https://blog.j81.nl/categories/microsoft/Recent content in Microsoft on John Billekens | Notes from the fieldHugo -- gohugo.ioen© 2026 John BillekensSat, 10 Feb 2024 21:04:38 +0000https://blog.j81.nl/howto/howto-windows-export-certificate-pfx/Wed, 18 Oct 2023 09:45:25 +0000https://blog.j81.nl/howto/howto-windows-export-certificate-pfx/<p>group: &ldquo;Windows&rdquo;</p> <p>Certificates are an important part of a modern environment. They make communication safer by encrypting the traffic between the client and server. A safe way to move certificates between servers or store them safely is by exporting the certificate (private and public key) to an encrypted format. A commonly used format is &ldquo;pfx&rdquo; (Personal Information Exchange also known as PKCS#12). A pfx file can contain one or more certificates and is encrypted with a password. Without the correct password the pfx is useless. You commonly see that a pfx contains a (web) server certificate and one or more intermediate certificate(s) and a root certificate.</p>https://blog.j81.nl/posts/how-to-use-fslogix-appmasking-on-intune-managed-devices/Sun, 05 Jul 2020 09:50:02 +0000https://blog.j81.nl/posts/how-to-use-fslogix-appmasking-on-intune-managed-devices/<div class="wp-block-group"> <div class="wp-block-group__inner-container"> <div class="wp-block-group"> <div class="wp-block-group__inner-container"> <p>A while ago I was asked to apply FSLogix App Masking at a company to hide MS Office for certain users. Normally with just Active Directory that’s a done deal. But the targets were Intune managed. And since FSLogix Application Masking Is not yet supporting AzureAD we had to find other options.</p>https://blog.j81.nl/posts/office-online-apparently-only-supports-tls-1.0/Thu, 20 Sep 2018 19:57:00 +0000https://blog.j81.nl/posts/office-online-apparently-only-supports-tls-1.0/<p>Recently I had to configure a new <s>NetScaler</s> Citrix ADC for a new <s>ShareFile</s> Citrix Files deployment. Two Storage Zone Controllers load balanced via a Citrix ADC with a Content switch. Nothing out of the ordinary. It was when I activated the Office Online functionality on the Storage Zone Controller configuration page the error messages appeared. Each time as we tried to open an office document we got an error &ldquo;Sorry, there was a problem and we can&rsquo;t open this document. If this happens again, try opening the document in Microsoft Word.&rdquo; for Word documents and &ldquo;We couldn&rsquo;t find the file you wanted. It&rsquo;s possible the file was renamed, moved or deleted.&rdquo; for Excel documents. <img src="https://blog.j81.nl/wp-content/uploads/2018/09/OOExcelOnlineError.png" class="aligncenter size-medium wp-image-831" width="300" height="120" /> <img src="https://blog.j81.nl/wp-content/uploads/2018/09/OOWordOnlineError.png" class="aligncenter size-medium wp-image-832" width="300" height="130" /> I followed all the necessary checks as described in a Citrix Files <a href="https://docs.citrix.com/en-us/storagezones-controller/5-0/install/configure-storagezones-controller-for-web-app-previews-thumbnails.html" target="_blank" rel="noopener">Article</a>. But everything turned out okay, it worked as expected. What could it be? As it turned out to be the NetScaler SSL configuration was configured to high!? I always want that <a href="https://www.citrix.com/blogs/2018/05/16/scoring-an-a-at-ssllabs-com-with-citrix-netscaler-q2-2018-update/" target="_blank" rel="noopener">A+</a> on <a href="https://www.ssllabs.com/" target="_blank" rel="noopener">SSL Labs,</a> the same with this setup. It was when I reverted the Content Switch to it&rsquo;s default SSL parameters (TLS1.0 and the default Cipher suite) that Office Online started functioning. It could not retrieve the documents