Click to Run Office, Install Visio

I needed to install Visio on my laptop. Laptop, running Win10 Pro 1709, already had Office 365’s office version installed.
Visio was part of our VLSC/Business Center downloads. I noticed I had MAK keys and C2R-P MAK keys for the ODT.
I tried to just install from the downloaded ISO but it said something about 32/64bit product conflicts. I fixed that (https://answers.microsoft.com/en-us/msoffice/forum/msoffice_install-mso_win10/office-16-click-to-run-extensibility-component-64/e79ee5bd-f119-4808-9bb2-289dd815b76a) but then had it error out with something like “this product doesn’t work well with the click to run installed programs”.

Download the Visio ISO (or replace visio with another product)
Download the Office Deployment Tool. “Install” this by double clicking (it just extracts to a you-get-to-choose working folder).
Comes with 2 files; setup.exe and configuration.xml

Edit the xml file
<Configuration> <Add OfficeClientEdition=”64″ > <Product ID=”VisioProXVolume” PIDKEY=”69WXN-MBYV6-22PQG-3WGHK-RM6XC”> <Language ID=”en-us” /> </Product> </Add> </Configuration>
Save

Open a command prompt (or shift + right-click open powershell in this window) and navigate to wher your xml and exe files are.

Download the required setup files
setup.exe /download configuration.xml

Install the setup files
setup.exe /configure configuration.xml

Visio is now installed!

https://docs.microsoft.com/en-us/deployoffice/use-the-office-deployment-tool-to-install-volume-licensed-editions-of-visio-2016
https://docs.microsoft.com/en-us/deployoffice/overview-of-the-office-2016-deployment-tool

Reset WordPress Password

Taking over the IT department when the previous IT regime had zero plans on how to integrate the series of businesses they had taken over in the past several years makes for some fun times. I have 4 different godaddy accounts, a couple DH accounts, and even one from a German company I had never heard of. And I had to fight, beg, talk, email, reverse engineer, and guess on several logins. Something something “no documentation”.

That being said, I’ve also had the responsibility of migrating and managing some of our wordpress sites and was SOL when it came to logins. Luckily GD, DH, and even the German cpanel host company all allowed for some sort of mysql access – whether that was shell access or phpmyadmin – so I could “easily” reset the credentials.

On Dreamhost using SSH:
mysql -h MYSQL.DOMAINNAME.TLD -u MYDBUSERPASSWORDFROMTHEPANEL -p
Enter your DB User password
show databases;
use DATABASENAMEHERE;
show tables;
Look for one with “users” at the end (eg wp_users)
List the Users Table along with the ID you’ll need later (First Column)
select id, user_login, user_pass from NAMEOFUSERTABLE;
update NAMEOFUSERTABLE set user_pass = MD5('YOURNEWPASSWORDHERE') where ID = NUMBERFOUNDABOVE

Through PHPMYADMIN
Open PHPMyAdmin and click on the WP database
Find the “Users” table (eg wp_users)
Click on Browse
Click on edit by the user for which you desire to change the password
Where it says “user_pass” change the function drop down to MD5 and then type in a plain text password.
Hit save/submit

Unifi Linux and Windows Certificates

I thought I knew it all about certificates, but then I was humbled once again.

I needed to “secure” an internal linux webserver using our Windows 2016 CA as to remove the “this is an unverified site” messages that liked to pop up when browsing the various sites.

The process I had done in the past was to create the CSR using openssl, then copy the encryption data, open up my trusty http://certserverhere/certsrv/ site and go through the process of making a webserver certificate. Then, when finished, just download the certificate and the CA + chain, import on linux, and profit.

Well, the new versions of the templates (V3 and V4 specifically) no longer allowed the web enrollment using my trusty http://certserverhere/certsrv site. Booo.

I could probably get it to work by just requesting my own certificates using the MMC, but I’m still leaning towards the whole CLI phase of life. I should also note that I find the performance and management of Unifi on Linux to be significantly better and easier than that on Windows. YMMV.

By the way, this is technically how I published a certificate on our Unifi wireless controller. The CA Certificate Authority is a 2016 Windows Server that’s been published in AD. The unifi machine is running Ubuntu 17.10 and unifi version 5.6.29. I also used WinSCP, Putty, and my base machine is Win10 (not super applicable).

SSH to the Unifi Machine
(I did this as root, so add “sudo” before commands if you’re not the root god)
cd /usr/lib/unifi
java -jar lib/ace.jar new_cert unifi.domain.tld CompanyName Town State Country
This creates unifi_certificate.csr.der and unifi_certificate.csr.pem – the DER is encrypted and the PEM is what we need.

Get the PEM over to your CA Server
I just used nano to view all the data and then copy pasted, but feel free to WinSCP it over as well
nano unifi_certificate.csr.pem
Copy this text, then on the CA create a new text file and paste the data there. Save.

