Fix for Slow Internet Speed While On VPN

I’ve encountered this more times then I’d like to say. Basically, when you create a VPN connection in Windows it automatically routes ALL traffic, even traffic not for the remote LAN over the VPN connection. This slows things down considerably. To stop this, do the following:

  • Go into the Properties of the VPN Connection
  • Go to the Networking Tab
  • Select TCP/IPv4 and click “Properties”
  • Hit “Advanced” and then uncheck “use default gateway on remote network”
  • Click OK until you are out of the menu system

That is it!

RemoteGateway

 

 

 

Windows 10 Upgrade Path

In case you’re wondering, the simplified upgrade paths to Windows 10 are as follows:

Free Upgrade to Windows 10 Home:

If you own any of the below editions, you will get the free upgrade to Windows 10 Home edition:

  • Windows 7 Starter
  • Windows 7 Home Basic
  • Windows 7 Home Premium
  • Windows 8.1 (without Pro)
  • Windows 8.1 country specific editions
  • Windows 8.1 Single Language
  • Windows 8.1 with Bing

Free Upgrade to Windows 10 Pro:

Below versions will receive the free upgrade to Windows 10 Pro edition:

  • Windows 7 Professional
  • Windows 7 Ultimate
  • Windows 8.1 Pro
  • Windows 8.1 Pro for Students

Generate Mailbox Size and Usage Report using PowerShell for Exchange 2010 / 2013

An easy way to get a mailbox usage report is via the Get-Mailboxstatistics commandlet in powershell and a combination of other commands. The below script will output a mailbox usage report in HTML format:

 

Get-Mailbox -ResultSize Unlimited | Get-MailboxStatistics | Select DisplayName,
TotalItemSize,ItemCount,Database,LastLogonTime,LastLoggedOnUserAccount | Sort
TotalItemSize -Descending | ConvertTo-Html -Title "Mailbox Stats"|
Out-file "C:\MailboxStats.html"

Exchange 2010 Add Mailbox Folder Permissions including Subfolders

I was asked by a user today for access to a specific folder in an old user’s mailbox within Outlook. There were no free computers and so the easy way out of setting up Outlook with the mailbox was not an option. I fired up Google and found this handy script for use in the Exchange Console:

ForEach($folder in (Get-MailboxFolderStatistics AliasofSharer| Where { $_.FolderPath.ToLower().StartsWith(“/Invoices“) -eq $True } ) )
{
$foldername = “AliasofSharer:” + $folder.FolderPath.Replace(“/”,”\”);
Add-MailboxFolderPermission $foldername -User AliasofRequestor-AccessRights PublishingEditor
}

  1. Change the name of the folder to be shared to where Invoices is here: ‘FolderPath.ToLower().StartsWith(“/Invoices“)’
  2. Change ‘AliasofSharer’ to the alias of the user who will be sharing the folder
  3. AliasofRequestor is who will be given access to said folder
  4. In the above example I’ve used PublishingEditor but this can be changed as required.

Rebooting Computers with Symantec PGP Encryption Installed

In the same vain as my previous post on rebooting Macs with FileVault, computers with Symantec PGP Encryption also require users to enter a password before Windows boots which can be quite annoying. However, there is a workaround!

First, via command prompt navigate to C:\Program Files\PGP Corporation\PGP Desktop OR C:\Program Files (x86)\PGP Corporation\PGP Desktop depending on if you are 64-bit or 32-bit.

For a one-time password bypass, run this:

pgpwde –add-bypass –admin-passphrase [phrase]

Or for several reboots, run this:

 pgpwde –add-bypass –disk [number] –count [number] –admin-passphrase [phrase]

Where phrase is the password / passphrase and the number is the number of reboots. Disk is for if multiple disks are encrypted. Enjoy your reboots now!

 

Restarting OS X with Filevault Enabled

If you’re up on your security, you’ve enabled FileVault on any and all Macbooks you have. The problem for an IT admin working off-site or away from the physical machine is that you may need to reboot the computers. With FileVault, a user will need to enter their password first before OS X boots.

With the commands below, you can reboot a Macbook with FileVault WITHOUT NEEDING USER INPUT. This is good for late night work or times when the user is in a meeting.

Simply open you Terminal and to first check if the command is supported, type:

fdesetup supportsauthrestart

If everything looks good, you can then enter the following and reboot:

sudo fdesetup authrestart


Blocking Cryptolocker and Crypto Viruses in Office365

In Office365, you can setup a rule that blocks attachments with executable content… namely attachments that are EXE files OR things like zip files with EXE, bat, etc. content within. This is something Google Apps automatically does, but Exchange / Office365 does not and requires manual intervention.

To do this, you have to go into the Exchange Admin Center, go to Mail Flow, create a new rule, hit “more options”, and then use the following settings:

cryptoblock

Save it and you’re golden!

 

Adding Registry Entries With Powershell

Working at an MSP, I’ve been trying to script a lot of the repetitious tasks I have to do with Powershell. One of the smaller ones is hiding a local admin account on non domain computers.

Usually, I would have to navigate into the registry to HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon and create a new key, called SpecialAccounts, and then another new key called UserList and then add a new dword value with the name of the account. That’s a lot of work!

Today, I fired up Google and Powershell ISE and came up with this simple, simple script:

New-Item -Path “HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon” -Name SpecialAccounts –Force
New-Item -Path “HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts” -Name UserList –Force
New-ItemProperty “HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList” -Name “[LOCAL ACCOUNT NAME]” -Value 1 -PropertyType “DWord”

Saved it as a PS1 script file and ran it on my computer successfully.

 

Securely Transmitting Passwords

I’ve been doing a lot of research recently on secure methods of password sharing. Being in IT, I have to share many passwords each day and also have passwords shared with me by clients.

My favorite so far is ZeroBin. It is no-frills, open source (so anyone can vet it), and fairly simple. It requires no database and doesn’t store any information in a database. It is as simple as downloading the components, throwing it on a web server and going to the index page. That’s it. I did it on my server here and have been using it personally with no issues.

You can set messages / data to delete after a certain amount of time, like 5 or 10 minutes, or longer… 10 – 30 days.

How is this secure?

  • The text or data is encrypted & compressed inside the browser, then sent to the server already encrypted
  • The server has the encrypted data and that is all
  • The text is encrypted inside the browser. The encrypted data is sent to the server, while the encryption key does not get sent. Therefore even if a server was compromised, nothing could be done with the data
  • The encryption key is part of the URL and that is what unlocks the data

Diagram below

zerobin

TBT – Throwback Technology

In today’s issue of Throwback Technology, we have a mobile phone from 1916, on a World War 1 battlefield. It has been 99 years since this photograph was taken.

A German field telephone station in the Aisne department of northern France during World War I, circa 1916. (Photo by Paul Thompson/FPG/Hulton Archive/Getty Images)
A German field telephone station in the Aisne department of northern France during World War I, circa 1916. (Photo by Paul Thompson/FPG/Hulton Archive/Getty Images)