Wednesday, December 16, 2015

How to check attachment limits in Exchange

get-transportconfig | ft maxsendsize, maxreceivesize 
get-receiveconnector | ft name, maxmessagesize 
get-sendconnector | ft name, maxmessagesize 
get-mailbox Administrator |ft Name, Maxsendsize, maxreceivesize

Monday, December 14, 2015

How to add a user to a Public Folder including all Subfolders in Exchange 2010 / 2013

Get-PublicFolder –Identity “\Public Folder” –Recurse | Add-PublicFolderClientPermission –User UserName –AccessRights PublishingAuthor


To remove a user from all public folders-
Remove-PublicFolderClientPermission -Identity "\" -User UserName

Thursday, September 10, 2015

Cisco Anyconnect does not work after upgrading to 9.4 or 9.5.

The issue is that 9.4 and above which requires configuring custom ciphers in order to user third party CA certs for Anyconnect.  

ssl cipher tlsv1.2 custom "AES256-SHA:AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA:RC4-SHA:RC4-MD5"


Here’s the 9.4 release notes that detail the issue - http://www.cisco.com/c/en/us/td/docs/security/asa/asa94/release/notes/asarn94.html

Friday, September 4, 2015

How to get a list of the last time users changed passwords and if they are set for their passwords to never expire.

Open PowerShell, type-

 get-aduser -filter * -properties passwordlastset, passwordneverexpires |ft Name, passwordlastset, Passwordneverexpires

To Export to CSV-
Get-ADUser -filter * -properties passwordlastset, passwordneverexpires | sort-object name | select-object Name, passwordlastset, passwordneverexpires | Export-csv -path c:tempuser-password-info-20131119.csv


For enabled only-
get-aduser -filter 'enabled -eq $true'  -properties passwordlastset, passwordneverexpires |ft Name, passwordlastset, Passwordneverexpires

To see an accounts creation date-

Get-ADUser <UserName> -Properties whenCreated | Format-List Name,whenCreated

Saturday, August 15, 2015

Migrate VMDK (Virtual Hard Disk) from one VM to another, maintain permissions and file shares. EASY file migration!

File server migration - the easy way.  Don't migrate files and change login scripts like a chump... :)

1) Get your current file server running on the same host as the new file server.  (If physical, p2v it.  If virtual, move it or v2v it.)
2) Open Regedit on the old file server, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer
3) Right Click on "Shares", click export.  Copy this file to your new file server.
4) In vmware remove the data disk from the old file server.  (Right click on VM, Edit Settings, click on the data hard disk, click remote.  Make sure you do NOT click remove and delete files from disk, make SURE yous elect "Remove from Virtual Machine".
5) Rename the old server to something else.  (If it's a DC, demote it, then rename it.)
6) Rename the new server to your old server's name.  If it's to be a DC, delete the old computer account in AD and promote it.)
7) In VMware, add the drive.  (Right click on VM, edit settings, add, Hard Disk, use and existing virtual disk, find the VMDK of the drive you are migrating.)
8) In Windows on the new server, make sure you add the drive with the same drive letter the old server had.  (So if it was "D" on the old server, make sure it is "D" on the new server.
9) Import your registry file from step 2.
10) Reboot.

All permissions and shares will be exactly as they were before you started.

Thursday, July 16, 2015

How to see what mailboxes a specific user has Full Access to.

I recently was tasked with finding out which mailboxes a specific user and full access to.  It took me a bit too find this with most providing way too much info.


Get-Mailbox -ResultSize Unlimited | Get-MailboxPermission -User jsmith | Format-Table Identity, AccessRights, Deny

Proper Syntex to change public folder permissions recursive using powershell.

It took me enough google searches to figure this out that I decided to post it here.  The issues seemed to be around the 'space' in the folder name.

Change directories to \Program Files\Exchange Server\Scripts

To add a user to a public folder and all subfolders in powershell use-
\AddUsersToPFRecursive.ps1 -Server "ExchangeServer" -TopPublicFolder "\Sales Folder" -User "JSmith" -Permissions
 PublishingEditor

You can also do this if you want to add them to ALL public folders.
\AddUsersToPFRecursive.ps1 -Server "ExchangeServer" -TopPublicFolder "\" -User "JSmith" -Permissions
 PublishingEditor

To REPLACE their permissions (say they have read access but you want them to have publishing editor), do this-
.\ReplaceUserPermissionOnPFRecursive.ps1 -Server "ExchangeServer" -TopPublicFolder "'\Sales Folder'" -User "JSmith" -Permissions PublishingEditor

Note- the folder is in both quote (") and with a tick (') around it.  It doesn't work with just quotes.

