The Bandaid Sysadmin – Applying Bandaids To Problems Since 2008

Bypass / Remove Windows Evaluation Restart

I ran into this one recently on a VM I run for Windows – I let the evaluation license expire but couldn’t recreate a new VM.

Even though I am logged in with an administor account, I do not have access to disable the service that checks and reboots the computer. To disable this service, you can do the following:

Download PsExec tools from Microsoft site here
After downloading, extract the files to any folder
open cmd and Run as administrator
cd to the folder path
execute psexec -i -s cmd.exe
This will open another cmd prompt as shown below :

7. Now type whoami to confirm you are the system (as shown below)

Type services.msc as shown above

9. This will open services and now you can navigate to Windows License Monitoring Service and disable it

10. Restart the VM or computer and the service will be disabled, won’t start, and your machine will be good to go!

September 7, 2024

Leave a comment

Microsoft Exchange Office365 Uncategorized

Office365: Order & Precedence of Protection Rules

Deep within Microsoft’s documentation ecosystem lies this document – the order in which various spam filters are applied to incoming emails!

The order of processing for the email protection type: This order isn’t configurable, and is described in the following table:

Order	Email protection	Category	Where to manage
1	Malware	`CAT:MALW`	Configure anti-malware policies in EOP
2	High confidence phishing	`CAT:HPHSH`	Configure anti-spam policies in EOP
3	Phishing	`CAT:PHSH`	Configure anti-spam policies in EOP
4	High confidence spam	`CAT:HSPM`	Configure anti-spam policies in EOP
5	Spoofing	`CAT:SPOOF`	Spoof intelligence insight in EOP
6^*	User impersonation (protected users)	`CAT:UIMP`	Configure anti-phishing policies in Microsoft Defender for Office 365
7^*	Domain impersonation (protected domains)	`CAT:DIMP`	Configure anti-phishing policies in Microsoft Defender for Office 365
8^*	Mailbox intelligence (contact graph)	`CAT:GIMP`	Configure anti-phishing policies in Microsoft Defender for Office 365
9	Spam	`CAT:SPM`	Configure anti-spam policies in EOP
10	Bulk	`CAT:BULK`	Configure anti-spam policies in EOP

June 15, 2024

Leave a comment

Office365 Powershell

Setup Out of Office (OOO) for Exchange User in Office365

This one has come in handy a number of times. With this simple command, you can use Powershell to update a user’s OOO message.

Set-MailboxAutoReplyConfiguration -Identity user@example.com -AutoReplyState Enabled -ExternalMessage "message with whatever autoreply" -InternalMessage "internal something autoreply"

April 19, 2024

Leave a comment

Powershell Uncategorized Windows 10 Windows Server

Finding Windows Services That Are Stopped That Should Be Started With Powershell

This was a scriptlet that got heavy use on servers and even in our RMM. It can report back services on Windows servers and desktops are are in the Stopped state that are set to Auto or Enabled.

GWMI is short for Get-WmiObject

GWMI win32_service -Filter "startmode = 'auto' AND state != 'running'"  | select DisplayName, Name, StartMode, State, ExitCode | ft -auto

April 10, 2024

Leave a comment

Powershell

Find All PST Files Via Powershell

This script came in handy for various purposes! I used this in my RMM tool to report on how many and where PST files may be lying. This was helpful for machines that were re-used. You can narrow down the folder list using the path command.

gci -path c:\ -recurse -include *.pst -erroraction 'silentlycontinue'|select-object fullname,lastwritetime | fl fullname

April 7, 2024

Leave a comment