Category: Uncategorized

Java security settings

Java 7u51 has been a headache so far with security settings, especially on a terminalserver. I needed to adjust the security setting for Java for all users on the terminalserver and add a website (example.com) to the exception site list in Java.

The solution was to create 3 text files and place them all in the folder C:\Windows\Sun\Java\Deployment

filename: Deployment.config

deployment.system.config=C:\WINDOWS\Sun\Java\Deployment\deployment.properties
deployment.system.config.mandatory=true

filename: deployment.properties

deployment.security.level=MEDIUM
deployment.security.level.locked=
deployment.user.security.exception.sites=C\:\\WINDOWS\\Sun\\Java\\Deployment\\exception.sites

filename: exception.sites

https://www.example.com

After these 3 textfiles are created, the new java settings till take effect at next logon, and you can verify it by looking at the security tab in java control panel.

Exchange 2010 – Export mailbox to pst

Start Exchange Management Shell.
Give your self rights to do export and import
Command:
New-ManagementRoleAssignment –Role “Mailbox Import Export” –User Administrator

Then close Exchange Management Shell and restart it.

Now export mailbox using this command:
Command:
New-MailboxExportRequest -mailbox user@domain.no -FilePath \\localhost\temp$\user.pst

The export command needs a UNC path for the filepath. I have just created a hidden temp share. Remember to delete temps after job is completed 🙂

Find disabled users with their group membership and remove them from their groups

To quickly see the disabled users and their group membership in your Active Directory you can use this Powershell command:

Get-ADUser -SearchBase “OU=OU1,DC=domain,DC=local” -Filter ‘enabled -ne $True’ -Properties memberof | ft samaccountname, MemberOf -auto

This script will prompt you for a searchbase (Like “OU=OU1,DC=lab2,DC=local”) and remove all disabled users from their groups:

$inputfromuser = Read-Host ‘Enter AD Searchbase ‘
if ($inputfromuser -like “”)
{
Write-Host “Input error”
}
else{

$Diableduser = Get-ADUser -SearchBase $inputfromuser -Filter ‘enabled -ne $True’ -Properties memberof
foreach ($user in $Diableduser)
{
foreach ($member in $user.MemberOf)
{
Write-Host “Removing” $user.SamAccountName “from” $member
Remove-ADGroupMember $member -Members $user.SamAccountName -Confirm:$false
}
}
}

Honorable mention for assisting on this script goes to Bjørn Wang

edit: Added script for membership removal

List installed certificates with Powershell

To list the installed certiifcates in the local computer store I use the following one-liner:

dir Cert:\LocalMachine\My | fl thumbprint, SerialNumber, Subject, NotBefore, NotAfter, Issuer

You can replace “LocalMachine” with “CurrentUser” to list certificates in the current user store.

Transfer or seize FSMO roles with powershell

To transfer all FSMO roles from one DC to another you can use the following line in powershell: 

Move-ADDirectoryServerOperationMasterRole -Identity “Target-DC” -OperationMasterRole SchemaMaster,RIDMaster,InfrastructureMaster,DomainNamingMaster,PDCEmulator

Replace “Target-DC” with the name of the domain controll (case sensitive)

To seize the roles, add “-Force” in the end of the command

Legacy Microsoft Office Download locations

Microsoft Office 2010 Download Locations

A. Full Retail (FPP): http://office.microsoft.com/en-us/products/microsoft-office-2010-backup-FX101853122.aspx

B. Product Key Card (PKC): http://office.microsoft.com/en-us/buy/using-the-product-key-card-FX101853163.aspx

Microsoft Office 2007 Download Locations

A. Full Retail (FPP): http://www.microsoft.com/office/downloads/

B. Medialess Licensing Kit (MLK): http://www.microsoft.com/office/backup/en-us/default.mspx

Delete old files from commandline

To quickly run a command (like delete) on files older than X days in commandprompt:

forfiles -p “C:\folder\Subfolder” -s -m *.* -d (Number of days) -c “cmd /c (command) @PATH”

Number of days has to be negative for days in the past (for example -30 for 30 days old). Replace “command” with the command you want to run (like del or echo)  

Create a custom event with powershell

To create an event without eventcreate.exe, which is limited to EventID below 1000, you can use powershell. { } indicates what you have to customize and then just run everything as admin from powershell.

$evt=new-object System.Diagnostics.Eventlog(“{Application/System/etc..}”)

$evt.Source=”{SOURCE}”

$evtNumber={EVENT ID}

$evtDescription=”{write a description}”

$infoevent=[System.Diagnostics.EventLogEntryType]::{Warning/Error/etc..}

$evt.WriteEntry($evtDescription,$infoevent,$evtNumber)