentially create additional specific Autonomous Database versions in the future, to support other uses,  such as a graph database. Oracle continually monitors the market to see what users need, he said.

“As of today, Autonomous JSON is the new kid on the block and we’re excited to see how it will perform and what other new workloads will come along,” he said.

Go to Original Article
Author:

Microsoft Teams users seek better channel management tools

Users of Microsoft Teams are increasingly frustrated that the software vendor has kept two highly demanded channel management features on the backlog for years.

Thousands of customers have asked Microsoft to introduce the ability to archive channels and move them between teams. But Microsoft has kept both feature requests on the back burner.

The features’ absence causes headaches for IT admins as they try to keep their organization’s Teams account organized.

Sometimes users create channels under the wrong team. But the only way to fix the mistake is to delete the channel and all the user work inside.

Other times, a project moves from one team to another. In those cases, users want to move the channel associated with the project to the new group.

After only six months of using Teams, a data management consulting firm in London had heavily active channels that it needed to move but couldn’t.

“It is frankly ridiculous,” said a senior manager. The admin requested anonymity because he wasn’t authorized to talk for the firm.

The lack of such an essential feature as moving channels demonstrates how Teams is still relatively immature as a collaboration app, said Eric Prosser, who oversees IT and facilities for the Santa Clara County Housing Authority.

“It just doesn’t have a lot of the bells and whistles that other tools have,” Prosser said.

Channel archiving would be another important feature for keeping Teams organized. Users can already hide channels from view. But they also want to archive them so that they no longer count towards the 200-channel limit within a team.

With more than 21,000 votes, the ability to move a channel between teams is the third most popular request on Microsoft’s user feedback site for Teams. Channel archiving, at more than 14,500 votes, is the seventh most popular.

The features are two examples of necessary enhancements to Teams that users have been waiting on for years. For instance, users are also seeking improvements to the calendar and the ability to use multiple Teams accounts simultaneously on the desktop version of the app. 

Instead of fixing these problems, Microsoft has made it a priority to improve its video conferencing capabilities to catch up to Zoom. The vendor recently expanded its group video display and planned to launch a new virtual reality-style video mode.

“It’s Microsoft,” Prosser said. “Microsoft thinks that they know everything for you.”

Go to Original Article
Author:

Salesforce Pardot, Interaction Studio get feature boosts

Salesforce Marketing Cloud users will finally get their hands on technology Salesforce acquired from Datorama, Evergage and Tableau in the form of new features due to be released in the coming months.

Salesforce Pardot, the B2B marketing automation suite under Marketing Cloud, will debut Salesforce Pardot Premium this month, the company said. Aimed at enterprise users, the new package adds Einstein AI capabilities to tackle predictive campaign analytics and the difficult concept of attribution — how marketers determine which campaign or channel drove what revenue.

Earlier this year, Salesforce acquired Evergage, a personalization technology vendor. Features from that acquisition will manifest themselves in Salesforce Interaction Studio, another wing of Marketing Cloud in which users track real-time engagement with customers via numerous channels such as marketing emails, social media channels and customer service.

Within Interaction Studio, new features slated for third-quarter release include Einstein Personalization Recipes, which enables the design and testing of recommendations for individual customers; Einstein Personalization Decisions, which uses an AI learning model to determine next best actions; and A/B testing to predict how different experiences may perform on different channels.

Salesforce Marketing Cloud data visualizations screenshot
Datorama and Tableau features coming to Salesforce Marketing Cloud offer analytics data visualizations to give marketing users context around customer activity, in this case.

Salesforce takes on Adobe with new features

The Salesforce Pardot Premium and Interaction Studio features may challenge those of market leader Adobe, Constellation Research analyst Nicole France said. While existing Salesforce users will welcome these granular, AI-assisted recommendation tools if they hadn’t used them before, enterprise users who already get that functionality from a mixed Salesforce-Adobe tech stack may also look at how they overlap.

“This is partly about having a competitive play [with Adobe and other vendors],” said France, adding that users want to simplify their stacks by reducing the number of vendors they need to put together to get the job done. “It’s also partly about having a tool that’s well integrated to a set of tools you’re already using — from a user standpoint, there is some appeal.”

Even when we come out of this, back to some sense of normalcy, a lot of behaviors have probably changed forever.
Adam BlitzerCEO, Salesforce Marketing Cloud

Available now in Salesforce Marketing Cloud are data-handling features built from its 2018 Datorama acquisition, combined with Tableau data visualization and analytics technology. Together, they pull together a Salesforce user’s marketing data and port it to charts and graphs based on a number of metrics such as geography or role of their customers in the buying process to understand and optimize marketing performance.

While integrating features from the acquisitions of Datorama, Evergage and Tableau were on the product roadmap for some time, Salesforce Marketing Cloud CEO Adam Blitzer said that some were moved up in the development queue after the pandemic reconfigured the needs of Salesforce users. Those included the analytics and tools that allow the mixing and mingling of different data sets.

“We have reevaluated our roadmaps, based on the world in which we find ourselves,” Blitzer said. “No one is sure when the current environment is going to end as we are in lockdown and isolation. … Even when we come out of this, back to some sense of normalcy, a lot of behaviors have probably changed forever. This notion of running your business from anywhere, being able to work from anywhere, is likely here to stay.”

Go to Original Article
Author:

Users eager for Slack to improve video calling

Slack users welcomed the news that the team collaboration vendor plans to use technology from Amazon to improve audio and video calling.

Today, Slack’s conferencing service is glitchy and lacks essential features, users said. The shortcomings mean Slack customers must rely on other vendors for online meetings.

“We need to have large-scale meetings on occasion, and Slack simply doesn’t cut it performance- or quality-wise with multiple participants,” said Drew McMurry, a web developer at a nonprofit genealogical organization.

Slack is a great collaboration tool, McMurry said. But he wishes the app contained as many video conferencing features as Microsoft Teams. Because it doesn’t, McMurry must frequently switch apps. “This is a pain,” he said.

Slack user Beth Perkins said being able to schedule and conduct large video meetings in Slack would make her organization more efficient. Her company only uses Slack’s video feature for quick one-off conversations.

“The current feature is pretty basic, and a little buggy,” Perkins, director of people and culture at digital product design firm O3 World, said. “I’d love to see more tools that enable us to keep working in Slack without having to bounce between a ton of other windows and applications.”

But users will have to wait for those enhancements. In the near term, Slack’s use of Amazon’s technology might improve call quality. Beyond that, however, Slack has not made clear when users can expect new features to launch.

In a statement, Slack said it might use Amazon’s technology to support meeting recording and transcription, and video conferencing on mobile. But those features would be part of its “long-term roadmap.”

CEO Stewart Butterfield told investors last week that the company was not interested in becoming a full-fledged video conferencing provider. Instead of investing in native meeting features, the company has pursued advanced integrations with vendors like Zoom and Fuze.

Slack’s lack of support for real-time communications could be costing the company customers, though. Rivals Microsoft and Cisco provide all-in-one apps that support messaging, video conferencing and external calling.

Analysts said Slack’s partnership with Amazon was a step in the right direction. 

“I think Slack has realized there is an important piece of the pie missing,” said Tim Banting, an analyst at London-based research firm Omdia. “This is a way to backfill that very quickly.”

Slack calls today can’t be scheduled ahead of time and are limited to 15 people. Users also can’t invite people outside of their Slack account to meetings or share their screen and video feed at the same time.

Slack will soon use the technology behind the video product Amazon Chime to power calling. Chime supports audio conferences with up to 250 people, including external guests, and lets 16 people share video on desktop at one time.

Amazon Chime also integrates with standards-based meeting room systems. However, Butterfield suggested Slack wasn’t interested in getting into the conference room market.

Irwin Lazar, an analyst at Nemertes Research, said it makes sense for Slack to focus on what it does best — team collaboration — while integrating with a range of video conferencing providers. The Amazon partnership gives Slack everything it needs, he said.

“It would take tremendous investment for them to build out their voice/video capabilities, and that effort would take away from their core focus on developing their team app,” Lazar said.

Slack also announced that Amazon was giving all its employees the option of using Slack. However, neither Slack nor Amazon would say how many Amazon employees were using the app today.

Go to Original Article
Author:

Adobe Experience Manager buoys U.S. census during pandemic

Holding up the 2020 U.S. Census as an example, Adobe made its case to U.S. government users that its cloud content management and web experience tools can serve up rich digital experiences, as Congress opens up its coffers to fund IT modernization.

The census is taken once every 10 years and boasts the largest peacetime mobilization of U.S. civilians in order to count its population, said Christina Stoehr, chief of the U.S. Census Bureau’s web and new media branch. In the midst of the COVID-19 pandemic and social distancing, the national self-response rate was 57.3% as of current data through May 5, exceeding the planners’ expectations, she said.

Digitizing the census-taking process saves $107 in taxes for each citizen who fills it out, with a potential savings of $55 million over the course of the census, said Stoehr, who discussed the project at the Adobe Digital Government Symposium. The census launched digitally earlier this year on Adobe Experience Manager, and enables citizens to fill it out online for the first time.

“The U.S. census serves as a recent example of how dedicated focus on [IT] modernization and customer experience can transform how mission outcomes are delivered,” said Suzette Kent, the federal CIO, in her conference keynote. “Our up-front investments prepared the government to continue operations, even when the COVID-19 crisis [began].”

Federal CIO Suzette Kent
At the Adobe Digital Government Symposium virtual conference, Federal CIO Suzette Kent, the U.S. government’s top IT official, discusses the deployment of Adobe cloud software across several agencies.

Census CX built from scratch

The census helps government officials determine how to spend $675 billion in federal funding based on community populations; the digital experience around the site had to convey this point and encourage participation in a climate of general distrust of the government, Stoehr said.

It also had to accommodate rapidly changing technologies and mobile devices, and be able to manage the incoming data. So the bureau decided to use customer experience principles to accomplish their goals.

“Even in the public sector, government is starting to better understand its customers and offer them personalized content and service offerings by population segment, and by demographics, via digital channels,” Stoehr said. “With this in mind, for the 2020 census we needed a real point to deliver messages to specific visitors.”

Even in the public sector, government is starting to better understand its customers and offer them personalized content and service offerings by population segment, and by demographics, via digital channels.
Christina StoehrChief of the web and new media branch, U.S. Census Bureau

The project also included refreshing the census site data access interface used by researchers, journalists, academics and more, and supporting advertising campaigns to recruit census takers and to encourage citizens to fill it out.

The agency chose Adobe Experience Manager to host the content, Adobe Launch for content analytics and Adobe Target to serve relevant content to users from the site, which supports 59 languages. Accenture provided journey mapping, among other services. Communications agency Reingold provided UX design and site testing, as well as content creation and coordination.

