Monthly Archives: October 2013

Tired of dealing with password resets

Issue Description


==============


Password Expiration Policy


 


 


Issue Resolution


==============


  1. Click Start > Search for Windows PowerShell > Right click ‘Run as administrator’.
  2. To establish connection, Open Windows Powershell (Run as administrator) then enter the Global Admin credential (Email address format) after running below script

 


$cred = Get-Credential


 


Set-ExecutionPolicy Unrestricted


 


$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $cred -Authentication Basic –AllowRedirection


 


Import-PSSession $Session


 


 


  1. Then we need to make sure we have Microsoft Online Module for Powershell already installed, in case if we don’t please download it from below source :

 


64 bit module version – http://go.microsoft.com/fwlink/p/?linkid=236297


                It may ask us to install the Microsoft Online Services Sign-In Assistant from below link : http://www.microsoft.com/en-us/download/details.aspx?id=39267


 


Then run the below commands and when asked enter the Global Administrator credentials again


 


Import-Module MSOnline


 


Connect-Msolservice


 


 


  1. To set the password policy to never expire, we may run the below commands
    1. For Individual user :-

Set-MsolUser –UserPrincipalName user@lmitc.com -PasswordNeverExpires $True


  1.  
    1. For All Users in the Organisation :-

Get-MsolUser | Set-MsolUser –PasswordNeverExpires $True



  1. To verify if password is set to never expire run the following command.

Get-MsolUser –UserPrincipalName user@lmitc.com | fl


See the below variable in the command shell ( PasswordNeverExpires :True )



 


  1. To set the password expiration to some number of days at domain level :
    Set-MsolPasswordPolicy -DomainName domain.com -NotificationDays 15 -ValidityPeriod 180

 


Note : Once we create a new user, we will have to set the password policy for that user again, as it is not possible to inherit that policy to the new user, so we will need to run the above commands again.


 

What does a fake voicemail virus email get you?

Well, for one example, here’s what Windows Defender Offline (http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline) found from a scan of an infected machine. Fortunately the user powered down the computer immediately after realizing he had been had.


Rogue:Win32/Winwebsec
Trojan
file:D:\ProgramData\hDa3n3aV\serv.bat
file:d:\users\–username-removed–\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro\Antivirus Security Pro support.url
file:d:\users\–username-removed–\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro\Antivirus Security Pro.url
folders:d:\users\–username-removed–\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro\

TrojanDownloader:Win32/Kuluoz.D
containerfile:D:\Users\–username-removed–\Downloads\VoiceMail_Seattle_(206)4581802.zip
file:D:\Users\–username-removed–\AppData\Local\dqegmcmb.exe
file:d:\users\–username-removed–\AppData\Roaming\Microsoft\Windows\Recent\VoiceMail_Seattle_(206)4581802.lnk
file:d:\users\–username-removed–\Downloads\VoiceMail_Seattle_(206)4581802.zip->VoiceMail_Seattle_(206)4581802.exe
regkey:HKCU@S-1-5-21-3504191443-3983057376-3714753911-2621\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\ojphvgtg
runkey:HKCU@S-1-5-21-3504191443-3983057376-3714753911-2621\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\ojphvgtg


A tip for you. After running the cleanup removal in Windows Defender Offline, reboot the machine with network disconnected to a Microsoft ERD Commander disc and use the registry editor and Windows Explorer to check the work of the cleanup tool and ensure everything is out of there. Then reboot and run Norton Power Eraser (https://security.symantec.com/nbrt/npe.aspx) for a final cleanup (has to be online for the Norton tool to work).

Need to pull data from your Exchange 2007 – 2013 logs?

Here’s how using PowerShell in the Exchange Management Shell:


get-messagetrackinglog -EventID “RECEIVE” -Start “10/22/2013 10:30:00 AM” -End “10/22/2013 4:00:00 PM” -ResultSize Unlimited |fl >c:\trackinglog.txt


By the way, the “-ResultSize Unlimited” will get you the full results to your text file and not truncate it.