Helping Seniors to connect with technology.

Helping Seniors to connect with technology.

Older Americans are utilizing technology more than ever before. Whether you are connecting with loved ones, staying up-to-date on world news, or researching topics of interest, you need someone that you can trust that is ready and able to solve technology problems as they arise.

At Blue Maven IT our goal is to support you as you work to stay connected in this wonderful world of technology.

Ultimate Computer Buying Guide

Looking for a new computer? Follow this simple and easy guide

When selecting a computer for your small business your goal is to get adequate performance at the lowest possible price point. With so many options to choose from, making the right decision can be downright perplexing. At the Blue Maven IT, our goal is to make IT easier for you. We have developed this guide to provide you with information that makes selecting a computer for the typical business user simple and easy.


Specifications

When selecting a computer, the following four components are the essential attributes that should be listed in the specifications of the computer that you select:

  • Solid State Drive (SSD) – Performance will be cripplingly slow if it has a spinning hard drive (HDD).
  • Processor (CPU) – Intel Core i5 chips will provide you with solid performance for most use cases.
  • Memory (RAM) – Given the typical level of use, 8GB should be sufficient for most users.
  • Operating System (OS) – Most software is compatible with Windows. Pro indicates business grade.

You will notice that the price point for computers without some of these components may be lower. We recommend that you don’t cut corners on this minimum list of specifications. A productive business cannot be run efficiently on a slow performing computer. We will share some alternative recommendations for cost cutting later in this guide.

Supportability

As a small business owner, you will expend valuable resources dealing with hardware issues if you don’t consider the long-term supportability of the computer during your initial purchase. The manufacturer of the computer that you select should provide special software to maintain the hardware components automatically. This will help to prevent common issues with your computer. We also recommend purchasing a multi-year extended warranty directly from the manufacturer. An extended warranty may seem like an unnecessary cost, but it will save you both time and complexity in the event that a hardware component breaks. It will also provide better visibility to the total cost of ownership for your computer assets.

Where to Buy

We do not recommend purchasing business computers from big box stores. Computers sold at these types of stores are designed for personal use, not for business use. Purchase computers for your small business directly from the manufacturer’s website to access business grade computers and to avoid reseller markups. Examples of manufacturers of business grade computers who sell their products on their own websites include Dell, Lenovo, and HP. Business grade computers are designed to be repaired and upgraded easily. This helps you to get the maximum life out of your investment. Your goal is to get approximately 3-4 years of use for a laptop prior to replacing it.

Ways to Save

You may be tempted to purchase lower grade hardware components to save money. Instead, we encourage you to consider some alternative cost cutting options.

  • Consider a Desktop – Consider purchasing a desktop instead of a laptop if cost is a significant concern. Not every computer in your fleet needs to be mobile. Desktop computers are typically cheaper and last longer than laptops (~4-5 years)
  • Ignore Trends – Ignore popular trends (for example – touchscreens) unless you have a specific business need to include this feature. These added features come at a higher price point and increase the likelihood of future repairs.
  • Late Model – Purchasing a computer model from a previous generation is a great way to trim costs. Each January, manufacturers introduce new models. You can get great deals at year end as manufacturers attempt to unload their previous generation stock.

We hope that you have found this guide helpful and we wish you the best of luck in buying your next computer. Don’t forget to download our Ultimate Computer Buying Guide to use or share with a friend!

Still have questions? We’d love to help! Call us at (317)210-1199 or send us an email at itpro@bluemavenit.com.

Review: Scalefusion

I am on the hunt for a mobile device management solution (MDM) that can manage Windows 10 devices for free or for a low cost with little or no minimums.

If I can find this type of MDM solution, then I will use it to improve our ability to support client hardware for our small businesses customers.


The basic features that I’m most interested are pretty simplistic:

  • Profiles – manage Windows Updates settings you force auto installation of updates
  • Applications – inventory including version and the ability to remotely install an MSI (because I want to be able to remotely install teamviewer)
  • Updates – ability to view which OS updates have been installed
  • Antivirus – ability to view antivirus status
  • Encryption – ability to view encryption status
  • Organizational Groups – ability to establish a hierarchy for managing multiple customers

Nice to have would be:

  • Profiles – ability to push Custom XML settings (to configure any available CSP)
  • Scripting – ability to run a powershell script
  • Encryption – ability to enforce encryption and harvest keys

Today, I signed up for a free trial of Scalefusion. Scalefusion has a low per device fee ($2 – $4 per device per month), no minimums, and allows for a 14 day free trial.

First Impressions

My device enrolled in Scalefusion MDM

I’ll admit that I’m not a huge fan of the UI. I’d rather see all of my device details on the main screen and a listing of installed apps. I don’t want to be too much of a princess about it so I’ll say that the UI is sufficient enough that it wouldn’t stop me from using this MDM especially since the developers just added an amazing new feature, the ability to deploy Custom XML.

The most basic information that you would need to know about a device that you are managing is available in this system (e.g.- Antivirus Status, Firewall Status, OS Build Version, Drive Space, RAM, BIOS version). I would have loved to be able to see which Win-32 applications are installed too, but you win some you lose some, right?

Can it do what I need it to do?

Here are the results for each task that I attempted:

Policies – Scalefusion now supports Custom XML policies so you can literally apply any Microsoft CSP that you need to. I’ve been concerned that I need to manage WiFi, Windows Updates, Firewall, and Defender and no other products seem to be able to do that.

Applications – This tool can only deploy MSIX and APPX so special packaging will be required. I don’t see this as a showstopper though I would love to see this added in the future.

Updates – Given my previous statements about Customer XML, it’s no surprise that I was able to push the settings that I needed to configure updates.

Antivirus – I was able to see the antivirus status but I can’t see the definitions status for Defender so that is the only thing missing that is a bit of a gap for AV.

Encryption – I could see the encryption status. I could force encryption, but I could not escrow the key into Scalefusion. I can escrow the key into O365, but a lot of small business customers are using G-suite instead of O365 so we would not be able to escrow Bitlocker keys for the most part.

Scripting – There was no scripting option so I would have to find another way to do troubleshooting (for example – renaming the software distribution folder) but again if this means that we don’t have to manage an agent then I’m still happy without this particular feature.

Organizational Groups – There is a way to establish an organizational hierarchy which would conceivably allow management of multiple organizations within the same environment.

In Summary

If I haven’t made it clear yet in my previous statements, I absolutely love the fact that this solution includes Custom XML and the 0 minimums for enrollment. There is a strong possibility that this will be my choice of MDM for Windows 10.


Has anyone else tried this tool yet? Let me know what you think about it…

Review: Hexnode MDM

I am on the hunt for a mobile device management solution (MDM) that can manage Windows 10 devices for free or for a low cost with little or no minimums.

If I can find this type of MDM solution, then I will use it to improve our ability to support client hardware for our small businesses customers.


The basic features that I’m most interested are pretty simplistic:

  • Profiles – allow for custom XML policies
  • Applications – inventory including version and the ability to remotely install an MSI (because I want to be able to remotely install teamviewer)
  • Updates – ability to view which OS updates have been installed
  • Antivirus – ability to view antivirus status
  • Encryption – ability to view encryption status
  • Organizational Groups – ability to establish a hierarchy for managing multiple customers

Nice to have would be:

  • Scripting – ability to run a powershell script
  • Encryption – ability to enforce encryption and harvest keys

Today, I signed up for a free trial of Hexnode. Hexnode has a low per device fee, fairly low minimums (15 devices per month), and allows for a 30 day free trial.

First Impressions

My device enrolled into Hexnode MDM

The UI is not my favorite, but that really wouldn’t make or break my opinion of a tool. My real complaint is that there isn’t as much device information available as I would have liked. On the good side, I could see the version of the build that is on the device including monthly patch. On the bad side, I couldn’t see simple things like drive space and importantly I couldn’t see whether or not the Defender AV was up to date.

I don’t need a fabulous UI, but I do need to see a minimal amount of information about the device in order to provide adequate management.

Can it do what I need it to do?

Here are the results for each task that I attempted:

Policies – There are quite a few Windows 10 policies available but unfortunately this didn’t include Windows Update or Microsoft Defender Settings. That is a non-starter.

Applications – This tool was great for deploying a simple MSI but the inventory didn’t show everything that was installed on the device which is a big issue.

Updates – I was not able to push any update settings. I could see the build version, but without the ability to force the clients to install updates automatically it would be difficult to manage a fleet.

