Scanning your network for dropbox installations

I was recently asked if we could investigate the extent of the dropbox application on our network as it’s against company policy.
“Easy!” I thought, as we had Spiceworks monitoring this type of stuff. However I was wrong as dropbox doesn’t install like usual applications do, it puts the uninstall registry keys under HKEY_CURRENT_USER.

After a quick search around I found the solution to be LAN Search Pro.
It just required a quick couple of changes to the settings after downloading.

1. Click the Options icon, go to the Hidden Folders tab and then select Common and hidden folders.
2013-07-31 09_36_34-Spiceworks - Open Tickets

2. Click the Search Scope icon, click Refresh and then expand the Network until your domain is selected and press Ok.
2013-07-31 09_40_08-LAN Search Pro

3. Ensure you are logged on as a domain admin, this way you will be able to search all the computers on your network in their hidden C$ share.
Type dropbox.exe in the search field and press the green arrow to begin the search.
2013-07-31 09_37_20-LAN Search Pro

4. Your results should display in a list along with their location, this will show you the computer dropbox is installed on and which user has installed it.
2013-07-31 09_43_52-LAN Search Pro

Total Views: (1019)

Recover deleted items in Exchange 2010

How to recover deleted items in Exchange 2010 using the Exchange Management Shell.

Today one of our users accidentally deleted all of their sent items… Usually this wouldn’t be a problem as they are easily recovered in Outlook 2010 from the ‘Recover Deleted Items’ which is under Folder tab. However that is exactly where the user had deleted all these emails from!

After a quick refresh on some command syntax I was easily able to restore all of these items directly back to her mailbox.

The following command searches the “Gill” mailbox for anything matching the search query, which in this case is email sent from themselves and sends the logs to the Discovery Search Mailbox.

<br />Search-Mailbox -Identity "Gill" -SearchQuery from:gill@contoso.com -TargetMailbox "Discovery Search Mailbox" -TargetFolder Inbox -LogLevel Full<br />

After running that command the output looked like the following. Note that for me the Sucess flag was set to false, however the logs were still sent. I suspect this being due to the high count of items found by the search.

<br />RunspaceId       : 9a7ba099-9dc1-4384-9321-d25f97d5dc72<br />Identity         : contoso.local/SBSUsers/Gill<br />TargetMailbox    : contoso.local/Users/DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852}<br />TargetPSTFile    :<br />Success          : False<br />TargetFolder     : \Inbox\Gill-24/07/2013 1:36:29 PM<br />ResultItemsCount : 2143<br />ResultItemsSize  : 644.1 MB (675,366,002 bytes)<br />

Now have a look at the Discovery Search Mailbox, I personally check this through OWA. You’ll need to have permission to view it. You should see an email with the log results in a zip file, verify the csv contained to ensure you are going to recover the correct items.

2013-07-24

Once you’ve narrowed your search query to limit the results to the exact file(s) you want, run the following query to restore them.
Searches the ‘Discovery Search Mailbox’ as this is where the log is contained, for the ‘same query as before’, except now the targetmailbox and folder is set to the original user. In this case I restored the items underneath the Sent Items folder as that is where they were deleted from.

<br />Search-Mailbox "Discovery Search Mailbox" -SearchQuery from:Gill@contoso.com -TargetMailbox Gill -TargetFolder "Sent Items"<br />

The output looked like the following.

<br />RunspaceId       : 9a7ba099-9dc1-4384-9321-d25f97d5dc72<br />Identity         : contoso.local/Users/DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852}<br />TargetMailbox    : contoso.local/SBSUsers/Gill<br />TargetPSTFile    :<br />Success          : True<br />TargetFolder     : \Sent Items\Discovery Search Mailbox-24/07/2013 1:43:20 PM<br />ResultItemsCount : 3105<br />ResultItemsSize  : 886.9 MB (930,024,607 bytes)<br />

As you can see, 3105 items were restored! Hoorah! Crisis averted.
The folders should appear something like the following in the users mailbox.
2013-07-24 13_57_37-Gilll- Outlook Web App

Total Views: (5483)

Configuring VLAN’s between Cisco and Netgear switches

We recently acquired some new Cisco 2960-S (24-port Gigabit PoE) switches to add to our inventory to be used for a mix of workstations and phones. The switch was installed fine with a bunch of computers sitting on a temporary switch were moved to it immediately.  All was well for a few weeks.

The need to bridge a computer off a phone then into the switch arose due to minimal points available in an office. Our phones and computers run on different VLAN’s, and the new Cisco switch was connected to a Netgear GS748T.

Goal: Single Data Point -> Phone (VLAN 100) -> PC (VLAN 1)

Assumptions:

Phone can be manually configured with a VLAN.

Solution:

  1. ipconfig /all on the workstation to find its MAC address.
  2. Connected to the Cisco switch via telnet (after enabling it) and ran show mac address-table. Match the MAC address to the port name (Gi1/0/9) of the workstation.
  3. While there I noticed a port (Gi1/0/22) with a large number of MAC addresses, this will be the up-link to the Netgear switch.
  4. Logged onto the Netgear switch web ui, Switching -> Address Table. Here you can search for the original workstations MAC address, this port (36) will be the up-link to the Cisco switch.

So, the details thus far:

PC VLAN: 1
Phone VLAN: 100
Workstation MAC: ends with f8:ae
Workstation port on Cisco switch: Gi1/0/9
Cisco port up-link to Netgear switch: Gi/1/0/22
Netgear port up-link to Cisco switch: 36

Now we have all the required details, we just need to actually configure everything!

Netgear:

  1. Log onto the Netgear Web UI
  2. Switching -> VLAN -> VLAN Membership
  3. Change the VLAN Identifier to the 100 (Phone VLAN)
  4. Expand the Unit 1, and click on port 36 until it says T (Tagged)

Cisco:

  1. Connect to the Cisco switch (telnet if enabled)
  2. en – Enable privileged mode
  3. config t – Enable configuration for the Terminal
  4. vlan 100  – Creates VLAN 100
  5. name Phones – Sets the name of VLAN 100 to Phones
  6. end – ends the configuration mode
  7. config t
  8. interface Gi1/0/22 – Enter configuration for the uplink to Netgear switch
  9. description UplinkToNetGear – Sets the description so the port is easier to find in the future.
  10. switchport trunk allowed vlan 1,100 – Allows the VLAN’s 1 and 100 on the port
  11. switchport mode trunk  – enables trunk mode for the port
  12. end 
  13. config t
  14. interface Gi1/0/9
  15. switchport voice vlan 100 – Sets the VLAN for Phone data to run off vlan 100
  16. end
  17. copy run start – The most important part, saving your configuration to the startup-config! So you don’t have to do this all over again 🙂

Finished! Wasn’t that easy. There are a few steps I may have missed out as the Netgear switch already had the required VLAN’s created and assigned. Other people have also mentioned you may need to changed the PVID on the Netgear, but for myself this wasn’t necessary.

Total Views: (3967)

Deploying Java 7 Update 17 through Group Policy

Deploying Java 7 Update 17 through Group Policy
 
1.       Download the Windows Offline Installer
a.       32-bit & 64-bit is for the Browser version not OS.
2.       Run the .exe, don’t click Install>
3.       Browse to C:\Users\username\AppData\LocalLow\Sun\Java
4.       Copy the correct folder (jre1.7.0_17) to another folder
5.       Use Orca to create the transform (mst) file.
a.       Orca is available in the Windows SDK
b. Once installed it can be found in C:\Program Files\Microsoft SDKs\Windows\v7.0\Bin as Orca.msi
6.       Run Orca then open the jre1.7.0_17.msi file you copied previously
7.       Select Transform then ‘New Transform’ from the toolbar
8.       Change the Property table values for JAVAUPDATE, AUTOUPDATECHECK and IEXPLORER to 0.
9.       On the toolbar select Transform then  ‘Generate Transform’, save the .mst file in the same location as the .msi
 
Alternatively you can use the previously created transform file located here
 
It’s best now to check the msi and mst file’s install correctly, you can do this by running the following command from command prompt once you have navigating to the same directory:
msiexec /i jre1.7.0_17.msi /qn TRANSFORMS=JavaTransform.mst
Then check Programs and Features to see if installed or visit http://www.java.com/en/download/testjava.jsp.
 
Now you can deploy the file through Group Policy.
1.       Ensure the .msi.mst and .cab files are in a user available network share
2.       Edit the existing Application Installation group policy or create a new one.
3.       Computer Configuration -> Software Settings -> Software Installation
4.       Right-click -> New -> Package, choose the .msi file
5.       Select Advanced then Ok
6.       Select the Modifications tab then Add…
7.       Choose the .mst file and select Ok

Total Views: (5023)

Outlook prompts for SharePoint user credentials

Outlook prompts for SharePoint credentials user credentials on every start up.

Our site consists of the following:

  • Internet Explorer 9
  • SharePoint 2010
  • Outlook 2010
  • Outlook Anywhere

Having connected SharePoint calendars to Outlook 2010 a prompt for user credentials to the SharePoint server would appear each time Outlook is started.
This would sometimes prompt multiple times depending how many connections to the SharePoint server were necessary.

Easy fix:
Add the address to Internet Explorers Trusted Sites.

For myself, the giveaway was the server requesting the information was the FQDN of the server; this was not currently in the Trusted Sites for our Local Intranet in IE.

I had previously created a Group Policy to modify the Trusted Sites settings for our computers, these can be set under:
User Configuration -> Policies -> Windows Settings -> Internet Explorer Maintenance -> Security -> Security Zones and Content Ratings

I press ‘Continue‘ to the prompt, then under the ‘Security Zones and Privacy‘ block I selected ‘Modify Settings‘. From there I went to ‘Local Intranet‘, ‘Sites‘, ‘Advanced‘ and added the FQDN for the SharePoint server (http://servername.domain.local).

To test, closed all IE on my local workstation, ran gpupdate and then checked the IE settings to make sure the site was added – restarted Outlook and no more prompts!

Total Views: (6023)

Outlook prompting credentials after server restart

After rebooting our SBS 2011 box, all users were constantly prompted for credentials. If you clicked cancel and then double-clicked the ‘Need password’, it would go away for roughly ~30 seconds before re-appearing.

After checking all the required exchange services were running, and restarting the RPC Client Access service (all our clients connect via RPC/Outlook Anywhere) and still not seeing any changes, the next step was to test the autodiscover.

Hold Control and Right-Click on the Outlook icon in the taskbar near the clock. Then choose ‘Test E-Mail AutoConfiguration’. Untick the two Guesssmart settings and press Test.

After doing so I was continuously asked for  credentials, except this time entering them did nothing.

So now I knew AutoDiscover was broken.

Checked the DNS entries – all fine, checked the ClientAccess settings through the EMS – all fine.

After a quick google search I found the issue could be resolved through the IIS Manager.

1. Open up IIS Manager.

2. Expand your Servername, Sites, and Default Web Site.

3. Click on Autodiscover, then on the right-hand side double-click Authentication .

IIS

4. Right-click Windows Authentication and choose Advanced Settings.

5. Un-tick Enable Kernal-mode authentication and press Ok.

IIS_2

6. Repeat this for the EWS and OAB directories in IIS as well.

Although this fixed the initial problem of Outlook credentials continuously prompting, the EWS service had completely stopped working. This showed sings like “Mail Tips could not be retrieved” and emails not sending from the SBS console when a new user is created. This was fixed by running iisreset /noforce from an administrative command prompt. Unfortunately the service failed to start and would not start from the IIS manager, but starting it manually had everything working 100%.

Total Views: (3792)

Room Mailbox Delegate Not Working – Exchange 2010

Microsoft Exchange 2010 – Delegating a room mailbox to a user for approving meeting requests.

Here are the settings I needed to get this to work as intended.

Resource Booking Attendant
Mailbox Delegates
Resource Out-of-Policy Requests
Resource In-Policy Requests

Total Views: (25787)

DemonBuddy Cracked #291 – Updated 14th December 2012

DemonBuddy Cracked for build #291

Please support and buy the software from www.demonbuddy.com if you find it useful.

Download here

1. Extract it

2. Copy over previous Plugins, Routines and Settings folders

3. ???

4. Profit.

Enjoy.

VirusTotal

SHA256: 6b086b54c681545690ebaf6bdaf078028001cb7446437fd6dff159e0aadac57e
File name: DemonBuddy.291.Cracked.rar
Detection ratio: 0 / 46
Analysis date: 2012-12-14 12:20:06 UTC

Total Views: (2672)

Error 3007 Diablo 3 Fix

Error 3007 Fix  “Your connection to the battle.net service has timed out” – Diablo 3

How to fix:

1. Start -> Control Panel -> Network and Sharing Center -> Change adapter settings

2. Right-click your connection and select properties.

3. Click ‘Internet Protocol Version 4 (IPv4) and press ‘Properties’.

4. Select  ‘Use the following DNS server addresses‘ and type in ‘8.8.8.8‘ under the ‘Preferred DNS server’.

error 3007 fix

5. Press Ok and log into Diablo 3.

error 3007 fix

6. Success! You can now change the DNS settings back to automatic!

Hope this helped.

Total Views: (6791)

How to remove auto-mapping in Exchange 2010

How to remove auto-mapping in Exchange 2010 (the SP1 ‘feature’).

I recently had to deal with a user adding a second exchange mailbox that corrupted every single day. This issue went on for literally months as I attempted various fixes. The strange part was there were 4 other users that also added this second exchange mailbox to their Outlook 2010 but none of them had any issues.

Another time this has caused me grief is when a user’s OST file was breaching the 20gb limit causing Outlook to be non-responsive. This was due to the extra exchange accounts being added all residing their mail into the one OST file.

Instead of babbling on how the ridiculous amount of attempts to fix the original issue, I’ll get straight to the point and explain how to remove the auto-mapping in Outlook 2010 as this was the solution.

The Fix

After a quick google I found here http://technet.microsoft.com/en-us/library/hh529943(v=exchg.141).aspx you can disable auto-mapping via the following commands


$FixAutoMapping = Get-MailboxPermission sharedmailbox |where {$_AccessRights -eq "FullAccess" -and $_IsInherited -eq $false}

$FixAutoMapping | Remove-MailboxPermission

$FixAutoMapping | ForEach {Add-MailboxPermission -Identity $_.Identity -User $_.User -AccessRights:FullAccess -AutoMapping $false}

However this did NOT work for myself.

I took the following steps on our SBS 2011 server to remove the auto-mapping feature.

  1. Open the tool ‘ADSI Edit’ from the Administrative Tools.
  2. Browse to the offending user(mailbox) that you would no longer like to be automatically mapped to particular users.
  3. Right-click the account and select Properties.
  4. In the Attribute Editor, select ‘Filter’ in the bottom right corner.
  5. Ensure ‘Show only attributes that have values’ is ticked.
automapping
6. Browse in the list attributes and select ‘msExchDelegateListLink’. These are the list of users that the account will automatically map to (populated by those with Full Access to the mailbox).
automapping2
7. Select Edit, click on the user you would like to no longer auto-map to and select Remove.
automapping
8. Press Ok then Apply.

Success! You can now start Outlook on the users workstation and the mailbox with full access will not map itself.

From here you can go into account settings and manually add the second exchange account without any weird issues arising.

I hope you enjoyed and/or benefited from this guide,

Systematic Admin.

Total Views: (33461)