Certreq
Open an administrative Command Prompt on your CA server
certreq -submit -attrib "SAN:dns=unifi.yourdomain.tld&dns=unifi" -attrib "CertificateTemplate:WebServer2018" unifi_certificate.csr.pem
By default your Certificate Template will be “WebServer” instead of the one I listed above – I created my own template with the year it’s valid for the sake of record keeping.

Save the Certificate
Assuming the request went through, you’ll be able to name and save your signed certificate. In my case I named it unifi_withSAN.domain.tld.cer. I also navigated to the http://certserverhere/certsrv site and downloaded the CA certificate, Certificate chain, or CRL (I just downloaded the CA Certificate as it’s a single host with no subs).

Copy it back to Unifi
I used WinSCP to copy both the signed certificate as well as the CA Certificate I downloaded back to my /home directory on the Unifi server.

Final Touches
Back on your Unifi SSH session (in the /usr/lib/unifi directory)
java -jar lib/ace.jar import_cert /home/unifi_withSAN.domain.local.cer /home/srv-cert01-ca.cer
Replace srv-cert01-ca with the name of your CA certificate.
If successful, restart the unifi services
service unifi restart

Close your browser and open back up to https://unifi:8443 and no more error!

Create a Shared Mailbox MS Exchange 2010

On prem shared mailbox. May be one of my last posts about exchange being not in O365-land.

Open the Exchange Management Shell EMS

Create the mailbox
New-Mailbox -Name MAILBOXNAME -Alias ALIASNAME -OrganizationalUnit "OU path" -Database "DATABASE" -UserPrincipalName EMAILADDRESS -Shared

Give permissions to the mailbox
Add-MailboxPermission MAILBOXNAME -User "DOMAIN\USERNAME" -AccessRights FullAccess
Or
Add-ADPermission MAILBOXNAME -User "DOMAIN\USERNAME" -ExtendedRights Send-As

Convert a User mailbox to a shared mailbox
Set-Mailbox "" -Type shared
Add-MailboxPermission MAILBOXNAME -User "DOMAIN\USERNAME" -AccessRights FullAccess
Add-ADPermission MAILBOXNAME -User "DOMAIN\USERNAME" -ExtendedRights Send-As

Login Windows Automatically

I recently acquired some Intel Computesticks (m3 1.6ghz, 4GB, 64gb storage, abgn) and was going to use them as digital signage systems – total side note but they work remarkably well for digital signage, especially with Xibo).

I needed them to automatically log into windows with no user interactions when rebooting.

Run Netplwiz
Windows + R
Netplwiz

Uncheck the Users must enter a user name and password to use this computer
Enter the password for an automatic user login. I used a local account.

You can also use the registry to do it:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
DefaultUserName enter a value of domain\youraccount, or MicrosoftAccount\yourMSemail@domain.tld, or username
New String Value for DefaultPassword (if it doesn’t exist)
Enter your password (yes, clear text)
Change the value for AutoAdminLogon to 1

**EDIT**
apparently there’s an Autologon by sysinternals too. For win10.

Solarwinds Syslog Database Cleanup

So my last senior systems administrator decided to install solarwinds on a virtual machine as a standalone package (solarwinds, licensing, sql express). He came to me a day or two later saying that he needed to migrate the database from SQL express to our production SQL server as the instance was at the maximum allowed by SQL Express. He said it was eating up almost 20GB of space – which means he filled up the first database and created a secondary and then filled that one up too (SQL Express has a 10GB per database limit).

After being unable to migrate the database from Express to Standard for 2 days, he just starts it over on the production SQL instance. Long story short we were chewing through about 18GB of database disk space every day. The admin had, for some reason, enabled syslog with Debugging on all network equipment. Damn.

So I needed to delete about 180GB worth of syslogs and, knowing my previous experiences between delete and truncate, decided to just drop the entire table:

Truncate all syslog:
Open SQL Studio Manager
Run a new query
Truncate Table Syslog

Delete Old Syslogs:
Open SQL Studio Manager
Delete from Syslog Where datetime <= '4/24/2016'

Send on behalf of Distribution Group

I have an Exchange 2010 server on prem – needed to grant send on behalf to a user for a distribution list. In this case the distribution list is called “Events”. However, every time I would change the permissions I noticed that the previous entries were removed.

List Group Current Permissions
Get-DistributionGroup "Events" | fl name,grant*

Replace Granted Users List
Set-DistributionGroup "Events" -GrantSendOnBehalfTo "Some User", "Another User", "Third User"

Add Additional Users
Set-DistributionGroup "Events" -GrantSendOnBehalfTo @{add="New Hire", "Manager Name"}

Remote Users
Set-DistributionGroup "Events" -GrantSendOnBehalfTo @{remove="Recently Fired", "Another User"}

Ramblings Of An IT Person