Adobe takes on Amazon, Microsoft

The Census Bureau’s digital experience project launched amid a number of large government IT initiatives, including the still-under-dispute $10 billion Joint Enterprise Defense Infrastructure (JEDI) contract awarded to Microsoft and numerous other federal IT modernization projects.

Alan Pelz-Sharpe, founder of advisory firm Deep Analysis, said that while Adobe’s not a headline-grabbing government IT vendor, its technology has been deeply ingrained in local, state and federal IT for decades on the strength of it PDF digital document tools.

While those technologies might not have the cachet of the Adobe Experience Manager and sophisticated web analytics that the company currently markets heavily, PDF’s saturation of the government market provides the launch pad for new government IT contracts up for grabs.

“When we think about Adobe, we think about experience management, the things they do with digital marketing, advertising agencies and websites,” Pelz-Sharpe said. “But then there’s the traditional part of Adobe, the Document Cloud. For some reason, nobody wants to talk about those, but it’s their core business.”

The U.S. government is far behind European sites in digital experience for its citizens, Pelz-Sharpe said. Using commercial cloud systems and consultants like Accenture to update sites should catch it up faster and may prove to be less expensive than building their own sites and back-end support. The census site could serve as Adobe’s proof of concept for other federal agencies seeking to modernize their own digital experiences, he concluded.

Go to Original Article
Author:

VMware Cloud Foundation to run on new Google Cloud service

Google Cloud users can now run VMware Cloud Foundation workloads, thanks to a new managed service deal between the two companies.

The service, dubbed Google Cloud VMware Engine, builds upon the company’s existing VMware offering. VMware users can run VMware’s full Cloud Foundation stack on dedicated bare-metal servers provided by Google. The Cloud Foundation stack includes VMware vSphere, vCenter, vSAN, NSX-T and HCX.

Last July the two companies signed a deal that allowed VMware users to run workloads natively on Google Cloud, which gave VMware users an alternative to AWS. As part of that deal, CloudSimple administered the platform running on Google Cloud with Google-provided first-line support.

Google subsequently acquired CloudSimple in November. The new Google Cloud VMware Engine service offers unified billing, a UI within the Google Cloud console, and integrations with native Google Cloud services such as BigQuery, Anthos and Cloud AI. Google handles lifecycle management of the Cloud Foundation stack.

CloudSimple’s technology has also powered Microsoft Azure’s similar VMware service. This month, Microsoft delivered a preview of the “next evolution” of that service but offered few specifics on what will change. “Our newly announced service Azure VMware Solution does not use CloudSimple, but the Azure VMware Solution by CloudSimple continues to be a Microsoft Azure GA service backed by Microsoft SLAs,” Microsoft said in a statement.

It makes sense for Google to aggressively go after VMware workloads, as each company has complementary positions in a number of markets, said Dana Gardner, principal analyst at Interarbor Solutions LLC in Gilford, N.H.

“Google Cloud needs more enterprise traction and VMware needs to get with more cloud partners, and it doesn’t upset any existing relationship they have with other [cloud partners],” he said.

Another reason Google is strengthening its relationship with VMware is the anticipated hit Google will take over the next couple of quarters to its advertising revenues because of the COVID-19 pandemic.

“They will be looking more toward their cloud business to generate more earnings as a way to compensate,” Gardner said.

The downside of VMware cloud choices

While enterprises now have their pick of VMware hosting options among the cloud hyperscalers, this is a case where choice can lead to complexity, analysts said.

They point to the added administrative costs users take on in introducing another cloud platform in their environment along with the time it takes to get C-suite level approval. Given the technical similarities among the top three cloud providers, the bureaucratic headaches may not be worth the trouble.

“It gives VMware users an option, but how rich an opportunity is it for Google with many VMware users already deploying multiple clouds?” said Brian Kirsch, an IT architect and instructor at Milwaukee Area Technical College. “Also, with just one cloud provider, sometimes it’s easier for IT organizations to have all their cloud billing in one place.”

The pandemic has created a rich opportunity for cloud providers to form strategic partnerships with so many of corporate users working remotely.

Google has some pretty unique capabilities in the area of AI, so you can run VMware workloads and still access those Google services to work in your VMware environment.
Gary ChenResearch director, IDC

“Amazon has never looked stronger and Microsoft is also doing very well financially,” Gardner said. “So, other [cloud] players in the field looking to become number three, now is the time to get really aggressive because this opportunity may not be there later on,” he said.

Another analyst sees both the advantages and disadvantages for VMware shops incorporating Google Cloud, especially if they already support one of Google’s competitors.

“A lot of companies have selected Google for a particular set of reasons, so getting VMware for another cloud can be a hassle,” said Gary Chen, research director, overseeing IDC’s software-defined compute practice. “But Google has some pretty unique capabilities in the area of AI, so you can run VMware workloads and still access those Google services to work in your VMware environment.”

The Google Cloud VMware Engine rollout begins with availability limited to two U.S. regions today. Eight more around the world will be added in the second half of the year, according to Google.

Go to Original Article
Author:

Talkdesk adds virtual agents, rebrands CCaaS suite as CX Cloud

Users of Talkdesk’s contact-center-as-a-service suite have new tools to enhance customer experience, such as virtual agents, remote agent support and deeper hooks into marketing, integrations with CRM cloud platforms and connections to enterprise collaboration tools such as Slack and Microsoft Teams.

The company released 20 new features in the weeks leading up to its recent Opentalk 2020 virtual user conference, and renamed its CCaaS offering Talkdesk CX Cloud. While some of the features, such as a workforce management and business continuity, either were up and running or long-planned, the COVID-19 pandemic gave rise to new ones such as CXTalent, which uses AI to pair job seekers with organizations looking to fill remote contact center roles.

For contact centers, the most significant of the new Talkdesk features revolve around the company’s foray into workforce management, said Sheila McGee-Smith, president and principal analyst at McGee-Smith Analytics. That means Talkdesk is taking on new, bigger competitors such as NICE InContact, Verint and Genesys.

“They’re building an entire workforce management suite, which includes [agent] performance management and quality monitoring,” McGee-Smith said. “It’s been on their website, but they’ve never publicly taken that step to say ‘Yeah, we’re doing this.'”

Virtual agents, collaboration connectors in Talkdesk CX Cloud

Connecting to enterprise collaboration tools helps agents find answers to customer questions more quickly, said Charanya Kannan, chief product officer at Talkdesk. Customer service cloud vendors  including ServiceNow have introduced features to connect agents to their company’s in-house experts who help solve account problems or technical issues.

Charanya Kannan, Talkdesk Chief Product Officer, introduces CX Cloud at the company's Opentalk 2020 virtual user conference.
Charanya Kannan, Talkdesk Chief Product Officer, introduces CX Cloud at the company’s Opentalk 2020 virtual user conference.

“A lot of times when customers ask questions, agents will have to communicate with the rest of the organization to get answers,” Kannan said. “At companies where some of these questions are very deep, you need to bring in your technical account manager or different people internally. This provides a mechanism to collaborate, making customer experience not just the job of the contact center employee.”

Many of Talkdesk’s customers, she added, run contact centers with 1,000 or more agents. Finding in-house experts via popular collaboration tools can be an efficient way to navigate large, multinational organizations that are in the process of moving whole IT operations to the cloud.

Other new Talkdesk CX Cloud features include connectors to CRM systems, so salespeople can see more detail about their customers’ interactions with customer service, and vice versa. Currently, Talkdesk customers connect to about 60 different CRMs, Kannan said. Salesforce is by far the most popular, followed by ServiceNow and Zendesk. About 70% of Talkdesk customers use one of those three CRMs.

“Salesforce and Talkdesk share a lot of similarities,” Kannan said, adding that they fit together well because companies that use Salesforce are already familiar with and comfortable working on an extensible multi-tenant cloud SaaS platform, which Talkdesk also is.

Salesforce added voice capabilities for contact centers to its Service Cloud offering late last year, making it a potential competitor for Talkdesk.

Go to Original Article
Author:

At long last, Microsoft Teams to get multiwindow support

Microsoft Teams will soon let users open chats, calls and video meetings in separate windows. The long-sought feature will help people multitask in the team collaboration app.

Microsoft plans to finish rolling out pop-out chats this month. Teams will get multiwindow support for calls and video conferences sometime in June.

Nearly 20,000 people have asked Microsoft to add multiwindow capabilities to Teams since the first request in 2016. It’s yet another example of an essential feature of Skype for Business that’s still missing in Teams.

“It’s like not being able to open multiple Word or Excel documents at the same time,” said Andrew Dawson, an IT professional based in the United Kingdom. “Archaic!”

Without the ability to open multiple windows, users can only do one thing at a time in Teams. The limitation forces some companies to use other communications apps in conjunction with Teams.

Jacques Detroyat, an IT manager for a company based in Switzerland, said one common workaround is for users to message on Skype for Business or WhatsApp during Teams meetings.

The setup is not ideal, Detroyat said. “It’s a bit like writing with a badly sharpened pencil or trying to have a conversation in a noisy environment: You can do it, but the experience won’t be great.”

Screenshot of Microsoft Teams chat
Microsoft is rolling out multiwindow chat for Microsoft Teams in May.

Some users want the company to support multiwindow viewing in even more scenarios. For example, Microsoft could let users edit a document in Teams in one window while searching for information they need in another. But the company has not committed to doing so.

Users will be able to open multiple Teams windows only in the Windows and Mac desktop apps. Microsoft has not said whether users of the web app will eventually get the upgrade.

The launch of multiwindow support will not solve another problem that users face. People want to be able to open separate Teams windows for different accounts on desktop. Microsoft has committed to letting users sign in to multiple accounts at the same time. But it has not provided an update on the feature in months.

Teams has attracted millions of new users during the coronavirus pandemic. The app grew from 20 million daily users at the end of 2019 to 75 million daily users in April.

The increased usage of Teams has made its shortcomings more aggravating to users. Complaints include the app not having a large enough group video display or a robust calendar.

Go to Original Article
Author:

Find and lock down lax Windows share permissions

Keeping your data secure and away from unauthorized users is a complex task, which can be even more difficult if a default setting in Windows gets in your way.

Trying to secure Windows share permissions is a big challenge due to a setting called bypass traverse checking that the OS enables by default. This setting gives access to folders even if the user does not have access rights to any of its parents.

We can remove this authorization with group policy object setting, but it’s there for a reason. Without this setting enabled, you will see a big drop in performance since Windows will check every parent folder to see if the user is allowed to go to the target.

This article will explain how to create a report on Windows share permissions to determine which users have excessive authorizations and how to mend it using PowerShell and Sysinternals.

Gathering file shares and their authorized users

First, we need to find the file shares on the servers and client systems. We could do this either by using the Get-SmbShare command or by calling the win32_share namespace using either Get-CimInstance or Get-WmiObject.

