Thursday, October 31, 2013

Free voucher for MS Virtualization Certification exam

Just learned in TechNet Newsletter that Microsoft will be issuing out free vouchers to those attending their live Server Virtualization Jump Start on November 19 & 20 from 9:00 am - 4:30 pm PST.

Tuesday, October 29, 2013

Spiceworld

Unable to attend Spiceworld 2013 check out the uStream feed:

  • http://www.ustream.tv/channel/spiceworld-2013

or following directions to watch via VLC:


  • Install LiveStream (https://github.com/chrippa/livestreamer/releases/tag/v1.6.1) 
  • Open CMD browse to Livestream folder Execute following: livestream.exe
  • http://www.ustream.tv/channel/spiceworld-2013 best should open in VLC
Check out the Agenda:

Monday, October 28, 2013

Bamboo SharePoint Solutions

****Warning*****

Something I just learned after I tried to remove a Bamboo SP Calendar Solution from our farm.  It changes webconfig to reference new/updated Telerik command/extension.

The removal of their solution cripples your SharePoint rendering all sites outside of Central Admin unreachable.

Solution is to re-install their core wsp from trail solution.

If you wish to remove completely without crippling your SP check out their write up:

http://community.bamboosolutions.com/blogs/sharepoint-2010/archive/2012/08/23/how-to-remove-a-web-config-modification-using-powershell.aspx

http://store.bamboosolutions.com/KB/article.aspx?id=12486&query=Telerik.Web.UI

New Vulnerability Source

We recently had a visit from the FBI to discuss our system security as we are becoming more of an international player.

One of the source they provided me is US-cert.  There are several newsletters you can register for.

I received my first issue of US-CERT Cyber Security Bulletin (https://www.us-cert.gov/ncas/bulletins/SB13-301) today.

A quick glance down the list showed some surprising issues I had to verify on our network.

WatchGuard and VMware: Glad to report I was already patched and no issues there.

Highly recommend signing up for at least this newsletter.

Microsoft Virtual Academy: PowerShell M01

Looking to learn more about Power Shell I stumbled across a link on SpiceWorks that lead me to Microsoft Virtual Academy. http://www.microsoftvirtualacademy.com/training-courses/getting-started-with-powershell-3-0-jump-start?o=3276#?fbid=aVs9FfAH2DJ

I have decided to complete and write a review of each module over the next 9 wks (1 module a week).

Today starts out Module 1.

  • Contains two videos:
    1. Intro - Don't fear the shell (6.41 mins)
    2. Getting familiar with the shell (53:00 mins)
  • Presentations
    1. 01-Dont fear the shell 1.pptx (15 slides)





Starting off we get a brief introduction from Jeffrey Snover, the inventor of PowerShell, and Jason Helmick, Senior Technologist at Concentrated Technology.

Then we start going over understanding and becoming comfortable with the shell.

Discuss history of PowerShell.  Warn against running out to install 3.0 with out checking release notes first. There are systems that do not support V3 (SP 2010 is one of them).

First introduction to PowerShell is how to tell if you are in Administrator mode or not.  In the Program's title bar your should see Administrator: Windows PowerShell and not Windows PowerShell. If you are not in administrator mode you will have limited access and rights.

Second is a quick lesson on customizing the window to work better for coding.

  • Accessing preferences
    • Right click the title bar to get drop down, select preferences
  • Changing the font to make it easier to differentiate ` vs '
    • recommend Lucida Console
    • set to bold if presenting
  • Setup window size
    • Layout tab
      • Adjust Window to fit on desktop (black screen)
        • ensure blue does not fall off the screen
      • Ensure Screen buffer and Window size width match
      • Ensure Screen buffer Height is 3000+
        • allows you to see more past commands
        • many PowerShell Console default to 300
  • Colors
    • adjust to desired scheme
Third go over basic commands
  • cmdlets: Verb - Noun
    • set-location
      • change directory
    • Clear-host
      • clear screen
    • get-childitem
      • list out directory
  • Native commands work
    • ping
    • ipconfig
    • calc
    • notepad
  • Aliases (DOS/Unix)
    • dir / ls
      • actual runs get-childitem
    • cd
      • actual runs set-location
    • cls
      • actual runs clear-host
    • get-alias / gal
      • list of aliases
Fourth discussed and demonstrated help/gal searching
  • gal g*
    • All aliases starting with G
  • gal *sv
    • all aliases containing SV


Friday, October 25, 2013

Microsoft Virtual Academy: PowerShell

Looking to learn more about Power Shell I stumbled across a link on SpiceWorks that lead me to Microsoft Virtual Academy. http://www.microsoftvirtualacademy.com/training-courses/getting-started-with-powershell-3-0-jump-start?o=3276#?fbid=aVs9FfAH2DJ

I have decided to complete and write a review of each module over the next 9 wks (1 module a week).

Starting Monday with Module 01 check back or head on over to MS site to sign up and complete your own.

Tuesday, October 22, 2013

SharePoint 2010: Setup Document Library to accept emails

To better utilize our SharePoint setup and reduce strain on end users I needed to set up processing of incoming emails for a couple of document libraries (Quotes and Shipping Labels).  Below are the steps I used to complete.

Check out my How-to with screen shots on SpiceWorks at:
http://community.spiceworks.com/how_to/show/54771-sharepoint-2010-setup-document-library-to-accept-emails


Ensure your SharePoint Server has SMTP feature installed and configured.



First we need to configure some farm level features:

  1. Access Central Administration > System Settings
  2. Configure Incoming email settings
  3. Enable Incoming E-Mail
    1. Enable: Yes
    2. Mode: Automatic
      • Automatic for email
      • Advanced for drop folder (need to validate permission's on folder)
  4. Directory Management Service
    1. Directory Management Service: Yes
      • No - will have to manually create any needed groups and contacts
      • Yes - SharePoint will create groups and contacts as needed
      • Remote - Seperate server configured to manage the creation of groups and contacts
    2. Container: Enter container info
      • We setup a seperate OU for all our SharePoint Accounts and Groups during setup so we just added an OU with in called Contacts
    3. SMTP mail server: SharePoint Server with SMTP service running
    4. Accept messages from authenticated users only
      • Yes for internal use only
      • No to allow outside emails to be processed
    5. Distrubution group creation
      • Yes Allow creation of Distribution groups
      • No Deny creation of Distrubution groups
    6. Distrubution group settings - Limit settings allowed with SharePoint if groups can be created
      • Create new distribution group
      • Change distribution group e-mail address 
      • Change distribution group title and description
      • Delete distribution group
  5. Incoming E-Mail Server Display Address
    • Set to something user friendly / your domain
  6. Safe E-Mail Servers
    • You can limit what email servers to process email from or leave it open to all.


Next we need to setup the feature on desired Document Library.

  1. Navigate to desired Document Library you wish to add feature to.
  2. On the ribbon click"Library"
  3. Click "Library Settings"
  4. Click "Incoming e-mail settings" under Communications
  5. Complete the following:
    1. Incoming E-Mail
      1. Allow: Yes
      2. E-mail address: [Enter email address to use]
    2. E-Mail Attachments
      1. Group: Select process that works for you
      2. Overwrite: Decide if overwrite is allowed or not
    3. E-Mail Message
      1. Decide if the email message needs to be saved also
    4. E-Mail Meeting Invitations
      1. Decide if the email message needs to be saved also
    5. E-mail Security
      1. Decide how you want to control who can add to library
        1. If allowing outside emails in you may see SPAM


Tuesday, October 15, 2013

SharePoint 2010 People Search Filtering

Working on our internal Phone book in SharePoint using the Enterprise Search: People Search Feature. I had to ensure none of our service accounts or other non-company users were being displayed.



First I setup Connection filters.

  • Central Administration > Application Management > Service Applications > 
  • Manage Service Applications > User Profile Service > Synchronization > 
  • Configure Synchronization Connections > [Your AD Connection] > Edit Connection Filters


Used the Any apply (OR) for the following rules:

         Attribute                         Operator                               Filter
sAMAccountName                 Contains                            Calendar 
sAMAccountName                 Contains                            Privileged 
sAMAccountName                 Contains                                   _ 
userAccountControl                Bit on equals                            17

This takes care of the accounts we have for department calendars [deptcalendar], any elevated management accounts [username Privileged], service accounts [System_Service] and any account that has a non-expiring password.

No even with all of this I was still seeing a service account sneaking in creating its own profile and for the life of me I could not stop it.  I don't care if it has a mySite I just don't want it to show up in our Phone book. 

After about a day and a half of searching finally came across the process to resolve this issue.  I needed to set up an exclusion on the People Search Core Results > Results Query Options > Append Test To Query.
-prefrerredname:"[enter format here]" in our case I setup -preferredname:"SP_*".  Ensure you do this to any pages that contain the People Search Core Results web app in our case we have two pages: People-Directory and peopleresults.




Friday, October 11, 2013

SharePoint 2010: Adding back deleted User Profile Property

So recently playing with SharePoint User Profiles.  Noticed we were getting duplicate Office/Office Values.  This was being caused by our Sync with AD as SP would pull the Office Field and SP also has an Office Location (that for use was the same).  I attempted to reuse the SP Office Location but could not make it accept the values I wanted.  I just deleted it, oops now profile pages wouldn't load.  Did some searching and found this article to be the most help full.


Adding back deleted User Profile Property
http://social.technet.microsoft.com/Forums/sharepoint/en-US/47f6e479-fad0-456f-ba93-f24c6f1212f0/adding-back-deleted-user-profile-property

Most specifically found Modulacht's response to be the best:

------------------Begin Quote------------------

Create a new Property with name like "SPSLocation" (leave the '-' after 'SPS'). In this way the propertyname will be accepted. Now just start your SQL-Server Management Studio, select and edit the appropriate record in you profile database.

In my case I used the following SQL: Using this SQL to select the appropriate record (Ensure that you only get 1 result-line!!!):

SELECT *
FROM PropertyList
WHERE PropertyName='SPSLocation'

Using this SQL to edit the appropriate record:

UPDATE PropertyList
SET PropertyName='SPS-Location'
WHERE PropertyName='SPSLocation'

------------------End Quote------------------

Followed above steps and within 10 minutes had my Profiles back working.

Tuesday, October 8, 2013

Windows Scheduled Tasks Service Account Report (Power Shell v2)

Wiped this one together to verify none of our scheduled tasks are using our domain administrator account prior to password change.

First step is setting up the source file.
On my servers I have the following structure: %root%\_scripts\source files

  • Create a text file in your source location, ensure it is a txt file
  • one server name per line
Copy the code below into a .ps1 file or you can download from my Google drive here
Update the fields highlighted in blue to meet your requirements. 

Hope this is helpful.
(If you find it helpful please head over to Spiceworks and Spice up the code to help other IT members find it: http://community.spiceworks.com/scripts/show/2213-scheduled-tasks-service-accounts)

# +-----------------------------------------------------------------------------------
# | File : Scheduled Tasks Service Accounts.ps1                                        
# | Version : 1.01                                        
# | Purpose : Pulls Scheduled Tasks from list of servers
# |           Saves to individual CSV files
# |           Can Email reports
# |           Can remove reports before script exits
# | Based on: Ryan Schlagel's Scripts
# |           http://ryanschlagel.wordpress.com/2012/07/09/managing-scheduled-tasks-with-powershell/
# +-----------------------------------------------------------------------------------
# | Maintenance History                                          
# | -------------------                                          
# | Name            Date        Version  C/R  Description      
# | ----------------------------------------------------------------------------------
# | Chris Lee     2013-10-08     1.01         Initial scirpt build
# +-----------------------------------------------------------------------------------


###SETUP START###
#-------DO NOT MODIFY-------#
#Add Exchange 2007 commandlets (if not added)
if(!(Get-PSSnapin | Where-Object {$_.name -eq "Microsoft.Exchange.Management.PowerShell.Admin"})) {ADD-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin}
#Add Quest commandlets (if not added)
if(!(Get-PSSnapin | Where-Object {$_.name -eq "Quest.Activeroles.ADManagement"})) {ADD-PSSnapin Quest.Activeroles.ADManagement}
#Defines Time/Date Stamp used
$CreateStamp = Get-Date -UFormat %d_%m_%Y
###SETUP END###

###USER VARIABLES START###
#-------MODIFY AS NEEDED-------#
#Define path to server list to be used
    $path = "[PATHTOYOURSERVERLISTTEXTDOCUMENT]"
#Define path to temp/report folder include trailing \
    $temppath = "[PATHTOYOURTEMPFOLDER]"
#Email reports to admin "True" | "False"
    $email = "True"
#Delete files after script runs "True" | "False"
    $delete = "True"
#Enter System Admin
    $AdminName="[YOURADMINNAME]"
#Enter Admin Email Address
    $to="[YOURADMIN]@[YOURDOMAIN].com"
# SMTP Server to be used
    $smtp = "[YOURSMTP]"
# "From" address of the email
    $from = "ServerReports@[YOURDOMAIN].com"
#Enter Path to reports
    $file="C:\_temp\"
# Define font and font size
# ` or \ is an escape character in powershell
    $font = "<font size=`"3`" face=`"Calibri`">"
###USER VARIABLES END###

###PROGRAM VARIABLES START###
#-------DO NOT MODIFY-------#
# Get today's day, date and time
$today = (Get-date)
# Newline character
$newline = "<br>"
#Enter Subject line required for ticketing system
$subject="Service Accounts Report for " + $domain + " servers."
#Section break
$secbreak="`r`n---------------------------------------------------------------------------------------------------------------------------`r`n"
#Pull Domain information for email
$Domain = ([adsi]'').distinguishedname -replace "DC=","" -replace ",","."
###PROGRAM VARIABLES END###

###PROGRAM START###
#Loads Server list into varialbe
$a = Get-Content $path
#Declare string for report structure
$attachment = @()
#Generates CSV file with scheduled service account information for each server
foreach ($i in $a)
    {
      $schedule = new-object -com("Schedule.Service")
      $schedule.connect("$i")
      $tasks = $schedule.getfolder("\").gettasks(0)
      $tasks  | Format-Table Name, @{Name="RunAs";Expression={[xml]$xml = $_.xml ; $xml.Task.Principals.principal.userID}}, LastRunTime, NextRunTime -AutoSize |  Export-csv "$temppath$i.csv" -notype
      IF($tasks.count -eq 0) {Write-Host “Schedule is Empty”}
      $attachment += "$temppath$i.csv"
    }

#Check if email of files is desired
IF ($email -eq "True")
    {
        # Message body is in HTML font        
        $body = $font
        $body += "Dear " + $AdminName + ","+ $newline + $newline
        $body += "Attached are report(s) for scheduled tasks service accounts on " + $domain + " servers ." + $newline

        # Put a timestamp on the email
        $body += $newline + $newline + $newline + $newline
        $body += "<h5>Message generated on: " + $today + ".</h5>"
        $body += "</font>"

        # Invokes the Send-MailMessage function to send notification email
        Send-MailMessage -smtpServer $smtp -from $from -to $to -subject $subject -BodyAsHtml $body -Attachments $attachment
     }

#Check if removal of files is desired
IF ($delete -eq "True")
  {
    #Removes created file
    foreach ($i in $a)
      {
        Remove-Item "c:\_temp\$i.csv" -Recurse
      }
  }

###PROGRAM END###

Windows Service Account Report (Power Shell v2)

Well it has been busy.  After My two weeks away we let a group of users go which has lead to a whole new task of automating on boarding and off boarding users.  Still tweaking the scripts and will post them once I feel they are solid.  But here is a script that I pieced together in response to a post on SpiceWorks (see post here).

 Request was to pull Service Accounts from servers to see what account is running what.

Some quick searching had this resolved and then I wanted to export to file and offer up emailing the reports.

First step is setting up the source file.
On my servers I have the following structure: %root%\_scripts\source files

  • Create a text file in your source location, ensure it is a txt file
  • one server name per line
Copy the code below into a .ps1 file or you can download from my Google drive here
Update the fields highlighted in blue to meet your requirements. 

Hope this is helpful.
(If you find it helpful please head over to Spiceworks and Spice up the code to help other IT members find it: http://community.spiceworks.com/scripts/show/2212-service-account-report)

# +-----------------------------------------------------------------------------------
# | File : Service Account Report.ps1                                          
# | Version : 1.01                                          
# | Purpose : Pulls Service Accounts from list of servers
# |           Saves to individual CSV files
# |           Can Email reports
# |           Can remove reports before script exits
# +-----------------------------------------------------------------------------------
# | Maintenance History                                            
# | -------------------                                            
# | Name            Date        Version  C/R  Description        
# | ----------------------------------------------------------------------------------
# | Chris Lee     2013-10-08     1.01         Initial scirpt build
# +-----------------------------------------------------------------------------------


###SETUP START###
#-------DO NOT MODIFY-------#
#Add Exchange 2007 commandlets (if not added)
if(!(Get-PSSnapin | Where-Object {$_.name -eq "Microsoft.Exchange.Management.PowerShell.Admin"})) {ADD-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin}
#Add Quest commandlets (if not added)
if(!(Get-PSSnapin | Where-Object {$_.name -eq "Quest.Activeroles.ADManagement"})) {ADD-PSSnapin Quest.Activeroles.ADManagement}
#Defines Time/Date Stamp used
$CreateStamp = Get-Date -UFormat %d_%m_%Y
###SETUP END###

###USER VARIABLES START###
#-------MODIFY AS NEEDED-------#
#Define path to server list to be used
    $path = "[PATHTOYOURSERVERLISTTEXTDOCUMENT]"
#Define path to temp/report folder include trailing \
    $temppath = "[PATHTOYOURTEMPFOLDER]"
#Email reports to admin "True" | "False"
    $email = "True"
#Delete files after script runs "True" | "False"
    $delete = "True"
#Enter System Admin
    $AdminName="[YOURADMINNAME]"
#Enter Admin Email Address
    $to="[YOURADMIN]@[YOURDOMAIN].com"
# SMTP Server to be used
    $smtp = "[YOURSMTP]"
# "From" address of the email
    $from = "ServerReports@[YOURDOMAIN].com"
#Enter Path to reports
    $file="C:\_temp\"
# Define font and font size
# ` or \ is an escape character in powershell
    $font = "<font size=`"3`" face=`"Calibri`">"
###USER VARIABLES START###

###PROGRAM VARIABLES START###
#-------DO NOT MODIFY-------#
# Get today's day, date and time
$today = (Get-date)
# Newline character
$newline = "<br>"
#Enter Subject line required for ticketing system
$subject="Service Accounts Report for " + $domain + " servers."
#Section break
$secbreak="`r`n---------------------------------------------------------------------------------------------------------------------------`r`n"
#Pull Domain information for email
$Domain = ([adsi]'').distinguishedname -replace "DC=","" -replace ",","."
###PROGRAM VARIABLES END###

###PROGRAM START###
#Loads Server list into varialbe
$a = Get-Content $path
#Declare string for report structure
$attachment = @()
#Generates CSV file with service account information for each server
foreach ($i in $a)
  Get-WmiObject win32_service -computer $i | select name, startname, startmode | Export-csv "$temppath$i.csv" -notype
  $attachment += "$temppath$i.csv"
}

#Check if email of files is desired
IF ($email -eq "True")
    {
        # Message body is in HTML font          
        $body = $font
        $body += "Dear " + $AdminName + ","+ $newline + $newline
        $body += "Attached are report(s) for service accounts on" + $domain + " servers ." + $newline 

        # Put a timestamp on the email
        $body += $newline + $newline + $newline + $newline
        $body += "<h5>Message generated on: " + $today + ".</h5>"
        $body += "</font>"

        # Invokes the Send-MailMessage function to send notification email
        Send-MailMessage -smtpServer $smtp -from $from -to $to -subject $subject -BodyAsHtml $body -Attachments $attachment
     }

#Check if removal of files is desired
IF ($delete -eq "True")
  {
    #Removes created file
    foreach ($i in $a) 
      {
        Remove-Item "c:\_temp\$i.csv" -Recurse
      }
  }

###PROGRAM END###