• Mac OS X,  Mac OS X Server,  Mac Security

    Using mdmclient on macOS

    I mentioned mdmclient when I gave the talk on the inner workings of Mobile Device Management, or MDM. There, I spent a lot of time on APNs and profiles, but just kinda’ spoke about mdmclient in terms of it being the agent that runs on macOS to provide mdm parity for the Mac. The mdmclient binary is located at /usr/libexec/mdmclient and provides pretty limited access to see how the Mac reacts to and interprets information coming from a device management provider. I had been meaning to do a write-up on mdmclient and document what it can do since it first shipped. But as luck would have it, @Mosen on the…

  • iPhone,  Microsoft Exchange Server

    Block Specific iOS Versions From Accessing Exchange

    Exchange Online and Exchange 2010-2016 can block a device from accessing ActiveSync using a policy. To do so, first grab a list of all operating systems you’d like to block. To do so, first check which ones are out there using the Get-ActiveSyncDevice command, and looking at devicetype, deviceos, and deviceuseragent. This can be found using the following command: Get-ActiveSyncDevice | select devicetype,deviceos,deviceuseragent The command will show each of the operating systems that have accessed the server, including the user agent. You can block access based on each of these. In the following command, we’ll block one that our server found that’s now out of date: New-ActiveSyncDeviceAccessRule -Characteristic DeviceOS -QueryString…

  • Microsoft Exchange Server

    Manage ActiveSync Policies on iOS Using Powershell in Exchange 2016

    Sometimes you need to manage policies in Exchange ActiveSync programmatically. For example, if a device shows up in a JSS, you can deploy policies to that device at the Exchange ActiveSync (EAS) level rather than using a mobileconfig. To manage these, Microsoft has provided a few pretty easy-to-use commandlets in Powershell. The New-MobileDeviceMailboxPolicy commandlet in Powershell will create a policy based on some attributes that you define. The Get-MobileDeviceMailboxPolicy commandlet in Powershell will show what the contents of a given policy are. The Set-MobileDeviceMailboxPolicy commandlet will set a policy, and has the same structure s the New-MailboxDeviceMailboxPolicy, but applies to existing policies. The Remove-MobileDeviceMailboxPolicy commandlet in Powershell will delete a policy. The Get-MobileDeviceMailboxPolicy commandlet in…

  • Active Directory,  Windows Server,  Windows XP

    Use Syslog on Windows

    There are a number of tools available for using Syslog in a Windows environment. I’ll look at Snare as it’s pretty flexible and easy to configure. First download the snare installation executable from http://sourceforge.net/projects/snare. Once downloaded run the installer and simply follow all of the default options, unless you’d like to password protect the admin page, at which point choose that. Note that the admin page is by default only available to localhost. Once installed, run the “Restore Remote Access to Snare for Windows” script. Then open http://127.0.0.1:6161 and click on Network Configuration in the red sidebar. There, we can define the name that will be used in syslog (or leave…

  • Microsoft Exchange Server,  Windows Server

    Script to Create Exchange Mailboxes for Active Directory Users Based On OU

    Here’s a little powershell script to enable mailboxes based on an OU and put their new mailbox into a given database. To customize, change OU=ORGANIZATIONALUNIT,DC=companyname,DC=com to the DN for the OU you are configuring. Also, change DATABASENAME to the name of the information store that you’d like to use for the mailboxes in that OU. Import-module activedirectory $OUusers = Get-ADUser -LDAPfilter ‘(name=*)’ -searchBase {OU=ORGANIZATIONALUNIT,DC=companyname,DC=com} foreach($username in $OUusers) { Enable-Mailbox -Identity $username.SamAccountName -database {DATABASENAME} }

  • Microsoft Exchange Server,  Windows Server,  Windows XP

    Check It Ma, Logz For Dayz

    On a Mac, I frequently use the tail command to view files as they’re being written to or in use. You can use the Get-EventLog cmdlet to view logs. The Get-EventLog cmdlet has two options I’ll point out in this article. The first is -list and -newest. The first is used to view a list of event logs, along with retention cycles for logs, log sizes, etc. Get-EventLog -list You can then take any of the log types and view information about them. To see System information: Get-EventLog System There will be too much information in many of these cases, so use the -newest option to see just the latest:…

  • Microsoft Exchange Server

    Selectively Import PST Files Into Outlook

    I’ve written plenty about exporting mailboxes from Exchange. But what if you need to perform a selective import into Outlook? This is helpful for importing mail in date ranges, using an import to search for terms (common with litigation holds) and importing contacts and calendars. To get started, click Open from the File ribbon. When prompted, click on Import/Export. At the Import and Export Wizard screen, click on “Import from another program or file” At the “Import a File” screen, click on “Outlook Data File (pst)”   At the Import Outlook Data File screen, choose the mailbox to import into and then click on the Filter button. Using the filtering…

  • Microsoft Exchange Server

    Migrating Symantec Enterprise Vault SQL Tables

    If you use Symantec’s Enterprise Vault solution and you need to migrate the SQL tables for Enterprise Vault to another server, you might have noticed that it’s not as simple as dumping tables from one host, restoring tables to another and changing some information on the Enterprise Vault server. This process takes a lot of time and is a relatively painful endeavor. But now Symantec has made the process much simpler, releasing a migration tool just for the database, available here: http://www.symantec.com/business/support//index?page=content&id=TECH214373 I guess they were listening to customers who complained about the process. Good for them!

  • Microsoft Exchange Server,  Network Infrastructure,  Windows Server

    Delete Messages From Exchange Using PowerShell

    Before I type anything else, allow me to state that running a search and deleting things with a script from a users (or a loop of all users) is a very dangerous process. However, I’ve often noticed that an outbreak of bad things can cause us to do some pretty awesome things. So, you can use the get-Mailbox cmdlet to pipe a mailbox into the search-mailbox cmdlet and from there use the -SearchQuery option to search for an attachment, following the attachment option with a filename and then delete it using the -DeleteContent option. The example would be as follows: Get-Mailbox -Identity “cedge” | Search-Mailbox -SearchQuery attachment:ichatsmileys.pkg.zip -DeleteContent You can…

  • Microsoft Exchange Server,  Windows Server

    Redirecting Exchange Login Pages

    By default, when you require an SSL certificate in IIS on an Exchange server, if users hit the page without providing an https:// in front they will get an error. Rather than require certificates, it’s better in most cases to redirect unsecured traffic to a secured login page. In order to do so, first configure the redirect. To do so, open IIS Manager and click on the Default Web Site. At the bottom of the pane for the Default Web Site, click Features View if not already selected. Then open HTTP Redirect. Here, check the box for “Redirect requests to this destination” and provide the path to the owa virtual directory (e.g.…