from the Storage Zone Controllers and thus it gave me this error messages. Luckily I had a separate Content Switch for internal and external traffic. I only had to lower the SSL settings on the internal Content Switch, this is the Content Switch the Office Online server was communicating with. So I hope Microsoft will add support for TLS 1.2 in Office Online (and give it some updates)</p>https://blog.j81.nl/posts/spontaneously-changing-default-printer/Sat, 18 Mar 2017 13:53:21 +0000https://blog.j81.nl/posts/spontaneously-changing-default-printer/<p>Yesterday I was at a Customers location and they had an issue with their printers on the XenDesktop VDI environment. Some users are using Exact to print all kinds of labels, in this case a Zebra label printer. And while they were printing labels, the label printer was set automagically as default. They started noticing this because when they wanted to print other (A4) reports, the layout was wrong and some information fell of the report. They could change the default printer back to the MFP, but when they printed labels again, you&rsquo;ll get it right? I recently helped them move from Windows 10 LTSB 2015 (1507) to Windows 10 LTSB 2016 (1607) and they started noticing this issue after the switch to the new Windows version. So what could it be? Turned out to be a setting in Windows&hellip; After changing this, the issue was gone. You can change it in &ldquo;Settings&rdquo;, &ldquo;Devices&rdquo;, &ldquo;Printers &amp; Scanners&rdquo; and change the setting &ldquo;Let Windows manage my Default printer&rdquo; to off. <img src="https://blog.j81.nl/wp-content/uploads/2017/03/20170318_Win10PrinterSettings.png" class="alignnone size-medium wp-image-609" width="300" height="111" /> Or you can set the following registry key:</p>https://blog.j81.nl/posts/windows-10-ltsb-2016-build-1607-stuck-at-other-user-while-logging-in/Fri, 27 Jan 2017 13:57:48 +0000https://blog.j81.nl/posts/windows-10-ltsb-2016-build-1607-stuck-at-other-user-while-logging-in/<p>While testing with the latest Windows 10 LTSB 2016 version I found out in 9 of 10 logins failed, it was stuck on the message &ldquo;Welcome other user&rdquo;&hellip; I used the same deployment steps as with LTSB 2015 and not working, what was wrong? After reading the Citrix forum I found out that more users were experiencing this issue. After some testing I found out that my issue was caused by a disabled Service named &ldquo;Device Association Service&rdquo;. This is one of the optimizations in the &ldquo;Technical Note – Optimize Windows 10&rdquo; guide from Citrix. Don&rsquo;t disable this service but leave it on Automatic. Since I found out I haven&rsquo;t seen this issue since.</p>https://blog.j81.nl/posts/exchange-config-for-the-netscaler-with-aaa-authentication/Sat, 21 Feb 2015 20:20:55 +0000https://blog.j81.nl/posts/exchange-config-for-the-netscaler-with-aaa-authentication/<p>Below is the NetScaler configuration for an Exchange environment. You need an Enterprise licence to activate AAA.</p> <div class="highlight-wrapper"><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">#--- Replace the text below with the actual data---# </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">#Domain Controller hostname and IP </span></span><span class="line"><span class="cl">&lt;DC01.DOMAIN.LOCAL&gt; </span></span><span class="line"><span class="cl">&lt;DC01IP&gt; </span></span><span class="line"><span class="cl">&lt;DC02.DOMAIN.LOCAL&gt; </span></span><span class="line"><span class="cl">&lt;DC01IP&gt; </span></span><span class="line"><span class="cl">#Exchange server hostname and IP </span></span><span class="line"><span class="cl">&lt;EXCH01.DOMAIN.LOCAL&gt; </span></span><span class="line"><span class="cl">&lt;EXCH01IP&gt; </span></span><span