Id like to query the exchange mailbox of an active directory user
I cant use get-mailbox as our comapny uses 32bit client machines and the administration tools containing the exchange powershell tools are 64 bit only.
Is there another command I can use to retrieve the mailbox information of the user? I want to see what mailbox database they are on.
Ive searched the internet but couldnt find a working solution.
Thanks
You can run PowerShell on the local, 32 bit client then remotely access the PowerShell remote management tools on the server.
From TechNet:
Note however:
you can leverage the remote PowerShell capabilities that are built into Exchange Server 2010 by using either the 32-bit version or 64-bit version of PowerShell 2.0 (in other words, when leveraging remote PowerShell, the system where you launch PowerShell doesn't require the management tools to be installed as all cmdlets are executing on the server you are remoting).
More information on the specifics here:
https://technet.microsoft.com/en-us/magazine/ff700227.aspx
Related
I have successfully captured an image using sysprep and can provision new machines from it, however all the custom user settings are missing (desktop shortcuts, chrome bookmarks etc...).
A more serious issue is that one of the applications I had installed fails on the provisioned machine unless run as administrator (due to the way it writes some files when being installed originally).
How can I ensure this profile information is preserved and I don't hit the permissions issue for the application?
I have been pointed at the following link (http://theitbros.com/sysprep-xp-sp3-copy-administrator-profile/) but it seems to be Win XP specific.
Profile information can be migrated to a new deployment using the User State Migration Tool (USMT). USMT is a free tool designed to help IT Professionals migrate files and settings to Windows 7 or Windows 8. USMT captures user accounts, user files, operating system settings, and applications settings and then migrates them to the new Windows installation. The TechNet articles ‘Step-by-Step: Basic Windows Migration using USMT for IT Professionals’ and ‘User State Migration Tool 4.0 User’s Guide’ are good places to start learning how to use USMT.
For your application issue, I would recommend using the Microsoft Deployment Toolkit (MDT) for your deployments. MDT can deploy your image and then install device drivers and applications to the machine automatically. These two video walkthroughs are specific to migrating from Windows XP to Windows 7 with MDT, and using USMT to migrate the user files and settings:
Part 1: Building the Deployment Environment
Part 2: Initiating the Install and Migrating the PC
There is also a Microsoft Virtual Academy 7 part course titled ‘Migrating from Windows XP to Windows 7’ that has two parts dedicated to using USMT to transfer user data and one part for MDT.
MDT can be downloaded here, and USMT is a part of the ADK which is a component of MDT.
Hope this helps,
The answer here wasn't very elegant (in my mind at least) but here is what I did to achieve the desired result:
Create the VM as usual (specifying the admin user during setup)
Create a new (non-admin) user and give them RDP access
Log in as the non-admin user
Install all the necessary software
Log in as the admin user, change the permissions for any files that were causing an issue to be readable by the non-admin user
Run sysprep as the admin and complete the process as detailed elsewhere
This gave me an image that I was able to provision VMs from. When creating the VM I specified the admin user to be created (but then never needed to login as the admin, as I would just login as my non-admin user that was created before). All profile settings for the non-admin user are preserved.
Hope this helps anyone else facing the same issue.
Is there exists a way to run an untrusted code (C or C++) under a sandbox in Windows. Something that would prevent the program from opening files, or network connections, or forking, exec, etc?
It would be a small program, that gets uploaded to a server where it'll be compiled and executed, the program would be short lived.
When this question was asked, Windows did not have as many isolation options available to it. However there is been some improvement.
The now goto answer for this is to either use use Docker or Hyper V containers/VM.
But in the pre-Windows 10 era, answer was to manipulate the process isolation that came around windows vista/7 and use a separate user/application account.
Process Abilities:
You could manipulate the programs Integrate level and run with a restricted/unique user so reach is limited (group policy can further limit user).
Network access:
Limit using a firewall that blocks outbound connections.
File access:
The NTFS file system has one of the most configurable file systems around,if you are running the process as a distinct user, you can craft an ACL policy to significantly limits the process's file access.
Source:
Finally if you have access to the source-code, you can likely remove or modify problem parts.
Windows 10 and Windows 11 now include a built-in isolation environment called Windows Sandbox.
Description (from here):
Windows Sandbox provides a lightweight desktop environment to safely
run applications in isolation. Software installed inside the Windows
Sandbox environment remains "sandboxed" and runs separately from the
host machine.
...
Software and applications installed on the host aren't directly
available in the sandbox. If you need specific applications available
inside the Windows Sandbox environment, they must be explicitly
installed within the environment.
Windows Sandbox has the following properties:
Part of Windows: Everything required for this feature is included in Windows 10 Pro and Enterprise. There's no need to download a
VHD.
...
Secure: Uses hardware-based virtualization for kernel isolation. It relies on the Microsoft hypervisor to run a separate kernel that
isolates Windows Sandbox from the host.
Assuming your version of Windows supports it, Windows Sandbox can be installed just by going to "Turn Windows features on and off" from the Start menu.
The following Windows versions are required: Windows 10 Pro, Enterprise or Education build 18305 or Windows 11.
Environment:
I work in a lab that tests software against multiple domain configurations. I currently have 8 domains with no cross-domain trust. They each have a WSUS server that talks to our primary NOC WSUS Server. Other than talking to the primary WSUS server, there is no communication from one domain to the other. I cannot change GPO settings or install any software that isn't already installed. The domains range from Windows XP with Server 2003 to Windows 7 with Server 2008. Each domain has anywhere between 8-20 servers and 3-5 workstations.
I have a machine that can talk to each of the servers in all of the domains, and can also talk to the primary WSUS server. I primary work with PowerShell, but I'm not opposed to another language if it makes what I'm trying to do easier. I have PowerShell 2.0 installed, but I can easily installed PowerShell 3.0 if needed.
Scenario:
I am charged with checking if patches have been installed on each of the servers. This testing cannot rely on WSUS's built in reporting tools, per requirements I cannot change. I would receive a list of patches, and I need to check each server to see if the patches are installed. Since the patches can be anything from Windows XP to Server 2008, I also need to check if the patch is applicable to the server itself. I have tried to use PoshWSUS to check for applicability, but I cannot get a connection to the Primary WSUS server because of either IIS rules or a Firewall rule. I have search online, and followed several guides, but this WSUS's setup is very customized, and I can only do so much to the server itself.
Example:
I have the following Patches:
KB2604092
KB2676562
KB2686509
I want to check the following server:
DC01: A Windows Server 2008 Domain Controller
I am currently using the following PowerShell command to test if they are installed:
Get-HotFix -ID "KB2604092","KB2676562","KB2686509" -ComputerName DC01
This command shows the following patches are installed:
KB2676562
KB2686509
Leaving the following uninstalled:
KB2604092
This correctly tells me that KB2676562 and KB2686509 are installed, but it doesn't tell me if KB2604092 missing, or not applicable.
What I am stuck on is how to verify that KB2604092 is not applicable to DC01. I can easily search Microsoft's site to verify it is only for Windows Server 2003 or Windows XP, but how can I check it's applicability via a script. I would love to find a way to scrap the Microsoft KB article for the data, but I don't know how to pull the required information from the web page. I assume there has to be a check within WSUS to check applicability, but I don't know where to look for something like that.
Edit:
I forgot to mention, I have no control over what patches are approved, that is done by an outside company.
Well for security patches, Microsoft publishes a a spreadsheet that lists the all security bulletins since 1998. You can download from this page. (Direct link to spreadsheet)
You could then parse that spreadsheet (if you convert it to a CSV file, that would be easy to parse in powershell). It gives you all the information you are asking about.
If you're only interested in whether the update is applicable to the corresponding operating system, IUpdate.ProductTitles should give you the information you need.
There are more complicated cases, such as where an update is applicable only if a certain system component is installed. I don't think there's any way to handle those cases automatically.
I need to programmatically create a new Windows account for running a Windows service I recently developed.
Due to lack of sufficient privileges I cannot use any of the existing service accounts (LocalService, NetworkService and LocalSystem), so I have to create my own account during installation of my service.
Unfortunately, I have no idea on how to accomplish this from code (C#). However, I know that the steps I have to go through include:
Create the account
Deny account log on via console
Grant log on as a service.
Add the account to the local administrators group on the PC
My service must install and run on all Windows PC operating systems ranging from Windows XP SP3 and up.
Question: Which command line tools are available for this purpose (I can very well call those command line tools from code)?
Further, any relevant links, code snippets or scripts will be very much appreciated!
If you just want a single command you can probably do:
net user /ADD "newuser" "Pass phrase" /passwordchg:no
However I looked into 'grant logon as a service' in the past, and had to download an additional .exe from a Windows Server Resource Pack to do this. That may be a pain as you'll need to redistribute the .exe.
Unless someone suggests a better way which uses only built in .exes I'd try and do this with one of:
Powershell
VBscript
When I was a Linux admin I could do anything from the SSH command line. Now, as a Windows admin, I have to deal with the Windows Remote Desktop graphical interface, which I found to be inefective (slow) and hard to automate tasks in it.
a) Can I connect to a Windows Server through SSH or any encrypted connection with command line interface?
b) If yes can I do ANY administrative task?
Examples:
create a new virtual folder in IIS
setup firewall ports
restart services
change user policies
start desktop applications
I know about the existence of Windows PowerShell 2.0 Remoting, but I don't know if it fullfills all conditions above
My conclusion so far: from Windows PowerShell can do MOST but not ALL administrative tasks. And I still don't know if Windows PowerShell 2.0 Remoting uses an encrypted connection.
PowerShell is what you're looking for. It is primarily targetted at system administration (although it's fanastic as a programmer's shell, too).
PowerShell v2 remoting is based on Windows Remote Management. See http://msdn.microsoft.com/en-us/library/aa384426(VS.85).aspx. It includes facilities for ecryption and authentication, as you'd expect.
PowerShell includes cmdlets that let you do a lot of everyday tasks. Microsoft server applications (IIS, Exchange, etc.) either have or are building PowerShell cmdlets to administer them. PowerShell's WMI support is excellent, giving you a lot of machine administration power. PowerShell can talk to .NET directly, which lets you go further than built-in facilities when needed. And writing C# for PowerShell to call works out cleanly, too.
You asked for a command line interface, but don't think that you're restricted to the ancient and crufty Windows Console subsystem. PowerShell v2 includes a new GUI interactive shell / script editor, with colorization and debugging. It's sweet.
You can also try http://sshwindows.sourceforge.net/
I don't have personal experience with it but it looks promising.
Did you consider Google? (looks like you edited your question. You now no longer ask if the example tasks can be achieved using PowerShell)
Powershell snap-in for IIS 7
Restart-Service
Group policies
etc...
Sorry for not answering your question. I was in a similar situation.
I gave up to do all tasks on the windows shell
Instead I do use the shell for some tasks, but I am also using rdesktop (through ssh) and I put icons for the most important gui admin tools on the windows quicklaunch.
I gave up making windows feel like unix because it never will.
alternatively try to download and install eurysco to use the following features that is based on another logic...
1.create a new virtual folder in IIS (from eurysco commandline to launch vbs or powershell script)
2.setup firewall ports (from eurysco commandline to launch netsh.exe advfirewall)
3.restart services (from eurysco service control)
4.change user policies (from eurysco system registry or commandline to launch powershell script)
5.start desktop applications (from eurysco commandline to launch powershell script)
http://www.eurysco.com/features