19 November 2022

Using a personalized domain with O365 Family

I want to start this post with the mention that Microsoft is going to be sunsetting this feature at the end of November 2023. So if this is something you are interested in… Hurry up as the opportunity is going away very soon. As per the Microsoft Support page (link):

“Starting November 30, 2023, Microsoft 365 Personal or Microsoft 365 Family subscribers will no longer be able to create a new personalized email address associated with their Outlook.com inbox,”

Associating and using a personal domain with my O365 Family plan to allow personalized email addresses is something that has really appealed to me, being that I live and work in the tech realm. However, to my disappointment, this feature is only officially supported by Microsoft thru GoDaddy.

I personally do not want to have to switch registrars though. I’m quite happy with the folks that host my name servers and I will not budge on that. GoDaddy might be “ok” at best for tech newb with zero experience. I personally have had bad experiences with them, and their constant attempts of upselling you at every click I find extremely annoying. So then I was left trying to figure out how to still get my domain without switching registrars. Thankfully, thanks to the Internet, i was able to discover that someone already solved my problem. I found a post on Reddit by u/khatarian that explained what I needed to do.

Reminder: While this does work, it is not officially supported.

1) Open Outlook.com in your browser, open ‘Settings’ and go to the ‘Premium’ settings.
Click the “Get started” button under ‘Personalized email address’.

2) Click the button “Get a domain”. A new window will open.

3) Copy the URL of the new window that opens, it will appear like: https://domainconnect.godaddy.com/v2/domainTemplates/providers/outlook.com/services/personalizedoutlookemail/apply?mxRecordValue=XXXXXXXXX&state=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.

The part that is needed is “mxRecordValue=XXXXXXXXX” The XXXXXXXXX is a unique ID that Microsoft will check for during DNS verification. Save that in notepad for later…

4) Go to your own personal site’s DNS settings and add the following values, replacing XXXXXXXXX with the value you retrieved in step 3.
Note: Your DNS manager may use different syntax for it’s entries. Please adapt these entries accordingly. The dot at the end is not a typo!

NameTTLTypeValue
@1 hourMX0 XXXXXXXXX.pamx1.hotmail.com.
@1 hourTXTv=spf1 include:outlook.com -all
autodiscover1 hourCNAMEautodiscover.outlook.com.
_dmarc1 hourTXTv=DMARC1; p=none;
_domainconnect1 hourCNAME_domainconnect.gd.domaincontrol.com.
_outlook1 hourTXTXXXXXXXXX

FWIW – This is what the settings look like at NameCheap.com.

5) Return to your ‘Premium Settings’ in Outlook.com

6) Select and click the option “I already own a GoDaddy doamin”

7) Enter the personalized domain name that you used above and have configured the DNS entries for.

8) Click the “Sign in” button and then close the page it opens.

9) Woo-Hoo! You did it. It should now say that you are connected to the domain.

I’m confirmed that it works for one of the domains I own. I couldn’t be happier. Now it’s time for you to do it before the end of November 2023!

26 September 2022

Microsoft | Learn

I decided to write a little bit about the Microsoft Learn portal. We all know that Microsoft is one (if not the) standard for many business applications and cloud offerings. They also offer certifications on their products from basic fundamentals all the way up to the expert level. But how do you learn, practice, and eventually master the skills/knowledge needed to either professionally use or become certified in any of the Microsoft family of technologies? Well, the answer is Microsoft Learn.

The Microsoft Learn portal can really meet all of your learning needs. It can provide you the documentation for any of their current product offerings. It can walk you through any of the Microsoft exams, and the skills they cover. Microsoft has put together self-paced training modules that you can use. And best of all, they basically offer some sort of module for everything they offer. If you are interested in learning anything Microsoft-related, then it really behooves you to start looking at the Microsoft Learn site to begin or supplement your learning materials.

There is so much knowledge that is just sitting there, waiting for you. If it’s a Microsoft product, and you’re interested in it, then Microsoft Learn is where you need to go!

30 May 2022

Enable/Disable Multiple RDP Sessions

So the caveat to this article is that this is specifically for Windows Servers. If you’re trying to enable multiple RDP sessions on Windows 10 or 11, you’ll need to do some further googling to find out how to do that – as this alone won’t be enough.