For this example, Get-WmiObject is the preferred way to fetch our shares because it’s a more streamlined approach. Launch the PowerShell Terminal as an admin on a file server and enter the following command:

Get-WMIObject -Class win32_share

Name Path Description
---- ---- -----------
MyShare C:demoshare Demo share
ADMIN$ C:WINDOWS Remote Admin
C C:
C$ C: Default share
D$ D: Default share
E$ E: Default share
IPC$ Remote IPC
print$ C:WINDOWSsystem32spooldrivers Printer Drivers
scripts C:scripts

The PowerShell command outputs all the shares, but it doesn’t show the users with access to them. That’s because the Windows share permissions reside in another namespace called Win32_LogicalShareSecuritySetting:

Get-WmiObject -Class Win32_LogicalShareSecuritySetting

This resulting output doesn’t tell us much either. We need a more comprehensive PowerShell script to generate something more useful:

# Get all shares on the computer
$Shares = Get-WMIObject -Class win32_share

# Variable to processed shares to.
$NetworkShares = [System.Collections.Generic.List[PSCustomObject]]::new()

# Ignore default shares by filtering out '2147483648'
foreach ($Share in $Shares | ? {$_.Type -ne '2147483648' -and $_.Name -ne 'print$'}) {

# Create an object that we'll return
$ShareObject = [PSCustomObject]@{
Name = $Share.Name
Description = $Share.Description
LocalPath = $Share.Path
ACL = [System.Collections.ArrayList]::new()

}
# Get the security settings for the share
$ShareSecurity = Get-WmiObject -Class Win32_LogicalShareSecuritySetting -Filter "name='$($Share.Name)'"

# If security settings exists, build a list with ACLs
if($Null -ne $ShareSecurity){
Try{
$SecurityDescriptor = $ShareSecurity.GetSecurityDescriptor().Descriptor

foreach($AccessControl in $SecurityDescriptor.DACL){

$UserName = $AccessControl.Trustee.Name
$Trustee = $AccessControl.Trustee

If ($Trustee.Domain -ne $Null) {
$UserName = "$($Trustee.Domain)$UserName"
}

If ($Trustee.Name -eq $Null) {
$UserName = $Trustee.SIDString
}

$ShareObject.ACL.Add(
[System.Security.AccessControl.FileSystemAccessRule]::new(
$UserName,
$AccessControl.AccessMask,
$AccessControl.AceType
)
) | Out-Null
}

# Return the share object with the ACLs
$NetworkShares.Add($ShareObject)
}
Catch{
Write-Error $Error[0]
}
}
Else {
Write-Information "No permissions found for $($Share.Name) on $ComputerName"
}
}

The content of the $NetworkShares variable should end up looking similar to the following:

PS51> $NetworkShares

Name Description LocalPath ACL
---- ----------- --------- ---
DemoShare Demo share C:demoshare {System.Security.AccessControl.FileSystemAccessRule}
scripts C:scripts {System.Security.AccessControl.FileSystemAccessRule, System.Security.AccessControl.FileSystemAccessRule}

PS51> $NetworkShares[0].ACL

FileSystemRights : FullControl
AccessControlType : Allow
IdentityReference : Everyone
IsInherited : False
InheritanceFlags : None
PropagationFlags : None

We’ve successfully gathered data about our Windows share permissions, showing who has access to what. That might not be enough because administrators usually assign network share permissions on the NTFS level, not the network share level.

We also need to check the files and folders in the share if there are excessive permissions for other groups, such as Everyone or Domain Users.

Scanning file permissions using AccessChk

We have a list of our file shares. Next, we need to get all the file permissions. The fastest way to do this is by using the AccessChk file utility from the Sysinternals suite and parse the output with PowerShell.

Put AccessChk on your file server and copy the AccessChk64.exe file to your system32 folder. You can either download the utility from the link above or use the following PowerShell code to download it and copy it to your system32 folder:

Invoke-WebRequest -OutFile $env:TEMPAccessChk.zip -Uri https://download.sysinternals.com/files/AccessChk.zip 
Expand-Archive -Path $env:TEMPAccessChk.zip -DestinationPath $env:TEMP -Force
Copy-Item -Path $env:TEMPAccessChk64.exe C:WindowsSystem32AccessChk64.exe

We can use PowerShell to create a wrapper function around AccessChk for use in a script:

Function Invoke-AccessChk {
param(
$Path,
$Principals,
$AccessChkPath = "$env:windirsystem32accesschk64.exe",
[switch]$DirectoriesOnly,
[switch]$AcceptEula

)

# Accept EULA
if($AcceptEula){
& $AccessChkPath /accepteula | Out-Null
}

$Argument = "uqs"
if($DirectoriesOnly){
$Argument = "udqs"
}

$Output = & $AccessChkPath -nobanner -$Argument $Path

Foreach($Row in $Output){

# If it's a row with a file path output the previous object and create a new one
if($Row -match "^S"){
If($Null -ne $Object){
if($Object.Access.Keys.Count -gt 0){
$Object
}
}
$Object = [PSCustomObject]@{
Path = $Row
Access = @{}
}
}

# If it's a row with permissions
if($Row -match "^ [R ][W ]"){
If($Row -match ($Principals -replace "\",'\' -join "|")){

$Row -match "^ (?<Read>[R ])(?<Write>[W ]) (?<Principal>.*)" | Out-Null

$Object.Access[$Matches.Principal] = @{
Read = $Matches.Read -eq 'R'
Write = $Matches.Read -eq 'W'
}

}
}
}
# If it's the last row - output the object once more
if($Object.Access.Keys.Count -gt 0){
$Object
}
}

We can now run Invoke-AccessChk with the network shares stored in the $NetworkShares variable from the previous step. We add to a list of the security principals — without “domain” — to find:

# Invoke-AccessChk will only output files/folders where the following principals have permission:
$RiskPrincipals = @(
'Everyone',
'Domain Users',
'Domain Computers',
'Authenticated Users',
'Users'
)

$RiskyPermissions = Foreach($NetworkShare in $NetworkShares | Select -First 1){

# Only scan directory if it's shared to one of the principals in $RiskPrincipals
$RiskPrincipalExist = $Null -ne ($NetworkShare.ACL.IdentityReference.Value -replace ".*\" | ? {$_ -in $RiskPrincipals})

if($RiskPrincipalExist){
Invoke-AccessChk -Path $NetworkShare.LocalPath -Principals $RiskPrincipals
}

}

The $RiskyPermissions variable will give output similar to this:

PS51> $RiskyPermissions

Path Access
---- ------
C:demoshareFile1.txt {BUILTINUsers, NT AUTHORITYAuthenticated Users}
C:demoshareFolder1picture.png {NT AUTHORITYAuthenticated Users}
C:demoshareFolder1Folder2 {NT AUTHORITYAuthenticated Users}

PS51> $RiskyPermissions[0].Access

Creating a report from several computers and servers

Thus far, you can get a list of all the file shares and check all the files with the PowerShell wrapper for Invoke-AccessChk. One of PowerShell’s many strengths is its ability to scale. PowerShell remoting will take the code we’ve produced to the next level to gather the information from several computers at once.

First, we need a list of computers and servers to scan. If possible, the easiest way is through the Active Directory module from RSAT:

$Computers = (Get-ADComputer -Filter *).dnsHostName

This method might not be an option in larger environments that are heavily segmented. Another approach is to get data from your configuration management database or entering it manually using the following example:

$Computers = @(
'Server1',
'Server2',
'Server3',
'Server4',
'Server5',
'PC1'
# etc
)

Now it’s time to tie all these components in a script that uses PowerShell background jobs to do the following actions on the machines specified in the $Computers parameter:

  • Get all shares that are shared out to one of the principals in $RiskPrincipals.
  • Download AccessChk if it does not already exist.
  • Check the NTFS permission of all shares gathered by AccessChk.
  • Return an object with a list with all files where the security principals in $RiskPrincipals have either read or write permissions.

The computer running the script will then collect the results of all jobs and output it to a CSV file with the name ShareAccessReport.

Remember to run the following as an admin on a computer that has network access to said machines and to accept the EULA for AccessChk by changing $AcceptEula to true:

$Computers = @(
'Server-1',
'Server-2',
'PC-1'
)

# Accept EULA for AccessChk
# CHANGE TO TRUE
$AcceptEula = $false

if(!$AcceptEula){
Write-Warning "Did not accept EULA for AccessChk, can't continue"
break
}

# Principals that we want to scan for
$RiskPrincipals = @(
'Everyone',
'Domain Users',
'Domain Computers',
'Authenticated Users',
'Users'
)

# List of shares that we want to ignore.
# Setting a share name tied to it just in case since it should almost always be that path
$IgnoreShares = @(
'print$'
)

# Scriptblock that we'll send with Invoke-Command
$Scriptblock = {

$RiskPrincipals = $args[0].RiskPrincipals
$IgnoreShares = $args[1].IgnoreShares
$AcceptEula = $args[2].AcceptEula

# Functions to download and use AccessChk
# It utilizes a shell object instead of Expand-Archive for backward compatability
Function Download-AccessChk {
param(
$Url = "https://download.sysinternals.com/files/AccessChk.zip",
$Dest = $env:temp
)
if(Test-Path "$destaccesschk.zip"){
rm $DestAccessCHK.zip -Force
}
(New-Object System.Net.WebClient).DownloadFile($url, "$env:tempAccessChk.zip")
$Shell = New-Object -ComObject Shell.Application
$Zip = $shell.NameSpace("$env:tempAccessChk.zip")
$Destination = $shell.NameSpace("$env:windirsystem32")

$copyFlags = 0x00
$copyFlags += 0x04
$copyFlags += 0x10

$Destination.CopyHere($Zip.Items(), $copyFlags)
}

# The function that utilizes accesschk from part 2
Function Invoke-AccessChk {
param(
$Path,
$Principals,
$AccessChkPath = "$env:windirsystem32accesschk64.exe",
[switch]$DirectoriesOnly,
[switch]$AcceptEula

)

if(!(Test-Path "$env:windirsystem32accesschk64.exe")){
Download-AccessChk
}

# Accept EULA
if($AcceptEula){
& $AccessChkPath /accepteula | Out-Null
}

$Argument = "uqs"
if($DirectoriesOnly){
$Argument = "udqs"
}

$Output = & $AccessChkPath -nobanner -$Argument $Path

Foreach($Row in $Output){

# If it's a row with a file path output the previous object and create a new one
if($Row -match "^S"){
If($Null -ne $Object){
if($Object.Access.Keys.Count -gt 0){
$Object
}
}
$Object = [PSCustomObject]@{
Path = $Row
Access = @{}
}
}

# If it's a row with permissions
if($Row -match "^ [R ][W ]"){
If($Row -match ($Principals -replace "\",'\' -join "|")){

$Row -match "^ (?<Read>[R ])(?<Write>[W ]) (?<Principal>.*)" | Out-Null

$Object.Access[$Matches.Principal] = @{
Read = $Matches.Read -eq 'R'
Write = $Matches.Read -eq 'W'
}

}
}
}
# If it's the last row - output the object once more
if($Object.Access.Keys.Count -gt 0){
$Object
}
}

# Get all the shares by using WMI
$Shares = Get-WmiObject -Class win32_share

# Create an object that we will later return when we're done
$ReturnObject = [PSCustomObject]@{
ComputerName = $ComputerName
NetworkShares = [System.Collections.Generic.List[PSCustomObject]]::new()
AccessibleObjects = @{}
}

# Ignore default shares by filtering out '2147483648'
# Ignore shares in $IgnoreShares
foreach ($Share in $Shares | ? {$_.Type -ne '2147483648'} | ? {$_.Name -notin $IgnoreShares}) {
$ShareObject = [PSCustomObject]@{
Name = $Share.Name
Description = $Share.Description
LocalPath = $Share.Path
ACL = [System.Collections.ArrayList]::new()

}

$ShareSecurity = Get-WMIObject -Class Win32_LogicalShareSecuritySetting -Filter "name='$($Share.Name)'"
if($Null -ne $ShareSecurity){
Try{
$SecurityDescriptor = $ShareSecurity.GetSecurityDescriptor().Descriptor

foreach($AccessControl in $SecurityDescriptor.DACL){

$UserName = $AccessControl.Trustee.Name
$Trustee = $AccessControl.Trustee

If ($Trustee.Domain -ne $Null) {
$UserName = "$($Trustee.Domain)$UserName"
}

If ($Trustee.Name -eq $Null) {
$UserName = $Trustee.SIDString
}

$ShareObject.ACL.Add(
[System.Security.AccessControl.FileSystemAccessRule]::new(
$UserName,
$AccessControl.AccessMask,
$AccessControl.AceType
)
) | Out-Null
}

# Only add network share if it contains a risk user/group

$Match = $False
Foreach($IdentityReference in $ShareObject.ACL.IdentityReference.Value){
Foreach($Pattern in $RiskPrincipals){
if($IdentityReference -Match $Pattern){
$Match = $True
}
}
}
if($Match){
$ReturnObject.NetworkShares.Add($ShareObject)
}
Else {
Write-Verbose "No match for risky groups, not adding"
}

}
Catch{
Write-Error $Error[0]
}
}
Else {
Write-Information "No permissions found for $($Share.Name) on $ComputerName"
}

}
# Get all files from NetworkShares where a principal from $RiskPrincipals have either read or write access
$ReturnObject.NetworkShares | Foreach {
$ReturnObject.AccessibleObjects[$_.Name] = Invoke-AccessChk -Path $_.LocalPath -Principals $RiskPrincipals -AcceptEula:$AcceptEula
}

# Done! Lets return the returnobject:
$ReturnObject
}

# To add to the argument list of Invoke-Job because the remote PowerShell job doesn't have access to our variable space.
$InvokeParam = @{
RiskPrincipals = $RiskPrincipals
IgnoreShares = $IgnoreShares
AcceptEula = $AcceptEULA
}

# Start jobs
$Job = Invoke-Command -AsJob -ComputerName $Computers -ArgumentList $InvokeParam -ScriptBlock $Scriptblock

# Wait for jobs to finish
$Job | Wait-Job

# Collect data from all jobs
$Output = Get-Job | Receive-Job

# Output the output into a CSV
$ToCSV = Foreach($Result in $Output){

Foreach($Key in $Result.AccessibleObjects.Keys) {

# For using Select-Object expressions to get the data out of $Result.AccessibleObjects
# The downside of working a lot with hashtables
$ReadAccess = @{
Name='ReadAccess'
Expression={
$Base = $_.Access
($Base.Keys | ? {$Base[$_].Read}) -join ","
}
}

$WriteAccess = @{
Name='WriteAccess'
Expression={
$Base = $_.Access
($Base.Keys | ? {$Base[$_].Write}) -join ","
}
}

# Select from AccessibleObjects and create property for the principals with ReadAccess and WriteAccess
$Result.AccessibleObjects[$Key] | Select @{Name='ShareName';Expression={$Key}},Path,$ReadAccess,$WriteAccess
}
}
# Export the CSV
$ToCSV | Export-Csv -Path .ShareAccessReport.csv

When the PowerShell job finishes, it will create a full report of the access of the principals in the $RiskyPrincipals variable.

Fixing Windows share permissions

After you review the CSV and find the permissions that need adjusting, there are two ways to correct them. If there are only a few, then the best way is through the GUI. But if there are thousands, then the following command will use the CSV output to speed this along:

# This needs to run locally on the server with the file share.

$UserToRemove = 'Guest'
$CSV = Import-Csv -Path .ShareAccessReport.csv | ? {}
$CSV | ? {$_.ComputerName -eq $env:COMPUTERNAME} | Foreach {
$ACL = Get-Acl -Path $_.Path
$ACL.Access | ? {($_.IdentityReference.Value -replace '.*\') -eq $UserToRemove} | Foreach {
$ACL.Access.Remove($_)
}
}

This PowerShell script will remove all permissions for the Guest security principal.

