----------
2015.4.20
Added Tools -> System Tools -> Remote Command Line
(Brings up an interactive dos command line on remote pc)
Monday, April 20, 2015
Changelog
Thursday, April 9, 2015
Reset a user's password in AD with C#.NET
public void ResetUsersPassword(string user, string fQDomainName, string ou)
{
if (!string.IsNullOrEmpty(user))
{
try
{
PrincipalContext ctx = new PrincipalContext(ContextType.Domain, fQDomainName, ou);
UserPrincipalsEx usr = UserPrincipalsEx.FindByIdentity(ctx, user);
if (usr != null)
{
DialogResult yesNoDialog;
string resetPasswordString = "Are you sure you want to reset " + usr.DisplayName + "'s password?";
yesNoDialog = MessageBox.Show(resetPasswordString, "Password Reset", MessageBoxButtons.YesNo);
if (yesNoDialog == DialogResult.Yes)
{
usr.SetPassword("Password1");
usr.ExpirePasswordNow();
MessageBox.Show(usr.DisplayName + "'s password has been reset.");
}
if (usr.IsAccountLockedOut())
{
usr.UnlockAccount();
MessageBox.Show(usr.DisplayName + "'s account unlocked");
}
usr.Dispose();
}
ctx.Dispose();
}
catch (Exception unlockException)
{
MessageBox.Show(unlockException.Message);
}
}
}
My solution to disable popup blocker(or any registry setting in HKCU) on a remote machine on an IE zone, without GPO.
So basically, the C# writes a Batch file on the user's Desktop that the user must double click so it runs under their credentials, the Batch file then creates a .reg file on the desktop that it in turn runs to change the registry setting in HKCU, then it deletes the .reg and then itself. I was proud of this a few years ago when I wrote it with the 3 nested syntaxes and all. As you can see it relies on other custom methods I wrote, but what you need to do to replicate should be clear.
public void DisablePopupBlocker(string pcname, string profile)
{
try
{
if (PcNameIsNotNullOrVoid(pcname) && !string.IsNullOrEmpty(profile))
{
pcname = CleanPCName(pcname);
profile = CheckForProfileDotDomain(pcname, profile);
//string filename = backslashes + pcname + @"\" + cshare + @"\Documents and Settings\" + profile + @"\Desktop\Disable PopUp Blocker.bat";
string filename = GetDesktopLocation(profile) +profile + @"\Desktop\Disable PopUp Blocker.bat";
if (File.Exists(filename))
{
File.Delete(filename);
}
try
{
using (StreamWriter writer = new StreamWriter(filename))
{
writer.WriteLine(@"@echo off");
writer.WriteLine(@"");
writer.WriteLine(@"echo Windows Registry Editor Version 5.00 >popup.reg");
writer.WriteLine(@"echo ;Pop up blocker disable >>popup.reg");
writer.WriteLine(@"echo [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] >>popup.reg");
writer.WriteLine("echo \"1809\"=dword:00000003 >>popup.reg");
writer.WriteLine("echo \"2200\"=dword:00000000 >>popup.reg");
writer.WriteLine("echo \"1609\"=dword:00000000 >>popup.reg");
writer.WriteLine("echo \"2101\"=dword:00000000 >>popup.reg");
writer.WriteLine(@"");
writer.WriteLine(@"regedit.exe /s popup.reg");
writer.WriteLine(@"");
writer.WriteLine(@"del /q popup.reg");
writer.WriteLine(@"del %0");
writer.Flush();
writer.Close();
MessageBox.Show("Created Disable PopUp Blocker.bat on " + profile + "'s Desktop.");
writer.Dispose();
}
}
catch (IOException ioe)
{
MessageBox.Show(ioe.Message);
}
}
}
catch (Exception popupException)
{
MessageBox.Show(popupException.Message);
}
}
Example of how to call Powershell Pipeline in C# and bring in Exchange SnapIn
public List<string> getBlockedSenders()
{
RunspaceConfiguration rsConfig = RunspaceConfiguration.Create();
PSSnapInException snapInException = null;
PSSnapInInfo info = rsConfig.AddPSSnapIn("Microsoft.Exchange.Management.PowerShell.E2010", out snapInException);
Runspace myRunSpace = RunspaceFactory.CreateRunspace(rsConfig);
myRunSpace.Open();
Pipeline ps = myRunSpace.CreatePipeline();
Command getSenderFilterConfigCommand = new Command("Get-SenderFilterConfig");
ps.Commands.Add(getSenderFilterConfigCommand);
Command selectObjectCommand = new Command("Select-Object");
CommandParameter selectObjectArgs = new CommandParameter("ExpandProperty", "BlockedSenders");
selectObjectCommand.Parameters.Add(selectObjectArgs);
ps.Commands.Add(selectObjectCommand);
Command outStringCommand = new Command("Out-String");
CommandParameter outStringArgs = new CommandParameter("Stream");
outStringCommand.Parameters.Add(outStringArgs);
ps.Commands.Add(outStringCommand);
List<string> output = new List<string>();
foreach (PSObject result in ps.Invoke())
{
output.Add(result.ToString());
}
myRunSpace.Dispose();
return output;
}
Wednesday, April 8, 2015
Example of one of my configs for a remote site on a Ubiquiti Edgerouter with PPTP, OSPF, VTIs, and DCHP Lync Phone Settings
firewall {
all-ping enable
broadcast-ping disable
group {
address-group DMZ_External {
address *.177.*.*
description ""
}
address-group DMZ_Web_Internal {
address 192.168.105.25
description ""
}
address-group GatewaysAdmin {
address 192.168.1.1
address 192.168.10.1
description ""
}
address-group GatewaysRED {
address 192.168.86.1
address 192.168.87.1
description ""
}
address-group Mail_External {
address *.177.*.*
description ""
}
address-group Mail_Internal {
address 192.168.1.7
description ""
}
address-group VPN_external {
address *.177.*.*
description ""
}
network-group SubnetsAdmin {
description ""
network 192.168.1.0/24
network 192.168.10.0/24
}
network-group SubnetsRED {
description ""
network 192.168.86.0/24
network 192.168.87.0/24
}
port-group DMZ_web {
description "DMZ_web HTTP,HTTPS"
port 80
port 443
}
port-group Mail {
description "Mail SMTP,SMTPS,IMAP,IMAPS,HTTPS"
port 25
port 465
port 143
port 993
port 443
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "packets from internet to LAN and WLAN"
enable-default-log
rule 1 {
action accept
description "allow established sessions"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 2 {
action drop
description "drop invalid state"
log disable
protocol all
state {
established disable
invalid enable
new disable
related disable
}
}
rule 3 {
action accept
description "allow VPN traffic from admin"
destination {
group {
network-group SubnetsRED
}
}
log disable
source {
group {
network-group SubnetsAdmin
}
}
}
}
name WAN_LOCAL {
default-action drop
description "packets from internet to the router"
enable-default-log
rule 1 {
action accept
description "allow established sessions"
log enable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 2 {
action drop
description "drop invalid state"
log disable
protocol all
state {
established disable
invalid enable
new disable
related disable
}
}
rule 3 {
action accept
description "allow VPN traffic from Admin to the router"
destination {
group {
address-group GatewaysRED
}
}
log disable
source {
group {
network-group SubnetsAdmin
}
}
}
rule 5 {
action accept
description "allow IKE-UDP-500"
destination {
port 500
}
log disable
protocol udp
}
rule 6 {
action accept
description "allow ESP-50"
log disable
protocol esp
}
rule 7 {
action accept
description "allow NAT-T-UDP-4500"
destination {
port 4500
}
log disable
protocol udp
}
rule 8 {
action accept
description "allow PPTP VPN gre"
protocol gre
}
rule 9 {
action accept
description "allow PPTP VPN pptp"
destination {
port 1723
}
protocol tcp
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address *.*.*.231/28
description WAN
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
speed auto
}
ethernet eth1 {
address 192.168.86.1/24
description LAN
duplex auto
speed auto
}
ethernet eth2 {
description VLANS
duplex auto
speed auto
vif 10 {
address 192.168.87.1/24
description VOICE.10
mtu 1500
}
}
loopback lo {
}
vti vti1 {
address 10.87.1.87/24
description ADM
ip {
ospf {
dead-interval 40
hello-interval 10
network point-to-point
priority 1
retransmit-interval 5
transmit-delay 1
}
}
mtu 1398
}
vti vti18 {
address 10.18.87.87/24
description SMI
ip {
ospf {
dead-interval 40
hello-interval 10
network point-to-point
priority 1
retransmit-interval 5
transmit-delay 1
}
}
mtu 1398
}
vti vti28 {
address 10.28.87.87/24
description SMA
ip {
ospf {
dead-interval 40
hello-interval 10
network point-to-point
priority 1
retransmit-interval 5
transmit-delay 1
}
}
mtu 1398
}
vti vti33 {
address 10.87.33.87/24
description GDA
ip {
ospf {
dead-interval 40
hello-interval 10
network point-to-point
priority 1
retransmit-interval 5
transmit-delay 1
}
}
mtu 1398
}
vti vti39 {
address 10.87.39.87/24
description FAR
ip {
ospf {
dead-interval 40
hello-interval 10
network point-to-point
priority 1
retransmit-interval 5
transmit-delay 1
}
}
mtu 1398
}
vti vti60 {
address 10.60.87.87/24
description RDO
ip {
ospf {
dead-interval 40
hello-interval 10
network point-to-point
priority 1
retransmit-interval 5
transmit-delay 1
}
}
mtu 1398
}
vti vti74 {
address 10.87.*.87/24
description DAR
ip {
ospf {
dead-interval 40
hello-interval 10
network point-to-point
priority 1
retransmit-interval 5
transmit-delay 1
}
}
mtu 1398
}
vti vti95 {
address 10.95.87.87/24
description SST
ip {
ospf {
dead-interval 40
hello-interval 10
network point-to-point
priority 1
retransmit-interval 5
transmit-delay 1
}
}
mtu 1398
}
vti vti113 {
address 10.87.113.87/24
description GRA
ip {
ospf {
dead-interval 40
hello-interval 10
network point-to-point
priority 1
retransmit-interval 5
transmit-delay 1
}
}
mtu 1398
}
vti vti116 {
address 10.87.116.87/24
description LAM
ip {
ospf {
dead-interval 40
hello-interval 10
network point-to-point
priority 1
retransmit-interval 5
transmit-delay 1
}
}
mtu 1398
}
vti vti204 {
address 10.87.204.87/24
description CDO
ip {
ospf {
dead-interval 40
hello-interval 10
network point-to-point
priority 1
retransmit-interval 5
transmit-delay 1
}
}
mtu 1398
}
}
protocols {
ospf {
area 0.0.0.0 {
network 192.168.86.0/24
network 192.168.87.0/24
network 10.18.87.0/24
network 10.28.87.0/24
network 10.87.33.0/24
network 10.87.39.0/24
network 10.60.87.0/24
network 10.87.*.0/24
network 10.87.1.0/24
network 10.95.87.0/24
network 10.87.113.0/24
network 10.87.116.0/24
network 10.87.204.0/24
}
log-adjacency-changes {
}
parameters {
abr-type cisco
router-id 192.168.86.1
}
passive-interface default
passive-interface-exclude vti1
passive-interface-exclude vti116
passive-interface-exclude vti204
passive-interface-exclude vti33
passive-interface-exclude vti39
passive-interface-exclude vti74
passive-interface-exclude vti113
passive-interface-exclude vti18
passive-interface-exclude vti28
passive-interface-exclude vti60
passive-interface-exclude vti95
}
static {
interface-route 192.168.1.0/24 {
next-hop-interface vti1 {
distance 152
}
}
interface-route 192.168.10.0/24 {
next-hop-interface vti1 {
distance 152
}
}
interface-route 192.168.87.0/24 {
next-hop-interface eth2.10 {
}
}
}
}
service {
dhcp-server {
disabled false
global-parameters "class "vendor-classes" {"
global-parameters "match option vendor-class-identifier;"
global-parameters "}"
global-parameters "option space MSUCClient;"
global-parameters "option MSUCClient.UCIdentifier code 1 = string;"
global-parameters "option MSUCClient.URLScheme code 2 = string;"
global-parameters "option MSUCClient.WebServerFqdn code 3 = string;"
global-parameters "option MSUCClient.WebServerPort code 4 = string;"
global-parameters "option MSUCClient.CertProvRelPath code 5 = string;"
global-parameters "option UCSipServer code 120 = string;"
global-parameters "subclass "vendor-classes" "MS-UC-Client" {"
global-parameters "vendor-option-space MSUCClient;"
global-parameters "option MSUCClient.UCIdentifier 4D:53:2D:55:43:2D:43:6C:69:65:6E:74;"
global-parameters "option MSUCClient.URLScheme 68:74:74:70:73;"
global-parameters "option MSUCClient.WebServerFqdn 61:64:6D:2D:6C:79:6E:63:2E:68:65:61:64:73:74:61:72:74:2E:61:64:6D:69:6E;"
global-parameters "option MSUCClient.WebServerPort 34:34:33;"
global-parameters "option MSUCClient.CertProvRelPath"
global-parameters "2F:43:65:72:74:50:72:6F:76:2F:43:65:72:74:50:72:6F:76:69:73:69:6F:6E:69:6E:67:53:65:72:76:69:63:65:2E:73:76:63;"
global-parameters "} "
hostfile-update disable
shared-network-name 192.168.86.0 {
authoritative disable
subnet 192.168.86.0/24 {
default-router 192.168.86.1
dns-server 192.168.1.29
dns-server 192.168.1.30
domain-name ExampleDomain.com
lease 86400
ntp-server 192.168.1.29
ntp-server 192.168.1.30
start 192.168.86.100 {
stop 192.168.86.210
}
subnet-parameters "option UCSipServer 00:08:61:64:6D:2D:6C:79:6E:63:09:68:65:61:64:73:74:61:72:74:05:61:64:6D:69:6E:00;"
unifi-controller 192.168.1.30
}
}
shared-network-name 192.168.87.0 {
authoritative disable
subnet 192.168.87.0/24 {
default-router 192.168.87.1
dns-server 192.168.1.29
dns-server 192.168.1.30
domain-name ExampleDomain.com
lease 86400
ntp-server 192.168.1.29
ntp-server 192.168.1.30
start 192.168.87.100 {
stop 192.168.87.210
}
subnet-parameters "option UCSipServer 00:08:61:64:6D:2D:6C:79:6E:63:09:68:65:61:64:73:74:61:72:74:05:61:64:6D:69:6E:00;"
}
}
}
gui {
https-port 443
}
nat {
rule 1 {
description Mail_NAT_SMTP
destination {
address 192.168.1.7
port 25
}
inbound-interface eth0
inside-address {
address *.177.*.*
port 25
}
log enable
protocol tcp
type destination
}
rule 2 {
description Mail_NAT_SMTPS
destination {
address 192.168.1.7
port 465
}
inbound-interface eth0
inside-address {
address *.177.*.*
port 465
}
log enable
protocol tcp
type destination
}
rule 3 {
description Mail_NAT_IMAP
destination {
address 192.168.1.7
port 143
}
inbound-interface eth0
inside-address {
address *.177.*.*
port 143
}
log enable
protocol tcp
type destination
}
rule 4 {
description Mail_NAT_IMAPS
destination {
address 192.168.1.7
port 993
}
inbound-interface eth0
inside-address {
address *.177.*.*
port 993
}
log enable
protocol tcp
type destination
}
rule 5 {
description Mail_NAT_HTTPS
destination {
address 192.168.1.7
port 443
}
inbound-interface eth0
inside-address {
address *.177.*.*
port 443
}
log enable
protocol tcp
type destination
}
rule 6 {
description DMZ_website_HTTP
destination {
address 192.168.105.25
port 80
}
inbound-interface eth0
inside-address {
address *.177.*.*
port 80
}
log disable
protocol tcp
type destination
}
rule 7 {
description DMZ_website_HTTPS
destination {
address 192.168.105.25
port 443
}
inbound-interface eth0
inside-address {
address *.177.*.*
port 443
}
log disable
protocol tcp
type destination
}
rule 5000 {
description "masquerade for WAN"
log disable
outbound-interface eth0
protocol all
type masquerade
}
rule 5001 {
destination {
address 192.168.1.0/24
}
exclude
outbound-interface eth0
source {
address 192.168.86.0/24
}
type masquerade
}
}
snmp {
community public {
authorization ro
}
location "1145 Redwood Ave El Cajon, CA 92020"
}
ssh {
port 22
protocol-version v2
}
}
system {
conntrack {
expect-table-size 4096
hash-size 4096
table-size 32768
tcp {
half-open-connections 512
loose enable
max-retrans 3
}
}
domain-name ExampleDomain.com
gateway-address *.*.*.225
host-name RED-ERLite
login {
user AccountName1 {
authentication {
encrypted-password ****************
plaintext-password ****************
}
full-name AccountName1
level admin
}
}
name-server 8.8.8.8
name-server 8.8.4.4
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
ipsec enable
ipv4 {
forwarding enable
}
ipv6 {
forwarding disable
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone America/Los_Angeles
}
vpn {
ipsec {
auto-firewall-nat-exclude enable
esp-group FOO0 {
compression disable
lifetime 3600
mode tunnel
pfs enable
proposal 1 {
encryption aes128
hash sha1
}
}
ike-group FOO0 {
key-exchange ikev1
lifetime 28800
proposal 1 {
dh-group 14
encryption aes128
hash sha1
}
}
ipsec-interfaces {
interface eth0
}
nat-networks {
allowed-network 0.0.0.0/0 {
}
}
nat-traversal enable
site-to-site {
peer 68.15.0.* {
authentication {
mode pre-shared-secret
pre-shared-secret ****************
}
connection-type initiate
ike-group FOO0
local-address *.*.*.231
vti {
bind vti116
esp-group FOO0
}
}
peer 68.15.*.* {
authentication {
mode pre-shared-secret
pre-shared-secret ****************
}
connection-type initiate
ike-group FOO0
local-address *.*.*.231
vti {
bind vti74
esp-group FOO0
}
}
peer *.*.2.166 {
authentication {
mode pre-shared-secret
pre-shared-secret ****************
}
connection-type initiate
ike-group FOO0
local-address *.*.*.231
vti {
bind vti28
esp-group FOO0
}
}
peer *.*.*.*15 {
authentication {
mode pre-shared-secret
pre-shared-secret ****************
}
connection-type initiate
ike-group FOO0
local-address *.*.*.231
vti {
bind vti95
esp-group FOO0
}
}
peer *.*.6.126 {
authentication {
mode pre-shared-secret
pre-shared-secret ****************
}
connection-type initiate
ike-group FOO0
local-address *.*.*.231
vti {
bind vti33
esp-group FOO0
}
}
peer *.*.28.72 {
authentication {
mode pre-shared-secret
pre-shared-secret ****************
}
connection-type initiate
ike-group FOO0
local-address *.*.*.231
vti {
bind vti204
esp-group FOO0
}
}
peer *.*.*.125 {
authentication {
mode pre-shared-secret
pre-shared-secret ****************
}
connection-type initiate
ike-group FOO0
local-address *.*.*.231
vti {
bind vti39
esp-group FOO0
}
}
peer *.173.62.* {
authentication {
mode pre-shared-secret
pre-shared-secret ****************
}
connection-type initiate
ike-group FOO0
local-address *.*.*.231
vti {
bind vti18
esp-group FOO0
}
}
peer *.175.247.* {
authentication {
mode pre-shared-secret
pre-shared-secret ****************
}
connection-type initiate
ike-group FOO0
local-address *.*.*.231
vti {
bind vti60
esp-group FOO0
}
}
peer 174.78.*.* {
authentication {
mode pre-shared-secret
pre-shared-secret ****************
}
connection-type initiate
ike-group FOO0
local-address *.*.*.231
vti {
bind vti113
esp-group FOO0
}
}
peer *.177.*.* {
authentication {
mode pre-shared-secret
pre-shared-secret ****************
}
connection-type initiate
ike-group FOO0
local-address *.*.*.231
vti {
bind vti1
esp-group FOO0
}
}
}
}
pptp {
remote-access {
authentication {
local-users {
username AccountName1 {
password ****************
}
username AccountName2 {
password ****************
}
}
mode local
}
client-ip-pool {
start 192.168.103.100
stop 192.168.103.210
}
dns-servers {
server-1 192.168.1.29
server-2 192.168.1.30
}
mtu 1492
outside-address *.*.*.231
}
}
}
Fix NTFS permissions on user subfolders of a redirect folder
Ran in to this problem a few times and had to fix, script requires installation of NTFSSecurity. I made a script once that doesn't require NTFSSecurity, but it is much more complex.
Write-Host ""
Write-Host ""
$startingDir = "\\fileserver\redirect"
$domain = "ExampleDomain.com"
cd $startingDir
$adminServiceAccount = New-Object System.Security.Principal.NTAccount($domain + "\" + "AdministratorAccountName")
Function setPermissions
{
param ($file, $user)
$user = $domain + "\" + $user
Write-Host user is $user
$objUser = New-Object System.Security.Principal.NTAccount($user)
Get-ChildItem $file -Recurse | ForEach-Object {
setOwner $_.FullName.ToString() $adminServiceAccount
}
#$acl.SetAccessRuleProtection($False,$True)
$acl = Get-Acl $file.ToString()
Write-Host $file
Add-NTFSAccess -Path $file -Account $user -AccessRights FullControl
Get-Acl $file |fl
Get-ChildItem $file -Recurse | ForEach-Object {
setOwner $_.FullName.ToString() $objUser
}
}
Function setOwner
{
param ($file, $user)
Write-Host Setting ownership of $file to $user
$owner = New-Object System.Security.Principal.NTAccount($user)
$acl = Get-Acl $file
$acl.SetOwner($owner)
Set-Acl $file $acl
}
Get-ChildItem $startingDir | ForEach-Object {
$folderFullPath = $_.FullName
$user = $_.Name.ToString()
Write-Host Setting permissions on $folderFullPath
setPermissions $folderFullPath $user
}
Create AD accounts from a csv in Powershell
I made this to create a bunch of users who need Apache website access, but don't actually need to log into domain, thus the PasswordNeverExpires, edit to your liking before using.
$domain = "ExampleDomain.com"
$pass = "ExamplePass-$@#%$#^"
Import-Csv \\adm-dc\redirect\kwalker\Desktop\Users.csv | ForEach-Object {
$first = $_.first
$last = $_.last
$email = $_.email
$location = $_.location
$name = $first + " " + $last
$sam = $first.Substring(0,2) + $last
$principal = $sam + "@" + $domain
Write-Host $name
New-ADUser -PasswordNeverExpires $true -Path "OU=POC,DC=EXAMPLEDOMAIN,DC=COM" -GivenName $first -Surname $last -AccountPassword (ConvertTo-SecureString $pass -AsPlainText -force) -DisplayName $name -Name $name -SamAccountName $sam -UserPrincipalName $principal
}
Short Spam and Content Filter Scripts for Exchange 2013
ShowCurrentConfig
WhiteListSpamSender
WhiteListSpamDomain
unWhiteListSpamSender
UnWhiteListSpamDomain
BlackListSender
BlackListDomain
UnBlackListSender
UnBlackListDomain
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn
$cfc = Get-ContentFilterConfig
$sfc = Get-SenderFilterConfig
Write-Host 'Blacklisted Senders:'
$sfc | Select-Object -ExpandProperty BlockedSenders
Write-Host ' '
Write-Host ' '
Write-Host ' '
Write-Host 'Whitelisted Senders:'
$cfc | Select-Object -ExpandProperty BypassedSenders
Write-Host ' '
Write-Host ' '
Write-Host ' '
Write-Host 'Blacklisted Domains:'
$sfc | Select-Object -ExpandProperty BlockedDomains
Write-Host ' '
Write-Host ' '
Write-Host ' '
Write-Host 'Blacklisted SubDomains:'
$sfc | Select-Object -ExpandProperty BlockedDomainsAndSubdomains
Write-Host ' '
Write-Host ' '
Write-Host ' '
Write-Host 'Whitelisted Domains:'
$cfc | Select-Object -ExpandProperty BypassedSenderDomains
Write-Host ' '
Write-Host ' '
Write-Host ' '
WhiteListSpamSender
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn
$sender = Read-Host 'Enter the name of the sender you would like to WHITELIST '
Set-ContentFilterConfig -BypassedSenders @{Add=$sender}
WhiteListSpamDomain
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn
$domain = Read-Host 'Enter the name of the domain you would like to WHITELIST '
Set-ContentFilterConfig -BypassedSenderDomains @{Add=$domain}
unWhiteListSpamSender
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn
$sender = Read-Host 'Enter the name of the sender you would like to REMOVE from WHITELIST '
Set-ContentFilterConfig -BypassedSenders @{Remove=$sender}
UnWhiteListSpamDomain
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn
$domain = Read-Host 'Enter the name of the domain you would like to REMOVE from WHITELIST '
Set-ContentFilterConfig -BypassedSenderDomains @{Remove=$domain}
BlackListSender
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn
$sender = Read-Host 'Enter the name of the sender you would like to BLACKLIST '
Set-SenderFilterConfig -BlockedSenders @{Add=$sender}
BlackListDomain
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn
$domain = Read-Host 'Enter the name of the domain you would like to BLACKLIST '
Set-SenderFilterConfig -BlockedDomains @{Add=$domain}
UnBlackListSender
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn
$sender = Read-Host 'Enter the name of the sender you would like to REMOVE from BLACKLIST '
Set-SenderFilterConfig -BlockedSenders @{Remove=$sender}
UnBlackListDomain
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn
$domain = Read-Host 'Enter the name of the domain you would like to REMOVE from BLACKLIST '
Set-SenderFilterConfig -BlockedDomains @{Remove=$domain}
Workgroup Creation script for Exchange UM/Lync
I pumped this really quick because I needed to change the sip URIs of more than 10 workgroups in a row, Lync/Exchange does not allow you to do this without deleting and recreating the workgroup from scratch, so, Powershell to the rescue. Obviously you would need to edit this to fit your organization and this script is in no way automated, but should be a good direction to get you started. DO NOT use this script as is, unless of course you work at the same company as I do!
#Read-Host
$Location = "VisatLaMesa";
$displayName = "Vista La Mesa";
$vmUser= "sip:" + "VistaLaMesaVM@headstart.admin";
$displayNumber = "4032"
$prompt = " ";
$promptOffHours = "Thank you for calling A K A Head Starts " + $displayName + " location, our normal business hours are 8 A M to 4 30 P M, please stay on the line if you would like to leave a message.";
$promptHoliday = "Thank you for calling A K A Head Starts " + $displayName + " location, our normal business hours are 8 A M to 4 30 P M, please stay on the line if you would like to leave a message.";
$lineUri = "TEL:" + $displayNumber;
$uri = "sip:" + $Location + "RG@headstart.admin";
$displayNameFull = $displayName + " Reception RG";
$qname = $displayName + " Reception";
$qid = (Get-CsRgsQueue -Name $qname).Identity;
$promptWM = New-CsRgsPrompt -TextToSpeechPrompt $prompt;
$promptBusWM = New-CsRgsPrompt -TextToSpeechPrompt $promptOffHours;
$promptHolWM = New-CsRgsPrompt -TextToSpeechPrompt $promptHoliday;
$busHours = Get-CsRgsHoursOfBusiness;
$actionWM = New-CsRgsCallAction -Prompt $promptWM -Action TransferToQueue -QueueID $qid
#$actionBusWM = New-CsRgsCallAction -Prompt $promptBusWM -Action TransferToVoiceMailUri -Uri $vmUser
#$actionHolWM = New-CsRgsCallAction -Prompt $promptHolWM -Action TransferToVoiceMailUri -Uri $vmUser
$actionBusWM = New-CsRgsCallAction -Prompt $promptBusWM -Action Terminate
$actionHolWM = New-CsRgsCallAction -Prompt $promptHolWM -Action Terminate
$serviceId="service:"+(Get-CSService | ?{$_.Applications -like "*RGS*"}).ServiceId;
$workflowHG = New-CsRgsWorkflow -Parent $serviceId -Name $displayNameFull -PrimaryUri $uri -LineUri $lineUri -DisplayNumber $displayNumber -Active $true -DefaultAction $actionWM -EnabledForFederation $true -NonBusinessHoursAction $actionBusWM -HolidayAction $actionHolWM -BusinessHoursID $busHours.Identity
Enable/Disable OWA access based on group membership
Use scenario for this is disabling OWA access to employees who are non-exempt and enabling it for exempt employees.
Powershell:
Disable Members:
Powershell:
Disable Members:
$members=Get-Group -Identity "all aka employees" |select members
Foreach($person in $members)
{
$name = $person.members.name
Foreach($n in $name)
{
Write-Host $n
Set-CasMailbox -identity $n -OWAEnabled $false
}
}
$members=Get-Group -Identity "exemptemployees" |select members
Foreach($person in $members)
{
$name = $person.members.name
Foreach($n in $name)
{
Write-Host $n
Set-CasMailbox -identity $n -OWAEnabled $true
}
}
Enable users VM Boxes for Exchange UM
Powershell Script:
I guess I could have thrown this in a For Loop asking you if you needed to add more users, but I didn't. Change the pin of course to what you would want and if you have 5 digit pin policy change the wording.
I guess I could have thrown this in a For Loop asking you if you needed to add more users, but I didn't. Change the pin of course to what you would want and if you have 5 digit pin policy change the wording.
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn
$user = Read-Host 'Enter the name of the user you would like to setup voicemail for '
$extension = Read-Host 'Enter 4 digit extension of user '
Enable-UMMailbox -UMMailboxPolicy "AdminDialPlan Default Policy" -PinExpired $true -Pin 4321 -Extensions $extension -Identity $user
Subscribe to:
Posts (Atom)