Deleting Emails from Gmail or G Suite Mailboxes

Since being thrust into using GSuite / Google Workspace, I found the GAM tool on Github incredibly valuable.

We recently have a spear-phishing attack sent to a number of users in finance pretending to be the CFO. I was able to test and then remove all the emails from users mailboxes by using the following command:

gam all users delete threads query from:[xyz] doit

You can read more on the command here.

Allow External Senders to Email Google Group

I encountered this one recently. Google doesn’t make it simple (or clear) how to allow external people to send emails to a Google Group (which most people use as the equivalent of a distribution list / Office365 group).

In Google Admin, navigate to the Google Group and check off “Allow” (a checkmark) where Publish Posts and External intersect (seen below with the number 1 in red)

That’s it! External users will now be able to email the group.

Audit Error – Office365

Recently, I was trying to perform an audit search on an Office365 organization and found auditing wasn’t enabled. When I tried to do it straight from the audit screen, I encountered this error:

Sorry! We couldn’t update your organization settings. Please try again.

I went straight to PowerShell and ran Get-AdminAuditLogConfig | FL Unified* and it was not enabled.

To resolve this, I ran Enable-OrganizationCustomization 

And then I ran the Powershell command Set-AdminAuditLogConfig – UnifiedAuditLogIngestionEnabled $true

And that did it!

ESXI Error: Could not find a trusted signer: certificate is not yet valid

It’s been a while and there is plenty of reasons for that, but namely… I got a new job!

Anywho, here is a good one I encountered when trying to update an ESXI host.

Could not find a trusted signer: certificate is not yet valid

Failed to setup patcher for upgrade

Full error and command

I hadn’t used this host in a hot minute and one thing I know is that SSL Certs are time/date-based. I took a look at the date and time in ESXI and lo and behold found an incorrect date.

The incorrect date!

After setting the correct date, I re-ran the command and the ESXI update completed successfully. I also set the server to use NTP so this doesn’t pop up again.