Monday, April 20, 2015

Changelog

 ----------  
 2015.4.20  
 Added Tools -> System Tools -> Remote Command Line  
 (Brings up an interactive dos command line on remote pc)  

Thursday, April 9, 2015

Reset a user's password in AD with C#.NET

     public void ResetUsersPassword(string user, string fQDomainName, string ou)  
     {  
       if (!string.IsNullOrEmpty(user))  
       {  
         try  
         {  
           PrincipalContext ctx = new PrincipalContext(ContextType.Domain, fQDomainName, ou);  
           UserPrincipalsEx usr = UserPrincipalsEx.FindByIdentity(ctx, user);  
   
           if (usr != null)  
           {  
             DialogResult yesNoDialog;  
             string resetPasswordString = "Are you sure you want to reset " + usr.DisplayName + "'s password?";  
             yesNoDialog = MessageBox.Show(resetPasswordString, "Password Reset", MessageBoxButtons.YesNo);  
             if (yesNoDialog == DialogResult.Yes)  
             {  
               usr.SetPassword("Password1");  
               usr.ExpirePasswordNow();  
               MessageBox.Show(usr.DisplayName + "'s password has been reset.");  
             }  
             if (usr.IsAccountLockedOut())  
             {  
               usr.UnlockAccount();  
               MessageBox.Show(usr.DisplayName + "'s account unlocked");  
             }  
             usr.Dispose();  
           }  
           ctx.Dispose();  
   
         }  
         catch (Exception unlockException)  
         {  
           MessageBox.Show(unlockException.Message);  
         }  
       }  
     }  

My solution to disable popup blocker(or any registry setting in HKCU) on a remote machine on an IE zone, without GPO.

So basically, the C# writes a Batch file on the user's Desktop that the user must double click so it runs under their credentials, the Batch file then creates a .reg file on the desktop that it in turn runs to change the registry setting in HKCU, then it deletes the .reg and then itself. I was proud of this a few years ago when I wrote it with the 3 nested syntaxes and all. As you can see it relies on other custom methods I wrote, but what you need to do to replicate should be clear.

     public void DisablePopupBlocker(string pcname, string profile)  
     {  
       try  
       {  
         if (PcNameIsNotNullOrVoid(pcname) && !string.IsNullOrEmpty(profile))  
         {  
           pcname = CleanPCName(pcname);  
           profile = CheckForProfileDotDomain(pcname, profile);  
           //string filename = backslashes + pcname + @"\" + cshare + @"\Documents and Settings\" + profile + @"\Desktop\Disable PopUp Blocker.bat";  
           string filename = GetDesktopLocation(profile) +profile + @"\Desktop\Disable PopUp Blocker.bat";  
           if (File.Exists(filename))  
           {  
             File.Delete(filename);  
           }  
           try  
           {  
             using (StreamWriter writer = new StreamWriter(filename))  
             {  
               writer.WriteLine(@"@echo off");  
               writer.WriteLine(@"");  
               writer.WriteLine(@"echo Windows Registry Editor Version 5.00 >popup.reg");  
               writer.WriteLine(@"echo ;Pop up blocker disable >>popup.reg");  
               writer.WriteLine(@"echo [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] >>popup.reg");  
               writer.WriteLine("echo \"1809\"=dword:00000003 >>popup.reg");  
               writer.WriteLine("echo \"2200\"=dword:00000000 >>popup.reg");  
               writer.WriteLine("echo \"1609\"=dword:00000000 >>popup.reg");  
               writer.WriteLine("echo \"2101\"=dword:00000000 >>popup.reg");  
               writer.WriteLine(@"");  
               writer.WriteLine(@"regedit.exe /s popup.reg");  
               writer.WriteLine(@"");  
               writer.WriteLine(@"del /q popup.reg");  
               writer.WriteLine(@"del %0");  
               writer.Flush();  
               writer.Close();  
               MessageBox.Show("Created Disable PopUp Blocker.bat on " + profile + "'s Desktop.");  
               writer.Dispose();  
             }  
           }  
           catch (IOException ioe)  
           {  
             MessageBox.Show(ioe.Message);  
           }  
   
         }  
       }  
       catch (Exception popupException)  
       {  
         MessageBox.Show(popupException.Message);  
       }  
     }  

Example of how to call Powershell Pipeline in C# and bring in Exchange SnapIn

     public List<string> getBlockedSenders()  
     {  
       RunspaceConfiguration rsConfig = RunspaceConfiguration.Create();  
       PSSnapInException snapInException = null;  
       PSSnapInInfo info = rsConfig.AddPSSnapIn("Microsoft.Exchange.Management.PowerShell.E2010", out snapInException);  
       Runspace myRunSpace = RunspaceFactory.CreateRunspace(rsConfig);  
       myRunSpace.Open();  
       Pipeline ps = myRunSpace.CreatePipeline();  
   