Antivirus – I was not able to see the antivirus or definitions status for Defender and I couldn’t push any settings so it would be difficult to manage a fleet with this tool.

Encryption – I could see the encryption status which is great. I could also push encryption policies, however I could not escrow the key.

Scripting – There was no scripting option so I would have to find another way to do troubleshooting (for example – renaming the software distribution folder)

Organizational Groups – There wasn’t a way to establish an organizational hierarchy, but you could use dynamic groups to allow for management of multiple organizations within the same environment.

In Summary

My favorite thing about this solution is how quickly you can spin up a new environment. However, the minimum of 15 devices along with the missing management capabilities for Windows 10 makes this tool not a very good fit for managing small business. As always, my suggestion to MDM providers is that they should provide the ability to use Custom XML for robust policies management without the need for policy UI development.


Has anyone else tried this tool yet? Let me know what you think about it…

Configuring the LanmanWorkstation Policy CSP

I got a great question this week.

Just wondering how you got the LanmanWorkstation\EnableInsecureGuestLogons policy working. For the OMA-UTI I put ./Device/Vendor/MSFT/Policy/Config/LanmanWorkstation/EnableInsecureGuestLogons with the string <enable/> and it doesn’t seem to work

Anonymous Contributor

I went directly to the Microsoft website to see what it says about setting the policy.

https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-lanmanworkstation

Indeed, the documentation is rather misleading. It references ADMX even though this is not implemented as an ADMX policy.

Photo by Oladimeji Ajegbile on Pexels.com

Expected values for this policy are 0 or 1 and are of the type Integer.


That answer was enough for the Anonymous Contributor to get the policy working.

I hope that you find this helpful as well!

Review: Miradore MDM

I am on the hunt for a mobile device management solution (MDM) that can manage Windows 10 devices for free or for a low cost with little or no minimums.

If I can find this type of MDM solution, then I will use it to improve our ability to support client hardware for our small businesses customers.


The basic features that I’m most interested are pretty simplistic:

  • Profiles – manage Windows Updates settings you force auto installation of updates
  • Applications – inventory including version and the ability to remotely install an MSI (because I want to be able to remotely install teamviewer)
  • Updates – ability to view which OS updates have been installed
  • Antivirus – ability to view antivirus status
  • Encryption – ability to view encryption status
  • Organizational Groups – ability to establish a hierarchy for managing multiple customers

Nice to have would be:

  • Profiles – ability to push Custom XML settings (to configure any available CSP)
  • Scripting – ability to run a powershell script
  • Encryption – ability to enforce encryption and harvest keys

Today, I signed up for a free trial of Miradore. Miradore has a low per device fee, extremely low minimums ($10 per month), and allows for a 14 day free trial.

First Impressions

My device enrolled in Miradore MDM

I really like the simple, easy to navigate and understand UI. I was really excited at how easy it was to create a profile, deploy an MSI, and view detailed information about my device.

There is a LOT of information about the device in this system which I really fell in love with immediately. Everything that I could possibly want to know was at my fingertips with this solution.

Can it do what I need it to do?

Here are the results for each task that I attempted:

Policies – There are only 3 Windows 10 policies available – Windows Update, Exchange Email, and Passcode. This works as a bare minimum but would need to be built out to allow for more advanced configurations.

Applications – This tool was great for deploying a simple MSI and the inventory showed everything that was installed except for Universal Windows Platform applications. It can’t do more complicated application deployments and it can’t do UWP application deployments.

Updates – I was able to push the settings that I needed to configure updates though there was one thing broken in the UI (a drop-down list selection that showed Semi-Annual as an option for Branch Readiness which no longer exists so the policy failed to deploy until I changed it to Semi-Annual Targeted).

Antivirus – I was able to see the antivirus status and definitions status for Defender which is exactly what I need to see.

Encryption – I could see the encryption status. I could not enforce encryption or escrow the key.

Scripting – There was no scripting option so I would have to find another way to do troubleshooting (for example – renaming the software distribution folder)

Organizational Groups – There is a way to establish an organizational hierarchy which would allow management of multiple organizations within the same environment.

In Summary

I loved navigating this solution and the ideal pricing. This will likely be my choice of MDM for Windows 10. If Mirador adds the ability to use Custom XML for robust policies this tool will be unstoppable in the small business MDM space.