Enable Multiple RDP Sessions

  1. Log into the server you are trying to enable multiple Remote Desktop sessions on.
  2. Click on the start menu button, type “gpedit.msc” and open it.
  3. Navigate to ‘Computer Configuration’ -> ‘Administrative Templates’ -> ‘Windows Components’ -> ‘Remote Desktop Services’ -> ‘Remote Desktop Session Host’ -> ‘Connections’.
  4. Set “Restrict Remote Desktop Services user to a single Remote Desktop Services session” to ‘Disabled’.
  5. Double-click on “Limit number of connections” and set the value of the RD Maximum Connections allowed to ‘999999’.

Disable Multiple RDP Sessions

  1. Log into the server that allows multiple Remote Desktop sessions.
  2. Click on the start menu button, type “gpedit.msc” and open it.
  3. Navigate to ‘Computer Configuration’ -> ‘Administrative Templates’ -> ‘Windows Components’ -> ‘Remote Desktop Services’ -> ‘Remote Desktop Session Host’ -> ‘Connections’.
  4. Set “Restrict Remote Desktop Services user to a single Remote Desktop Services session” to ‘Enabled’.
26 May 2022

Disable IP autoconfiguration

I ran into this last week when I was helping someone “fix” their server. They couldn’t reach, or ping, their host, and when running an “ipconfig /all” command it was returning that the machine’s IP was ‘duplicate’.

Worth Noting: So sometimes when a server reports that its’ IP is a ‘duplicate’ it can be a DHCP mishap. It can happen when a server is assigned a static IP that is within a DHCP pool, and because there was no reservation, DHCP hands the IP out to some other machine. Thus two machines are trying to use the same, duplicate, IP address. When that happens you’ll need to resolve it by creating an IP reservation for the “correct” machine, and then releasing the IP from the machine that “incorrectly” took the IP from the pool so it can be assigned a new IP.

The machine I was fixing lived in a subnet that did not use DHCP and only had machines that were statically assigned their IPs in it. So the possible resolution mentioned above did not fit my scenario. So, what could it be? Well if you have a static IP set, and the DHCP service is enabled, Windows likes to give you an address on the 169.x.x.x network. Which just breaks the ip traffic on your server. Here’s how to fix it…

Step 1.

Open a command prompt

Step 2. Enter

"ipconfig /all"

Find what your system’s preferred IP is and if autoconfiguration is enabled, and the name of the interface that they are on. You will need this for the next step.

Step 3. Enter

netsh interface ipv4 show interface

Find the index number that is assigned to the interface you identified in the step above, you will need it in the next step.

Step 4.

Run the command below, but replace ’69’ with the index number that you identified in the step above.

netsh interface ipv4 set interface 69 dadtransmits=0 store=persistent

Step 5. Enter

services.msc

Disable the DHCP Client service. If you ever revert from a static IP back to a DHCP IP, you will need to re-enable this service and set it back to automatic.

Step 6.

Restart your computer.
After your system reboots, its static IP should now be the correct IP you had configured on it, and your IP traffic to/from it should be back to normal.

Congratulations, autoconfiguration has been disabled.

8 May 2022

Was the file downloaded?

If you’re ever tracking down where a suspicious came from, it can be hard to determine if it was downloaded off of the “dirty” internet, or if someone actually created the file locally on the machine. Well if you know how to check the file’s alternative data stream, it actually becomes pretty easy to determine if it was in fact downloaded. You don’t know what the alternate data stream is, or how to check? We can fix that.

First a little background. The “Zone Identifier Alternate Data Stream” is often referred to as the Mark-of-the-Web (MOTW). The MOTW was actually a security feature first introduced by Internet Explorer for determining how to run saved HTML webpages. It has since grown to become implemented into many other file types. Whenever a file is downloaded, your browser implements MOTW by utilizing a feature of the NTFS file system called the alternate data stream (ADS) to associate a data stream to that file. The browser creates an ADS called “Zone.Identifier” and then adds the ZoneId to the stream to specify where the file came from. The ADS will be <file>:Zone.Identifier.

The ZoneId can have the following values:

  • 0. Local Computer
  • 1. Local Intranet
  • 2. Trusted Sites
  • 3. Internet
  • 4. Restricted Sites

Enough of the background… Let us get back to the hands-on part.

To check the files’ ADS & ZoneId from a command prompt, use the following syntax. The “file” we’re going to be checking is named: file.ext

notepad file.ext:Zone.Identifier

Alternatively, to check the file with PowerShell, use either of the following cmdlets.

Get-Item .\file.ext -Stream *
Get-Content .\file.ext -Stream Zone.Identifier
2 May 2022

Search GPO Settings

So if you know anything about managing Windows systems then you know about GPOs. In my honest opinion, GPOs are one of the greatest tools available in Windows. GPOs let you administratively manage all aspects of your computers. You can literally set about 99.9999% of any settings you ever wanted to configure on a computer.

One of the things that make GPOs so great is that it is expandable in that you can add new administrative templates as you add new software to your workstations in your domain. So not only can you manage just about any Microsoft or Windows setting, but you can also add in templates for third-party software from most of the big software venders and enterprise applications, as well as add new templates when new Microsoft releases new OSes and software.

The biggest downside of GPOs is that they can feel like a daunting wall when you first get started implementing them simply because there are sooo many settings that you can potentially configure – where to begin!?! And how do you figure out where to set some of those really odd settings. Well don’t worry, I don’t know anyone that remembers exactly where each setting is. For me, there are two resources that I regularly use to help me find the settings that I want to configure.

1 – https://gpsearch.azurewebsites.net/

This is an official Microsoft tool that lets you search all of the various settings that are available to you in all Microsoft products. It’s a great resource to find where things are set just by using a keyword. Think of it as “Bing” (or “Google”) for GPOs. Out of these two links, this site is the easiest to navigate when looking specifically for Microsoft and Windows settings.

2 – https://admx.help/

This site includes all of the Microsoft settings, but where it really shines is all of the third-party software settings it has indexed for you. If need to figure out where to set something in Chrome or Adobe or any other software, this site has you covered.

3 – https://reg2ps.azurewebsites.net/

So this last site is just a bonus as it is not exactly a GPO site, but it comes in handy. It’s a way to convert registry settings into powershell commands that you can run. Paste your reg key into it and it will spit out the corresponding PS command for it.

5 January 2022

Reset password on locked-out Domain Admin

Sometimes things happen and a password gets forgotten or lost, or in the worst case it wasn’t updated in your password management tool after it was changed. We’ve likely all had to bug another admin to reset our password for one system or another. It happens. But what happens if you are the lone Domain Admin and lock yourself out? Luckily, there is a way to get back in if you do get locked out.

  • Download the Windows Server 2016 ISO.
  • Attach the ISO to your DC virtual machine.
  • Reboot the VM into the ISO
  • Select: Repair your Computer -> Troubleshoot -> Command Prompt
  • At the command prompt, run the following commands:
cd c:\Windows\System32
ren osk.exe osk.old
copy c:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe osk.exe
  • Reboot the Server.
  • Launch the on-screen keyboard and PowerShell will open
  • At the Powershell prompt, run the following command, replacing <PASSWORD> with the password of your choice:
Net user Administrator <PASSWORD>
  • Revert file changes in your System32 folder, renaming ‘osk.old’ back to ‘osk.exe’.

And there you have it folks, you are now able to log back in with your Domain Admin account. This works because while the DC does not have a local Administrator account, it somehow realizes that and resets the Domain Admin. Yes it is a little bit of black magic fuckery in that regard… But it worked and got you back in, so who are we to complain.

30 December 2021

Open and Extract .tar files on Windows

What I’m about to say might be a surprise to you… But you don’t need to install any sort of 3rd party software (like 7zip or WinZip) to extract tarball files on WIndows. Windows 10 actually has the functionality built-in. I know, I was just as surprised to learn about it as you are. From the command line, you can use the “Tar” command to easily extract .tar, .gz, or tar.gz files.


For folks out there that don’t know;

  • A tarball file, ‘.tar’, is just a type of archived file. They are basically, a collection of files that have been merged into one single file.
  • Gzip files, ‘.gz’, are a type of compressed file and it is used to save on the amount of space that a file uses on the hard drive.
  • If you’re following along, then you’ll already have realized that a ‘.tar.gz’ file means that it is just a compressed archive file.

Here’s how to extract your tarball file in Windows 10.

Open the ‘Start Menu’ and search for “cmd”. Right-click on “Command Prompt” and select “Run as administrator“.

Enter the following command inside the window.

tar -xvzf "Path to file" -C "Path to destination"

Example:

tar -xvzf C:\Source\file.tar.gz -C C:\Destination\

This example will extract the contents of the ‘file.tar.gz’ file from the “C:\Source\” folder to the “C:\Destination\” folder. 
Note: Make sure the ‘-C’ parameter before the path to the destination is an uppercase.

The parameters explained:

  • x — instructs tar to extract the archived content.
  • v — verbose mode. This is optional to display the extraction process. Otherwise, you will only see a blinking cursor until the process is complete.
  • z — instructs tar to uncompress the content with gzip.
  • f — provides tar the name of the file you’re about to extract.
  • C — uppercase and with a hypen, this tells tar to change folders to the specified folder

23 April 2021

Cannot open the Outlook window. Invalid XML

Microsoft Outlook has got to be one of the most common business applications that just about everyone uses. So when it fails to open, it can feel like the start of a bad day. One error message that I have encountered a few times now is the “Invalid XML” message when trying to launch Outlook. The most common reason for this error is that the XML file that contains the settings for Outlook’s navigation pane has become corrupted. The navigation pane is the one that is on the left side of Outlook and lets you change between your mailbox, folders, calendar, contacts, tasks, etc.

So how do we fix the error? The first thing to try is to simply reset the navigation pane.

  1. Hit ‘Windows+R‘ on your keyboard to open the ‘Run‘ window.
  2. Type in the following command: Outlook.exe /resetnavpane
  3. Hit the ‘OK‘ button.
  4. Then re-launch Outlook to verify that everything is working.

If the above action did not resolve your Outlook issue, then the next course of action would be to delete the actual XML file and force Outlook to generate a new/fresh file the next time it opens. Here’s how we can do that.

  1. Hit ‘Windows+R‘ on your keyboard to open the ‘Run‘ window.
  2. Type in the following command: %AppData%\Microsoft\Outlook
  3. Hit the ‘OK‘ button.
  4. It will open ‘File Explorer’ and take you to the directory that the XML file resides in. Look for a file named ‘Outlook.xml
  5. Delete the XML file.
  6. Then re-launch Outlook to check that it is working now.

That is how to fix the Outlook ‘Invalid XML’ error. I hope one of these methods worked for you so you can get back to your emails.

17 November 2020

SCCM Device Collection from Excel

I got tired of googling this every time I make a new collection, so I figured it was time for my own post. I am now using SCCM for work, so I have had to learn a few new tricks to make life easier. One thing I’m doing often enough is creating a custom device collection of computers. The slow and tedious way to do this is to individually add each machine. Blah! What a waste of time. To make it go as fast as possible, I try to already have an excel list of the machine names I want to add to the collection.

In my excel file, my list of machine names are in column A. I’m going to be using column B for the values I’ll copy into SCCM. The formula that we’ll be using to convert the names into the format that SCCM wants is:

=char(34)&A2&char(34)&","

Lets break that down to see how it will convert the name into a format that can be used..

  • Char(34) is going to give us the quotation marks we want on either side of our computer name.
  • A2, in this instance, is the cell that contains one of my computer names. You will have to adjust this cell reference to fit your excel sheet.
  • At the very end of it, we add a comma.

Once we have that taken care of, we can drag the corner of the cell down to apply that same formula to the rest of our list.

Below is the basic query we will be using and adding our formatted list of names to.

select * from SMS_R_System where SMS_R_System.Name in ( )

The end result, using the example list of computer names above, will look like this. The one thing to note is that you need to remove the very last comma from the list of computer names or you’ll get an error message when you try to save it.

select * from SMS_R_System where SMS_R_System.Name in (
"computer001",
"computer002",
"computer003",
"computer004",
"computer005",
"computer006",
"computer007",
"computer008",
"computer009"
)

That is how you populate a SCCM device collection from an Excel list.