Author Archives: admin

Import Module – Launch Exchange Online Powershell with MFA from Powershell

In order to script the connection to exchange online with mfa, you must first download the Microsoft.Exchange.Management.ExoPowershellModule.dll

I assume you will have to periodically update the dll via the EAC GUI.

Open the Exchange admin center (EAC) for your Exchange Online organization.

In the EAC, go to Hybrid > Setup and click the appropriate Configure button to download the Exchange Online Remote PowerShell Module for multi-factor authentication.

Download the Exchange Online PowerShell Module from the Hybrid tab in the EAC

In the Application Install window that opens, click Install.

Click Install in the Exchange Online PowerShell Module window

After you get this working you can proceed.

Now to connect from Powershell:

Import-Module $((Get-ChildItem -Path $($env:LOCALAPPDATA+”\Apps\2.0\”) -Filter Microsoft.Exchange.Management.ExoPowershellModule.dll -Recurse ).FullName|?{$_ -notmatch “_none_”}|select -First 1)
$EXOSession = New-ExoPSSession
Import-PSSession $EXOSession

More Details found here.

 

Block domain name postfix

Update postfix config:

vi /etc/postfix/main.cf

smtpd_sender_restrictions = hash:/etc/postfix/access
reject_unauth_destination = hash:/etc/postfix/access

Create block file:

vi /etc/postfix/access

mediatransport.com REJECT

Execute:

postmap hash:/etc/postfix/access
service postfix restart

Intel network – Windows 2016

Solution for I218V can be found on many sites , but I211-AT no so popular but solution is about the same. First of all, after you finish installing Windows Server 2012R2 , prepare your drivers archive (you can download them from Asus or Intel site, you have to download drivers for Windows 8.1 if you plan to use on Server 2012R2).
Unpack the archive you will have to find folder \Intel\PRO1000\Winx64\NDIS64.
Btw, NDIS64 means version of Windows – 6.4 = Windows Blue (8.0, 8.1 etc) including Server 2012R2. So NDIS63 and NDiS62 for previous versions of Windows and Windows Servers. For Windows Server 2008R2 you will need folder NDIS62 (correct me if I am wrong).

There you need to edit .inf files (depends on card you have or both).
e1r64x64.inf is for I211-AT network adapter
e1d64x64.inf is for I218V network adapter

Open this e1r64x64.inf in text editor and lets start:
1) Under the heading [Intel.NTamd64.6.3.1] copy this line (It should be at the bottom of this section);
%E1539NC.DeviceDesc% = E1539.6.3.1, PCI\VEN_8086&DEV_1539

2) Paste the line we copied above under the heading [Intel.NTamd64.6.3] and remove the 6.3.1, so your line of text should look like this;
%E1539NC.DeviceDesc% = E1539, PCI\VEN_8086&DEV_1539

3) Go down to “WINDOWS BLUE for 64-bit EXTENDED PLATFORMS” and look for the Intel(R) I211 Gigabit Network Connection section and copy the 4 sections starting with E1539.

4) Scroll down to “WINDOWS Server Next for 64-bit EXTENDED PLATFORMS” and paste in the 4 sections and as earlier remove the 6.3.1 from the E1539.6.3.1 at the beginning of each section. It should then look like this;

[E1539]
Characteristics = 0x84 ; NCF_HAS_UI | NCF_PHYSICAL
BusType = 5 ; PCI
DelReg = Advanced.DelReg
AddReg = e1r.reg, TcpSeg.reg, ReduceSpeedOnPowerDown.reg, JumboPacket.reg
AddReg = EnableWakeOnManagmentOnTCO.reg
AddReg = Copper.reg, Copper1000.reg
AddReg = Powermgmt.reg, WakeOnSlot.reg, WakeOnLink.reg
AddReg = LLI.reg
AddReg = RSS.reg, RSS2Q.reg
AddReg = EEE.reg
AddReg = ProtocolOffload.reg
AddReg = UninstallW2.reg
CopyFiles = win7.CopyFiles, UninstallProg.CopyFiles
*IfType = 6 ; IF_TYPE_ETHERNET_CSMACD
*MediaType = 0 ; NdisMedium802_3
*PhysicalMediaType = 14 ; NdisPhysicalMedium802_3

[E1539.Services]
AddService = e1rexpress, 2, win7.Service, win7.EventLog

[E1539.CoInstallers]
AddReg = CoInstaller_AddReg, CoInKS.reg
CopyFiles = CoInstaller_CopyFiles

[E1539.HW]
Include = machine.inf
Needs = PciIoSpaceNotRequired
AddReg = MSIX3.reg

Now you can save the edited .inf file. Now e1d64x64.inf file (I218-V):

Edit the PRO1000\Winx64\NDIS64\e1d64x64.inf
Remove all 3 Lines of the Section [ControlFlags]
In Section [Intel.NTamd64.6.3.1] copy the last 8 lines and add them to the bottom of Section [Intel.NTamd64.6.3]
Check how your file will look like:

[Manufacturer]
%Intel% = Intel, NTamd64.6.3, NTamd64.6.3.1

[ControlFlags]

[Intel]

[Intel.NTamd64.6.3.1]
; DisplayName Section DeviceID
; ———– ——- ——–
%E153ANC.DeviceDesc% = E153A.6.3.1, PCI\VEN_8086&DEV_153A
%E153ANC.DeviceDesc% = E153A.6.3.1, PCI\VEN_8086&DEV_153A&SUBSYS_00008086
%E153ANC.DeviceDesc% = E153A.6.3.1, PCI\VEN_8086&DEV_153A&SUBSYS_00011179
%E153BNC.DeviceDesc% = E153B.6.3.1, PCI\VEN_8086&DEV_153B
%E153BNC.DeviceDesc% = E153B.6.3.1, PCI\VEN_8086&DEV_153B&SUBSYS_00008086
%E153BNC.DeviceDesc% = E153B.6.3.1, PCI\VEN_8086&DEV_153B&SUBSYS_00011179
%E155ANC.DeviceDesc% = E155A.6.3.1, PCI\VEN_8086&DEV_155A
%E155ANC.DeviceDesc% = E155A.6.3.1, PCI\VEN_8086&DEV_155A&SUBSYS_00008086
%E155ANC.DeviceDesc% = E155A.6.3.1, PCI\VEN_8086&DEV_155A&SUBSYS_00011179
%E155ANC.DeviceDesc% = E155A.6.3.1, PCI\VEN_8086&DEV_155A&SUBSYS_90BA104D
%E1559NC.DeviceDesc% = E1559.6.3.1, PCI\VEN_8086&DEV_1559
%E1559NC.DeviceDesc% = E1559.6.3.1, PCI\VEN_8086&DEV_1559&SUBSYS_00008086
%E1559NC.DeviceDesc% = E1559.6.3.1, PCI\VEN_8086&DEV_1559&SUBSYS_00011179
%E1559NC.DeviceDesc% = E1559.6.3.1, PCI\VEN_8086&DEV_1559&SUBSYS_90BA104D
%E15A0NC.DeviceDesc% = E15A0.6.3.1, PCI\VEN_8086&DEV_15A0
%E15A0NC.DeviceDesc% = E15A0.6.3.1, PCI\VEN_8086&DEV_15A0&SUBSYS_00008086
%E15A1NC.DeviceDesc% = E15A1.6.3.1, PCI\VEN_8086&DEV_15A1
%E15A1NC.DeviceDesc% = E15A1.6.3.1, PCI\VEN_8086&DEV_15A1&SUBSYS_00008086