       Command getSenderFilterConfigCommand = new Command("Get-SenderFilterConfig");  
       ps.Commands.Add(getSenderFilterConfigCommand);  
   
       Command selectObjectCommand = new Command("Select-Object");  
       CommandParameter selectObjectArgs = new CommandParameter("ExpandProperty", "BlockedSenders");  
       selectObjectCommand.Parameters.Add(selectObjectArgs);  
       ps.Commands.Add(selectObjectCommand);  
   
       Command outStringCommand = new Command("Out-String");  
       CommandParameter outStringArgs = new CommandParameter("Stream");  
       outStringCommand.Parameters.Add(outStringArgs);  
       ps.Commands.Add(outStringCommand);  
   
       List<string> output = new List<string>();  
       foreach (PSObject result in ps.Invoke())  
       {  
         output.Add(result.ToString());  
       }  
   
       myRunSpace.Dispose();  
       return output;  
     }  

Wednesday, April 8, 2015

Example of one of my configs for a remote site on a Ubiquiti Edgerouter with PPTP, OSPF, VTIs, and DCHP Lync Phone Settings

 firewall {   
   all-ping enable   
   broadcast-ping disable   
   group {   
    address-group DMZ_External {   
     address *.177.*.*   
     description ""   
    }   
    address-group DMZ_Web_Internal {   
     address 192.168.105.25   
     description ""   
    }   
    address-group GatewaysAdmin {   
     address 192.168.1.1   
     address 192.168.10.1   
     description ""   
    }   
    address-group GatewaysRED {   
     address 192.168.86.1   
     address 192.168.87.1   
     description ""   
    }   
    address-group Mail_External {   
     address *.177.*.*   
     description ""   
    }   
    address-group Mail_Internal {   
     address 192.168.1.7   
     description ""   
    }   
    address-group VPN_external {   
     address *.177.*.*   
     description ""   
    }   
    network-group SubnetsAdmin {   
     description ""   
     network 192.168.1.0/24   
     network 192.168.10.0/24   
    }   
    network-group SubnetsRED {   
     description ""   
     network 192.168.86.0/24   
     network 192.168.87.0/24   
    }   
    port-group DMZ_web {   
     description "DMZ_web HTTP,HTTPS"   
     port 80   
     port 443   
    }   
    port-group Mail {   
     description "Mail SMTP,SMTPS,IMAP,IMAPS,HTTPS"   
     port 25   
     port 465   
     port 143   
     port 993   
     port 443   
    }   
   }   
   ipv6-receive-redirects disable   
   ipv6-src-route disable   
   ip-src-route disable   
   log-martians enable   
   name WAN_IN {   
    default-action drop   
    description "packets from internet to LAN and WLAN"   
    enable-default-log   
    rule 1 {   
     action accept   
     description "allow established sessions"   
     log disable   
     protocol all   
     state {   
      established enable   
      invalid disable   
      new disable   
      related enable   
     }   
    }   
    rule 2 {   
     action drop   
     description "drop invalid state"   
     log disable   
     protocol all   
     state {   
      established disable   
      invalid enable   
      new disable   
      related disable   
     }   
    }   
    rule 3 {   
     action accept   
     description "allow VPN traffic from admin"   
     destination {   
      group {   
       network-group SubnetsRED   
      }   
     }   
     log disable   
     source {   
      group {   
       network-group SubnetsAdmin   
      }   
     }   
    }   
   }   
   name WAN_LOCAL {   
    default-action drop   
    description "packets from internet to the router"   
    enable-default-log   
    rule 1 {   
     action accept   
     description "allow established sessions"   
     log enable   
     protocol all   
     state {   
      established enable   
      invalid disable   
      new disable   
      related enable   
     }   
    }   
    rule 2 {   
     action drop   
     description "drop invalid state"   
     log disable   
     protocol all   
     state {   
      established disable   
      invalid enable   
      new disable   
      related disable   
     }   
    }   
    rule 3 {   
     action accept   
     description "allow VPN traffic from Admin to the router"   
     destination {   
      group {   
       address-group GatewaysRED   
      }   
     }   
     log disable   
     source {   
      group {   
