How to install Office 2013 Home and Business without a Microsoft Account

When Microsoft released Office 2013 the thought at Microsoft was that cloud storage is something that everyone would want. It was discovered very early on that this idea did not work well in the corporate environment. Many businesses, even small businesses, did not want their data out there for the world to discover. And as we all know, given enough time and money, any secure environment can be compromised.

If you purchased your license for Office 2013 with a computer, the OEM Office installation did allow one to install the product without creating a Microsoft Account. This solved the problem for many people.

However, the Microsoft Account requirement became a problem when the operating system was re-installed. Some managed providers routinely remove the factory installed image to install an OS image of their own for consistency reasons. At other times, the time effective way of removing a malware infection is just to wipe the disk and re-install the OS.

With the help of Wayne Cooley of Dell Technical Support, a link to download an image of Office 2013 has been found! Wayne found a link in Spiceworks (http://community.spiceworks.com/topic/299174-microsoft-office-2013-product-key-card-requires-account?page=2#entry-20760870) by Peter Court that pointed to a Microsoft download site. That site can be found at http://officecdn.microsoft.com/pr/39168D7E-077B-48E7-872C-B232C3E72675/media/en-US/HomeBusinessRetail.img. I burnt this image to a DVD (for future use) and installed it with the Product Key supplied by Dell with the machine.  I should note that the installation worked extremely fast from the CD for the machine I was working on.

I should also point out that there is another option for any Registered or better Microsoft Partner. You can download the OEM installation environment from Microsoft at http://www.microsoft.com/oem/en/installation/downloads/Pages/office-single-image-v15-opk.aspx#fbid=0H22b2sEUs- . Although I have not tried it, this should give you the ability to install the same “Out of Box” experience that one would get when first receiving a machine from a manufacturer.

I hope these links help those of us out there that really don’t want our Office environment out in the cloud.

So you can’t get Quickbooks to work in Multi-user mode on Windows 2012 R2

Usually I write more about technology from a business owner’s perspective. But today, after spending about hours and hours with tech support from both Quickbooks and Microsoft, I’m writing about a technical issue. I just upgraded a client’s network to a Windows 2012 R2 Essential server. Like most small businesses, they use Quickbooks extensively to run their business. They had been running Quickbooks 2011 and needed to upgrade to Quickbooks 2014 to support their payroll functionally. For those that are legal eagles, I should note that Quickbooks™ is a registered trademark of Intuit, Inc. and Windows™ is registered trademark of Microsoft, Inc.

Like most IT professionals, the plan was to do one upgrade at a time to try and keep the number of things that changed to a minimum. The installation of the new server and all the new workstations worked like a charm. We then tried testing Quickbooks. In this case, 5 users access Quickbooks as a major function of their job. Each of the users could access and work with the Quickbooks 2011 database, but only in single user mode; we could not change to multi-user mode.

So, it was off to Quickbooks support. Since we had to change to Quickbooks 2014 for payroll support, the recommendation from tech support was to upgrade to Quickbooks 2014 to see if that fixed the problem. After several hours of conversion attempts and diagnostics, our Quickbooks tech declared that there was something wrong with the Quickbooks database and it needed to be sent into their database group for repair. This repair was to take 3 to 5 days. Since it was the Wednesday before a holiday weekend, we were hoping we would get notified that the file was available on Friday, but more realistically, we figured we would hear on Tuesday.

Not having heard from Quickbooks by mid-day Tuesday, the client called Quickbooks and discovered that the database group had received the file, but had no idea what they were supposed to do with it. Instructions were given and the file was made available late Thursday.

We installed the file and started testing. We still could not get multi-user access to the new Quickbooks 2014 version of the database. Quickbooks support got called in again. After spending another half day with Quickbooks support, they declared that there was something blocking the ports they needed open on the server. When asked if there was any additional help we could get from them, like Tier 2 support, we were informed that there was no additional support that is available to clients and we were on our own to figure out what the problem was with the ports. They only thing they would point to is an article in their knowledge base that walk you through the same steps we had taken. There were also the following lines at the bottom of the article:

Once you have followed all the steps in the article above and still experience the H202 error (your file is hosted on a Windows Server 2012 server), sign up to be notified below.

We are working to resolve this issue. We will notify you as soon as we have a solution or update to this topic.

Knowing that Quickbooks support wasn’t going to be any more help, I did some additional testing. Taking another server in my lab, I installed Windows 2008 R2 and added in Quickbooks 2014. That configuration allowed me to open the client’s file in multi-user mode. To take it a step further, I wiped the test machine and installed Windows 2012 R2 Essential, just like the client server, added Quickbooks 2014 and it worked! This meant the problem was isolated to the specific server at the client. I also determined that the problematic port was port 8019.

