Convert Server 2016 Standard to Datacenter

I needed to do this today because I had setup a pair of servers and it turns out they needed to be Datacenter edition instead of Standard edition. What used to mean you would need to rebuild, is really now just another command to run.

dism /online /Set-Edition:ServerDatacenter /ProductKey:CB7KF-BWN84-R7R2Y-793K2-8XDDG /AcceptEula

It took about 20 minutes or so but Before you tell me I posted my keys … sorry but it’s the KMS client key from Microsoft.

I found this command from ITechLounge.

Remove a single user’s permissions from all mailboxes in Office 365

Longest title in history?

A while back we were doing some troubleshooting and we added an administrator’s account to have read permissions on all of our mailboxes. Mailboxes permissions came up as a topic yesterday in a conversation I was having and I remembered I had meant to clean this up. I could have gone about this a bunch of different ways, but ultimately I wanted to create a script in case I ever needed it again. Continue reading “Remove a single user’s permissions from all mailboxes in Office 365”

Using mod_rewrite rules for subdomains to subfolders

A URL address bar with www

From the land of things that were harder than they needed to be. Seems like you need a deep dive in everything to be able to do anything sometimes.

So, on this domain I wanted to use a single host to handle a few subdomains. One for my blog (which you’re on now), and maybe a couple of others for web classes or anything else I may want to mess around with.

Easy enough to do with subdomains and different document root folders on a standard server. And the hosting service does provide different document root folders. I ended up with different FTP root folders for each subdomain which is not what I was looking for. I wanted to use one FTP account and then just upload to the location I wanted for the subdomain I was updating.  Continue reading “Using mod_rewrite rules for subdomains to subfolders”

Outlook 2016 – Stop Displaying Mailboxes for Other Users

As an admin occasionally you’ll give yourself permissions to a mailbox. And then you’ll remember Outlook conveniently auto-maps that mailbox for you. Easy fix.
Close Outlook. Open Powershell.

Add-MailboxPermission -Identity targetuser@foo -User youradmin@foo -AccessRights FullAccess -AutoMapping:$false

Open Outlook. Enjoy the emptiness of the side bar.

You can/should also (once the mailbox disappears from Outlook) remove the permissions completely.

Remove-MailboxPermission -Identity targetuser@foo -User youradmin@foo -AccessRights FullAccess -InheritanceType All

Delete an email from all mailboxes in O365

 

 

Shamelessly borrowed from:
Spiceworks

 

# Get login credentials 
$UserCredential = Get-Credential 
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid -Credential $UserCredential -Authentication Basic -AllowRedirection


Import-PSSession $Session -AllowClobber -DisableNameChecking $Host.UI.RawUI.WindowTitle = $UserCredential.UserName + " (Office 365 Security & Compliance Center):"
# search for the email in all mailboxes
New-ComplianceSearch -Name "Easy-To-Identify-Name" -ExchangeLocation all -ContentMatchQuery 'sent>=12/01/2017 AND sent<=12/30/2017 AND subject:"announcement" AND from:"username@domain.org"'
Start-ComplianceSearch -Identity "Easy-To-Identify-Name"

# wait a minute and view the results
Get-ComplianceSearch -Identity "Easy-To-Identify-Name"
Get-ComplianceSearch -Identity "Easy-To-Identify-Name" | Format-List

# delete the messages if the results look right
New-ComplianceSearchAction -SearchName "Easy-To-Identify-Name" -Purge -PurgeType SoftDelete

# check when it is completed
Get-ComplianceSearchAction -Identity "Easy-To-Identify-Name_Purge"

Change PFX to PEM on Windows

cmd

Install OpenSSL from here:

https://slproweb.com/products/Win32OpenSSL.html

Copy the PFX file to the directory you want the .pem files in. Open a command prompt as admin, change to the directory and run these commands:

To export the private key without a passphrase or password.

C:\OpenSSL-Win32\bin\openssl pkcs12 -in adams14wildcard.pfx -nocerts -nodes -out serverkey.pem

To export the Certificate

C:\OpenSSL-Win32\bin\openssl pkcs12 -in adams14wildcard.pfx -clcerts -nokeys -out servercert.pem

Restart whatever service (in this case it was Tenable Nessus).

Converting a Password to Secure String

Windows_PowerShell_icon

I forget this every time I reset my password…

(Get-Credential).Password | ConvertFrom-SecureString | Out-File "C:\Scripts\365SecureString.txt"

Using it:

$pass = cat "C:\Scripts\365securestring.txt" | convertto-securestring
$mycred_online = new-object -typename System.Management.Automation.PSCredential -argumentlist "UserAccount@contoso.com",$pass
$mycred = new-object -typename System.Management.Automation.PSCredential -argumentlist "UserAccount",$pass

 

Setting DNS Server addresses on a remote server via PowerShell

Windows_PowerShell_icon

Storing this one for later…

$cred = Get-Credential

Enter-PSSession -Credential $cred -Computername <hostname>

Get-NetAdapter -Physical

Get-DNSClientServerAddress –interfaceIndex XX  (Just making sure this is the interface I want to change).

Set-DNSClientServerAddress –interfaceIndex XX –ServerAddresses (“x.x.x.x”,”x.x.x.x”)

Exit-PSSession

CentOS – Job for network.service failed

Ugh. Ok, so something I came across today that I figured might help someone else out in the future. I’m setting up a new CentOS 7 box and while I was doing that I kept having intermittent network connectivity issues.  For some reason I decided NetworkManager needed to get out of my way… so I went about the process of disabling all that nonsense and went back to doing network config the way I know how. I set a reservation in DHCP (temporary), and set ifcfg-eth0 as a static IP along with all the other relevant pieces to get the interface manually configured.

Problem was I couldn’t get the network to come up. Here was my first issue:
prob1

Naturally I follow directions and ran “systemctl status network.service -l” and was greeted with:

prob2

Relevant bits highlighted. Now I’m pretty sure nothing is using that address since I got it from DHCP … so a bit of Googling led me to this link. The explanation here is that when ifup-eth runs it does an arping to determine if anything is using that address, and if anything replies then it exists the script. The offending section is this: Continue reading “CentOS – Job for network.service failed”

Monitoring Windows DHCP Scopes with Nagios

Nagios_logo_blackOn your DHCP Server

You need this VB Script in the scripts directory of NSClient++ on the DHCP Server:
check_dhcp_scope.vbs

Change the .doc extension to .vbs or hit the link to Nagios exchange below for the original file.

Now in nsc.ini — Enable NRPEListener.dll and CheckExternalScripts.dll
Also in nsc.ini add the following in the External Scripts Section:

check_dhcp_scope=cscript.exe //T:30 //NoLogo scripts\check_dhcp_scope.vbs

Restart the NSClient++ on the DHCP server.
Continue reading “Monitoring Windows DHCP Scopes with Nagios”