McAfee Agent cannot be removed while it is in managed mode

Run the following in CMD running as Administrator

"C:\Program Files\McAfee\Agent\maconfig.exe" -provision -unmanaged

DMARC described in one sentence

The sender's DNS stipulates that messages should contain a cryptographic proof of a valid sending server, when DMARC fails the messages did not contain this.

Remove 365 licenses from PC to resolve license issues

1.       Find the office install directory.  Should be here C:\Program Files (x86)\Microsoft Office\Office16.

-          There should be a VBS Script in the directory called ospp.vbs

      

2.       Sign out of Office – Make sure you sign out and remove anything office related in the Credential manager. Then close all office app including skype for business, Onedrive if running.

3.       Run CMD as Administrator and change to this directory C:\Program Files (x86)\Microsoft Office\Office16

The command below gets the product key or keys:

4.       Run the script – “cscript ospp.vbs /dstatus”

Run this command to remove the product key or keys if multiple keys is present. – Make sure to sign out of office first if not you will soon find out why.

5.       Remove the license - “cscript ospp.vbs /unpkey:8HRTP”

6.       Run this again “cscript ospp.vbs /dstatus” to double check the license is removed.

7.       Open word or excel and sign in with the account you want to license Office with.

Create user in Azure hosted SQL

Login to SQL Management Studio as the Azure defined SQL Admin

Change the items in red to those that you require.

In the Master Database
CREATE LOGIN username WITH password='password';

CREATE USER username FROM LOGIN username;

In the User Database.
CREATE USER username FROM LOGIN username;
EXEC sp_addrolemember N'db_owner', N'username'

For Read-only

CREATE USER username FROM LOGIN username;

EXEC sp_addrolemember N'db_datareader', N'username'

Open File, Print and RDP, enable RDP on next boot on a workstation via CMD - Domain profile only

netsh advfirewall firewall set rule name="File and Printer Sharing (SMB-In)" dir=in profile=domain new enable=Yes

netsh advfirewall firewall set rule name="Remote Desktop - User Mode (TCP-In)" dir=in profile=domain new enable=Yes

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

Creating a SQL user on a SQL server set up for Secondary log shipping

Create the SQL user on the Primary SQL server and assign User Mapping, allow log shipping to occur.

On the Primary SQL server run the following, it will return a SID...
select name, sid from master..syslogins where name in ('SQLUser')

On the Secondary SQL server run the following using the SID generated on the Primary SQL server.
sp_addlogin 'SQLUser', @passwd='SQLUserPassword', @sid=0x01234567890123456789012345678901

You will now see the same user with the same User Mapping on both Primary and Secondary SQL servers, the user on the secondary will match to the permissions of the Primary server user.

powerShell 365

Connect to Office 365 PowerShell
$LiveCred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
Import-PSSession $Session


Connect to Azure PowerShell
$LiveCred = Get-Credential
Connect-MsolService -Credential $LiveCred

Import-Module Azure


Set the calendar permissions of another user: 
set-MailboxFolderPermission -Identity alias:\calendar -User user@example.com -AccessRights Owner


Set the Default user on every mailbox calendar to Reviewer
$users = Get-Mailbox | Select -ExpandProperty Alias
Foreach ($user in $users)
{
Write-Host $user
set-MailboxFolderPermission $user":\Calendar" -user default -accessrights reviewer
get-MailboxFolderPermission $user":\Calendar" -user default
write-host ""
}

Find where a mailbox alias is in use
Get-Mailbox -Identity * | Where-Object {$_.EmailAddresses -like 'smtp:alias@example.com'} | Format-List Identity

Get details of all folders in all mailboxes
Get-Mailbox | Select-Object alias                                            `
| foreach-object {                                                           `
    Get-MailboxFolderStatistics -Identity $_.alias                           `
    | select-object Identity, ItemsInFolder, FolderSize, FolderAndSubfolderSize }

Remove forwarding on a mailbox
Set-Mailbox bob -ForwardingAddress $Null
Set-Mailbox bob -DeliverToMailboxAndForward $False

Recover all recently deleted items from retention
Restore-RecoverableItems -Identity alias

Create a CSV of AD users and their managers

Run the following in PowerShell changing the path at the end to suit your needs, the output can then be sorted by the Manager column in Excel.

get-aduser -Filter * -Properties Manager | Select-Object Name,sAMAccountName,Manager | export-csv C:\Scripts\UsersWithManagers.csv -notypeinformation

Using forfiles to remove older backups (last resort) 14 days and older.

Add the following as a second step in the SQL job, possible catches are you need to set the first step behavior as run second step on success. Modify Advanced Page for success action. Second step Type: Operating System (CmdExec).

F:
CD F:\SQLBackups
forfiles /m *.bak /c "cmd /c Del @file" /d -14

HP Chromebook 11-1101 Resurrection, Orange Light, will not power on

So my trusty old HP Chromebook 11-1101 (the slim cheap blue and white Chromebook pictured below) turned it's self off due to low battery last night. Fair enough, I put it on charge, this morning the charging light was still orange, I disconnected the charger and flipped the power off at the wall then back on reconnected the charger but noticed the orange light was still on, without the charger connected.

Oh, and it wouldn't power on either!

So here's the fix. Hold the Power  and Refresh  keys down simultaneously for 5 seconds. Your Chromebook will turn off the orange charging light and boot up all being well.

I thought my favourite laptop of all time had gone to laptop heaven, but it seems CPR exists for Chromebooks.

.Net framework will not install

.Net framework refuses to install even if you point it to a source.

1. Go to the following registry key:
2. HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
3. In the right-pane, if you see UseWUServer set its value to 0
4. Exit regedit
5. Restart Windows

Converting a Synced with Active Directory user to a InCloud user

Microsoft recently closed the loophole of deleting a AD user and restoring it in AzureAD/Office365 as a way of migrating user accounts to AzureAD.

Here is the currently supported method I was given by Microsoft Support and have successfully used.

Import-Module Azure 
$LiveCred = Get-Credential
Connect-MsolService -Credential $LiveCred

Set-MsolDirSyncEnabled –EnableDirSync $false
(I answered ‘y’ when prompted)

Wait until you stop getting the ADSynced user warning in the O365 portal when you try to edit a username, this takes around 10 minutes.

Set-MsolUser -UserPrincipalName test.user@example.com -ImmutableID ""

Wait 10 minutes.

Set-MsolDirSyncEnabled –EnableDirSync $true
(I answered ‘y’ when prompted)
This last step will take 6-8 hours-ish.

Once this is all finished and the sync re-starts you will see the user you cleared the ImmutableID for show as InCloud.

Adding a Azure AD user to local Administrators group

To add an additional administrator to an Azure joined computer.

1, Ensure the new AzureAD user has logged in then out.
2, Login as an admin (AzureAD or local account).

3, Run the following in CMD.

    net localgroup administrators AzureAD\UserAlias /add

4, The next time the user logs in they will have local admin rights.

Use the user alias, not the whole email address, remember that the user must have logged in previously to create a profile on the computer before you do anything.