Work – Page 5 – Absoblogginlutely!

Work

Remotsy – voice control for the tv

By Andy on Thursday, November 10, 2016

No more remotes — Image thanks to redjar at flickr

I just signed up for my first Kickstarter project for the remotsy package. A device that integrates with smartthings and alexa to control your remotes by voice. No more moving the cat and dog to see if they are sitting on the remote or hunting for them if they are not underneath them – instead I can just say “Alexa – continue watching Gilmore Girls” and the bluray will turn on, along with the tv and the lights can dim. This will be useful to reduce the number of remotes for our home entertainment system(currently at 4 total).
Watching the demo videa was amusing as they demonstrated Alexa commands – naturally my Alexa heard the ad and chimed in and although it got the time right, everything else was a “Sorry I don’t understand”
At $57 including shipping for a beta and a retail device it’s also pretty reasonably priced. There are quite a few packages left at the moment, but the project has just been released so I expect it to sell out pretty quickly

Work

Absoblogginlutely (weekly)

By diigo on Saturday, October 15, 2016

ZeroConfigExchange – Automating the Creation of an Outlook Profile for Exchange Online Accounts and Exchange On-Premises Environments – Outlooking on Outlook – your answers are here

tags: outlook exchange migration office365 4work zeroconfigexchange
Tip: a few useful PowerShell scripts for Exchange and Office 365 Admins – You Had Me At EHLO…

Office365 login scripts and the download locations are really helpful for new installs.I already have instructions in my $profile for the downloads but this would also be very handy.

tags: powershell office365 4work pre-requisites prereqs scripting

Posted from Diigo. The rest of my favorite links are here.

Work

Absoblogginlutely (weekly)

By diigo on Saturday, October 8, 2016

http://help.adobe.com/en_US/ppcompdoc/Step_by_step_guide_to_dps_se.pdf

A good guide on how to use Adobe’s digital publishing software to create apps and magazines for itunes. I have been doing a little bit of work with this the past couple of weeks and this document would have been handy.

tags: Adobe ipad digital publishing process 4work

Posted from Diigo. The rest of my favorite links are here.

Work

Absoblogginlutely (weekly)

By diigo on Saturday, October 1, 2016

LabTech Geek • View topic – LabTech for VDI – Introducing

Utils on how to have an installed Labtech client but still allow sysprep to work and have machines check in as different computers.

tags: Labtech vdi 4work enable cloning screenconnect
Identity synchronization and duplicate attribute resiliency | Microsoft Azure

New behavior of how to handle objects with UPN or ProxyAddress conflicts during directory sync using Azure AD Connect.

tags: identity synchronization microsoft azure duplicate 4work aadconnect dirsync

Posted from Diigo. The rest of my favorite links are here.

Work

Absoblogginlutely (weekly)

By diigo on Saturday, September 24, 2016

PHP Tester

Nice php test page to check the output of your php scripts before going into production and/or needing a real server.

tags: php testing test 4work coding
Use PowerShell to integrate with the Lync 2013 SDK for Skype for Business – Part 2 | Hey, Scripting Guy! Blog

Although I script my Lync status, I don’t currently do any group and contact information. Bookmarking this post for reference later.

tags: powershell lync scripting 4work

Posted from Diigo. The rest of my favorite links are here.

Wordpress Work

WordPress 4.6 is out now.

By Andy on Tuesday, August 16, 2016

I’ve spent most of the day fighting a WordPress install at work as it has been slow and sending various out of memory issues on a 16GB of memory VPS – so should really have enough memory to run a WordPress site. Therefore it was quite a surprise to see that 4.6 was released today for me to spend yet more time in WordPress today.

However, on this personal site, the upgrade went through smoothly with no issues (as far as I know).

AntiVirus Work

A laymans guide to malicious files and why you shouldn’t always trust the software.

By Andy on Sunday, July 31, 2016

It was an interesting week at work with several malware infections making it through the various av protections that we have in place which proves that end user education should be your primary line of defense in the fight against virus’. It is amazing how often people will click on random emails that have been sent to them with random filenames just because the email arrived in their inbox (or in another mailbox that they happen to have access to), even if it was not addressed to them.

I was lucky enough to get one of these emails through to my corporate mailbox on Tuesday this week, evading detection by McAfee email protection and Forefront on the desktop. (Using another av solution would not have prevented this as you will see later)

Fake looking email — Would you trust this email?

This was obviously some scam with the description of the user not even matching the email address of the user. Being curious, I naturally saved the file to my hard drive and then uploaded it to virustotal. On Tuesday, only 1 of 58 av engines recognised this as a virus – kudos goes to Quihoo-360 for being the sole detector. I must admit that I’ve never even heard of this software and I was very surprised to see that only 1 av vendor recognised the file.

I submitted the file to McAfee for scanning by zipping the file up with 7-zip and password protecting it with the phrase infected and sending it to their response team at [email protected]. Incidentally, McAfee’s instructions for doing this are very outdated as Windows10 no longer has the option to password protect a zip file. McAfee immediately came back saying that their analysis was inconclusive and the file had been submitted for further research. This was an improvement on the previous sample I had submitted on Friday for a cryptolocker variant that came back as no virus found!

Wednesday morning I uploaded the file to virustotal again to see what the state of detection was.

This time the detection rate was slightly better – 9 products including Sophos that I use at home, but neither of the products in use at the office.

Thursday morning, two days after receiving the virus I received a response back from McAfee that confirmed the file was malicious. They included an extra.dat that would detect the file.

By this time, virustotal was showing 25 out of 53 products detecting the virus so it is getting better. Microsoft’s product was listed as detecting the file, yet Forefront was still passing it through as clean. Although virustotal has the definition date of 7/28, my computer was showing “defs of 7/26, update on 7/27”. Not sure why there is this discrepancy of the definition dates.

Yesterday, my laptop at home still had old definitions as it was not connected to the corporate lan and was still showing the file as clean which is pretty scary.

This morning I downloaded the file to my personal laptop, saving the file with a .txt extension so I would not accidentally open it – something that is easier to do on a touch screen tablet. Interestingly Sophos did not detect anything wrong with the file. Launching the file in notepad, it starts with the letters PK which implies the file is actually a zip file and there are several strings referring to HP printers and Adobe Photoshop.

At this point I’m not going to risk my machine further by opening it with 7zip to see what happens.

However when I copied the file to .zip or to .rtf Sophos did spring into action and quarantine the file. This is really handy as it protects the file from being saved to the machine in an executable form, but also allows you to save the file to the hard drive for further analysis in your debugger of choice. Other applications will quarantine the file no matter what the extension is, making it harder to retrieve. On the other hand, you now have an infected file on the machine that av is not discovering.

This Sunday morning, I uploaded the file to virustotal again. This time we’re slightly better at 29/54 detections. However, Comodo, Malwarebytes, Panda, SuperAntiSpyware,Symantec, TrendMicro and Vipre (among others) do not detect the file as malicious.

Malware bytes is an interesting discovery as it’s not usually regarded as an av product as it typically protects you from software being installed into suspicious locations such as autorun, startup, browser toolbars etc as opposed to traditional av that scans every file being written or read to the hard drive. However in this case and my recent cryptolocker, MalwareBytes failed to find anything malicious although HitManPro did find the Cryptolocker exe file on the machine (but MalwareBytes and McAfee did not).

The best av is the human kind that recognises a file is suspicious or unexpected and does not open it – although even this kind of av can fail (and some are more prone than others!)

Incidentally, one of my favourite solutions for the Cryptolocker variant, in theory at least, is pretty drastic and requires the permissions of file shares to be changed so that files can be created but they can’t be edited. Users (and software) would be able to write new files to the file share, but any edits to the file would not be allowed unless the changes are written to a new file. This forces users to do Save-As all the time, may break Office documents that insist on modifying the original file, but would stop Cryptolocker from overwriting files on the drive. Obviously this takes up a lot more disk space and would not be suitable for shares holding Autocad documents.

*Please note that this post is not meant to denigrate any one particular av product in particular as I understand that definitions take time to produce but av software that does not detect infections 5 days later should probably be evaluated to see if it is safe for continued use. I do reserve the right to moderate comments on this post if they are not helpful and just say “Product XYZ is useless”

Microsoft Work

Install telnet from the command line

By Andy on Tuesday, January 21, 2014

pkgmgr /iu:"TelnetClient"

Wait a bit for the install to finish.
I do wish that pkgmgr would actually wait until the install has finished before coming back to a dos prompt as it’s annoying that you have no idea when the install has actually completed. On my machine it takes about 30 seconds.
I’m finding it hard to believe that my laptop did not have telnet on it – as I use it all the time. However whenever I install telnet from the dos prompt I always have to look up the syntax (and it’s still quicker than going into add/remove programs.
Hopefully this blog post will hit the search engines and therefore the syntax will be displayed on the first page rather than having to open a Microsoft page, scroll down and then view the syntax.

Powershell Work

Pimp your Powershell Prompt

By Andy on Saturday, September 28, 2013

I use powershell a lot at work – I’m not a guru by any means and I often find it hard to remember the commands I have run in a session, either for future use or for documenting in my time sheet (which also acts as a point of reference for future helpdesk tickets).

When I started going through the Powershell in a month of lunches book (which I highly recommend or the Powershell v3 book) I decided to use the start-transcript commandlet to record all my powershell activities. This worked very well until I would scroll through several screens worth and then forget what file I had saved my transcript too. There was also the possibility of forgetting to transcript everything.

By using the powershell profile file I was able to enter the commands to automatically set the transcript to the current date. I was then able to modify the title of the powershell prompt to display the filename so I could always see where the file was saved with the added bonus of a variable being used if I ever needed to open the transcript

My next step was to include the time in the powershell prompt – this enables me to go back through the transcript and see how long it took to run the commands for my timesheet entries. Remembering back to the good old dos days, I remembered the prompt command. A quick bit of experimenting with the Date command I had the current time displayed at the beginning on the Powershell prompt. Note this is displayed after the previous command is run, so technically it’s not the exact current time, but the time that the prompt was displayed on the screen.

The final profile script can be copy/pasted into notepad by typing in

notepad $profile

is as follows:-

cd \andy\powershellinamonthoflunches

$log="c:\temp\powershelllogs-" + $env.username + (get-date -uformat "%y%m%d-%H%M") + ".txt"
start-transcript $log
$host.ui.rawui.WindowTitle = $log

function prompt
{
write-host ((Date -uformat %T).ToString() + "PS " +$(get-location) + ">") -nonewline
return " "
}

This ends up with a powershell prompt that looks like the following. Hope this brief posting inspires you to change your powershell prompt to be even more useful for you.

Email Office Powershell Work

Fixed – Office365 journalling does not work for one user

By Andy on Friday, September 20, 2013

I’ve been working on a case with Microsoft’s Office365 support for several weeks trying to find out why email sent *to* a particular user was not being journalled. All the other mail seemed to be journalled to the external recipient, email from the user was working, just not email to that user.

The experience was quite frustrating as Microsoft’s support were terrible at calling back and could not grasp the concept of email tracking. Their solution after making a change was to wait a day to see if it was fixed although it was quite apparent that the Microsoft servers were not even trying to send the email (by looking at the Trace Logs you can see what email was being sent and received).

After checking the connectors were setup, mail properly scoped, the user had no rules on their mailbox, Microsoft’s solution was to delete the mailbox and reset it up again. Not so easy when the mailbox/user is federated with Active Directory and the user happens to be the owner of the company. That was not a conversation I was going to have with them!

The only thing that was different with this user was that in troubleshooting this issue we had set the user up to receive the journalling non delivery reports. I figured that if the emails were not being delivered, maybe sending him the errors would help. However no reports were being received either. However, according to KB 2829319 this behaviour can be seen. Although I had removed the journal receipient in the web gui, the emails were still not being journalled until I added another external email address to the configuration using the powershell command set-transportconfig -JournalingReportNdrTo [email protected]

At this point, all the email started to be journalled.

Note that we only added the recipient into the mix when I was trying to work on the initial problem so it looks like this wasn’t the only fix.

The other thing we did was change the outboundconnector to be onpremises. Changing the setting in the GUI we then ran Set-OutboundConnector archivemymailconnector -routeAllmessagesviaonpremises $true.

These two combinations seemed to fix the issue.

One thing I also learnt was that it is really useful to send multiple emails between changes and keep the subject line starting the same. Use the date/time at the end of the email. That way you can sort the email logs by Subject and just pick out the ones you were working on. By having the subject start with zzz followed by Round X (ie zzz Round 1 – change connector – 1345pm and zzz Round 1 – change connector 1346pm ) then the results are likely to appear at the end of your mail logs if you sort by subject. Sorting by Date was not always a good idea as mail flow could occur between mail coming into the server and mail leaving the server.