Thanks for making me feel old(er)…
Thanks for making me feel old(er)…
Telstra and MS have agreed to provide a PSTN option (finally) from Skype for business online.
The telstra sales spead can be found here – https://www.telstra.com.au/business-enterprise/solutions/collaboration-conferencing/cloud-collaboration/telstra-calling-365
A good rundown of it (with less sales-speak) is available here – http://www.skype4badmin.com/telstra_calling_for_office365_announced/?lipi=urn%3Ali%3Apage%3Ad_flagship3_feed%3BlvXSTr%2FARtuirZuPGlYhyA%3D%3D
The author, concentrates on the release, the price point and the basic concept of what it can do.
The big possible downside here is Telstra. Anyone that has ever been unfortunate enough to deal with their multitude of billing departments and their ahem… “support” would have experienced the pain that dealing with Telstra can bring.
As always, it would be very nice if i was completely wrong – and Telstra had its shit completely together, and customers weren’t massively overbilled and the product worked…. all we can do is wait and see.
As per the link above, SMB 1 will no longer be installed by default in Win 10 1710 (which, given the release date, I’m guess that’s what it will be called among techs, rather than the exceedingly shitty “fall creators update” name – because calling two different versions “creators update” is logical) or the next version of Server 2016 (whatever that ends up being called).
Considering the recent-ish SMB1 targeted attacks, this isn’t surprising – and is a good move in my opinion. Issue is of course, the companies likely to hit by SMB1 (or other old-school attacks) are likely to not be up to date with their patching and even less likely to be up to date with OS versions – so it wont help secure the more vulnerable networks out there….
I, like many of the readers of this blog, have been getting messages constantly from “www.youracclaim.com” to get “badges” from the Microsoft exams they have sat over the past years.
I have ignored these up until recently, but when I went to update my linkedin profile, to include some recent university results, and thought “there must be an easy way to add my Microsoft certs, ill try this youracclaim.com thingy…. its from pearsonvue – how dodgey could it be?”
My question was soon answered with this (below) when trying to link my newly created “youracclaim.com” account and linkedin.
Post updates, make comments and like posts as me… are you fucking serious?!!?! Does anyone fall for that? (rhetorical question – someone must….)
<rant mode: on>
Direct Access (or DA) is awesome. Much like TMG before it, it fits into a segment of the market that nothing else covers in quite the same way.
DA is fully supported in 2016, but has had no new features added. I read somewhere that while it is still supported, it is no longer under active development (but I have no credible references to back that up).
DA could go from awesome (where it is now) to super-awesome (yes, that is my technical term for it) by:
Outside of that, we also had a client recently pass on that their Microsoft TAM was ragging on DA, claiming that its out-dated technology… I can only assume because “everything should be in the cloud”. Organisations aren’t going (and technically cannot in many cases) to move everything to the cloud overnight….. even if they did, clients still need to be able to get onto the corporate network – and some things companies may not wish to make some apps/data available publically – even with MFA/certs etc.
Anyway, this is my plea…. MS, don’t fuck up with DA like you did with TMG. Its a good product, develop it.
<rant mode: off>
Powershell makes life much easier than vbscript…. however it does have its downsides… signing policy can sometimes be a bit of pain and the modules you need have to be available…. which is an issue in particular for Windows PE.
Mick (good aussie name there) was nice enough to write a blog on how to import powershell into PE – without having to add it statically to the boot wim – http://mickitblog.blogspot.com.au/2016/04/import-active-directory-module-into.html
I was a little lazy here and copied both x86 and x64 required directories via robocopy rather than determining the version via powershell like Mick did.
The next step however is the more important one…. a task sequence doesn’t allow us to run a powershell command in PE with credentials, we need a secure way of running the command. In my case, I want to delete a computer object….
Step 1 – Generate a key file (perform on any full OS)
$Key = New-Object Byte 16
$Key | out-file $KeyFile
Step 2 – Encrypt a password using the key
$Key = Get-Content $KeyFile
$Password = “Your password here” | ConvertTo-SecureString -AsPlainText -Force
$Password | ConvertFrom-SecureString -key $Key | Out-File $PasswordFile
Step 3 – Create your script utilising the creds – (Below is the one I use to delete a computer object)
#SCCM TS Object
$tsenv = New-Object -COMObject Microsoft.SMS.TSEnvironment
$CompName = $tsenv.Value(“_SMSTSMachineName”)
# Get current path in order to get encrypted password
$MyDir = [System.IO.Path]::GetDirectoryName($myInvocation.MyCommand.Definition)
$User = “Domain\Account”
$PasswordFile = “$MyDir\DeleteComputer.txt”
$KeyFile = “$MyDir\DeleteComputer.key”
$key = Get-Content $KeyFile
$MyCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, (Get-Content $PasswordFile | ConvertTo-SecureString -Key $key)
# Remove the computer from AD
Remove-ADComputer -Identity $CompName -server <DC name required> -Credential $MyCredential -confirm:$false
Now before you say it…. yes, this is not very secure. It will stop a random snooper type person from seeing a plain text password…. but it will not stop someone who has 1/2 an idea about pressing F8 to get into the running TS (if you have it enabled) and then grabbing the key and txt and being able to use them…. so use (or don’t use) appropriately for your environment.
Thanks to ccmexec.com…..
Run a task sequence, within a task sequence…..
User Experience Virtualization (UEV) use to be part of the MDOP packs…. however MDOP’s last update was in 2015…. leaving some of us wondering what was happening to awesome tools contained within.
Given Microsoft’s recent desire to destroy anything and everything that isn’t cloud – irrelevant of its ability to fill gaps that cloud services don’t currently service well, or their ability to facilitate migration to cloud – it seemed likely that these tools were dead.
Fortunately for UEV, its now included in Windows 10 Enterprise as a default service, for versions 1607 and 1703 (and we may be able to assume future releases as well). Some details on the release are here – https://docs.microsoft.com/en-us/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows
Unfortunately, in standard Microsoft fashion, the documentation is not good.
The UEV documentation is located here – https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/uev-v2/deploy-required-features-for-ue-v-2x-new-uevv2
However, there are a few, quite important things that anyone deploying this should be aware of
I’ve done a few of these…. but most corporates (at least that I’ve dealt with) use public folders quite lightly – if at all…. so the migrations have been quite simple.
Recently, I was tasked with moving a smaller business (through a partner) from 2007 to 2013 then 2016.
The mailbox move from 2007 to 2013 went flawlessly.
Then we came to their public folders…. approx. 400GB – from which they apparently run a lot of their business.
Ran through the (painful) process of removing trailing spaces, backslashes, dead permissions etc… not hard – just slow, manual and annoying.
There is an article here that talks about the hassle of migrating PF’s – https://thoughtsofanidlemind.com/2013/12/13/migration-modern-public-folders/
On the first migration attempt, the extent of these corrupt items and oversize items was discovered (3000 corrupt items and hundred’s of items that were oversize) – then discussed with the business.
So here we have the first fucking boomingly huge issue with public folder migration…. there are no powershell commandlets to help you get the size of items (you can get the size of folders, but that’s not helpful) that will be considered oversize… so you cannot identify these items prior to migration. To add to that, even if you could identify them, there is no nice way to say “export these items to PST, then delete” or as part of the migration batch “migrate all large items”
The next issue here is that through the GUI, you can see a list of skipped items and why they were skipped (corruption or oversize) – there doesn’t appear to be way to get this information via powershell so you nicely export it and give it to the customer (or sort it yourself)
The business stated that corrupt PF’s weren’t vital, but the large items were needed.
Even after lifting the size limit to 500MB, there were still lots of items that were too large.
I tried to accommodate these large items and found the exchange migration mailbox (a default database which I leave in the default location) – which should only ever be used in transit, proceeded to grow, fill up the disk that logs were on and cause a dirty shutdown and corruption… so I haven’t my lesson there…. if a client is using PF’s as a file store for items of 500mb over – refuse to migrate until these items are removed…. (unfortunately you need run a “dummy migration” then look at the skipped items list to identify these items!)
Anyway – long story short – the moral of this, very annoyed, story
Public folder migration to Exchange 2013/2016 sucks. It has clearly been put in as an after-thought to appease some organisations – and is only suitable for light users of PF’s
If a customer is a heavy public folder user, do not change the default “large item” size to accommodate them. Refuse to migrate them and notify them the items will be lost.
Recently, I made up a HTML template to use with some summaries we send out to clients – I thought it would look a bit more professional than our existing text with an attached PDF.
I got the HTML looking nice, plugged it into the VS project, and generated some emails…
<eyes pop from sockets> Holy shit that looks terrible! The rendering is all over the place!
After a bit of poking around the web, I found that the rendering engine for outlook since 2007 has been the word html rendering engine – and to say its an unpopular choice would be a massive understatement.
I ended up “editing” my html with word, accepting that it was never going to look good, saving the massively increased html “template” – and using that.
It looks nowhere near as good, the HTML content has gone from 1k to 41k and I have learn the valuable lesson of checking before saying “how hard can something really basic like that be?” to coders when they cannot do something that, on the face of it, would seem incredibly basic.
Good work Microsoft – your ability to introduce absurd amounts of complexity for no benefit is second only to the Australian federal government.