T O P

Bypass / Remove Windows Evaluation Restart

I ran into this one recently on a VM I run for Windows – I let the evaluation license expire but couldn’t recreate a new VM.

Even though I am logged in with an administor account, I do not have access to disable the service that checks and reboots the computer. To disable this service, you can do the following:

  1. Download PsExec tools from Microsoft site here
  2. After downloading, extract the files to any folder
  3. open cmd and Run as administrator
  4. cd to the folder path
  5. execute psexec -i -s cmd.exe
  6. This will open another cmd prompt as shown below :

7. Now type whoami to confirm you are the system (as shown below)

Type services.msc as shown above

9. This will open services and now you can navigate to Windows License Monitoring Service and disable it

10. Restart the VM or computer and the service will be disabled, won’t start, and your machine will be good to go!

Office365: Order & Precedence of Protection Rules

Deep within Microsoft’s documentation ecosystem lies this document – the order in which various spam filters are applied to incoming emails!

The order of processing for the email protection type: This order isn’t configurable, and is described in the following table:

OrderEmail protectionCategoryWhere to manage
1MalwareCAT:MALWConfigure anti-malware policies in EOP
2High confidence phishingCAT:HPHSHConfigure anti-spam policies in EOP
3PhishingCAT:PHSHConfigure anti-spam policies in EOP
4High confidence spamCAT:HSPMConfigure anti-spam policies in EOP
5SpoofingCAT:SPOOFSpoof intelligence insight in EOP
6*User impersonation (protected users)CAT:UIMPConfigure anti-phishing policies in Microsoft Defender for Office 365
7*Domain impersonation (protected domains)CAT:DIMPConfigure anti-phishing policies in Microsoft Defender for Office 365
8*Mailbox intelligence (contact graph)CAT:GIMPConfigure anti-phishing policies in Microsoft Defender for Office 365
9SpamCAT:SPMConfigure anti-spam policies in EOP
10BulkCAT:BULKConfigure anti-spam policies in EOP

Finding Windows Services That Are Stopped That Should Be Started With Powershell

This was a scriptlet that got heavy use on servers and even in our RMM. It can report back services on Windows servers and desktops are are in the Stopped state that are set to Auto or Enabled.

GWMI is short for Get-WmiObject

GWMI win32_service -Filter "startmode = 'auto' AND state != 'running'"  | select DisplayName, Name, StartMode, State, ExitCode | ft -auto

Using Legacy Google Calendar Integration in Slack

Slack’s legacy Google Calendar integration is still much better than the “new” integration. So much so that Slack halted the sunsetting of the integration probably a year plus ago. Here is how you can STILL use the legacy integration.

First, Go to this page in Slack. This will take you directly to the integration in your own Slack tenant.

Next, open up the developer console in your browser by hitting the F12 button. Then, go to the console tab.

Enter this command and hit enter:

$('#calendar_id').removeAttr('class disabled data-lazy-filter-select')

This code will remove CSS/HTML on the page that disallows the dropdown options.

You will now be able to select a calendar on the left side of the page that you want to integrate. Select a channel on the right to post the calendar notifications.

For calendar settings, the recommended setting is under Calendar Summaries. This will post all the days events for the calendar to the selected channel. You can also simply post a notification for each calendar event. Whatever your cup of tea, that is it! You can still use the legacy integration. This is accurate as of January 2024.

Ctrl-W Shortcut No Longer Works in Firefox, Chrome, or Edge

I encountered this weird issue this week. Suddenly, my favorite keyboard shortcut, Ctrl-W, stopped working. I checked for browser updates – nada, I tried in other browsers like Google Chrome and Microsoft Edge and discovered the shortcut had stopped working in all my other web browsers as well. Other shortcuts still worked that used both keys. I restarted, checked my keyboard settings to make sure it was on Windows mode… nada.

Finally, I found the source of the issue. I have Samsung Magician installed and there was a pending update and apparently that disabled Ctrl-W keyboard. shortcut. Install the update and you should find your shortcut back, just like me!