Since the problem was now isolated to being the client server environment, I went back to the client site and installed the Quickbooks database on a Windows 7 machine and the client’s staff was able to access the database in multi-user mode. While they were catching up on the work that had piled up, it was now time to contact Microsoft support to find an answer.

It was a long day with Namrata Manchanda of Microsoft PSS. Quickbooks tech support tested the ports by attempting to telnet to each of the ports required by their application. If a connection could not be opened, they concluded that the port was closed. My testing had shown that if I tried the same telnet test on the server using the loopback address (127.0.0.1) the connection worked. If I used the internal LAN address, the connection failed. Namrata found the same results. She checked the firewall rules, deleted them, re-added them with the same results. She compared SysInternal Process Explorer logs between the working workstation “server” and the real server. She still found nothing to point to the cause of the problem. We then removed Quickbooks from the server and she created a temporary website that would respond to port we were working on. After confirming the website worked via a browser, she tried the telnet tests. They responded exactly the same, loopback worked, LAN address didn’t. She then changed the port on the website to 8020 to test on a non-modified firewall port. Again the results were the same!

This testing now showed that the problem was indeed the firewall. Since restarting the firewall service several times did not fix the problem, Namrata tried restarting the Base Filtering Engine service. Now both tests worked! We reinstalled the Quickbooks database engine and we were able to open the file in multi-user mode.

The final result was that for some reason the Base Filtering Engine was not acknowledging the changes to the firewall rules and had cached the old rules. This is why when checking the rules, it appeared that the rules were correct, but in actuality, they were not applied. So if you have a Windows Firewall issue that will not resolve properly even if the rules are correct, try restating the Base Filter Engine service as well as the Windows Firewall service.

Should we trust our Phones?

Recently I wrote about the number of malware apps for the android operating system. Well, I think the article I found interesting was found interesting by other people. From an article posted in Network World, it appears that HP found that 90% of Apple iOS mobile apps show security vulnerabilities. Now in reading this summary of the HP report in detail, the point made by HP is not that 90% of iOS apps are malware, rather “86% of the apps tested lacked the means to protect themselves from common exploits.”

As companies expand their IT presence into phone and tablet apps, the question of the security of those platforms needs to be answered. After spending the first 20 years of my career as an application developer, I understand the problem. The first thing you do as a developer is find a solution to the problem that is presented to you. The second to last thing you do (the last always being documentation, if you ever do it) is test your code for unexpected usages. And you never think of all of them. I remember being thanked by a user for writing a particular function a year or so after I had released the code. He told me what he was doing with what I had written and my response was “It does that?” The user was using what I had written to do one thing for something completely different and totally unexpected. What was more interesting is that it was working perfectly.

The problem according to HP is that adequate penetration testing is not done. This is probably because of the speed in which apps are being developed and released. Like any other client, mobile apps are at some point going to be connected back to the corporate servers. Then, like any other client, malware on the client may be transported to the server. As noted above, you never know what someone will do with something you wrote.

As an IT professional, you need to be aware of what apps you are recommending/developing do and what they might do under malicious conditions. Although malware protection is a reactive science, you should be as proactive as possible when evaluating mobile apps.

Android on course for One Million Malware Apps

After taking some time off to attend to my real business, I have found some time to write again. The article the peaked my attention the most was a recent article in Fox Business News. The headline to this article is “Cyber Hackers on Course for One Million Malware Apps” and they are talking just about the Android operating system! According to the article it took over a decade to reach that many malware applications on the “much” beleaguered Microsoft operating environments. However, do we hear a cry from the public about how bad the Google Android operating system is? Not really, we just hear sales numbers on how that OS is selling better than anyone else.

I can go on about the details in the article, but it is written in plain English and doesn’t need any technical translation. What I really what you to think about is how this affects your policy on Bring Your Own Device (BYOD). It is evident the malicious software industry is turning its attention from the evermore hardening arena of the PC environment to the easy pastures of the mobile environment. Not to get too into Google bashing, but it is evident that Google has not learned from the mistakes of its predecessors in the industry. I will not say they are ignoring the security of their customer’s data and money, but they are evidently not doing what is necessary to control the massive outbreak of malware in their OS environment. The excuse that they just create the OS with associated patches and it is up to the licensees to distribute and implement those patch is ludicrous. If Google wants to be recognized as a true software vendor for the business environment, it needs to step up to the responsibilities of a true software vendor. This means they have to reach out beyond the environment that they completely control and make sure that the people using their software are protected as much as reasonable possible.

How secure is your cell phone?

A recent Computerworld article talked about a research paper by Daniel Brodie, Sr. of Lacoon Moblie Security. In this paper, Brodie talked about spyphones, surveillance tools surreptitiously planted on a user’s handheld device, have become more and more common. If you have been watching CBS’ Person of Interest, you would note the first thing that is done is that a spyphone is put on the subject’s cell phone. Now, you might think this is just Hollywood’s version of reality, but the truth of the matter is that it has become reality.

Lacoon Mobile Security partnered with several global cellular network providers to sample 250,000 subscribers in March of last year and again in October. The first sampling showed that 1 of 3000 devices had spyphone software installed. The second sampling showed the infections tripling to 1 in 1000 devices being infected. The initial survey showed that 74% were iOS (Apple) devices while the second showed the percentage dropping to 52% being iOS devices. The following chart from the research paper shows the percentage of devices infected by operating system.

Why the increase in infections? Lacoon Mobile Security identified more than 50 families of spyphones. As stated in the research paper “These spyphones run the gamut from dedicated high-end groups targeting specific nations and corporations, to low-end software targeting the private consumers…. At the lower end of the spectrum are spyphones which most commonly portray themselves as promoting parental controls and spouse monitoring.” What is more amazing is the cost of this type of software. Again from the research paper, Brodie noted

“The difference between the military and non-military grade spyphones? The device infection vectors and accordingly, their cost. Current estimates hold nation-targeted spyphones at $350K1. In the meanwhile, the commoners-targeted spyphones follow a monthly low licensing model– sometimes as low as $4.99.

The amazing part is that the end-result is essentially the same on the targeted devices. So for just a bit more than the price of a Starbucks latte, an attacker can purchase a spyphone with nearly identical capabilities to that of a top-end spyphone.”

The conclusion of the paper is even more interesting. Brodie concludes that “It is important to recognize that infection is inevitable.” But he also notes that we have seen this before in the computer desktop environment. The steps that we use to protect ourselves from malware in the desktop world are needed in the mobile world. The problem is that the tools to prevent mobile device malware are not there yet and the awareness of the problem is not large enough for the tools to be profitably developed.

How can you protect yourself? First follow the same rules on your phone that you do on your desktop computer. Be very careful on what apps you download. Keep up with what is happening on mobile device security. Talk to your IT Professional to help you defend against this new type of malware.

How to check your user licenses in Office 365

I recently got asked by one of my clients to check what users were on what plan in their Microsoft Office 365 account. You can imagine my surprise when Microsoft billing told me the only way to do this was to go down each user in the administrative portal, click on them and check the licensing page to see what license is assigned. I asked if there was a way to do this with Powershell and I got sent off to technical support. They found nothing that would do this in their quick technical answers and they would have to get back to me.

After a bit of research on my own, I ended up creating my own script to get the information. Here’s that script:

—————————————————————————————————

# Script to retrieve a licensing report from Office 365 and output it to CSV

# DISCLAIMER

# The sample scripts are not supported under any Microsoft standard support program or service.

# The sample scripts are provided AS IS without warranty of any kind.

# The entire risk arising out of the use or performance of the sample scripts and documentation remains with you.

# Created by Ted Giesler http://blog.cypgrp.com

Function Get-FileName($initialDirectory)

{

     [System.Reflection.Assembly]::LoadWithPartialName(“System.windows.forms”) | Out-Null

     $OpenFileDialog = New-Object System.Windows.Forms.SaveFileDialog

     $OpenFileDialog.initialDirectory = $initialDirectory

     $OpenFileDialog.filter = “All files (*.*)| *.*”

     $OpenFileDialog.ShowDialog() | Out-Null

     $OpenFileDialog.filename

     If ($Show -eq “OK”)

        {

        Return $objForm.FileName

        }

    Else

        {

        Write-Error “Operation cancelled by user.”

        Exit

        }

} #end function Get-FileName

# *** Entry Point to Script ***

# load the MSOnline PowerShell Module

# verify that the MSOnline module is installed and import into current powershell session

If (!([System.IO.File]::Exists((“{0}\modules\msonline\Microsoft.Online.Administration.Automation.PSModule.dll” -f $pshome))))

{

    Write-Host “The Microsoft Online Services Module for PowerShell is not installed. The Script cannot continue.”

    write-host “Please download and install the Microsoft Online Services Module.”

    Exit

}

$getModuleResults = Get-Module

If (!$getModuleResults)

{

    Import-Module MSOnline -ErrorAction SilentlyContinue

}

Else

{

    $getModuleResults | ForEach-Object

        {

            If (!($_.Name -eq “MSOnline”))

        {

        Import-Module MSOnline -ErrorAction SilentlyContinue

        }

        }

}

# Connect to Microsoft Online Service

Connect-MsolService -Credential $cred -errorAction silentlyContinue -errorvariable $er

$users = Get-MsolUser -all

# Setup the output file

$defaultfolder = $Env:UserProfile + “\documents”

$outfile = GEt-Filename ($defaultfolder)

$header = “userPrincipaName,usageLocation,isLicensed,accountSKUid,servicePlan1,provisioningStatus1,servicePlan2,provisioningStatus2,servicePlan3,provisioningStatus3,servicePlan4,provisioningStatus4,servicePlan5,provisioningStatus5”

Out-File -FilePath $outfile -InputObject $header

# Write-Host $header

foreach($usr in $users)

{

    $lineOut=$usr.UserPrincipalName + “,” + $usr.usageLocation + “,” + $usr.isLicensed + “,”

    foreach($lic in $usr.Licenses)

    {

        $lineOut = $lineOut + $lic.AccountSkuID

        foreach($s in $lic.ServiceStatus)

        {

            $lineout = $lineout + $s.ServicePlan.ServiceName + “,” + $s.ProvisioningStatus +”,”

        }

    }

    Out-File -FilePath $outfile -Append -NoClobber -InputObject $lineOut

    # Write-Host $lineOut

    $lineOut = $null

}

Write-Host -ForeGroundColor BLue “Please review your output file at ” $outFile

————————————————————————————————————————–

This script will create a comma separated file showing each user and each license category that user has a license. Unfortuantely, this does not match nicely to the Office 365 plans. You will have to add the specific licenses together to try and match your Office 365 Plan licenses.

Hopefully this will help others looking for the same type of answers.

How are you most likely to get attacked by Malware?

Recently the Microsoft Trustworthy Computing group released their Microsoft Security Intelligence Report covering the first half of 2012. It is interesting to look at where most malware comes from and what has been the most vulnerable software.

The most prevalent method of malware distribution according to Microsoft had been what they call “unsecure distribution chains.” Fallowing in this category are websites that distribute “free software”, both legal and not legal. Some of the popular software names listed by Microsoft as containing malware include:

  • keygen.exe
  • mini-KMS_Activator_v1.1_Office.2010.VL.ENG.exe
  • AutoCAD-2008-keygen.exe
  • SonyVegasPro Patch.exe
  • Nero Multimedia Suite 10 – Keygen.exe
  • Adobe.Photoshop.CS5.Extended.v12.0.Keymaker-EMBRACE.exe
  • Call.of.Duty.4.Modern.Warfare.Full-Rip.Skullptura.7z
  • Guitar Pro v6.0.7+Soundbanks+Keygen(Registered) [ kk ].rar

They also listed a number of movie named files that contained Malware, including:

  •  The Avengers 2012 720p BDRip QEBS7 AAC20 MP4-FASM.avi
  • Prometheus 2012 DVDRip.avi
  • Wrath of the Titans 2012 DVDRip aXXo.avi
  • Battleship 2012 DVDRip.avi
  • What to Expect When You’re Expecting 2012.BRRip.XviD-KAZAN.avi
  • The Hunger Games 2012 TRUE FRENCH DVDRIP XViD FiCTiON L S79.avi
  • Sherlock.Holmes.2.A.Game.of.Shadows.2012.DVDRip.XviD-26K-0123.avi
  • The Five-Year Engagement 2012 HDRip XviD-HOPE.avi
  • Project X 2012 TRUE FRENCH DVDRIP XViD FiCTiON L S79.avi
  • Amazing SpiderMan 2012 DVDRiP XviD.avi

When looking at what got attacked by malware, the report notes that of the 3 categories, core operating systems, browsers and applications, most malware attacked applications and least attacked were core operating systems, In the application category, Java and Java Script were by far the most attacked, followed by Adobe readers and Adobe flash.

What was even more interesting is that when looking at the implementation of updates of these four applications, over 50% of users were missing the latest updates. In the case of Java, over 90% of users did not have the latest updates installed.

Looking at infections by operating system, Windows XP had the highest percentage of infections at 9.5% of estimated installed computers while Windows 7 SP1 64-bit had the lowest at 3.1%.

So what should a user learn from this report?

  1. Be careful what you download. You may get more than you asked for.
  2. Install your updates. Not just Microsoft ones but Java and Adobe are key.
  3. Run a current operating system. The newer the OS, the less likely you are to get infected. Remember, support for Windows XP ends April, 2014.