       network-group SubnetsAdmin   
      }   
     }   
    }   
    rule 5 {   
     action accept   
     description "allow IKE-UDP-500"   
     destination {   
      port 500   
     }   
     log disable   
     protocol udp   
    }   
    rule 6 {   
     action accept   
     description "allow ESP-50"   
     log disable   
     protocol esp   
    }   
    rule 7 {   
     action accept   
     description "allow NAT-T-UDP-4500"   
     destination {   
      port 4500   
     }   
     log disable   
     protocol udp   
    }   
    rule 8 {   
     action accept   
     description "allow PPTP VPN gre"   
     protocol gre   
    }   
    rule 9 {   
     action accept   
     description "allow PPTP VPN pptp"   
     destination {   
      port 1723   
     }   
     protocol tcp   
    }   
   }   
   receive-redirects disable   
   send-redirects enable   
   source-validation disable   
   syn-cookies enable   
  }   
  interfaces {   
   ethernet eth0 {   
    address *.*.*.231/28   
    description WAN   
    duplex auto   
    firewall {   
     in {   
      name WAN_IN   
     }   
     local {   
      name WAN_LOCAL   
     }   
    }   
    speed auto   
   }   
   ethernet eth1 {   
    address 192.168.86.1/24   
    description LAN   
    duplex auto   
    speed auto   
   }   
   ethernet eth2 {   
    description VLANS   
    duplex auto   
    speed auto   
    vif 10 {   
     address 192.168.87.1/24   
     description VOICE.10   
     mtu 1500   
    }   
   }   
   loopback lo {   
   }   
   vti vti1 {   
    address 10.87.1.87/24   
    description ADM   
    ip {   
     ospf {   
      dead-interval 40   
      hello-interval 10   
      network point-to-point   
      priority 1   
      retransmit-interval 5   
      transmit-delay 1   
     }   
    }   
    mtu 1398   
   }   
   vti vti18 {   
    address 10.18.87.87/24   
    description SMI   
    ip {   
     ospf {   
      dead-interval 40   
      hello-interval 10   
      network point-to-point   
      priority 1   
      retransmit-interval 5   
      transmit-delay 1   
     }   
    }   
    mtu 1398   
   }   
   vti vti28 {   
    address 10.28.87.87/24   
    description SMA   
    ip {   
     ospf {   
      dead-interval 40   
      hello-interval 10   
      network point-to-point   
      priority 1   
      retransmit-interval 5   
      transmit-delay 1   
     }   
    }   
    mtu 1398   
   }   
   vti vti33 {   
    address 10.87.33.87/24   
    description GDA   
    ip {   
     ospf {   
      dead-interval 40   
      hello-interval 10   
      network point-to-point   
      priority 1   
      retransmit-interval 5   
      transmit-delay 1   
     }   
    }   
    mtu 1398   
   }   
   vti vti39 {   
    address 10.87.39.87/24   
    description FAR   
    ip {   
     ospf {   
      dead-interval 40   
      hello-interval 10   
      network point-to-point   
      priority 1   
      retransmit-interval 5   
      transmit-delay 1   
     }   
    }   
    mtu 1398   
   }   
   vti vti60 {   
    address 10.60.87.87/24   
    description RDO   
    ip {   
     ospf {   
      dead-interval 40   
      hello-interval 10   
      network point-to-point   
      priority 1   
      retransmit-interval 5   
      transmit-delay 1   
     }   
    }   
    mtu 1398   
   }   
   vti vti74 {   
    address 10.87.*.87/24   
    description DAR   
    ip {   
     ospf {   
      dead-interval 40   
      hello-interval 10   
      network point-to-point   
      priority 1   
      retransmit-interval 5   
      transmit-delay 1   
     }   
    }   
    mtu 1398   
   }   
   vti vti95 {   
    address 10.95.87.87/24   
    description SST   
    ip {   
     ospf {   
      dead-interval 40   
      hello-interval 10   
      network point-to-point   
      priority 1   
      retransmit-interval 5   
      transmit-delay 1   
     }   
    }   
    mtu 1398   
   }   
   vti vti113 {   
    address 10.87.113.87/24   
    description GRA   
    ip {   
     ospf {   
      dead-interval 40   
      hello-interval 10   
      network point-to-point   
      priority 1   
      retransmit-interval 5   
      transmit-delay 1   
     }   
    }   
    mtu 1398   
   }   
   vti vti116 {   
    address 10.87.116.87/24   
    description LAM   
    ip {   
     ospf {   
      dead-interval 40   
