18 August 2017

PowerShell behind Authenticating proxy



I've seen this at my work a few to many times.
Certain command's just don't get through or something errors out with strange unidentifiable reasons.

Not all command in PowerShell will go through the proxy, IE will pass this on using Windows Integrated Authentication but the .NET Webclient used by PowerShell doesn't appear to do this.

How to get past this? Copy/paste this in your PowerShell windows and all your commands go through your proxy.

$wc = New-Object System.Net.WebClient
$wc.Proxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials
$wc.DownloadString('http://microsoft.com')

You could add this to your profile to load at startup:

New-item –type file –force $profile            
Notepad $profile

Paste in Notepad:

$wc = New-Object System.Net.WebClient
$wc.Proxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials
$wc.DownloadString('http://microsoft.com')

Save the Notepad Microsoft.PowerShellISE_profile.ps1 file

There is a request on Connect to have this looked at by the PowerShell team.
https://connect.microsoft.com/PowerShell/feedback/details/754102/a-cmdlet-to-create-a-proxy-configuration-settings-object

18 July 2017

Databasecopystatus unhealthy after installing Security update KB4018588 for Exchange 2013 CU16

I encountered another weird phenomenon after installing the security update KB4018588 for Exchange 2013 CU16.

Installed CU16 for Exchange 2013 on the active database servers and everything went fine, after that installed the security update and that went fine as well.
As a good admin I stopped the maintenace mode on the servers I updated, and checked the databasecopystatus. And there it was, all passive databasecopystatusses were failed.
After some digging around in found out that the searchhostcontroller service was disabled.
Now this service is turned on by default and should start automatically and takes care of Microsoft Exchange Search.

After setting the Microsoft Exchange Search Host service startup type as Automatic and restarting the Microsoft Exchange Search service the dabasecopystatus became healthy again.

13 July 2017

Largest FREE Microsoft eBook Giveaway 2017 - Download them all with PowerShell

It's the time of the year again!
Eric Ligman - the Director Sales Excellence at Microsoft has once again published a ton of free e-books.
This is the third year in a row he does this, and we get to benefit :-)
Like previous year there's no catch, just download and read your eyes out.

Small list of subjects what to expect:
  • Azure
  • Dynamics
  • Licensing
  • Office
  • Office365
  • PowerShell
  • SQL Server
  • System Center
  • Windows Clients
  • Windows Server
To download them all save this file as ".ps1"
2017 Free Ebook Collection

Run the script and the Ebooks will be downloaded to your Downloads\Free Ebooks 2017 folder.


I added the 2016 version as well:
2016 Free Ebook Collection
(Not all the links work anymore, so you might get some errors and 404's and 503's)

And here is the 2015 version:
2015 Free Ebook Collection
(Not all the links work anymore, so you might get some errors and 404's and 503's)

And 2014:
2014 Free Ebook Collection
(Not all the links work anymore, so you might get some errors and 404's and 503's)

There's a 2013 version as well, not downloadable by PowerShell and a bit to old but if you want some old reference material here is the website:
2013 Free Ebook Collection
And the 2012 website:
2012 Free Ebook Collection

06 July 2017

Exchange 2013 installing a CU, Schema update required or not?

Update 05-07-2017 - Exchange 2013 CU17 added

This is some of those things you need to check before updating an Exchange environment every time a new CU gets put out.

Do i need to do a Schema update or not?

I came across this post from Rhoderick Milne,

Table Of Exchange 2013 Schema Versions
Exchange Version
msExchProductId
rangeUpper
MESO objectVersion
Organisation objectVersion
Exchange 2013 RTM
15.00.0516.032
15137
13236
15449
Exchange 2013 CU1
15.00.0620.029
15254
13236
15614
Exchange 2013 CU2
15.00.0712.024
15281
13236
15688
Exchange 2013 CU3
15.00.0775.038
15283
13236
15763
Exchange 2013 SP1
15.00.0847.032
15292
13236
15844
Exchange 2013 CU5
15.00.0913.022
15300
13236
15870
Exchange 2013 CU6
15.00.0995.029
15303
13236
15965
Exchange 2013 CU7
15.00.1044.025
15312
13236
15965
Exchange 2013 CU8
15.00.1076.009
15312
13236
15965
Exchange 2013 CU9
15.00.1104.005
15312
13236
15965
Exchange 2013 CU10
15.00.1130.007
15312
13236
16130
Exchange 2013 CU11
15.00.1156.006
15312
13236
16130
Exchange 2013 CU12
15.00.1178.004
15312
13236
16130
Exchange 2013 CU13
15.00.1210.003
15312
13236
16130
Exchange 2013 CU14
15.00.1236.003
15312
13236
16130
Exchange 2013 CU15
15.00.1263.005
15312
13236
16130
Exchange 2013 CU16+.NET4.6.2
15.00.1293.002
15312
13236
16130
Exchange 2013 CU17
15.00.1320.004
15312
13236
16130
TechNet documents the expected values for the various Exchange 2013 objects in AD.

Check back here when a new CU is released.

Another top tip from Rhoderick is to install .net 4.6.1 after installing the CU and having the machine rebooted.
At the moment of writing .NET 4.7 is not supported for Exchange 2013 and Exchange 2016 no matter what CU you're on.

28 June 2017

Connect-EXOPSSession behind proxy

With the new Exchange Online Remote PowerShell Module you can connect to Exchange Online with MFA enabled on your account.
But what if you are behind a proxy and are unable to connect?
Chances are that there is one process that goes directly to the internet:





When trying to connect you get the error below:
This PowerShell module allows you to connect to Exchange Online service.            
            
To connect, use: Connect-EXOPSSession -UserPrincipalName your UPN            
            
To get additional information, use: Get-Help Connect-EXOPSSession            
            
PS C:\Users\> Connect-EXOPSSession -UserPrincipalName username@yourtenant.onmicrosoft.com            
New-ExoPSSession : Connecting to remote server outlook.office365.com failed with the following error message : WinRM ca            
nnot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the            
 network and that a firewall exception for the WinRM service is enabled and allows access from this computer. By defau            
lt the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet. Fo            
r more information, see the about_Remote_Troubleshooting Help topic.            
At C:\Users\brenke\AppData\Local\Apps\2.0\CCA4XODV.QGQ\BBNHW64J.DHE\micr..tion_c3bce3770c238a49_0010.0000_a5ac7e7ccec31            
8ba\CreateExoPSSession.ps1:179 char:22            
 PSSession = New-ExoPSSession -UserPrincipalName $UserPrincipalName -C ...            
                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~            
     CategoryInfo          : ResourceUnavailable: (:) [New-ExoPSSession], PSRemotingTransportException            
     FullyQualifiedErrorId : System.Management.Automation.Remoting.PSRemotingDataStructureException,Microsoft.Exchang            
   e.Management.ExoPowershellSnapin.NewExoPSSession

We have to force all traffic through the proxy, the easiest way to do this is with netsh:

Check current settings for the PowerShell session:
netsh winhttp show proxy

Current WinHTTP proxy settings:

Direct access (no proxy server).

Set the proxy server:
netsh winhttp set proxy proxy.domain.lan:8080

Current WinHTTP proxy settings:

Proxy Server(s) :  proxy.domain.lan:8080
Bypass List     :  (none)

Reset to no proxy server settings:
netsh winhttp reset proxy

Current WinHTTP proxy settings:

Direct access (no proxy server).

21 June 2017

Connect to Exchange Online with MFA enabled

Been searching a little while before I got this thru my skull.

I had enabled MFA for my account over at Exchange Online and tried to connect to the remote PowerShell. Immediately my screen turned red.
New-PSSession : [outlook.office365.com] Connecting to remote server outlook.office365.com 
failed with the following error message : [ClientAccessServer=VI1PR0101CA0080,
BackEndServer=am5pr10m 
b0595.eurprd10.prod.outlook.com RequestId=d3099d49-9287-419a-b22f-91e1bf7b888d,
TimeStamp=6/21/2017 10:43:42 AM] Access Denied For more information, see the 
about_Remote_Troubleshooting Help topic.

The access denied error is what triggered me to search for the MFA solution, because in the Office Portal I could log in just fine.

After some searching on the web I came across this:
https://technet.microsoft.com/library/mt775114.aspx
This just recently became available (for as far as I know), prior MFA had to be disabled for the Organisation Management account. Which is a terrible idea of course.

After installing the Exchange Online Remote PowerShell Module you get a new icon in your start menu.
After starting the new PowerShell module you're greated by this:
As you can see there's a new way to connect to Exchange Online with MFA enabled on your command.
The Connect-EXOPSSession is the new way, and a new commandlet not available in any of the installed modules the PowerShell Module directory.
I tried to find what module is explicitly loaded but was unsuccessful.
I think it downloads the module directly from the cloud, right after starting the module a black screen is briefly displayed and then the PowerShell window is shown.

Change Hyper-V Network Category from Public to Private with Powershell

This is one of those things that you can do multiple ways.
In my case however the normal routine of changing the network category type from Public to Private didn't work because my machine is domain joined.

When trying to create a HomeGroup you get this on a domain joined machine:
So PowerShell saves the day once again.
First see what adapters you have and what their current category is:
Get-NetConnectionProfile            
            
            
Name             : domain.lan            
InterfaceAlias   : vEthernet (External LAN Virtual Switch)            
InterfaceIndex   : 22            
NetworkCategory  : DomainAuthenticated            
IPv4Connectivity : Internet            
IPv6Connectivity : Internet            
            
Name             : Unidentified network            
InterfaceAlias   : vEthernet (Internal Virtual Switch)            
InterfaceIndex   : 8            
NetworkCategory  : Public            
IPv4Connectivity : NoTraffic            
IPv6Connectivity : NoTraffic

Then set the adapter to category private:
Set-NetConnectionProfile -InterfaceIndex 8 -NetworkCategory Private

Check the settings:
Get-NetConnectionProfile            
            
            
Name             : domain.lan            
InterfaceAlias   : vEthernet (External LAN Virtual Switch)            
InterfaceIndex   : 22            
NetworkCategory  : DomainAuthenticated            
IPv4Connectivity : Internet            
IPv6Connectivity : Internet            
            
Name             : Unidentified network            
InterfaceAlias   : vEthernet (Internal Virtual Switch)            
InterfaceIndex   : 8            
NetworkCategory  : Private            
IPv4Connectivity : NoTraffic            
IPv6Connectivity : NoTraffic

19 June 2017

Remote PowerShell login Office365, SkypeForBusiness Online, SharePoint Online, Exchange Online, Security and how to disconnect


Remote PowerShell login Office 365 all modules

Requisites login into Office 365 Skype for Business Online are:

· Running OS must be 64bit

· Microsoft .NET Framework 4.5.x

· PowerShell Version 3.0 or higher
(if you need to install Version 3.0+, download and install Windows Management Framework 4.0: https://www.microsoft.com/en-us/download/details.aspx?id=40855)

You need to install the modules that are required for Office 365, SharePoint Online, and Skype for Business Online:
Microsoft Online Service Sign-in Assistant for IT Professionals RTW
Windows Azure Active Directory Module for Windows PowerShell (64-bit version)

Download the Windows PowerShell module for Skype for Business Online
https://www.microsoft.com/en-us/download/details.aspx?id=39366
After installation copy the SkypeOnline and the LyncOnline module folders found in:
C:\Program Files\Common Files\Skype for Business Online\Modules
to:
C:\Windows\System32\WindowsPowerShell\v1.0\Modules
This is because when running Import-Module SkypeOnline the modules can not be found.
By copying them to the default module directory for PowerShell they can be found and load right up.

MicrosoftOnlineLogin

Set-ExecutionPolicy RemoteSigned

$credential = Get-Credential
Connect-MsolService -Credential $credential

SkypeForBusiness

Import-Module SkypeOnlineConnector
$SfBoSession = New-CsOnlineSession -Credential $credential
Import-PSSession $SfBoSession

SharePoint

Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
Connect-SPOService -Url https://domainhost-admin.sharepoint.com -credential $credential

Exchange

$exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid/" -Credential $credential -Authentication "Basic" -AllowRedirection
Import-PSSession $exchangeSession -DisableNameChecking

Security

$ccSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $credential -Authentication Basic -AllowRedirection
Import-PSSession $ccSession -Prefix cc

Logout

Remove-PSSession $sfboSession
Remove-PSSession $exchangeSession
Remove-PSSession $ccSession
Disconnect-SPOService
There is no disconnect or remove session option for MSOL, just close the PowerShell window.

12 June 2017

Free Azure documentation

After searching for some info on office365 i came across this page:
https://docs.microsoft.com/en-us/azure/#pivot=services

On this page all of Azure's services are displayed categorized by service type.
By clicking one of the subject for instance Storage and the choosing Backup you're presented a page where you can browse in a technet kind of way.
But it also display's a button "Download pdf"

In the pdf is everything that's on the webpage, so you can read it offline. Nice.
I created a list with the most interesting services (for myself that is) for quick downloading:

compute

https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/cloud-services.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/service-fabric.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/batch.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/app-service.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/virtual-machine-scale-sets.pdf

containers

https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/batch.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/app-service.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/service-fabric.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/container-registry.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/container-service.pdf

enterprise integration

https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/biztalk-services.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/data-factory.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/sql-server-stretch-database.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/storsimple.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/api-management.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/service-bus.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/logic-apps.pdf

monitoring + management

https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/azure-resource-manager.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/resource-health.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/advisor.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/billing.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/monitoring-and-diagnostics.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/scheduler.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/site-recovery.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/backup.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/automation.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/log-analytics.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/application-insights.pdf

networking

https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/dns.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/network-watcher.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/expressroute.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/traffic-manager.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/cdn.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/vpn-gateway.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/application-gateway.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/load-balancer.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/virtual-network.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/networking.pdf

security + identity

https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/multi-factor-authentication.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/active-directory-domain-services.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/active-directory.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/key-vault.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/security.pdf

storage

https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/site-recovery.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/backup.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/storsimple.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/data-lake-store.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/storage.pdf

web + mobile

https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/notification-hubs.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/mobile-engagement.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/search.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/media-services.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/cdn.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/logic-apps.pdf
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Azure.azure-documents/live/app-service-api.pdf


24 May 2017

Skype for Business 2015 Frontend Service won't start - Don't disable TLS 1.0 Event ID: 32192 & 32179

Finally figured it out.
Our Skype for Business 2015 Server Front-End service wouldn't start, it kept displaying "Starting".
The event-viewer kept filling up with:
Event ID: 32192

Closing routing group service due to an error.

Calling ReportFault on routing group {3C86EE90-FB81-5FC0-9B41-2C787B4ACC20} with FaultType 2 and ReasonCode 3. Error code: 0x00000000(ERROR_SUCCESS)
Cause: This may indicate a problem with the routing group. Please examine the server event logs and traces to identify the cause.
Resolution:
Run the commandlet Get-CsPoolFabricState -RoutingGroup [ROUTING GROUP] and make sure quorum is achieved. If the Pool is running and the Front-End is just started, this is normal for some time. If the error persists while the Front-End is running, restart the server.

And:
Event ID: 32179

Request to sync data from backup store for routing group {353B9BC5-A12D-578B-BAD5-F7F8BD5E02FC} was throttled due to pending requests.
Cause: This can happen when a Pool is re-started, and should go away automatically.

Turns out TLS 1.0 was disabled but this would be effective after the first reboot.
So when we rebooted for the latest WSUS updates it got activated and thereby killing the RTCSRV.exe service.

You can find the key here:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0|Server
REG_DWORD - Enabled
Value: ffffffff (decimal: 4294967295)

The disabled value is:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0|Server
REG_DWORD - Enabled
Value: 0(decimal: 0)

23 May 2017

Start Menu locations - Or add a simple Start Menu yourself without 3rd party tools

I keep forgetting the path to the Start Menu:
"C:\Program Data\Microsoft\Windows\Start Menu\Programs"

This is the same for Windows 7 up to Windows 10, and for Server 2012 to Server 2016.

But, wouldn't it be nice to have some sort of start menu without installing some malware/spyware infested tool? Then this quick fix is for you:

  • Display "Hidden items" on your C: Drive.
  • Open File Explorer and browse to your C: Drive. 
  • On the View tab, check the "Hidden items" checkbox.
  • Add a New Toolbar on your Taskbar.
  • Right-click on a blank area of your Taskbar and select Toolbars > New Toolbars.
  • Browse to the Start Menu\Programs folder.
  • In the New Toolbar dialog box, browse to the "C:\Program Data\Microsoft\Windows\Start Menu\Programs" folder. 
  • Click the "Select Folder" button.
  • Click the "Select Folder" button to add the new Toolbar to your Taskbar.

Here's what it looks like:

19 May 2017

Find all the KB's for Wannacry with PowerShell

I know this stuff is all over the place, but still could come in handy:

Check to see if the necessary Microsoft KB's are installed on your computer or server to protect you from "Wannacry":

#Current list of all the hotfixes from https://technet.microsoft.com/en-us/library/security/ms17-010.aspx            
$hotfixes = "KB3205409", "KB3210720", "KB3210721", "KB3212646", "KB3213986", "KB4012212", "KB4012213", "KB4012214", "KB4012215", "KB4012216", "KB4012217", "KB4012218", "KB4012220", "KB4012598", "KB4012606", "KB4013198", "KB4013389", "KB4013429", "KB4015217", "KB4015438", "KB4015546", "KB4015547", "KB4015548", "KB4015549", "KB4015550", "KB4015551", "KB4015552", "KB4015553", "KB4015554", "KB4016635", "KB4019213", "KB4019214", "KB4019215", "KB4019216", "KB4019263", "KB4019264", "KB4019472", "KB4015221", "KB4019474", "KB4015219", "KB4019473"            
             
#Check the computer it's run on if any of the listed hotfixes are present            
$hotfix = Get-HotFix -ComputerName $env:computername | Where-Object {$hotfixes -contains $_.HotfixID} | Select-Object -property "HotFixID"            
             
#Confirms whether hotfix is found or not            
if (Get-HotFix | Where-Object {$hotfixes -contains $_.HotfixID})            
{            
"Found HotFix: " + $hotfix.HotFixID            
} else {            
"Didn't Find HotFix"            
}            

If you are running Windows 10 Creator Update (Winver: 1703) you are good to go, as this build is not affected by Wannacry.

17 May 2017

PSGallery module gone - add it back to PowerShell-ISE

Unable to add modules from the PSGallery provider

When your Package provider list is empty:
Get-PackageProvider -ListAvailable

Run CMD.exe as an administrator and run the following command:
@powershell -NoProfile -ExecutionPolicy Bypass -Command "iex 
((new-object net.webclient).DownloadString('https://chocolatey.org/
install.ps1'))" && SET PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin

Close the CMD window, now you have a PS Repository:
PS C:\windows\system32> Get-PSRepository            
            
Name                      InstallationPolicy   SourceLocation
---------                 ------------------   --------------   
PSGallery                 Trusted              https://www.powershellgallery.com/api/v2/

Set the PSGallery as trusted:
PS C:\windows\system32> Set-PackageSource -Name PSGallery -Trusted               
            
Name                             ProviderName     IsTrusted  Location            
---------                        -------------    ---------  --------                                                                                                                                  
PSGallery                        PowerShellGet    True       https://www.powershellgallery.com/api/v2/


11 May 2017

Bitlocker everything - Store your bitlockerkeys in Onedrive

I was fooling around with bitlocker the other day and needed a way to store my bitlocker key other than on an external drive or USB drive and especially something else than printing them.

Right click on the physical drive you want to bitlocker and select "Turn on bitlocker".
Then your asked where the bitlocker recovery key has to be stored.
The first options that is presented turned out to be the most excellent one.

Save to your cloud domain account.
Now you might think that you need an Azure joined machine, this is partially correct.
If your machine is Azure Active Directory domain joined your bitlocker keys are stored in the "Devices" section in your account, you can the key under the details of your device.

But if you're not Azure domain joined but do have a Onedrive account setup than it will save your bitlocker key in your Onedrive.

Eureka, this means there is no more reason to not use bitlocker on your personal computers.
Knowing that in the case of theft or loss your data will not be compromised.
And the recovery key can be accessed fairly easy through this site:

https://onedrive.live.com/RecoveryKey.

Now this site is not accessible from your onedrive site directly, you won't find a link to it there, you have to know it and type it.

Here's what it looks like:


20 April 2017

Forward email to external domain - Exchange 2013 & Exchange 2016

By default email forwarding to an external domain is disabled on an out of the box Exchange 2013/2016 installation.
There are a lot of  blogs/threads/comments on the web that say to create a transport rule or to create a contact. Both of these will not work because autoforward to external domains is disabled (see below)

If you look in the message tracking logs you will find the following line:

To be able to do this for a specific domain only you can do the following:

Check your current settings:
Get-RemoteDomain
Name                           DomainName                                   AllowedOOFType
----                           ----------                                   --------------
Default                        *                                            External

Check the auto forward settings:
Get-RemoteDomain | fl autofor*
AutoForwardEnabled : False

Add a new remote domain to allow forwarding to:
New-RemoteDomain -Name description -DomainName yourremotedomain.com


Check the auto forward settings for the new domain:
Get-RemoteDomain -Identity yourremotedomain | FL auto*            
AutoReplyEnabled   : True                        
AutoForwardEnabled : True

After doing all this you can create a rule in Outlook or OWA to forward an email to this particular domain only.

31 March 2017

Get-HealthReport - Get your daily dose of builtin Exchange HealthReport checks in your mailbox

Fooking for some stuff about Skype for Business I came across a great post by Joakim Storrank over at https://sysadminblogger.wordpress.com/

He had a few scripts he uses for monitoring, 2 he mentions I use as well but the third caught my eye.

It was a great oneliner (gotta love those) about the builtin HealthReport checks for Exchange.
The thing is that it was for 1 server and I have several so I made some adjustments and look here now it can be used for an array of servers.

Thanks Joakim, and check out his post about the Health Checking / Monitoring Exchange Server 2013/2016

Run it as a scheduled task daily with these arguments:
powershell.exe -noprofile - file "C:\_Scripts\Get-HealthReport\Get-HealthReport.ps1"

Note the spaces around "Style" for the table, I had some trouble getting the code to display correctly.

The Script:
##############################################################################            
## Get-HealthReport            
## Purpose: Sends report on the builtin Exchange HealthReport commandlets            
## Author: Edwin van Brenk            
## Date: 30 march 2017            
## Version: 1.0            
## Credits go to Joakim Storrank for his excellent oneliner: 
## https://sysadminblogger.wordpress.com/2017/03/13/health-checking-monitoring-exchange-server-20132016/            
##############################################################################            
#Load Exchange 2013 Module             
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn            
            
#SMTP options for sending the report email            
$smtpServer = "smtp.domain.com"            
$smtpFrom = "Get-HealthReport@domain.com"            
$smtpTo = "username@domain.com"            
$messageSubject = "Get-HealthReport $Computers"            
            
$logPath = "C:\_Scripts\Get-HealthReport\"            
            
# Build table for html files, remove the space around "Style"            
$style = "< style >BODY{font-family: Arial; font-size: 10pt;}"            
$style = $style + "TABLE{border: 1px solid black; border-collapse: collapse;}"            
$style = $style + "TH{border: 1px solid black; background: #dddddd; padding: 5px; }"            
$style = $style + "TD{border: 1px solid black; padding: 5px; }"            
$style = $style + "</ style >"            
# End HTML Output file style            
            
$Date = Get-Date -Format dd-MM-yyyy            
            
## The Servers to test            
$Computers = "server1","server2","server3","server4"
            
# Start the Script            
Foreach($computer in $Computers)            
{            
# Choose what you want to see, all status' or everything but healthy or everything but healthy and disabled by commenting out the desired line            
#$GetStuff = Get-HealthReport -Server $Computer | Select server,state,healthset,alertvalue,lasttransitiontime,monitorcount #-AutoSize            
#$GetStuff = Get-HealthReport -Server $Computer | where {$_.alertvalue -ne “Healthy” -and $_.AlertValue -ne “Disabled”}  | Select server,state,healthset,alertvalue,lasttransitiontime,monitorcount #-AutoSize            
$GetStuff = Get-HealthReport -Server $Computer | where {$_.alertvalue -ne “Healthy”} | Select server,state,healthset,alertvalue,lasttransitiontime,monitorcount #-AutoSize            
$GetStuff | ConvertTo-Html -head $style -body "Get-HealthReport from $Computer" | Out-File "$logPath\$Computer-$Date.html"            
}            
            
# Remove previously created combined.html            
Remove-Item $logPath\combined.html            
#Combine all the html files in to one file               
Get-Content -path $logPath\*.html | Add-Content -Path $logPath\combined.html            
            
#Send email message            
Send-Mailmessage -To $smtpto -From $smtpfrom -SmtpServer $smtpserver -Subject $messagesubject -Body (Get-Content $logpath\combined.html | Out-String) -BodyasHtml            
# Remove all html files to prevent filling the disk            
Remove-Item $logpath\*.html