[Intel.NTamd64.6.3]
; DisplayName Section DeviceID
; ———– ——- ——–
%E153ANC.DeviceDesc% = E153A, PCI\VEN_8086&DEV_153A
%E153ANC.DeviceDesc% = E153A, PCI\VEN_8086&DEV_153A&SUBSYS_00008086
%E153ANC.DeviceDesc% = E153A, PCI\VEN_8086&DEV_153A&SUBSYS_00011179
%E155ANC.DeviceDesc% = E155A, PCI\VEN_8086&DEV_155A
%E155ANC.DeviceDesc% = E155A, PCI\VEN_8086&DEV_155A&SUBSYS_00008086
%E155ANC.DeviceDesc% = E155A, PCI\VEN_8086&DEV_155A&SUBSYS_00011179
%E15A0NC.DeviceDesc% = E15A0, PCI\VEN_8086&DEV_15A0
%E15A0NC.DeviceDesc% = E15A0, PCI\VEN_8086&DEV_15A0&SUBSYS_00008086
%E1559NC.DeviceDesc% = E1559.6.3.1, PCI\VEN_8086&DEV_1559
%E1559NC.DeviceDesc% = E1559.6.3.1, PCI\VEN_8086&DEV_1559&SUBSYS_00008086
%E1559NC.DeviceDesc% = E1559.6.3.1, PCI\VEN_8086&DEV_1559&SUBSYS_00011179
%E1559NC.DeviceDesc% = E1559.6.3.1, PCI\VEN_8086&DEV_1559&SUBSYS_90BA104D
%E15A0NC.DeviceDesc% = E15A0.6.3.1, PCI\VEN_8086&DEV_15A0
%E15A0NC.DeviceDesc% = E15A0.6.3.1, PCI\VEN_8086&DEV_15A0&SUBSYS_00008086
%E15A1NC.DeviceDesc% = E15A1.6.3.1, PCI\VEN_8086&DEV_15A1
%E15A1NC.DeviceDesc% = E15A1.6.3.1, PCI\VEN_8086&DEV_15A1&SUBSYS_00008086

Also save edited files
So now you have your drivers prepared !
Few steps before installing:

Start cmd with Admin rights and do commands:

bcdedit -set loadoptions DISABLE_INTEGRITY_CHECKS
bcdedit -set TESTSIGNING ON

Then – reboot server.

If you get message that boot options could not be changes because of Secure boot, you need to reboot to BIOS and turn off Security boot (CMS in Boot section of BIOS if you have Asus board). Don`t worry you will be able to enable it back after all.

After reboot you you see text “Test mode” in the bottom right corner.
Now you can install your drivers starting Autorun.exe from drivers folder and install as usual, but you will be warned that drivers are not signed – Install anyway .

After you successfully finish the installation process – you will get both network adapters work !

Don`t forget to turn off test mode start again cmd with Admin rights and do

bcdedit -set loadoptions ENABLE_INTEGRITY_CHECKS
bcdedit -set TESTSIGNING OFF

Enjoy !!

Upgrade Ubuntu to latest version

cat /etc/update-manager/release-upgrades

confirm or change to desired release path
# Default prompting behavior, valid options:
#
# never – Never check for a new release.
# normal – Check to see if a new release is available. If more than one new
# release is found, the release upgrader will attempt to upgrade to
# the release that immediately succeeds the currently-running
# release.
# lts – Check to see if a new LTS release is available. The upgrader
# will attempt to upgrade to the first LTS release available after
# the currently-running one. Note that this option should not be
# used if the currently-running release is not itself an LTS
# release, since in that case the upgrader won’t be able to
# determine if a newer release is available.
Prompt=lts

Then

do-release-upgrade

Ubuntu Remote Desktop

Using the default VNC to remote desktop the machine from the command line

export DISPLAY=:0
gsettings set org.gnome.Vino enabled true
gsettings set org.gnome.Vino prompt-enabled false
gsettings set org.gnome.Vino require-encryption false
/usr/lib/vino/vino-server

Configure Spam Filter for Exchange

Exchange Management Shell:

Add-IPBlockListProvider -Name Spamhaus -LookupDomain zen.spamhaus.org -AnyMatch $true -Enabled $true -RejectionResponse “IP address is listed by Spamhaus”

Add-IPBlockListProvider -Name Spamcop -LookupDomain bl.spamcop.net -AnyMatch $true -Enabled $true -RejectionResponse “IP address is listed by Spamcop”

Add-IPBlockListProvider -Name Spamikaze -LookupDomain psbl.surriel.com -AnyMatch $true -Enabled $true -RejectionResponse “IP address is listed by Spamikaze”

Add-IPBlockListProvider -Name BarracudaCentral -LookupDomain b.barracudacentral.org -AnyMatch $true -Enabled $true -RejectionResponse “IP address is listed by BarracudaCentral”

 

Report:

C:\Program Files\Microsoft\Exchange Server\V15\Scripts>.\get-AntispamTopRBLProviders.ps1