      hello-interval 10   
      network point-to-point   
      priority 1   
      retransmit-interval 5   
      transmit-delay 1   
     }   
    }   
    mtu 1398   
   }   
   vti vti204 {   
    address 10.87.204.87/24   
    description CDO   
    ip {   
     ospf {   
      dead-interval 40   
      hello-interval 10   
      network point-to-point   
      priority 1   
      retransmit-interval 5   
      transmit-delay 1   
     }   
    }   
    mtu 1398   
   }   
  }   
  protocols {   
   ospf {   
    area 0.0.0.0 {   
     network 192.168.86.0/24   
     network 192.168.87.0/24   
     network 10.18.87.0/24   
     network 10.28.87.0/24   
     network 10.87.33.0/24   
     network 10.87.39.0/24   
     network 10.60.87.0/24   
     network 10.87.*.0/24   
     network 10.87.1.0/24   
     network 10.95.87.0/24   
     network 10.87.113.0/24   
     network 10.87.116.0/24   
     network 10.87.204.0/24   
    }   
    log-adjacency-changes {   
    }   
    parameters {   
     abr-type cisco   
     router-id 192.168.86.1   
    }   
    passive-interface default   
    passive-interface-exclude vti1   
    passive-interface-exclude vti116   
    passive-interface-exclude vti204   
    passive-interface-exclude vti33   
    passive-interface-exclude vti39   
    passive-interface-exclude vti74   
    passive-interface-exclude vti113   
    passive-interface-exclude vti18   
    passive-interface-exclude vti28   
    passive-interface-exclude vti60   
    passive-interface-exclude vti95   
   }   
   static {   
    interface-route 192.168.1.0/24 {   
     next-hop-interface vti1 {   
      distance 152   
     }   
    }   
    interface-route 192.168.10.0/24 {   
     next-hop-interface vti1 {   
      distance 152   
     }   
    }   
    interface-route 192.168.87.0/24 {   
     next-hop-interface eth2.10 {   
     }   
    }   
   }   
  }   
  service {   
   dhcp-server {   
    disabled false   
    global-parameters "class &quot;vendor-classes&quot; {"   
    global-parameters "match option vendor-class-identifier;"   
    global-parameters "}"   
    global-parameters "option space MSUCClient;"   
    global-parameters "option MSUCClient.UCIdentifier code 1 = string;"   
    global-parameters "option MSUCClient.URLScheme code 2 = string;"   
    global-parameters "option MSUCClient.WebServerFqdn code 3 = string;"   
    global-parameters "option MSUCClient.WebServerPort code 4 = string;"   
    global-parameters "option MSUCClient.CertProvRelPath code 5 = string;"   
    global-parameters "option UCSipServer code 120 = string;"   
    global-parameters "subclass &quot;vendor-classes&quot; &quot;MS-UC-Client&quot; {"   
    global-parameters "vendor-option-space MSUCClient;"   
    global-parameters "option MSUCClient.UCIdentifier 4D:53:2D:55:43:2D:43:6C:69:65:6E:74;"   
    global-parameters "option MSUCClient.URLScheme 68:74:74:70:73;"   
    global-parameters "option MSUCClient.WebServerFqdn 61:64:6D:2D:6C:79:6E:63:2E:68:65:61:64:73:74:61:72:74:2E:61:64:6D:69:6E;"   
    global-parameters "option MSUCClient.WebServerPort 34:34:33;"   
    global-parameters "option MSUCClient.CertProvRelPath"   
    global-parameters "2F:43:65:72:74:50:72:6F:76:2F:43:65:72:74:50:72:6F:76:69:73:69:6F:6E:69:6E:67:53:65:72:76:69:63:65:2E:73:76:63;"   
    global-parameters "} "   
    hostfile-update disable   
    shared-network-name 192.168.86.0 {   
     authoritative disable   
     subnet 192.168.86.0/24 {   
      default-router 192.168.86.1   
      dns-server 192.168.1.29   
      dns-server 192.168.1.30   
      domain-name ExampleDomain.com   
      lease 86400   
      ntp-server 192.168.1.29   
      ntp-server 192.168.1.30   
      start 192.168.86.100 {   
       stop 192.168.86.210   
      }   
      subnet-parameters "option UCSipServer 00:08:61:64:6D:2D:6C:79:6E:63:09:68:65:61:64:73:74:61:72:74:05:61:64:6D:69:6E:00;"   
      unifi-controller 192.168.1.30   
     }   
    }   
    shared-network-name 192.168.87.0 {   
     authoritative disable   
     subnet 192.168.87.0/24 {   
      default-router 192.168.87.1   
      dns-server 192.168.1.29   
      dns-server 192.168.1.30   
      domain-name ExampleDomain.com   
      lease 86400   
      ntp-server 192.168.1.29   
      ntp-server 192.168.1.30   
      start 192.168.87.100 {   
       stop 192.168.87.210   
      }   
      subnet-parameters "option UCSipServer 00:08:61:64:6D:2D:6C:79:6E:63:09:68:65:61:64:73:74:61:72:74:05:61:64:6D:69:6E:00;"   
     }   
    }   
   }   
   gui {   
    https-port 443   
   }   
   nat {   
    rule 1 {   
     description Mail_NAT_SMTP   
     destination {   
      address 192.168.1.7   
      port 25   
     }   
     inbound-interface eth0   
     inside-address {   
      address *.177.*.*   
      port 25   
     }   
     log enable   
     protocol tcp   
     type destination   
    }   
    rule 2 {   
     description Mail_NAT_SMTPS   
     destination {   
      address 192.168.1.7   
      port 465   
     }   
     inbound-interface eth0   
     inside-address {   
      address *.177.*.*   
      port 465   
     }   
     log enable   
     protocol tcp   
     type destination   
    }   
    rule 3 {   
     description Mail_NAT_IMAP   
     destination {   
      address 192.168.1.7   
      port 143   
     }   
     inbound-interface eth0   
     inside-address {   
      address *.177.*.*   
      port 143   
     }   
     log enable   
     protocol tcp   
     type destination   
    }   
    rule 4 {   
     description Mail_NAT_IMAPS   
     destination {   
      address 192.168.1.7   
      port 993   
     }   
     inbound-interface eth0   
     inside-address {   
      address *.177.*.*   
      port 993   
     }   
     log enable   
     protocol tcp   
     type destination   
    }   
    rule 5 {   
     description Mail_NAT_HTTPS   
     destination {   
      address 192.168.1.7   
      port 443   
     }   
     inbound-interface eth0   
     inside-address {   
      address *.177.*.*   
      port 443   
     }   
     log enable   
     protocol tcp   
     type destination   
    }   
    rule 6 {   
     description DMZ_website_HTTP   
     destination {   
      address 192.168.105.25   
      port 80   
     }   
     inbound-interface eth0   
     inside-address {   
      address *.177.*.*   
      port 80   
     }   
     log disable   
     protocol tcp   
     type destination   
    }   
    rule 7 {   
     description DMZ_website_HTTPS   
     destination {   
      address 192.168.105.25   
      port 443   
     }   
     inbound-interface eth0   
     inside-address {   
      address *.177.*.*   
      port 443   
     }   
     log disable   
     protocol tcp   
     type destination   
    }   
    rule 5000 {   
     description "masquerade for WAN"   
     log disable   
     outbound-interface eth0   
     protocol all   
     type masquerade   
    }   
    rule 5001 {   
     destination {   
      address 192.168.1.0/24   
     }   
     exclude   
     outbound-interface eth0   
     source {   
      address 192.168.86.0/24   
     }   
     type masquerade   
    }   
   }   
   snmp {   
    community public {   
     authorization ro   
    }   
    location "1145 Redwood Ave El Cajon, CA 92020"   
   }   
   ssh {   
    port 22   
    protocol-version v2   
   }   
  }   
  system {   
   conntrack {   
    expect-table-size 4096   
    hash-size 4096   
    table-size 32768   
    tcp {   
     half-open-connections 512   
     loose enable   
     max-retrans 3   
    }   
   }   
   domain-name ExampleDomain.com   
   gateway-address *.*.*.225   
   host-name RED-ERLite   
   login {   
    user AccountName1 {   
     authentication {   
      encrypted-password ****************   
      plaintext-password ****************   
     }   
     full-name AccountName1   
     level admin   
    }   
   }   
   name-server 8.8.8.8   
   name-server 8.8.4.4   
   ntp {   
    server 0.ubnt.pool.ntp.org {   
    }   
    server 1.ubnt.pool.ntp.org {   
    }   
    server 2.ubnt.pool.ntp.org {   
    }   
    server 3.ubnt.pool.ntp.org {   
    }   
   }   
   offload {   
    ipsec enable   
    ipv4 {   
     forwarding enable   
    }   
    ipv6 {   
     forwarding disable   
    }   
   }   
   syslog {   
    global {   
     facility all {   
      level notice   
     }   
     facility protocols {   
      level debug   
     }   
    }   
   }   
   time-zone America/Los_Angeles   
  }   
  vpn {   
   ipsec {   
    auto-firewall-nat-exclude enable   
    esp-group FOO0 {   
     compression disable   
     lifetime 3600   
     mode tunnel   
     pfs enable   
     proposal 1 {   
      encryption aes128   
      hash sha1   
