With the growing popularity of SSDs, a lot of users have been using SSDs for boot drives and HDDs for storage. In Windows 10, there is an exciting new feature which will automatically and seamlessly let you choose what folders and files get put on a secondary HDD. This includes “My Documents”, “My Pictures”, and even applications.
The setting is under Settings > System > Storage and can be seen below:
I’ve encountered this more times then I’d like to say. Basically, when you create a VPN connection in Windows it automatically routes ALL traffic, even traffic not for the remote LAN over the VPN connection. This slows things down considerably. To stop this, do the following:
That is it!
In case you’re wondering, the simplified upgrade paths to Windows 10 are as follows:
Free Upgrade to Windows 10 Home:
If you own any of the below editions, you will get the free upgrade to Windows 10 Home edition:
Free Upgrade to Windows 10 Pro:
Below versions will receive the free upgrade to Windows 10 Pro edition:
An easy way to get a mailbox usage report is via the Get-Mailboxstatistics commandlet in powershell and a combination of other commands. The below script will output a mailbox usage report in HTML format:
Get-Mailbox -ResultSize Unlimited | Get-MailboxStatistics | Select DisplayName,TotalItemSize,ItemCount,Database,LastLogonTime,LastLoggedOnUserAccount | SortTotalItemSize -Descending | ConvertTo-Html -Title "Mailbox Stats"| Out-file "C:\MailboxStats.html"I was asked by a user today for access to a specific folder in an old user’s mailbox within Outlook. There were no free computers and so the easy way out of setting up Outlook with the mailbox was not an option. I fired up Google and found this handy script for use in the Exchange Console:
ForEach($folder in (Get-MailboxFolderStatistics AliasofSharer| Where { $_.FolderPath.ToLower().StartsWith(“/Invoices“) -eq $True } ) )
{
$foldername = “AliasofSharer:” + $folder.FolderPath.Replace(“/”,”\”);
Add-MailboxFolderPermission $foldername -User AliasofRequestor-AccessRights PublishingEditor
}
In the same vain as my previous post on rebooting Macs with FileVault, computers with Symantec PGP Encryption also require users to enter a password before Windows boots which can be quite annoying. However, there is a workaround!
First, via command prompt navigate to C:\Program Files\PGP Corporation\PGP Desktop OR C:\Program Files (x86)\PGP Corporation\PGP Desktop depending on if you are 64-bit or 32-bit.
For a one-time password bypass, run this:
pgpwde –add-bypass –admin-passphrase [phrase]
Or for several reboots, run this:
pgpwde –add-bypass –disk [number] –count [number] –admin-passphrase [phrase]
Where phrase is the password / passphrase and the number is the number of reboots. Disk is for if multiple disks are encrypted. Enjoy your reboots now!
If you’re up on your security, you’ve enabled FileVault on any and all Macbooks you have. The problem for an IT admin working off-site or away from the physical machine is that you may need to reboot the computers. With FileVault, a user will need to enter their password first before OS X boots.
With the commands below, you can reboot a Macbook with FileVault WITHOUT NEEDING USER INPUT. This is good for late night work or times when the user is in a meeting.
Simply open you Terminal and to first check if the command is supported, type:
fdesetup supportsauthrestart
If everything looks good, you can then enter the following and reboot:
sudo fdesetup authrestart
In Office365, you can setup a rule that blocks attachments with executable content… namely attachments that are EXE files OR things like zip files with EXE, bat, etc. content within. This is something Google Apps automatically does, but Exchange / Office365 does not and requires manual intervention.
To do this, you have to go into the Exchange Admin Center, go to Mail Flow, create a new rule, hit “more options”, and then use the following settings:
Save it and you’re golden!
Working at an MSP, I’ve been trying to script a lot of the repetitious tasks I have to do with Powershell. One of the smaller ones is hiding a local admin account on non domain computers.
Usually, I would have to navigate into the registry to HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon and create a new key, called SpecialAccounts, and then another new key called UserList and then add a new dword value with the name of the account. That’s a lot of work!
Today, I fired up Google and Powershell ISE and came up with this simple, simple script:
New-Item -Path “HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon” -Name SpecialAccounts –Force
New-Item -Path “HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts” -Name UserList –Force
New-ItemProperty “HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList” -Name “[LOCAL ACCOUNT NAME]” -Value 1 -PropertyType “DWord”
Saved it as a PS1 script file and ran it on my computer successfully.
I’ve been doing a lot of research recently on secure methods of password sharing. Being in IT, I have to share many passwords each day and also have passwords shared with me by clients.
My favorite so far is ZeroBin. It is no-frills, open source (so anyone can vet it), and fairly simple. It requires no database and doesn’t store any information in a database. It is as simple as downloading the components, throwing it on a web server and going to the index page. That’s it. I did it on my server here and have been using it personally with no issues.
You can set messages / data to delete after a certain amount of time, like 5 or 10 minutes, or longer… 10 – 30 days.
How is this secure?
Diagram below