Has anyone else tried this tool yet? Let me know what you think about it…

Where’s the new Edge browser anyways?

Fresh back from some extremely enjoyable downtime over the holidays, I was alarmed to hear that the new Edge browser was going to be automatically installed on all of our PCs on January 15th through Windows Update. As much as I am looking forward to incorporating this new browser into our ecosystem, I was not at all ready to deliver such a big change to our users without managing the rollout in any way.


That said, it was a relief to find out that the browser was not going to be automatically deployed to MDM-managed PCs just yet. I’m all for Modern Management, but automatically deploying a new browser was pushing even me too far!

I thought that I would take the time to share a few thoughts that I have about the new browser.

Photo by Pixabay on Pexels.com

Positive Thoughts:

-It’s Chromium based so theoretically, all applications that currently run well in Chrome will run well in this browser.

-It will (eventually) come pre-installed on Windows 10 so there won’t be any need to do additional work to get it there.

-All of the policies that we’ve come to enjoy and expect for Internet Explorer and the old Edge browser will be available.

-If we can get all of our web applications working in the new Edge browser then theoretically we could block Chrome and Firefox installs thus reducing the need to manage those browsers as well. (I just point out now that I personally have nothing against Chrome. Chrome is a fantastic browser. It is the most used browser in the world of PCs!)

Photo by David Gomes on Pexels.com

Less Positive Thoughts:

-The CSP policies require the use of ADMX files. As you know from my previous post about Custom ADMX, it is kind of a chore to push policies like this. It’s not impossible, it’s just not as easy as the MDM policies that we currently have for IE and the old Edge.

-I’m not sure how quickly Add-ons will be made available. Since Chrome add-ons are so popular, this is a piece of the change that I’m still uncomfortable about. (Mostly due to lack of understanding on my part!)

-This whole browser thing is such a back office point of interest. Users really won’t know the difference between the old Edge and this new one except that (fingers crossed) it will work better and they won’t feel like they need to install Chrome on their business computers.


All in all, I’m exciting about 2020 and whether this new Edge browser can help us to trim down the number of browsers that we are supporting.

I hope that you are excited too!

Still have PCs on Windows 7?

If you are a small business without an IT department, you may be wondering what to do with PCs that are still running Windows 7. Windows 7 is going end of life very soon (January 14th, 2020), but there is still time for you to upgrade those PCs before they become unsupported. Being unsupported means that the operating system will no longer receive monthly quality and security updates and thus will be subject to ongoing issues and security threats.

I have a client that had a PC running Windows 7, so I used the instructions provided at the website below to upgrade a client’s PC earlier today.

https://www.bleepingcomputer.com/news/microsoft/you-can-still-upgrade-to-windows-10-for-free-heres-how/

I strongly suggest that you backup needed documents prior to following these steps. The upgrade did retain all of his documents post upgrade, but it is ALWAYS better to be safe than sorry.

The upgrade took a couple of hours. After the upgrade was completed a couple of things needed to be reconfigured (Printer driver, Email account repair).

Other than that, the upgrade was quite easy.

Best of luck with your remaining Windows 7 upgrades!

Using PSEXEC to Manually Test System Context Installs

MDMs and PCLM tools typically install applications in the System Context to allow all users of the PC to utilize the installed application.

Photo by Pixabay on Pexels.com

In order to accurately test (we call this a pre-flight test) packages prior to deploying them with your MDM, you will want to leverage PSEXEC. This will ensure that the manual installation test correctly mimics the System Context installation that will be performed by your MDM.

Install PSEXEC

• Download Sysinternals Suite from https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite
• Save Sysinternals.zip to Desktop
• Right-click on the ZIP and select Extract all then Extract

Copy PSEXEC apps into the System Folder

• Copy PSEXEC.exe and PSEXEC64.exe from the extracted folder to C:\Windows\System32 folder

Run the installation using PSEXEC
• Run Command Prompt as Administrator
• Type psexec \127.0.0.1 -i -s cmd.exe (this will open a new command prompt window; Note – for VMS type psexec -i -s cmd.exe)
• Type whoami to confirm that it is running as NT system user

Now you are ready to test the installation of your application using the command line which is now running in System Context.

Let me know if you have any questions or comments about these instructions!