     }   
    }   
    ike-group FOO0 {   
     key-exchange ikev1   
     lifetime 28800   
     proposal 1 {   
      dh-group 14   
      encryption aes128   
      hash sha1   
     }   
    }   
    ipsec-interfaces {   
     interface eth0   
    }   
    nat-networks {   
     allowed-network 0.0.0.0/0 {   
     }   
    }   
    nat-traversal enable   
    site-to-site {   
     peer 68.15.0.* {   
      authentication {   
       mode pre-shared-secret   
       pre-shared-secret ****************   
      }   
      connection-type initiate   
      ike-group FOO0   
      local-address *.*.*.231   
      vti {   
       bind vti116   
       esp-group FOO0   
      }   
     }   
     peer 68.15.*.* {   
      authentication {   
       mode pre-shared-secret   
       pre-shared-secret ****************   
      }   
      connection-type initiate   
      ike-group FOO0   
      local-address *.*.*.231   
      vti {   
       bind vti74   
       esp-group FOO0   
      }   
     }   
     peer *.*.2.166 {   
      authentication {   
       mode pre-shared-secret   
       pre-shared-secret ****************   
      }   
      connection-type initiate   
      ike-group FOO0   
      local-address *.*.*.231   
      vti {   
       bind vti28   
       esp-group FOO0   
      }   
     }   
     peer *.*.*.*15 {   
      authentication {   
       mode pre-shared-secret   
       pre-shared-secret ****************   
      }   
      connection-type initiate   
      ike-group FOO0   
      local-address *.*.*.231   
      vti {   
       bind vti95   
       esp-group FOO0   
      }   
     }   
     peer *.*.6.126 {   
      authentication {   
       mode pre-shared-secret   
       pre-shared-secret ****************   
      }   
      connection-type initiate   
      ike-group FOO0   
      local-address *.*.*.231   
      vti {   
       bind vti33   
       esp-group FOO0   
      }   
     }   
     peer *.*.28.72 {   
      authentication {   
       mode pre-shared-secret   
       pre-shared-secret ****************   
      }   
      connection-type initiate   
      ike-group FOO0   
      local-address *.*.*.231   
      vti {   
       bind vti204   
       esp-group FOO0   
      }   
     }   
     peer *.*.*.125 {   
      authentication {   
       mode pre-shared-secret   
       pre-shared-secret ****************   
      }   
      connection-type initiate   
      ike-group FOO0   
      local-address *.*.*.231   
      vti {   
       bind vti39   
       esp-group FOO0   
      }   
     }   
     peer *.173.62.* {   
      authentication {   
       mode pre-shared-secret   
       pre-shared-secret ****************   
      }   
      connection-type initiate   
      ike-group FOO0   
      local-address *.*.*.231   
      vti {   
       bind vti18   
       esp-group FOO0   
      }   
     }   
     peer *.175.247.* {   
      authentication {   
       mode pre-shared-secret   
       pre-shared-secret ****************   
      }   
      connection-type initiate   
      ike-group FOO0   
      local-address *.*.*.231   
      vti {   
       bind vti60   
       esp-group FOO0   
      }   
     }   
     peer 174.78.*.* {   
      authentication {   
       mode pre-shared-secret   
       pre-shared-secret ****************   
      }   
      connection-type initiate   
      ike-group FOO0   
      local-address *.*.*.231   
      vti {   
       bind vti113   
       esp-group FOO0   
      }   
     }   
     peer *.177.*.* {   
      authentication {   
       mode pre-shared-secret   
       pre-shared-secret ****************   
      }   
      connection-type initiate   
      ike-group FOO0   
      local-address *.*.*.231   
      vti {   
       bind vti1   
       esp-group FOO0   
      }   
     }   
    }   
   }   
   pptp {   
    remote-access {   
     authentication {   
      local-users {   
       username AccountName1 {   
        password ****************   
       }   
       username AccountName2 {   
        password ****************   
       }   
      }   
      mode local   
     }   
     client-ip-pool {   
      start 192.168.103.100   
      stop 192.168.103.210   
     }   
     dns-servers {   
      server-1 192.168.1.29   
      server-2 192.168.1.30   
     }   
     mtu 1492   
     outside-address *.*.*.231   
    }   
   }   
  }   

Fix NTFS permissions on user subfolders of a redirect folder

Ran in to this problem a few times and had to fix, script requires installation of NTFSSecurity. I made a script once that doesn't require NTFSSecurity, but it is much more complex.


 Write-Host ""  
 Write-Host ""  
 $startingDir = "\\fileserver\redirect"  
 $domain = "ExampleDomain.com"  
 cd $startingDir  
 $adminServiceAccount = New-Object System.Security.Principal.NTAccount($domain + "\" + "AdministratorAccountName")  
   
 Function setPermissions  
 {  
   param ($file, $user)  
   $user = $domain + "\" + $user  
   Write-Host user is $user  
   $objUser = New-Object System.Security.Principal.NTAccount($user)  
   Get-ChildItem $file -Recurse | ForEach-Object {  
     setOwner $_.FullName.ToString() $adminServiceAccount  
   }  
   #$acl.SetAccessRuleProtection($False,$True)  
   $acl = Get-Acl $file.ToString()  
   Write-Host $file  
   Add-NTFSAccess -Path $file -Account $user -AccessRights FullControl  
   Get-Acl $file |fl  
   Get-ChildItem $file -Recurse | ForEach-Object {  
     setOwner $_.FullName.ToString() $objUser  
   }  
 }  
   
 Function setOwner  
 {  
   param ($file, $user)  
   Write-Host Setting ownership of $file to $user  
   $owner = New-Object System.Security.Principal.NTAccount($user)  
   $acl = Get-Acl $file  
   $acl.SetOwner($owner)  
   Set-Acl $file $acl  
 }  
   
   
 Get-ChildItem $startingDir | ForEach-Object {  
   $folderFullPath = $_.FullName  
   $user = $_.Name.ToString()  
   Write-Host Setting permissions on $folderFullPath  
   setPermissions $folderFullPath $user  
 }  

Create AD accounts from a csv in Powershell

I made this to create a bunch of users who need Apache website access, but don't actually need to log into domain, thus the PasswordNeverExpires, edit to your liking before using.

$domain = "ExampleDomain.com"
$pass = "ExamplePass-$@#%$#^"
Import-Csv \\adm-dc\redirect\kwalker\Desktop\Users.csv | ForEach-Object {  
 $first = $_.first  
 $last = $_.last  
 $email = $_.email  
 $location = $_.location  
 $name = $first + " " + $last   
 $sam = $first.Substring(0,2) + $last  
 $principal = $sam + "@" + $domain 
 Write-Host $name  
 New-ADUser -PasswordNeverExpires $true -Path "OU=POC,DC=EXAMPLEDOMAIN,DC=COM" -GivenName $first -Surname $last -AccountPassword (ConvertTo-SecureString $pass -AsPlainText -force) -DisplayName $name -Name $name -SamAccountName $sam -UserPrincipalName $principal  
 }  

Short Spam and Content Filter Scripts for Exchange 2013

ShowCurrentConfig

 Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn  
 $cfc = Get-ContentFilterConfig  
 $sfc = Get-SenderFilterConfig  
 Write-Host 'Blacklisted Senders:'  
 $sfc | Select-Object -ExpandProperty BlockedSenders  
 Write-Host ' '  
 Write-Host ' '  
 Write-Host ' '  
 Write-Host 'Whitelisted Senders:'  
 $cfc | Select-Object -ExpandProperty BypassedSenders  
 Write-Host ' '  
 Write-Host ' '  
 Write-Host ' '  
 Write-Host 'Blacklisted Domains:'  
 $sfc | Select-Object -ExpandProperty BlockedDomains  
 Write-Host ' '  
 Write-Host ' '  
 Write-Host ' '  
 Write-Host 'Blacklisted SubDomains:'  
 $sfc | Select-Object -ExpandProperty BlockedDomainsAndSubdomains  
 Write-Host ' '  
 Write-Host ' '  
 Write-Host ' '  
 Write-Host 'Whitelisted Domains:'  
 $cfc | Select-Object -ExpandProperty BypassedSenderDomains  
 Write-Host ' '  
 Write-Host ' '  
 Write-Host ' '  

WhiteListSpamSender

 Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn  
 $sender = Read-Host 'Enter the name of the sender you would like to WHITELIST '  
 Set-ContentFilterConfig -BypassedSenders @{Add=$sender}  

WhiteListSpamDomain

 Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn  
 $domain = Read-Host 'Enter the name of the domain you would like to WHITELIST '  
 Set-ContentFilterConfig -BypassedSenderDomains @{Add=$domain}  

unWhiteListSpamSender

 Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn  
 $sender = Read-Host 'Enter the name of the sender you would like to REMOVE from WHITELIST '  
 Set-ContentFilterConfig -BypassedSenders @{Remove=$sender}  

UnWhiteListSpamDomain

 Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn  
 $domain = Read-Host 'Enter the name of the domain you would like to REMOVE from WHITELIST '  
 Set-ContentFilterConfig -BypassedSenderDomains @{Remove=$domain}  

BlackListSender

 Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn  
 $sender = Read-Host 'Enter the name of the sender you would like to BLACKLIST '  
 Set-SenderFilterConfig -BlockedSenders @{Add=$sender}  

BlackListDomain

 Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn  
 $domain = Read-Host 'Enter the name of the domain you would like to BLACKLIST '  
 Set-SenderFilterConfig -BlockedDomains @{Add=$domain}   

UnBlackListSender

 Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn  
 $sender = Read-Host 'Enter the name of the sender you would like to REMOVE from BLACKLIST '  
 Set-SenderFilterConfig -BlockedSenders @{Remove=$sender}  

UnBlackListDomain

 Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn  
 $domain = Read-Host 'Enter the name of the domain you would like to REMOVE from BLACKLIST '  
 Set-SenderFilterConfig -BlockedDomains @{Remove=$domain}  

Workgroup Creation script for Exchange UM/Lync

I pumped this really quick because I needed to change the sip URIs of more than 10 workgroups in a row, Lync/Exchange does not allow you to do this without deleting and recreating the workgroup from scratch, so, Powershell to the rescue.  Obviously you would need to edit this to fit your organization and this script is in no way automated, but should be a good direction to get you started.  DO NOT use this script as is, unless of course you work at the same company as I do!

 #Read-Host  
 $Location = "VisatLaMesa";  
 $displayName = "Vista La Mesa";  
 $vmUser= "sip:" + "VistaLaMesaVM@headstart.admin";  
 $displayNumber = "4032"  
   
 $prompt = " ";  
 $promptOffHours = "Thank you for calling A K A Head Starts " + $displayName + " location, our normal business hours are 8 A M to 4 30 P M, please stay on the line if you would like to leave a message.";  
 $promptHoliday = "Thank you for calling A K A Head Starts " + $displayName + " location, our normal business hours are 8 A M to 4 30 P M, please stay on the line if you would like to leave a message.";  
   
 $lineUri = "TEL:" + $displayNumber;  
 $uri = "sip:" + $Location + "RG@headstart.admin";  
 $displayNameFull = $displayName + " Reception RG";  
 $qname = $displayName + " Reception";  
 $qid = (Get-CsRgsQueue -Name $qname).Identity;  
   
 $promptWM = New-CsRgsPrompt -TextToSpeechPrompt $prompt;  
 $promptBusWM = New-CsRgsPrompt -TextToSpeechPrompt $promptOffHours;  
 $promptHolWM = New-CsRgsPrompt -TextToSpeechPrompt $promptHoliday;  
 $busHours = Get-CsRgsHoursOfBusiness;  
   
 $actionWM = New-CsRgsCallAction -Prompt $promptWM -Action TransferToQueue -QueueID $qid  
 #$actionBusWM = New-CsRgsCallAction -Prompt $promptBusWM -Action TransferToVoiceMailUri -Uri $vmUser  
 #$actionHolWM = New-CsRgsCallAction -Prompt $promptHolWM -Action TransferToVoiceMailUri -Uri $vmUser  
   
 $actionBusWM = New-CsRgsCallAction -Prompt $promptBusWM -Action Terminate  
 $actionHolWM = New-CsRgsCallAction -Prompt $promptHolWM -Action Terminate  
   
 $serviceId="service:"+(Get-CSService | ?{$_.Applications -like "*RGS*"}).ServiceId;  
 $workflowHG = New-CsRgsWorkflow -Parent $serviceId -Name $displayNameFull -PrimaryUri $uri -LineUri $lineUri -DisplayNumber $displayNumber -Active $true -DefaultAction $actionWM -EnabledForFederation $true -NonBusinessHoursAction $actionBusWM -HolidayAction $actionHolWM -BusinessHoursID $busHours.Identity  
   

Enable/Disable OWA access based on group membership

Use scenario for this is disabling OWA access to employees who are non-exempt and enabling it for exempt employees.

Powershell:

Disable Members:
 $members=Get-Group -Identity "all aka employees" |select members  
   
 Foreach($person in $members)  
 {  
 $name = $person.members.name  
   Foreach($n in $name)  
   {  
     Write-Host $n  
     Set-CasMailbox -identity $n -OWAEnabled $false  
   }  
 }  
Enable Members:
 $members=Get-Group -Identity "exemptemployees" |select members  
   
 Foreach($person in $members)  
 {  
 $name = $person.members.name  
   Foreach($n in $name)  
   {  
     Write-Host $n  
     Set-CasMailbox -identity $n -OWAEnabled $true  
   }  
 }  

Enable users VM Boxes for Exchange UM

Powershell Script:

I guess I could have thrown this in a For Loop asking you if you needed to add more users, but I didn't. Change the pin of course to what you would want and if you have 5 digit pin policy change the wording.


 Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn  
   
 $user = Read-Host 'Enter the name of the user you would like to setup voicemail for '  
   
 $extension = Read-Host 'Enter 4 digit extension of user '  
   
 Enable-UMMailbox -UMMailboxPolicy "AdminDialPlan Default Policy" -PinExpired $true -Pin 4321 -Extensions $extension -Identity $user