The first report will usually bring a lot of work though because it will discover a lot of oddities and risks when it comes to your Windows share permissions. But running a solution like this regularly, especially targeted toward shares with sensitive information, will pay off in the end.

Go to Original Article
Author:

Everbridge Critical Event Management tailored for COVID-19

47 million. That’s the number of coronavirus-related messages Everbridge sent on behalf of its users in the past week.

Everbridge Critical Event Management software is on the front lines of coronavirus IT response, aided by a specially targeted line of products and recent acquisitions.

Everbridge CTO Imad Mouline said the usage pattern for his company’s software is typically spiky. The system was built for large fluctuations in usage and can add capacity quickly.

“This is something we’re really, really good at,” Mouline said.

Other incidents have put Everbridge software to the test. For example, during Hurricane Dorian in 2019, Everbridge users sent out 14 million messages in just a few days, Mouline said, and that was in a smaller geographical area.

Everbridge takes on coronavirus with ‘Shield’

To aid employee protection and business continuity during the coronavirus pandemic, Everbridge launched COVID-19 Shield. The software as a service includes targeted pandemic data feeds and rapid deployment templates.

COVID-19 Shield uses the Everbridge Critical Event Management platform to help organizations identify risks, protect the workforce and manage disruptions to operations and supply chain.

Screenshot of Everbridge dashboard
An Everbridge dashboard shows assets that are potentially impacted by COVID-19 in the Washington D.C. area.

Everbridge has three COVID-19 service levels, which build on each other.

The entry-level “Know Your Risks” provides COVID-19 alerts featuring real-time intelligence such as case statistics, travel advisories, closures and supply chain impacts. The next level up, “Protect Your People,” manages critical response plans, automates communications and includes a potential threat feed and coronavirus-specific messaging templates.

“Protect Your Operations and Supply Chains,” which includes the other two offerings’ capabilities, automatically correlates alerts to physical assets, including buildings and people. It also initiates standard operating procedures to resolve issues and generates real-time status reports on remediation and recovery tasks.

COVID-19 Shield provides access to the Everbridge Data Sharing Private Network, where users can share information publicly and privately to facilitate enhanced local intelligence and response coordination.

Everbridge offers a “Rapid Deployment” package for governments, businesses and healthcare organizations that gets the COVID-19 Shield running in less than two days, according to the vendor. 

Mouline said the coronavirus-tailored products can help streamline communication, provide situational awareness and offer a quick form of protection.

Pricing is based on the size of the organization, for example, the number of people or assets in need of protection. Assets may include the number of office locations or supply chain elements.

The Everbridge Critical Event Management platform in total reaches more than 550 million people globally, according to the vendor, which is based in Burlington, Mass. Everbridge claims about 5,000 customers.

Learn best practices for pandemic response

Paul Kirvan, a business resilience and disaster recovery consultant, said it’s important for employees to heed messages from their businesses and government.

Emergency notification software such as Everbridge’s is most appropriate for notifying employees of any new company policies, government notifications, reminders about social distancing and hand washing, and other messages for broad distribution,” Kirvan wrote in an email. “The same can be true for notifying remote domestic offices, overseas offices, regulatory authorities, government agencies and other important stakeholders.”

Information sharing between companies and within industry groups is invaluable, not just for status reports but also to help share insights into effective crisis and continuity strategies, said Jackie Day, a partner at consulting firm Control Risks, on a webinar last week hosted by her company and Everbridge.

Companies should also take advantage of lessons learned from others who have gone through the pandemic crisis, such as Asian organizations, said Matt Hinton, a partner at Control Risks.

While talk of a business impact analysis is often greeted with eye rolls, Hinton said, companies with one are better prepared to deal with tricky scenarios.

There is no one-size-fits-all approach.

“Your actions have to be targeted,” Everbridge’s Mouline said.

Mouline advised organizations to clearly separate informational messaging from emergency messaging, as employees are bombarded with information.

You want to communicate on a regular basis, but you want to avoid over-alerting.
Imad MoulineCTO, Everbridge

“Use the alerting capabilities sparingly,” Mouline said. “You want to communicate on a regular basis, but you want to avoid over-alerting.”

And the crisis will end at some point, Hinton noted. So organizations need to be thinking about recovery and the transition back to the office environment.

“Recovery is often that forgotten son when it comes to crisis management,” Hinton said.

Everbridge acquires three companies

Everbridge has been busy with acquisitions lately, purchasing technology that is helping coronavirus response.

The Everbridge Critical Event Management platform’s new IoT extension module uses intellectual property from technology acquisitions of Connexient and CNL Software. Critical Event Management for IoT increases the number of uses for the Everbridge platform. For example, it improves the ability to coordinate first responders and other healthcare resources based on real-time data on the broader impact of COVID-19.

Specifically, Connexient provides information on indoor positioning and wayfinding, with a focus on healthcare organizations. CNL offers integrations with a variety of other types of devices, including access control systems, building management systems, intrusion detection systems and fire panels, Mouline said. The Critical Event Management platform will send out information on needed next steps, for example sounding an alarm or locking doors.

Everbridge also acquired cell broadcast provider One2many. The resulting unified Public Warning System provides a countrywide population alerting capability. The platform enables countries to share updates on viral hotspots and pandemic best practices; coordinate first responders and healthcare resources; establish two-way communications with at-risk populations; and manage disruptions to transportation, education and other services, according to Everbridge.

The three acquired companies have each become an “Everbridge company.” Everbridge did not release terms of the acquisitions.

Go to Original Article
Author: