Quick Fix: Stop Surface Devices Applying GPO

WMI Query SignA question in the SBS Forum led me to this post, a quick way to prevent a Surface Pro 3 from applying a given GPO.

The way i suggested the poster do this was with a WMI Filter. Read more of this post

Office 365 Email Password Reminder

powershell2xa4Regular readers will no doubt be aware of the script i wrote about two years ago to alert a user their password was about to expire. If not, just what exactly have you been doing with your time?

In any case, several people have asked me if it can be made to work with Office 365. Using 365 as the email relay to send the messages, was one thing, querying 365 for a users password expiry, was something else. Something which at the time i believe could not be done.

Given they constantly release new features and tweaks, i revisited it this week and found that actually it can now be done, with a few tweaks to the original script.

The first changes are that you will need the Microsoft Online Services PowerShell tools. There are various guides on this out there, this is just the first one i hit when writing.

Once you have that you can use this code to Connect to Office 365.

# Connect to Office 365
Import-Module MSOnline
$cred = Get-Credential
Connect-MSolService -credential $cred
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri
https://ps.outlook.com/powershell/ -Credential $cred -Authentication Basic -AllowRedirection
Import-PSSession $Session

Those familiar with PowerShell will see i am using the Get-Credential command here, rather than saving credentials directly into the script. Whilst saving credentials certainly makes things easier for scheduling the task, it is a security risk. i am not comfortable with suggesting you store credentials in the script (hashed or encrypted) or showing an example of it. so feel free to investigate that at your own risk.

Anyway running the command above, will get you connected into Office 365. We can then find our Users who have passwords that expire.

# Get Users From MSOL where Passwords Expire
$users = get-msoluser | where { $_.PasswordNeverExpires -eq $false }

We will also get the Default 365 domain, and the Maximum Password Age.

$domain = Get-MSOLDomain | where {$_.IsDefault -eq $true }
$maxPasswordAge = ((Get-MsolPasswordPolicy -domain $domain.Name).ValidityPeriod).ToString()

Once we have this info, it is trivial to go through and work out when a users Password is going to expire.

# Process Each User for Password Expiry
foreach ($user in $users)
    $Name = $user.DisplayName
    $emailaddress = $user.UserPrincipalName
    $passwordSetDate = $user.LastPasswordChangeTimestamp
    $expireson = $passwordsetdate + $maxPasswordAge
    $today = (get-date)
    $daystoexpire = (New-TimeSpan -Start $today -End $Expireson).Days


The full script of course goes on to include the other items like logging, sending the email etc etc but i just wanted to focus on the Office 365 specific parts here.

If anyone would like a copy to try out in their environment please let me know.

Remote Desktop Gateway SSL Error, or Network Access Protection LIES!!!

Your computer can’t connect to the remote computer because your computer or device did not pass the Network Access Protection requirements set by your administrator.

Had an email from a friend today, who had an Essentials 2012 R2 Server with a problem when trying to use the Remote Desktop feature of RWA. They were presented with this warning message,

Your computer cannot connect to the remote computer because your computer or device did not pass the Network Access Protection requirements set by your network administrator.  Contact your network administrator for assistance

Read more of this post

Quick Fix: Uninstall Symantec Endpoint Protection Remotely

powershell2xa4Finally moving my last client from Symantec SEPM to Trend Micros WFBS Hosted platform. It was a small SEPM deployment, only 7 clients and a server but i was surprised to be reminded that SEPM has no ‘uninstall’ tool from their console. So much for centralised management.

I did a lot of searching around for a reliable solution, most of which came back to using MSIEXEC from a command line.

There are various ways of course to execute a command on a remote machine, you can use PSTools’, PSExec for example, but i prefer to use PowerShell where i can. Read more of this post

Quick Fix: Hide users from Essentials 2012 R2 Dashboard

If you have installed Exchange 2013 into your Essentials network, chances are upon loading the dashboard you will see a large amount of new users appear, you may even notice an alert telling you, you have too many users!


These are all of the exchange service accounts, and you may decide you don’t want them to appear in your dashboard.

Read more of this post

Windows Server Essentials–Client Backup Monitoring

powershell2xa4Just a quick post to say i have posted a script that works with GFIs RMM platform to monitor Client Backups for Windows Server Essentials.

Read more of this post

Password Change Reminder PowerShell Script Updated!

powershell2xa4Back in 2012 i wrote a script to help me remind users about their password expiry, to reduce the number of calls i got on the helpdesk. I decided to share it and published it on the TechNet Gallery,

It has been quite popular since then, with over 8,000 downloads! Read more of this post


Get every new post delivered to your Inbox.

Join 422 other followers

%d bloggers like this: