Exchange 2016 Windows 2016 prerequisites

Issue: You need to efficiently install the required prerequisites for Exchange 2016 on Windows Server 2016.   Solution: The below commands will prep Windows 2016 for the Exchange 2016 Mailbox Server Role (Note: CAS role is built-in in Exchange 2016). Launch a run-as-administrator Powershell and use the following command to install the Windows 2016 prerequisites: Install-WindowsFeature NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, Read more [...]

How to exclude Office 365 Global Admin from password expiration policies

Issue: the password expiration of the Office 365 global administrator account will cause Azure AD Connect and DirSync to stop synchronizing on-prem AD to Office 365 Azure AD. Prevention: One solution is to exclude your Office 365 global admin account from password policies and set it's password to never expire.  Note: Always have a very strong password on your Office 365 global admin account. launch an instance of Office 365 PowerShell connected to your tenant Run the following command: Set-MsolUser Read more [...]

Enable Change Block Tracking via PowerCLI Scipt

Issue: You need to enable Change Block Tracking (CBT) on numerous virtual machines and have it take effect immediately. Background: Enabling change block tracking does not take effect immediately and requires a suspend/resume or snapshot create/delete.  This process of changing the CBT setting and activating the change becomes incredibly time consuming. Solution: Enable Change Block Tracking via PowerCLI Script Copy the below txt and paste into a text file with extension .ps1.  Place Read more [...]

WannaCry Ransomware

Based on our research it sounds like infection often comes in via email attachment. The whole SMB exploit aspect is the unique sexiness of this crypto in that it spreads to multiple machines that way so multiple nodes are encrypting basically.  I think any Desktop that gets infected would encrypt server mapped drives. So patching servers prevents 'server-uber-doomsday-infection' of server itself being infected.  But any node on network getting it will basically cause server to get encrypted anyway, Read more [...]

Best Practices for Securing and Passing Privileged Account Audits

Best Practices for Securing and Passing Privileged Account Audits Privileged accounts can be divided into categories; such as built-in, user made, linked to a consultant/contractor and anonymous. To better secure and pass privileged accounts audits, you must monitor the activities of these accounts and maintain proper management and control them. A new network, where the latest guidelines are adopted as the system is rolled out, can be easy to track and monitor. In such an environment, passing Read more [...]