Domain Email Migration

How to migrate a Domain controlled Email account through G Suite

Gmail to Gmail account through Gsuite or Gmail

  1. Use the data migration service to migrate Gmail
  2. Open the Google Admin console.
  3. Switch to administrator account now or Learn more
  4. From the Admin console Home page, go to Data migration.

To see Data migration, you might have to click More controls at the bottom.

Select the Email option and click Continue.

From the Migration source list, select Gmail.

Click Connect.

Do one of the following actions:

Accept the default options.

Choose whether to migrate deleted and junk email and whether to exclude specified folders from the migration.

Click Select Users.

Hover over Add and click Select User .

In the Migrate From field, enter the user’s old Gmail address.

In the Migrate To field, start typing the user’s new G Suite email address and choose from the list of suggested users.

Click Authorize. The Gmail account owner may be prompted to sign into Gmail.

The Gmail account owner must review the request for permission to view and manage their mail and click Allow.

Copy the authorization code and paste in the Authorization Code field in the Admin console.

Note: You have 10 minutes to copy and paste the code before it expires.

Click Start.

(Optional) To migrate Gmail for another user, repeat these steps.

Tip: To exit a completed migration, click Settings > Exit migration.

Depending on the Size of the email the migration could take several hours to several days.

https://support.google.com/a/answer/6167866?hl=en&ref_topic=6351498

How to Change Your Gmail Password in iOS, iPhone and iPad

Have you had to change your Google or Gmail password recently and now your phone doesn’t sync?  Below is how to change the password in your iOS, iPhone or iPad.   I have attached a helpful video to show exactly how to change.  I hope it helps!

1.  Click Settings
2. Scroll down to Accounts & Passwords
3.  Click on your Gmail account
4.  A box will appear for Re-enter Password, click the box
5.  Fill in your password, if you use two-step authentication like a Google Text code, enter there.


B

How to Create Gmail Filters

Occasionally, email does not behave the way it’s supposed to. A spam message may be allowed into your inbox or, worse, a valid email you need in order to effectively do your job might get filtered and sent to your spam box. The solution, if you use a Gmail or Gsuite email address, is to use filters.

Log into your email in a web browser such as Google Chrome and click on the gear icon in the upper right corner just below the colored circle with your first initial in it.

Choose Settings from the drop down menu and then choose Filters and Blocked Addresses from the tabs across the top.

Click “Create a new filter” (this is located below any existing filters and above the blocked email address list).

In the box that appears, you have several options to choose from. You can set any combination of From Address, To Address, Subject, Key Words etc.

Once you have entered the criteria for your filter, click create filter at the bottom of the pop up and you will be able to choose how Gmail handles messages matching your search. Again, you have several options including skip the inbox, mark as read, star it, apply a label, forward or delete the message, never send it to spam, always or never mark the message as important or categorize.

Example: You might have found yourself on an email list for a marketing company that sends you messages multiple times a day. You aren’t interested in what they are selling and you can’t seem to unsubscribe. Create a filter! Using the sending address as the filter criteria, you can tell Google  to delete the message.

Alternatively, you might get so many emails from your manager that Gmail treats some of them as spam. In this case, you could create a filter based on their email address to Never send to spam and you can make sure you’re always getting important emails.

How to add a web linked icon to your Gmail signature

Are you struggling with figuring out how to add a web-linked icon to your Gmail signature? Follow the steps below:

  1. To update your signature, go to Mail Settings, then down to signature.  Click the images icon.
  2. Then click “Web Address (URL)
  3. Paste the icons from up above.
  4. Then Highlight the image and click the link icon
  5. Click Change
  6. Type in the address, leave the Text to display blank.

How do I setup an authorized users message on Active Directory – HIPAA, NIST, FINRA

One common rule for setting up compliance is an unauthorized user rule on login.  Below is a video showing how to set up a title and message under an active directory.  It worked great for us!

How to set up a login warning message, via Group Policy (GPO) for Windows Computers | VIDEO TUTORIAL

https://www.youtube.com/watch?v=aeWySqwgEvw


B

HIPAA Patient Data Retention time for South Carolina, SC – How Long Should I Keep My Patient Files?

A common question for doctors, medical professionals, and IT staff who deal with patient data, medical files, or HIPAA related info is, “How long do I need to keep all of our patient records?”

HIPAA protects patients’ rights to access their personal files.  Patient Data and access to Patient Files in the state of South Carolina should be stored and accessible for a time period of 10 years for adults from the last treatment and 13 years from the last treatment for children.

According to hss.gov’s website,  HIPAA doesn’t designate a particular period of time for file retention. It does clearly state that a reasonable effort needs to be saved, stored, backed-up, and retrievable.  It also allows the states to make their own time retrieval policies.  According to healthit.gov’s website, in South Carolina, the retention time for Patient Data is 10/Years.  The website also shows other state laws in regard to their retention policies.

How do I become HIPAA compliant? (a checklist)

A little housekeeping before we answer the question. This article is not a definitive list of what is required for HIPAA compliance; you should assign a Privacy Officer to review each rule in its entirety. This article is intended to point you in the right direction.

So you have determined that you are handling protected health information (PHI) and that you need to be HIPAA compliant. What’s next? What steps need to be taken in order to become HIPAA compliant?

The simple answer is that Covered Entities and their Business Associates need to protect the privacy and security of protected health information (PHI). But, it gets more complicated when you start to put together a to-do list.

There are 4 rules that you will need to dissect.

  1. HIPAA Privacy Rule
  2. HIPAA Security Rule
  3. HIPAA Enforcement Rule
  4. HIPAA Breach Notification Rule

As far as action items are concerned, you need to follow the HIPAA Privacy Rule and the HIPAA Security Rule. And, you need to provide notification following a breach of unsecured protected health information (the Breach Notification Rule).

If you’re a developer trying to understand the scope of the build, then you need to focus on the Technical and Physical Safeguards spelled out in the Security Rule; these two sections comprise the majority of your to-do list. Let’s start there.

HIPAA Security Rule

The HIPAA Security Rule requires appropriate Administrative, Physical, and Technical Safeguards to ensure the confidentiality, integrity, and security of protected health information (PHI).

The Security Rule is made up of 3 parts.

  1. Technical Safeguards
  2. Physical Safeguards
  3. Administrative Safeguards

All 3 parts include implementation specifications. Some implementation specifications are “required” and others are “addressable.” Required implementation specifications must be implemented. Addressable implementation specifications must be implemented if it is reasonable and appropriate to do so; your choice must be documented. (see the HHS answer)

It is important to remember that an addressable implementation specification is not optional. When in doubt, you should just implement the addressable implementation specifications. Most of them are best practices anyway.

Technical Safeguards

The Technical Safeguards focus on the technology that protects PHI and controls access to it. The standards of the Security Rule do not require you to use specific technologies. The Security standards were designed to be “technology neutral.”

There are 5 standards listed under the Technical Safeguards section.

  1. Access Control
  2. Audit Controls
  3. Integrity
  4. Authentication
  5. Transmission Security

When you break down the 5 standards there are 9 things that you need to implement.

  1. Access Control – Unique User Identification (required): Assign a unique name and/or number for identifying and tracking user identity.
  2. Access Control – Emergency Access Procedure (required): Establish (and implement as needed) procedures for obtaining necessary ePHI during an emergency.
  3. Access Control – Automatic Logoff (addressable): Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity.
  4. Access Control – Encryption and Decryption (addressable): Implement a mechanism to encrypt and decrypt ePHI.
  5. Audit Controls (required): Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use ePHI.
  6. Integrity – Mechanism to Authenticate ePHI (addressable): Implement electronic mechanisms to corroborate that ePHI has not been altered or destroyed in an unauthorized manner.
  7. Authentication (required): Implement procedures to verify that a person or entity seeking access to ePHI is the one claimed.
  8. Transmission Security – Integrity Controls (addressable): Implement security measures to ensure that electronically transmitted ePHI is not improperly modified without detection until disposed of.
  9. Transmission Security – Encryption (addressable): Implement a mechanism to encrypt ePHI whenever deemed appropriate.

Security Standards: Technical Safeguards

HHS offers insight into the Security Rule and assistance with the implementation of the security standards.

HHS: https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/techsafeguards.pdf

Physical Safeguards

Physical Safeguards are a set of rules and guidelines that focus on the physical access to PHI.

TrueVault provides an in-depth analysis of the Physical Safeguards in a two-part blog post.

HIPAA Physical Safeguards Explained, Part 1

HIPAA Physical Safeguards Explained, Part 2

There are 4 standards in the Physical Safeguards section.

  1. Facility Access Controls
  2. Workstation Use
  3. Workstation Security
  4. Device and Media Controls

When you break down the 4 standards there are 10 things that you need to implement.

  1. Facility Access Controls – Contingency Operations (addressable): Establish (and implement as needed) procedures that allow facility access in support of restoration of lost data under the disaster recovery plan and emergency mode operations plan in the event of an emergency.
  2. Facility Access Controls – Facility Security Plan (addressable): Implement policies and procedures to safeguard the facility and the equipment therein from unauthorized physical access, tampering, and theft.
  3. Facility Access Controls – Access Control and Validation Procedures (addressable): Implement procedures to control and validate a person’s access to facilities based on their role or function, including visitor control, and control of access to software programs for testing and revision.
  4. Facility Access Controls – Maintenance Records (addressable): Implement policies and procedures to document repairs and modifications to the physical components of a facility which are related to security (e.g. hardware, walls, doors, and locks).
  5. Workstation Use (required): Implement policies and procedures that specify the proper functions to be performed, the manner in which those functions are to be performed, and the physical attributes of the surroundings of a specific workstation or class of workstation that can access ePHI.
  6. Workstation Security (required): Implement physical safeguards for all workstations that access ePHI, to restrict access to authorized users.
  7. Device and Media Controls – Disposal (required): Implement policies and procedures to address the final disposition of ePHI, and/or the hardware or electronic media on which it is stored.
  8. Device and Media Controls – Media Re-Use (required): Implement procedures for removal of ePHI from electronic media before the media are made available for re-use.
  9. Device and Media Controls – Accountability (addressable): Maintain a record of the movements of hardware and electronic media and any person responsible therefore.
  10. Device and Media Controls – Data Backup and Storage (addressable): Create a retrievable, exact copy of ePHI, when needed, before movement of equipment.

Security Standards: Physical Safeguards

HHS: https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/physsafeguards.pdf

Administrative Safeguards

The Administrative Safeguards are a collection of policies and procedures that govern the conduct of the workforce, and the security measures put in place to protect ePHI.

The administrative components are really important when implementing a HIPAA compliance program; you are required to assign a privacy officer, complete a risk assessment annually, implement employee training, review policies and procedures, and execute Business Associate Agreements (BAAs) with all partners who handle protected health information (PHI).

There are 9 standards under the Administrative Safeguards section.

  1. Security Management Process
  2. Assigned Security Responsibility
  3. Workforce Security
  4. Information Access Management
  5. Security Awareness and Training
  6. Security Incident Procedures
  7. Contingency Plan
  8. Evaluation
  9. Business Associate Contracts and Other Arrangements

As with all the standards in this rule, compliance with the Administrative Safeguards standards will require an evaluation of the security controls already in place, an accurate and thorough risk analysis, and a series of documented solutions.

When you break down the 9 standards there are 18 things that you need to do.

  1. Security Management Process – Risk Analysis (required): Perform and document a risk analysis to see where PHI is being used and stored in order to determine all the ways that HIPAA could be violated.
  2. Security Management Process – Risk Management (required): Implement sufficient measures to reduce these risks to an appropriate level.
  3. Security Management Process – Sanction Policy (required): Implement sanction policies for employees who fail to comply.
  4. Security Management Process – Information Systems Activity Reviews (required): Regularly review system activity, logs, audit trails, etc.
  5. Assigned Security Responsibility – Officers (required): Designate HIPAA Security and Privacy Officers.
  6. Workforce Security – Employee Oversight (addressable): Implement procedures to authorize and supervise employees who work with PHI, and for granting and removing PHI access to employees. Ensure that an employee’s access to PHI ends with termination of employment.
  7. Information Access Management – Multiple Organizations (required): Ensure that PHI is not accessed by parent or partner organizations or subcontractors that are not authorized for access.
  8. Information Access Management – ePHI Access (addressable): Implement procedures for granting access to ePHI that document access to ePHI or to services and systems that grant access to ePHI.
  9. Security Awareness and Training – Security Reminders (addressable): Periodically send updates and reminders about security and privacy policies to employees.
  10. Security Awareness and Training – Protection Against Malware (addressable): Have procedures for guarding against, detecting, and reporting malicious software.
  11. Security Awareness and Training – Login Monitoring (addressable): Institute monitoring of logins to systems and reporting of discrepancies.
  12. Security Awareness and Training – Password Management (addressable): Ensure that there are procedures for creating, changing, and protecting passwords.
  13. Security Incident Procedures – Response and Reporting (required): Identify, document, and respond to security incidents.
  14. Contingency Plan – Contingency Plans (required): Ensure that there are accessible backups of ePHI and that there are procedures for restore any lost data.
  15. Contingency Plan – Contingency Plans Updates and Analysis (addressable): Have procedures for periodic testing and revision of contingency plans. Assess the relative criticality of specific applications and data in support of other contingency plan components.
  16. Contingency Plan – Emergency Mode (required): Establish (and implement as needed) procedures to enable continuation of critical business processes for protection of the security of ePHI while operating in emergency mode.
  17. Evaluations (required): Perform periodic evaluations to see if any changes in your business or the law require changes to your HIPAA compliance procedures.
  18. Business Associate Agreements (required): Have special contracts with business partners who will have access to your PHI in order to ensure that they will be compliant. Choose partners that have similar agreements with any of their partners to which they are also extending access.

Security Standards: Administrative Safeguards

HHS: https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/adminsafeguards.pdf

HIPAA Privacy Rule

The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, healthcare clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of personal health information and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records and to request corrections.

Business Associates are directly liable for uses and disclosures of PHI that are not covered under their BAA or the HIPAA Privacy Rule itself.

The Privacy Rule requires Business Associates to do the following:

  1. Do not allow any impermissible uses or disclosures of PHI.
  2. Provide breach notification to the Covered Entity.
  3. Provide either the individual or the Covered Entity access to PHI.
  4. Disclose PHI to the Secretary of HHS, if compelled to do so.
  5. Provide an accounting of disclosures.
  6. Comply with the requirements of the HIPAA Security Rule.

HHS, Privacy Rule:

http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/index.html

HIPAA Enforcement Rule

The HIPAA Enforcement Rule spells out investigations, penalties, and procedures for hearings.

What’s the penalty for a HIPAA violation? Read True Vault’s blog on post the subject.

HHS, Enforcement Rule:

http://www.hhs.gov/ocr/privacy/hipaa/administrative/enforcementrule/index.html

HIPAA Breach Notification Rule

The Breach Notification Rule requires most healthcare providers to notify patients when there is a breach of unsecured PHI. The Breach Notification Rule also requires the entities to promptly notify HHS if there is any breach of unsecured PHI, and notify the media and public if the breach affects more than 500 patients.

HHS, Breach Notification Rule:

http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/index.html

Summary

When you boil it down, HIPAA is really asking you to do 4 things:

  1. Put safeguards in place to protect patient health information.
  2. Reasonably limit uses and sharing to the minimum necessary to accomplish your intended purpose.
  3. Have agreements in place with any service providers that perform covered functions or activities for you. These agreements (BAAs) are to ensure that these services providers (Business Associates) only use and disclose patient health information properly and safeguard it appropriately.
  4. Have procedures in place to limit who can access patient health information, and implement a training program for you and your employees about how to protect your patient health information.

https://www.truevault.com/blog/how-do-i-become-hipaa-compliant.html#.VBI3A85dXkt

(Solved) 2502/2503 Error When Installing from a .msi File

Sometime, you will get a 2502/2503 error message when trying to install a program from a .msi file.

Here’s how to fix it.

  1. Log in as an administrator
  2. Navigate to the C:\windows directory in file explorer
  3. Find and right-click the temp folder in this directory
  4. Select properties from the menu and click the security tab
  5. Make a note of the permissions for the following:
    1. All Application Packages
    2. Creator/Owner
    3. Users
    4. Trusted Installers
  6. Click the edit button and change the permissions to full control for all of these
  7. Click apply and OK/close out of the temp folder properties windows
  8. You can now install the program without issue
  9. Once the program is installed and working, go back to the temp properties and change the permissions back to what they were before

(Solved!) How to Disable “You should only open attachments from a trustworthy source” in Outlook on Windows Remote Desktop Server

(Solved!) How to Disable “You should only open attachments from a trustworthy source” in Outlook on Windows Remote Desktop Server.   Recently we set up an RDP server for a client who moves around from location to location.  In their outlook profile when the user tried to open a PDF a message would pop up:

Solution:

  1. Login as administrator to your RDP server
  2. Promote the user having the issue to a local computer administrator on the remote desktop server.  (Control Panel, User Accounts, Manage User Accounts, Add, then select the user and domain if applicable and choose administrator)
  3. Log in as the user
  4. Hold Control and Shift then click on the Outlook icon.  Or right-click the Outlook icon and “Run as Administrator”.  Outlook will open in elevated status and should not ask for a username and password as you are logged in as a local administrator.  It will also load the correct Outlook profile.
  5. Open a PDF and the box will be able to be unchecked.
  6. Log off of the user and back into the domain admin
  7. Remove the  user as an administrator for the local remote desktop (we don’t want them to continue to be an admin)

Notice the “Always ask before opening this type of file” is greyed out.  This setting requires local administrator access and an elevated Outlook to get rid of the checkbox.  On a remote desktop server, this was a real issue as the local user isn’t an administrator.  When you tried to open Outlook as an administrator and use the network admin credentials, Outlook would not load the profile correctly so you couldn’t see any files which would bring up this error.

We perused the Googles for hours and couldn’t come up with a registry entry or anything that worked.  We finally fixed the issue.  What ended up helping was a post from Roady, a Microsft MVP.  His solution would work on a normal Windows machine but did not work in a remote desktop environment.

The key is, you need a local administrator to elevate Outlook to enable the checkbox.

https://answers.microsoft.com/en-us/msoffice/forum/msoffice_outlook-mso_win10/how-to-disable-the-warning-on-opening-any/b424facc-3855-4467-8225-cb0c9de44c11

As this is a computer-wide change, you can only change that option when you are running Outlook as an Administrator.

  1. Close Outlook.
  2. Hold CTRL+SHIFT while clicking on the Outlook icon.
  3. Accepts the security prompt and/or provide administrator credentials.
  4. Open the attachment and untick the “Always ask…” box.
  5. Close Outlook and start it normally.

Robert Sparnaaij [MVP-Outlook]

https://www.howto-outlook.com

https://www.msoutlook.info

How To: Setup Active Directory Roaming Profiles with Folder Redirection Server 2016, Server 2012, Server 2008R2

How to Setup Active Directory Roaming Profiles with Folder Redirection with Administrative access to files and folders and without user access to other people’s profiles.

First a warning.  Do not forward the App Data folder.  From our practical application, we found many programs require your App Data Local and App Data Roaming folder to be editable on the local computer and may respond incorrectly to different installations and configurations.  This includes most networked programs particularly requiring network connectivity like SQL based applications.  Also, MS Outlook can act erratically by not being able to read the folder on your local machine to find the profiles etc.

Setting up a server with Roaming Profiles can be a great benefit to your organization.  It allows users to log in to any computer and have their user settings and files follow them.  There are drawbacks to the default Roaming Profiles setup.  Windows Server, if you just use the profile settings which Microsoft defaults to in the Active Directory Users and Computers app, then you will end up with user profiles in a folder where you as an administrator cannot access.  Also, some backup software will have issues backing up the software because of the user permissions assigned.

In this tutorial, we’ll show you how to set up a Roaming Profile and set up proper Folder Redirection where the user cannot see the other users files, but the administrator can administer the files and assign other users like backup operators to be able to access and backup the files as well.  Some steps in this user guide will assume you have a basic knowledge of Windows Server software, File Permissions, and Active Directory.

Step 1 – Create two folders

Create two folders on your storage drive, this may be a separate drive or on your C:\ drive.  We will call this “Profiles” and “Users.”  You can name them what you want. We recommend you do this on a separate storage drive or partition for backup and working purposes.  The reason why we have two is one will hold our User Profile, and the other will hold our home directories, like Documents, Desktop, Downloads, Etc.

Step 2 – Permissions of the Profiles Folder.

Right-click on the Profiles folder and click “Share With” and then “Specific People”  Make sure the Administrator has Read/Write access.  Then click the Security Tab.  Change the Group or user names permissions by clicking Edit.  Click Add and type “Users”.  Hit enter and your box should look like below.

Step 3 – Permissions of the Users Folder

Right-click on the Profiles folder and click “Share With” and then “Specific People”  Make sure the Administrator has Read/Write access.  Then click the Security Tab. Make sure the “Users” is not on this folder as we do not want other users to be able to look at other people’s files.

Step 4 – Create Folder Redirection Policy in Group Policy

This setup is not scary!

Go back to your Administrator Tools and select Group Policy Management.  Open it to Forest/Domains/*your domain*.  It should look like below.

Now, right-click on your “Default Domain Policy” and select Edit

Navigate to User Configurations / Policies / Windows Settings / Folder Redirections

Here you can see the folders which can be redirected.  Right-click on each one, Select Basic – Redirect everyone’s folder to the same location

Then select the Root Path “\\yourservername\users”  **Make sure this is a UNC path and not a local C:\whatever

Then select the Settings tab.  Make sure the “Grant the user exclusive rights to *whatever* is UNCHECKED.

Do the same procedure for all of the folders you want re-directed.  Accept prompts.

Step 5 – Create a new user in Active Directory

Open the Windows Administrator Tools Window from the Control Panel

Open Active Directory Users and Computers

Click on Users and right-click.  Select New / User

Name your user whatever.  Here we named our user Test6

Click Next, Select Password, click ok

Step 6 – Profile paths in the User Profile section

Find the new user and right-click on the user then select Properties

Click the Profile tab

In the Profile tab, enter the UNC path to our first “Profile” folder  *in my test it was \\pfd-server\profiles\test6  -the pfd-server is your username and the test6 is the profile folder you want to create for this user.  We keep them the same.

Under the “Home Folder, select “Connect”, then select the U drive *or any drive letter* then type the UNC path to your users folder you created earlier.  *In my test, it is \\pfd-server\user\test6

Press Apply, and OK

Step 7 – Login as the User

When you log in as the user, you should now see a regular login screen but you should also see “Applying Folder Re-Direction Policy” which means it is copying the home folders to the “Users” folder you selected.  It may take a minute or two to copy.

Now you should see in your file explorer under your “This PC” a U drive with the username listed.  If you click on it, you should see all of your home folders there for the user.

Now if you log into the server, you should be able to go to your storage drive and go to users.  You can see below, I am logged in as the administrator but I am able to fully access the files and work with them.

Good luck out there!  Hope this helps you :).