Thursday, June 11, 2015

Removing duplicate lines in Notepad++

Often times I cut / paste between systems and end up with duplicate lines in Notepad++.  Googling finds a lot of solutions that don't work.  Here's all you need to do-

Hit <Ctrl> <H> to get to the replace box (or go to the Search menu and click Replace.)
In "Find What", put \r\n\r\n
In "Replace", put \r\n
Under Search Mode, check "Extended".
Click "Replace All".



Wednesday, March 11, 2015

How to convert a Unix TXT file to Windows in Notepad++ (removing extra line spaces).

Hit <Ctrl> <H>
Select "Extended" under search mode.
In Find What, put "\r\n\r\n"
In Replace With, put "\r\n"
Select "Replace All"

Friday, March 6, 2015

Easily determine what is running at startup, administer services, etc.

Autoruns is a great systinternals utility that allows you to easily administer the startup of any Windows OS.

https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

Wednesday, March 4, 2015

You can't get into Cisco ASDM and get "Unable to launch the application" from Java. Here are ALL possible ways to resolve this-

You can't get into Cisco ASDM and get "Unable to launch the application" from Java.  Here are ALL possible ways to resolve this-

1) Make sure you are on the latest ASDM (7.x).  You don't need to upgrade the OS to run the latest ASDM.

2)  Go to control panel, java, click on the security tab, click edit site list, and add the URL to your Firewall.  Make sure you include "https://"

3)  If that doesn't resolve it, make sure 3des is enabled in "show version" on the ASA.

4)  If it is, issue these commands-
ssl server-version any
ssl client-version any
ssl encryption rc4-md5 rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
ssl certificate-authentication fca-timeout 2

5)  If that doesn't work, issue these.  Use your own username and password.
aaa authentication http console LOCAL
username cisco password cisco

Monday, March 2, 2015

How to enable (install) telnet from the command line.

Are you ever in a remote command line session and you need to telnet into something, but you find telnet is not installed?  Simply issue this command to install telnet.


dism /online /Enable-Feature /FeatureName:TelnetClient


Thursday, February 26, 2015

Decrypt CryptoLocker for FREE!!!

Ever want to DECRYPT CRYPTOLOCKER files for FREE?  :)  Yes, that’s right.  The encryption keys for Cryptolocker are now freely available.

Simply go to the site https://www.decryptcryptolocker.com  This site will allow you to upload one of your files encrypted by Cryptolocker and will then attempt to decrypt your file by utilizing all of the private decryption keys available.  If they are successful, they will email you the key along with information on how to decrypt all of your files.


Friday, February 20, 2015

How to find a Wireless Key for a saved network that you are not currently connected to in Windows 8.1

It's relatively easy to see the wireless key of the wireless network you are actively connected to, but say you want to pull up a key that you are NOT currently connected to?  Easy!

 - Run CMD as Administrator

 - List your WLAN profiles:
NETSH WLAN SHOW PROFILES

 - Find the wireless network you want to find the key for, then type-
NETSH WLAN SHOW PROFILES NAME="profile_name_from_step2" KEY=CLEAR

 - Under "Security Settings", the key will be displayed beside "Key Content"

Make sure you set the KEY parameter to CLEAR for the Security Key to be displayed in "CLEAR" TEXT.


Thursday, January 15, 2015

How to upgrade all of the firmware and bios on a Dell PowerEdge Server running VMware or another non-windows OS.

How to Upgrade ALL of the firmware, bios, etc. on a Dell server.

This comes up often with VMware hosts.  Here is your easy solution to update all of the firwares (RAID, Lifecycle, Drac, etc.) and BIOS all at once.

1)      Download and install Dell Repository manager.  You can get it here- http://downloads.dell.com/FOLDER02720479M/1/Dell_Repository_Manager_2.0.0.187.msi or you can find it on the dell support site for your server product under the category “Systems Management.”
2)      There will be two icons on your start menu, you want to run “Datacenter Edition.”  After launching, it will check for updates.  If there is an update, go ahead and install it.
3)      On the “Source” menu, click “Sync Database with Dell Online.”
4)      Click on the “Dell Online” tab, select your system under “Supported Platforms.”
5)      Check the checkbox next to “System Bundle (Linux)”, if there are multiple select the newest one.
6)      Click “Export”, select the bubble next to “Bootable ISO (Using Linux Bundle), Click Next.
7)      If you do not have the plugin installed, let it install it for you.
8)      Select the location you want to save the ISO.
9)      Leave the bubble next to ‘No” when asked if you want to include your own script, click “Next.”
10)   Click “Finish.”
11)   Down at the bottom, there is a section that says “Job Queue”.  It’s not obvious that it is there.  Click the little “UP ARROW” to bring it up so you can monitor the status of the ISO creation.  It takes a bit, as it has to download from Dell.

12)   Once it finishes, simply burn the ISO and boot the server from it or use the drac to connect the ISO to boot from. 

Tuesday, January 6, 2015

How to install a Go Daddy Certificate on a Cisco ASA for AnyConnect.

Here is how you install a Go Daddy Certificate on a Cisco ASA for use with AnyConnect.  This assumes you already have anyconnect up and running.

1) Open and log into the ASDM.

2) Click on "Configuration", "Certificate Management", "Identity Certificates".



3) Click "Add", Give the Trustpoint a name (for example "GoDaddy"), select "Add a new identity certificate."  Click "New", select "Enter new key pair name", and name it.  Change the size to 2048 (Go Daddy no longer allows 1024).  If you cannot select 2048, you need to update your ASA.  Click "Generate Now".




4) Next to "Certificate Subject DN" click "Select".

5) Fill in the Attributes.  Don't worry about Location or Email.  Then Click "OK"
Common Name- This is the name of the domain URL you will use.  For example, vpn.company.com
Department- This is the department in your company, say "IT".
Company Name- Your company name, say "Company"
Country- "US" for United States.
State- Your state, "CO" for Colorado in my example.


6) Click "Add Certificate" and save your CSR somewhere.

7)  Go to Go Daddy's site, order your cert and paste your CSR.  Once it is issued, download the certificate.  Choose "Other" when asked what server type.

8)  Go back to identity certificates (see step 1), click on your cert and click "Install".


7) Select the certificate that has a numbered name.  DON'T select the one called gd_bundle-g2-g1.crt, that's the intermediate cert.  It will be called something like 89438f6489342cc.crt.

8) Open the file gd_bundle-g2-g1.crt, you'll see two certificates with
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

9) Remove the second certificate from the file and paste it into a new file, save the file with a .crt extension.  So you'll have two files.  The first with the first certificate in the file, the second with he second certificate.

10) Click on "Configuration", open "Certificate Management", click on "CA Certificates."  (Your ASDM Certificate should already be located under "Identity Certificates")

11) Click "Add", select your first file, click install certificate.  Repeat for the second file.  You then should see two files listed.

7) Click "Apply", then "Save".

If you have trouble with step 8, you can download the files from here-
https://www.dropbox.com/sh/ltvx4olrcev7osk/AAAubPLuFXfEoojewaHE9gUIa?dl=0

Cisco AnyConnect with Go Daddy (GoDaddy) Certificate Certificate Error (Not Trusted) in Safari (So on Apple Mac, iPhone, iPad, etc.)

Recently I had a client complain that Apple users were experiencing certificate errors.  The first thing I checked was to see if the intermediate certificate was installed.  It was.  But what I discovered is, it appears the ASDM only imports the first certificate in the bundle and that apparently Safari doesn't have Go Daddy as a trusted root CA.  I had to split the intermediate certificate into two files and install them.  Here is how I resolved the problem.

1) When you download your Certificate, choose "Apache" or "Other".

2) Open the file gd_bundle-g2-g1.crt, you'll see two certificates with
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

3) Remove the second certificate from the file and paste it into a new file, save the file with a .crt extension.  So you'll have two files.  The first with the first certificate in the file, the second with he second certificate.

4) Open the ASDM and log in.

5) Click on "Configuration", open "Certificate Management", click on "CA Certificates."  (Your ASDM Certificate should already be located under "Identity Certificates")

6) Click "Add", select your first file, click install certificate.  Repeat for the second file.

7) Click "Apply", then "Save".

If you have trouble with step 2, you can download the files from here-
https://www.dropbox.com/sh/ltvx4olrcev7osk/AAAubPLuFXfEoojewaHE9gUIa?dl=0