Monday, November 16, 2015

First impressions on the new Surface Book (and Windows 10 stuff)

Hi everyone!

I've now used the SurfaceBook for a little more than a week and I think it's time to write down some first impressions of using this for my work. As you might know my work mainly involves speaking to audiences and delivering training, and A LOT of travelling.

I can't help by first saying that I spend some time yesterday with the new iPad PRO at the local Apple Store. I honestly have no use for that device although I use an iPad in the living room with my family. Compared to Surface Pro 4 or especially the Book it just seems to lack in every aspect. It's VERY big and I just don't like the keyboard.. It just felt like something that wasn't really thought through..

Another thing that I was very pleased with was the actual change from my old computer to the new SurfaceBook. I was amazed on the amount of time it took me to really dump the old laptop. I'm used to working a day or two to get my own computer up and running exactly like I want it to. I can make my customers deploy computers in a matter of minutes but I've never enjoyed that experience on my own devices. Me and my wife are my company so I hope you give me some slack on this matter. This time everything was different and to my surprise I was totally migrated in two hours! How is this possible? Here's a short list:

  • Microsoft devices have a limited amount of bloatware
  • The change from Windows 10 Pro to Enterprise only requires the product key for enterprise and a few minutes to process
  • All my data is in the cloud
  • My Intune installs my needed software
  • Office migrates most of the settings automatically
  • UE-V migrates rest of my settings
Now for the first week with my SurfaceBook. This list of experiences is in no particular order but just as they happened to me and I took note of them. This also only applies to my profession only and I don't really test the GPU stuff that much. But here we go:

  1. I started instantly with a course to teach in the Netherlands. The most important thing here is the fact that I could ditch two devices and replace them with the Book. I used to have a Surface 3 just for drawing mid presentations and my Fujitsu S904 to run everything, I loved the fact I could again travel with one device only through the security checks etc. On the flight I just unplugged the keyboard so I could use it while taking off and landing.
  2. The battery seems to make through around 8 hours for me. The bad thing is that my old Surface 3 could be charged with micro-USB but this really didn't bother me as much as I first thought it might. I anyway needed a charger for my laptop already before this. The only minor thing that had to get instantly is a longer radio power cord. It's maybe two feet at max and I find myself all the time out of reach of an outlet.
  3. I took the SurfaceDock with me and I have to say it's the nicest dock I've had. Just plugging in the power plug and nothing else, seems slick and works very well.
  4. The first thing to note is that I instantly needed to take into use my old USB3 Hub + Ethernet. That is something I'm not too happy about. My Fujitsu was fine with no additional adapters but the Books two USB3 ports just isn't enough for me. And the Ethernet - Well I couldn't live without it. Luckily it's just one device:
  5. At this point I have to say that the Pen is AWESOME!! Nothing to add just perfect for me! And no charging it - I love it! And it snaps to the screen for storage - Nice! Some programs still need some training from my side for me to be fluent in using the pen in my trainings with just one device.
  6. Before the noon of the first day my display adapter had crashed a few times. It's not noticeable like it was in Windows 8.1 as there's no black screen - not even for a second. But this bugs me and I hope to get a new Firmware upgrade or a driver soon.
  7. I had to take the US keyboard.. For me there are two things that piss me off with it. 1. The lack of <>| button next to the Z key compared to the Nordic keyboard I normally use. 2. The different placement of the '-key and Enter. Writing PowerShell is hard for me - as if it wasn't hard enough with the Nordic keyboard already.
  8. I loved my Fujitsu for the fact it had a full size VGA and HDMI. These are after all the most important things in my profession. So in the morning the first thing on top of the USB3+Ethernet adapter was to plug in this: Luckily it has never failed me unlike the "HDMI to something". My trust in DisplayPort in these cases is many time greater that towards any other connectors.
  9. The touchpad is good compared to many. I do have some trouble in learning at what point exactly does it believe I'm clicking a button.. A bit too big an area is reserved for the buttons from the lower part of the pad - in my opinion.
  10. I'm currently preparing for my tomorrows TechMentor session on Windows 10 and I can't wait to get to show my new demo on Windows Hello without an external camera. This is awesome on a laptop! I would still like to have fingerprint reader as well but I've quickly learned to live without it as well. I actually already ordered this for demos as well:
  11. Next thing I figured I'm missing was the 4G WAN I had built-in before with the Fujitsu. I'll survive but it would be a nice add in. I lost the Wifi for some reason and that's when I figured this was missing.
  12. After teaching my normal life continued by hitting the gym of the hotel. The hinge and the mechanism keep me wondering time after time how they pulled it off. It's awesome but I have to say it has failed once already showing this message to me:
  13. When I got to the gym I only took the screen/tablet with me. The size of the screen is crazy! It's thin so it fits on the treadmill very nicely and it's amazing to look at. The screen is actually so nice that I felt bad carrying it in my sweaty hands when returning to my room. The BIGGEST smile I must have had when I placed the tablet on the treadmill and it just said "Hello Sami Laiho - Welcome!" The Windows Hello feature works in this scenario - better than anything I've had :)
  14. Talking to family on Skype I can say that the Mic, Camera and Loudspeakers are the best I've had in a long time.
  15. The amount of people approaching me in different places just to ask if they can take a look at the Book, and many of them being Apple users, I have to say I've never been as proud to carry a Windows laptop than I am now - Finally Microsoft is Cool!

Anyway it's easy to end by saying it's hands down my favorite Windows device ever!



Wednesday, October 7, 2015

Adminizer still beats LAPS

Microsoft nowadays offers a free Local Admin Password Solution to randomize the passwords on computers and save them to Active Directory. So why am I still selling my Adminizer and even more important why do people still keep buying it?  Smile

Here’s a short list of why:

  1. Adminizer not only randomizes your local passwords but makes them onetime as well. LAPS only randomizes the passwords. Half the security and no way to give temporary access.
  2. Adminizer works without Active Directory so Workgroups, BYOD, CYOD, Azure AD joined Windows 10 etc. are easy to manage as well. LAPS requires AD.
  3. Adminizer works totally offline. LAPS will not change the password of a computer if it can’t reach AD or GPO’s don’t work for some reason.


Of course you should test both so here are the required links:




Wednesday, September 2, 2015

Hugely successful TechMentor!

I can’t help sharing this with you as in TechMentor Redmond 2015 I had in my opinion the most fun Security session I’ve ever had. I enjoyed it so much that I’m still excited about it Smile As I try to always share my tips on presentation skills as well as technical stuff I will once more say that the most important thing in winning Best-in-Show awards at conferences is YOUR OWN EXCITEMENT ON WHAT YOU ARE TALKING ABOUT!

My motto: Teach what you love and love what you teach or at least learn to fool yourself into believing that you love what you teach.

So how did it go? AWESOME! I had 40 people that filled in the evals which is great as there was about 400 people attending and Ignite had 23000 attending I got about 100 evals returned there.


Some stats: (Average score by speakers at the conference in RED / My score in GREEN

1. Speaker Effectiveness: (1-5, 5=Excellent; 1=Poor)

a. Style and delivery 4.57 / 4.88

b. Knowledge of subject 4.87 / 5.00

c. Speaker open to my specific problems/questions 4.66 / 4.74

2. Content Effectiveness: (1-5, 5=Excellent; 1=Poor)

a. Consistency with agenda description 4.71 / 4.95

b. New information/update/clarification 4.67 / 4.88

c. Met my expectations 4.50 / 4.98

3. Your overall rating of this session: (1-5, 5=Excellent; 1=Poor) 4.56 / 4.95

4. The level of the session was appropriate: (1. Yes 2. No) 1.03 / 1.00

5. Would you recommend the session to others? (1. Yes 2. No) 1.06 / 1.00

6. Did you feel this session was a product or corporate sales pitch? (1. Yes 2. No) 1.86 / 1.97


Unedited comments:

  • Sami is a great speaker, and I'm very impressed by his knowledge and delivery of the content.
  • Always entertaining, informative, and eye opening!
  • Was fun and educational!
  • Excellent speaker ‐ highly knowledgeable.
  • Very interesting, knowledgeable, relevant to my job, will save me time, make auditing easier and security
    setting more secure and less vulnerable. Excellent!
  • More time to go over even more; want more.
  • Great information!
  • Awesome!! And insightful!!
  • This could have been an all‐day session ‐ three hours was not enough. Excellent info.
  • Best presenter at the conference.
  • Sami was my favorite speaker at TechMentor. He taught very well, was very entertaining, and very
    informative. I will be taking back a lot of value to my company from what he taught me about Windows OS
    Internals and Security.
  • Great!
  • Captivated from start to finish. Sami delivered a homerun of a session. Knock out demos, engaging dialogue
    and lots of audience interaction. Even things going wrong were turned into opportunities to learn. #Amazing!
  • This was the best class all week. Sami did a fantastic job.
  • I as appreciated the many examples on how to make things more secure and also what to look for and what
    not to do.
  • Definitely one of the best sessions so far. Sami's ability to show real time examples makes this session
    extremely valuable.
  • Great job. Great advice.
  • great examples. I learned a lot.
  • The energy that Sami has and his depth of knowledge was amazing. I would watch his presentations any day.
  • Great information provided.
  • The best session! Fun and very informative! I wish I would have recorded the session.
  • Great session
  • Great job.
  • Again, subject matter perhaps better in shorter chunks.

Friday, August 7, 2015

“EFS” on FAT drives in Windows 10

Doesn’t this look weird to you?


It sure looks like there’s an encrypted file on a FAT volume, doesn’t it? EFS has always been said to be a file system service available only to the NTFS volumes…

Well now it gets interesting ‘cause EFS requires alternate data streams for the metadata and only NTFS supports ADS. If we take a _really_ close look at that file it actually isn’t EFS encrypted although it looks and behaves like one. It’s actually an encrypted PFILE and Enterprise Data Protection takes care of storing required metadata. The file system has been changed to present it like an EFS-file to the rest of the OS.

Thursday, April 9, 2015

How to install full version of Teamviewer on someone elses computer so that it works with UAC

I get this question so often that I decided to document it. The problem is that if you ask someone to start a Teamviewer Quick Support –version it won’t work with UAC. You need to get Teamviewer installed on the computer as a service to work with UAC. This isn’t always straightforward so I’ll show here my version on how to do it with a few gotchas to look at.

1. You first ask your friend/customer to download Teamviewer QS from for example:

2. Ask them to Run it and allow elevation



3. Ask them to tell you the ID and Password


4. Connect to the computer and upgrade to the full version


5. Choose the proper version, NOT THE QS-version!


6. Reconnect to the computer – the ID and Password stay the same as for the QS-version

7. Configure Unattended access


8. The one thing that I always do after this because UAC is still not usually really working at this phase is to restart the Teamviewer service


9. Once more reconnect and now you have Full Control with UAC working properly

Sunday, November 9, 2014

TechEd Europe 2014 Barcelona Results are in!


GRANDSLAM! My second year as a TechEd Speaker couldn’t have gone better! I am honored and more than thankful for everyone who joined my sessions and gave such overwhelming evaluations. Best session at both major TechEd’s in 2014 and even happier that they weren’t the same session at both events. My aim was to get all the sessions to the top 50 in the overall and top 10 on my track and I got it!

Overall results (410 sessions, 325 speakers)

Top 10 Sessions based on Overall Satisfaction (minimum 10 evals submitted):

  • #1 BlackBelt Security – Sami Laiho
  • #4 BlackBelt Troubleshooting – Sami Laiho
  • #9 Building a BulletProof BitLocker – Sami Laiho

Top 10 Sessions based on Presenter Effectiveness (minimum 10 evals submitted)

  • #3 BlackBelt Troubleshooting – Sami Laiho
  • #4 BlackBelt Security – Sami Laiho
  • #23 Building a BulletProof BitLocker – Sami Laiho

      WINDOWS-track results (45 sessions, 25 speakers)

      Top 10 Sessions based on Overall Satisfaction (minimum 10 evals submitted):

      • #1 BlackBelt Security – Sami Laiho
      • #2 BlackBelt Troubleshooting – Sami Laiho
      • #3 Building a BulletProof BitLocker – Sami Laiho

      Top 10 Sessions based on Presenter Effectiveness (minimum 10 evals submitted)

      • #2 BlackBelt Troubleshooting – Sami Laiho
      • #3 BlackBelt Security – Sami Laiho
      • #6 Building a BulletProof BitLocker – Sami Laiho

      You can see the sessions here:

      Thanks again to everyone! And big congratulations to all other speakers as well.


      Tuesday, October 28, 2014

      BitLocker Policies for TechEd Europe 2014 in Barcelona!

      I promised my viewers that I’d give the presented GPO-settings as a prebuilt Group Policy object so here you go!
      Download BitLocker-policy

      If you want to get the promised TPM Flowchart as well you should enroll to my free newsletter at: