Category Archives: Microsoft

All Microsoft Products (Exchange, SQL, Windows, Server)

Microsoft

How Long Has User XYZ Been Logged In

Leave a comment

And when was the last time they logged into their Exchange mailbox? Very important questions on the Microsoft side of the house.

Currently have an Exchange 2010 server on-prem (soon O365) and several aged accounts that needed to be disabled.

On a Windows machine open a command prompt and type quser.exe. This will show you all of the users currently logged in as well as when they logged in, and any idle time. Especially helpful on the Terminal Services hosts/RDS machines.
USERNAME SESSIONNAME ID STATE IDLE TIME LOGON TIME
>BSDMAN console 1 Active none 9/8/2017 7:31 AM
>ADMIN rdp-tcp#0 2 Active none 9/11/2017 11:52 AM

How about for Mailbox exchange users?
Open the Exchange Management PowerShell
get-mailboxstatistics -server YOUREXSERVERNAME | sort LastLogonTime -Decending
To save it to a file just add the > c:\temp\ex_last_logon.txt to the end.

Profit.

Microsoft

Excel Shared Workbook Option Missing

Leave a comment

So I had been used to having shared workbooks/excel sheets for years. It allowed me to have a single repository for a ton of useful information that I could share with others – and have them edit accordingly. But when I went to start a new one (at my new job, yay!) with Office 2016, I found the option had been replaced with “co-authoring”. Co-authoring is roughly the same feature set but it required the use of sharepoint, onedrive for business, etc. We’re not currently in O365 land, so this wasn’t a great option for me. Where’s my shared workbook??

Open Excel
File > Options > Quick Access Toolbar
List All Commands (drop down)
Scroll down to Compare and Merge Workbooks and click Add
Scroll down to Protect Sharing (Legacy) and click Add
Scroll down to Share Workbook (Legacy) and click Add
Scroll down to Track Changes (Legacy) and click Add
Now you technically only need the Share Workbook option, but since I had used the other options to track changes and do comparisons, I figured you may find those options useful as well.
Click OK.

The four new options (or fewer if you selected less than 4) show up at the top of Excel. Yay!

Microsoft

Microsoft CA Delete Old Certificates

Leave a comment

I had an issue where a certificate template was inadvertently used for all users and machines. Creating a new request daily. For 3 months. Without overwriting the old request. Ouch.

So in my Certificate Authority MMC I saw under Issued Certificates thousands of certs that were expired and I wanted them to just go away. Enter the Admin Command Prompt (I didn’t try with powershell).

certutil -deleterow 5/10/2016 Cert
Apparently this command will only delete up to 3000 per attempt, so I had to run it a few times to get my results.

https://technet.microsoft.com/en-us/library/cc732443.aspx?f=255&MSPPError=-2147217396#BKMK_deleterow

Microsoft, Networking

Powershell Add Certificates to Firefox User

Leave a comment

As we recently implemented a MITM SSL inspection web filter, I needed a way to install the locally signed certificate into the firefox stores on managed devices.

Firefox, by default, does not use the built-in certificate store and instead chooses to utilize its own. Chrome/IE/Edge do not have this same issue and the GPO setup to publish an internal certificate to domain computers is working wonderfully. Firefox, on the other hand, is not so helpful.

After some research it was obvious the best solution was to use powershell/certutil to force an import of the certificate into the local profile’s store. I must admit it took me about 10 minutes to realize that Mozilla/Firefox has its own version of certutil that IS NOT the same as the windows certutil… SMH.

I’ve zipped up the required files as of 02/2017 here.

And here is the ps1 script I used which assumes you installed the OS on the C:\ drive with most of the defaults:

#Script adds Radius Certificate to independent Firefox certificate store since the browser does not use the Windows built in certificate store

#list all Firefox profiles so we can push the certificate to ALL
$ProfilePath = “C:\Users\” + $env:username + “\AppData\Roaming\Mozilla\Firefox\Profiles\”
$ProfilePath = $ProfilePath + (Get-ChildItem $ProfilePath | ForEach-Object { $_.Name }).ToString()

#Update for untangle
certutil.exe -A -n “Name of Certificate” -t “CT,C,C” -i “certificate_from_content_filter_or_UTM.crt” -d $ProfilePath

Microsoft

Search O365 Exchange Forward Rules

Leave a comment

IT and the Legal team recently started working on correcting several key issues. One of those included the ability to keep company email from auto forwarding out to other non-company accounts/companies/etc.

Open a powershell prompt (run as administrator)
$LiveCred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
Import-PSSession $Session
foreach ($i in (Get-Mailbox -ResultSize unlimited)) { Get-InboxRule -Mailbox $i.DistinguishedName | where {$_.ForwardTo} | fl MailboxOwnerID,Name,ForwardTo >> c:\text\Forward_Rule_list.txt }

If you receive an error “Files cannot be loaded because running scripts is disabled on this system”
Set-ExecutionPolicy RemoteSigned

Linux, Microsoft

Webserver CA SSL Request, Linux Windows

Leave a comment

I had a need to create a certificate for a new webserver. I have Linux machines available on my Windows dowmain that has a certificate authority advertised in active directory.

On your linux machine (that has openssl)
openssl req -new -sha256 -newkey rsa:2048 -nodes -keyout webserver1.key -out webserver1.csr

Generating a 2048 bit RSA private key
……………………………………+++
…………………………………..+++
writing new private key to ‘webserver1.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:NO
Locality Name (eg, city) [Default City]:Town
Organization Name (eg, company) [Default Company Ltd]:Winks
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server’s hostname) []:webserver1.localdomain.local
Email Address []:support@localdomain.local

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Copy the CSR to your clipboard
nano webserver1.csr
Copy all of the text including the “–BEGIN” and “–END”

Create the certificate request on your CA

https://certificateauthority/certsrv
Create a new request – Advanced certificate request
Paste the copied text
Select webserver for the certificate template
Submit

I always download as a base64 encoded certificate. I then copied the .cer to my linux box to run the next steps.

On your linux machine create the PFX
openssl pkcs12 -inkey webserver1.key -in webserver1.cer -export -out webserver1.pfx

Enter Export Password:
Verifying – Enter Export Password:

Copy the PFX back to your window machine, double click, enter the passcode, and away you go.