Implementing DKIM on Exchange 2019 CU11 with Microsoft DNS

Sometimes the path we choose is only met with minimal speed bumps. We’ll call that a good day. Spoiler alert, MS DNS doesn’t play nice. Who’da thunk it? đź‘Ž What, no middle finger emoji? I am appalled, Windows 10.

So, you’ve been putting it off for a real long time, maybe you got sidetracked reading r/ShittySysadmin on Reddit, and you haven’t felt like dicking with it, but today’s a new day, and you haven’t totally had your fill of punishment yet, so you decide to take the plunge.

For a little back story, after almost twenty years of being a sysadmin, dealing with endless server problems, Windows problems galore, buggy software, and providing direct tech support to crabby, ungrateful end-users, I’ve recently come to the conclusion that to be a sysadmin, whether you know it or not, you have to be a masochist deep down, because only a crazy man would willingly endure this kind of torture. Smh. It’s true, it’s true. 🙄 Anywho, I’ll be your copilot this evening, so let’s kick this bitch into overdrive, and get some shit done.

Here’s some basic instructions to implement DKIM signing on Microsoft Exchange 2019 CU11 relatively painlessly in about 15 minutos, pending you’re on a recent version of Windows. In my case, I was on Windows Server Standard 2019 LTS v1809, so no .NET dependencies needed to be met. Cue Ranier Wolfcastle, “Up and at them!“.

Continue reading “Implementing DKIM on Exchange 2019 CU11 with Microsoft DNS”

Server 2012 and Up – Sync DHCP Filter List on Hot Spare Failover Server

Once again, we find out how worthless and pathetic Microsoft is when it comes to thoroughness. Starting with Server 2012, they added the ability to have a failover DHCP server using load balancing or by acting as a hot spare and have it replicate the server configuration, which is great, except they left out the MAC filtering lists, forcing us to use scripts yet again to accomplish something that should have been built in.
Continue reading “Server 2012 and Up – Sync DHCP Filter List on Hot Spare Failover Server”

Exchange 2010 – Add Send As Permission for All Users/Future Users from a User Account

No need for a bunch of hoopla, here’s the short and sweet version.

Add Send As Permission for All Users from a User Account

Get-Mailbox -ResultSize Unlimited | Add-ADPermission -User "YourDomain\Username" -Extendedrights "Send As"

To add send as permissions for future users, we need to create a powershell script with the above line in it, make sure you have enabled the use of unsigned scripts by issuing the “Set-ExecutionPolicy remotesigned” command at an administrator ran PowerShell prompt, and create a task scheduler job to run our script with the administrator credentials saved in there.
Continue reading “Exchange 2010 – Add Send As Permission for All Users/Future Users from a User Account”

Server 2012 – Force a Network Type with PowerShell

Here’s an annoying one that I run into quite frequently. On Windows Server 2012, it appears there’s not a quick and easy way to change the network type for a network connection other than to use PowerShell. The problem that I typically run into, is that firewall rules for a specific program are only set for the “domain” profile, so here’s how to force the network type on some interface. This is just for my own personal reference, but I took this info directly from here. Continue reading “Server 2012 – Force a Network Type with PowerShell”

Classic Shell – Registry Entries for Custom Windows 7 Style Start Menu

When applying the Classic Shell Group Policy Templates in Windows 2012 RDS, there is an option called “Menu items for the Windows 7 Style”. In order to customize the menu items, you first need to make changes to some user profile that is using Classic Shell and then go and retrieve the entries from the HKCU\Software\IvoSoft\ClassicStartMenu\Settings\MenuItems7 key in the Registry to know what to enter there. Even on the Classic Shell forums, they didn’t have it documented so here goes…

First, you should have a list of entries titled “Items(1-23).Command=” followed by the friendly name of the item.

Item1.Command=user_files

Following each one of those entires, you may or may not have an additional entry for each item titled “Items(1-23).Settings=” followed by one or more of the display options depending on how you want it displayed.

Item1.Settings=NOEXPAND

As of Classic Shell version 4.1, here is a list of the Command names and their descriptions:

admin - %AppData%\Microsoft\Windows\Start Menu\Programs\Administrative Tools
 Continue reading "Classic Shell – Registry Entries for Custom Windows 7 Style Start Menu"

Server 2012 – Remove Pinned Items on the Taskbar via Group Policy

I have researched for hours and hours and have looked into numerous different solutions on how to remove pinned items from the taskbar in Server 2012 and have not really found an elegant solution to the problem. Microsoft intentionally made it an extremely ridiculous and convoluted process to be able to add and remove pinned items from the taskbar. I guess it was meant to help prevent it from getting all fuckered up but for christ’s sake, I shouldn’t have to jump through effing hoops just to do such a seemingly rudimentary task.

Part of my particular issue lies in the fact that I’m setting up a completely locked down 2012 RDS environment where the users don’t even have access to the command prompt, powershell, or the ability to run VB scripts. This alone rules out almost every solution out there that I’ve found.

I have even gotten to the point of where I tried using Group Policy Preferences to create a HKCU RunOnce key to run a batch file to delete the necessary files, add the proper registry keys, kill the explorer.exe process, but then I can’t start explorer again without using cmd.exe and I don’t want the user to have to log off and back on again and we can just have a missing shortcut sitting in the freaking taskbar, it confuses people. WTF!!!
Continue reading “Server 2012 – Remove Pinned Items on the Taskbar via Group Policy”

Windows Terminal Server – Three Ways to Disable AVG Tray Icon via Group Policy

I scoured the internet forever and a day to find a way to disable the AVG tray icon in a Windows Terminal Server environment because as with most people, even though to make any major changes in the AVG settings it does require an admin password, I didn’t want my users to be able to toy around in there even, let alone run a bunch of malicious scans and slow the server down for everybody or gain access to view our AVG Business license key. I even contacted AVG technical support and they didn’t have a solution to my problem and I find it extremely hard to believe that I am the only person out there in the world facing this issue.

Well, today I finally figured out a way to disable the AVG tray icon via Group Policy using Software Restriction Policies. By creating a rule to prevent the running of the “avgui.exe” process, you can essentially disable the tray icon. As long as you have your group policies structured so that your users OU get a different group policy than say the admins OU, then the admins can still get into AVG, run any scans, or change any settings inside AVG. I guess I should mention that you could use this for any OU for that matter that you didn’t want to have access to the AVG UI, it’s not just limited to Remote Desktop Servers. Pretty sweet!
Continue reading “Windows Terminal Server – Three Ways to Disable AVG Tray Icon via Group Policy”

Installing Logitech Webcam Software on Windows Server

Recently I had a bad run in when installing Logitech’s software for the Webcam Pro 9000 camera on Windows Server 2003 x64.

After searching online for an hour or so, I found an article that showed the supported operating systems matrix for the majority of their webcams. Unfortunately to my dismay there was no support for any of the versions of Windows Server and when trying to install the software for LWS2.51 you get a nasty little error message saying some garbage about being an unsupported operating system.
Continue reading “Installing Logitech Webcam Software on Windows Server”