class="line"><span class="cl">&lt;EXCH02.DOMAIN.LOCAL&gt; </span></span><span class="line"><span class="cl">&lt;EXCH02IP&gt; </span></span><span class="line"><span class="cl">#Active Directory data </span></span><span class="line"><span class="cl">&lt;LDAPPATH&gt; </span></span><span class="line"><span class="cl">&lt;LDAPREAD@DOAMIN.LOCAL&gt; </span></span><span class="line"><span class="cl">&lt;LDAPREADPASSWD&gt; </span></span><span class="line"><span class="cl">#Client subnet marked save for private profile </span></span><span class="line"><span class="cl">&lt;CLIENTSUBNET&gt; </span></span><span class="line"><span class="cl">#AD group for always use of the private profile </span></span><span class="line"><span class="cl">&lt;ADEXCHPRIVATEGRP&gt; </span></span><span class="line"><span class="cl">#AAA Server FQDN and IP </span></span><span class="line"><span class="cl">&lt;AUTHVIPFQDN&gt; </span></span><span class="line"><span class="cl">&lt;AUTHVIPIP&gt; </span></span><span class="line"><span class="cl">#Content Switch IP </span></span><span class="line"><span class="cl">&lt;CSVIPIP&gt; </span></span><span class="line"><span class="cl">#Domain FQDN </span></span><span class="line"><span class="cl">&lt;DOMAIN.LOCAL&gt; </span></span><span class="line"><span class="cl">#Certiicatename as installed in the NetScaler </span></span><span class="line"><span class="cl">&lt;CERTIFICATE&gt; </span></span><span class="line"><span class="cl">#Test user for the POP monitor </span></span><span class="line"><span class="cl">&lt;POPTESTUSER&gt; </span></span><span class="line"><span class="cl">&lt;POPTESTPASSWD&gt; </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">#--- NS Config below this line ---# </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">enable ns feature LB CS CMP SSL AAA REWRITE RESPONDER </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">set ns httpProfile nshttp_default_profile -dropInvalReqs ENABLED </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">add server Srv_&lt;EXCH01.DOMAIN.LOCAL&gt; &lt;EXCH01IP&gt; </span></span><span class="line"><span class="cl">add server Srv_&lt;EXCH02.DOMAIN.LOCAL&gt; &lt;EXCH02IP&gt; </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">add serviceGroup SvcGrp_exchange_owa SSL -CMP YES -comment &#34;Outlook Web Access&#34; </span></span><span class="line"><span class="cl">add serviceGroup SvcGrp_exchange_oa SSL -CMP YES -comment &#34;Outlook Anywhere or RPC over HTTPS&#34; </span></span><span class="line"><span class="cl">add serviceGroup SvcGrp_exchange_ews SSL -CMP YES -comment &#34;Exchange Web Services&#34; </span></span><span class="line"><span class="cl">add serviceGroup SvcGrp_exchange_eas SSL -CMP YES -comment &#34;ActiveSync Service for Mobile Mail clients&#34; </span></span><span class="line"><span class="cl">add serviceGroup SvcGrp_exchange_ecp SSL -CMP YES -comment &#34;Exchange Control Panel&#34; </span></span><span class="line"><span class="cl">add serviceGroup SvcGrp_exchange_oab SSL -CMP YES -comment &#34;Offline Address Book&#34; </span></span><span class="line"><span class="cl">add serviceGroup SvcGrp_exchange_autodiscover SSL -CMP YES -comment &#34;Autodiscover Service&#34; </span></span><span class="line"><span class="cl">add serviceGroup SvcGrp_exchange_pop3 TCP-cltTimeout 9000 -svrTimeout 9000 </span></span><span class="line"><span class="cl">add serviceGroup SvcGrp_exchange_imap4 TCP -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 9000 -svrTimeout 9000 </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">add authentication ldapAction AuthLdapSrv_&lt;DC01.DOMAIN.LOCAL&gt; -serverIP &lt;DC01IP&gt; -ldapBase &#34;&lt;LDAPPATH&gt;&#34; -ldapBindDn &lt;LDAPREAD@DOAMIN.LOCAL&gt; -ldapBindDnPassword &lt;LDAPREADPASSWD&gt; -ldapLoginName samAccountName -groupAttrName memberOf -subAttributeName CN </span></span><span class="line"><span class="cl">add authentication ldapAction AuthLdapSrv_&lt;DC02.DOMAIN.LOCAL&gt; -serverIP &lt;DC02IP&gt; -ldapBase &#34;&lt;LDAPPATH&gt;&#34; -ldapBindDn &lt;LDAPREAD@DOAMIN.LOCAL&gt; -ldapBindDnPassword &lt;LDAPREADPASSWD&gt; -ldapLoginName samAccountName -groupAttrName memberOf -subAttributeName CN </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">add tm formSSOAction AaaSsoPro_exchange_public -actionURL &#34;/owa/auth.owa&#34; -userField username -passwdField password -ssoSuccessRule &#34;HTTP.RES.SET_COOKIE.COOKIE(&#34;cadata&#34;).VALUE(&#34;cadata&#34;).LENGTH.GT(70)&#34; -nameValuePair &#34;flags=0&amp;trusted=0&#34; -responsesize 60000 -submitMethod POST </span></span><span class="line"><span class="cl">add tm formSSOAction AaaSsoPro_exchange_private -actionURL &#34;/owa/auth.owa&#34; -userField username -passwdField password -ssoSuccessRule &#34;HTTP.RES.SET_COOKIE.COOKIE(&#34;cadata&#34;).VALUE(&#34;cadata&#34;).LENGTH.GT(70)&#34; -nameValuePair &#34;flags=4&amp;trusted=0&#34; -responsesize 60000 -submitMethod POST </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">add tm trafficAction AaaTrafPro_exchange_public -appTimeout 1 -SSO ON -formSSOAction AaaSsoPro_exchange_public -persistentCookie OFF -InitiateLogout OFF -kcdAccount NONE </span></span><span class="line"><span class="cl">add tm trafficAction AaaTrafPro_exchange_private -appTimeout 1 -SSO ON -formSSOAction AaaSsoPro_exchange_private -persistentCookie OFF -InitiateLogout OFF -kcdAccount NONE </span></span><span class="line"><span class="cl">add tm trafficAction AaaTrafPro_exchange_logoff_global -appTimeout 1 -SSO ON -persistentCookie OFF -InitiateLogout ON -kcdAccount NONE </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">add authentication ldapPolicy AuthLdapPol_&lt;DC01.DOMAIN.LOCAL&gt; ns_true AuthLdapSrv_&lt;DC01.DOMAIN.LOCAL&gt; </span></span><span class="line"><span class="cl">add authentication ldapPolicy AuthLdapPol_&lt;DC02.DOMAIN.LOCAL&gt; ns_true AuthLdapSrv_&lt;DC02.DOMAIN.LOCAL&gt; </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">add tm trafficPolicy AaaTrafPol_exchange_public &#34;HTTP.REQ.URL.CONTAINS(&#34;owa/auth/logon.aspx&#34;) &amp;&amp; CLIENT.IP.SRC.IN_SUBNET(&lt;CLIENTSUBNET&gt;).NOT&#34; AaaTrafPro_exchange_public </span></span><span class="line"><span class="cl">add tm trafficPolicy AaaTrafPol_exchange_private &#34;HTTP.REQ.URL.CONTAINS(&#34;owa/auth/logon.aspx&#34;) &amp;&amp; CLIENT.IP.SRC.IN_SUBNET(&lt;CLIENTSUBNET&gt;) || HTTP.REQ.USER.IS_MEMBER_OF(&#34;&lt;ADEXCHPRIVATEGRP&gt;&#34;)&#34; AaaTrafPro_exchange_private </span></span><span class="line"><span class="cl">add tm trafficPolicy AaaTrafPol_exchange_logoff_global &#34;HTTP.REQ.URL.CONTAINS(&#34;owa/logoff.owa&#34;)&#34; AaaTrafPro_exchange_logoff_global </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">add lb vserver LbVip_exchange_owa SSL 0.0.0.0 0 -persistenceType SSLSESSION -cltTimeout 180 -AuthenticationHost &lt;AUTHVIPFQDN&gt; -Authentication ON -authnVsName AaaVip_&lt;AUTHVIPFQDN&gt; -comment &#34;Outlook Web Access&#34; </span></span><span class="line"><span class="cl">add lb vserver LbVip_exchange_ews SSL 0.0.0.0 0 -persistenceType SSLSESSION -cltTimeout 180 -authn401 ON -authnVsName AaaVip_&lt;AUTHVIPFQDN&gt; -comment &#34;Exchange Web Service&#34; </span></span><span class="line"><span class="cl">add lb vserver LbVip_exchange_autodiscover SSL 0.0.0.0 0 -persistenceType SSLSESSION -cltTimeout 180 -authn401 ON -authnVsName AaaVip_&lt;AUTHVIPFQDN&gt; -comment &#34;Autodiscover Service&#34; </span></span><span class="line"><span class="cl">add lb vserver LbVip_exchange_ecp SSL 0.0.0.0 0 -persistenceType SSLSESSION -cltTimeout 180 -AuthenticationHost &lt;AUTHVIPFQDN&gt; -Authentication ON -authnVsName AaaVip_&lt;AUTHVIPFQDN&gt; -comment &#34;Exchange Control Panel&#34; </span></span><span class="line"><span class="cl">add lb vserver LbVip_exchange_eas SSL 0.0.0.0 0 -persistenceType SSLSESSION -cltTimeout 180 -authn401 ON -authnVsName AaaVip_&lt;AUTHVIPFQDN&gt; -comment &#34;ActiveSync Service for Mobile Mail clients&#34; </span></span><span class="line"><span class="cl">add lb vserver LbVip_exchange_oab SSL 0.0.0.0 0 -persistenceType SSLSESSION -cltTimeout 180 -authn401 ON -authnVsName AaaVip_&lt;AUTHVIPFQDN&gt; -comment &#34;Offline Address Book&#34; </span></span><span class="line"><span class="cl">add lb vserver LbVip_exchange_oa SSL 0.0.0.0 0 -persistenceType SSLSESSION -cltTimeout 180 -authn401 ON -authnVsName AaaVip_&lt;AUTHVIPFQDN&gt; -comment &#34;Outlook Anywhere or RPC over HTTPS&#34; </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">add lb vserver LbVip_exchange_imap4 SSL_TCP &lt;CSVIPIP&gt; 993 -persistenceType SSLSESSION -cltTimeout 9000 </span></span><span class="line"><span class="cl">add lb vserver LbVip_exchange_pop3 SSL_TCP &lt;CSVIPIP&gt; 995 -persistenceType SSLSESSION -cltTimeout 9000 </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">add authentication vserver AaaVip_&lt;AUTHVIPFQDN&gt; SSL &lt;AUTHVIPIP&gt; 443 -AuthenticationDomain &lt;DOMAIN.LOCAL&gt; </span></span><span class="line"><span class="cl">add cs vserver CswVip_https_&lt;DOMAIN.LOCAL&gt; SSL &lt;CSVIPIP&gt; 443 -cltTimeout 180 -caseSensitive OFF -httpProfileName nshttp_default_strict_validation </span></span><span class="line"><span class="cl">add cs vserver CswVip_http_&lt;DOMAIN.LOCAL&gt; HTTP &lt;CSVIPIP&gt; 80 -cltTimeout 180 -caseSensitive OFF -httpProfileName nshttp_default_strict_validation </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">add cs action CswAct_ews -targetLBVserver LbVip_exchange_ews </span></span><span class="line"><span class="cl">add cs action CswAct_owa -targetLBVserver LbVip_exchange_owa </span></span><span class="line"><span class="cl">add cs action CswAct_ecp -targetLBVserver LbVip_exchange_ecp </span></span><span class="line"><span class="cl">add cs action CswAct_eas -targetLBVserver LbVip_exchange_eas </span></span><span class="line"><span class="cl">add cs action CswAct_oab -targetLBVserver LbVip_exchange_oab </span></span><span class="line"><span class="cl">add cs action CswAct_oa -targetLBVserver LbVip_exchange_oa </span></span><span class="line"><span class="cl">add cs action CswAct_autodiscover -targetLBVserver LbVip_exchange_autodiscover </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">add cs policy CswPol_ews -rule &#34;HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(&#34;/ews&#34;)&#34; -action CswAct_ews </span></span><span class="line"><span class="cl">add cs policy CswPol_owa -rule &#34;HTTP.REQ.HEADER(&#34;User-Agent&#34;).SET_TEXT_MODE(IGNORECASE).CONTAINS(&#34;Mozilla&#34;)&#34; -action CswAct_owa </span></span><span class="line"><span class="cl">add cs policy CswPol_ecp -rule &#34;HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(&#34;/ecp&#34;)&#34; -action CswAct_ecp </span></span><span class="line"><span class="cl">add cs policy CswPol_eas -rule &#34;HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(&#34;/Microsoft-Server-ActiveSync&#34;)&#34; -action CswAct_eas </span></span><span class="line"><span class="cl">add cs policy CswPol_oab -rule &#34;HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(&#34;/oab&#34;)&#34; -action CswAct_oab </span></span><span class="line"><span class="cl">add cs policy CswPol_oa -rule &#34;HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(&#34;/rpc&#34;)&#34; -action CswAct_oa </span></span><span class="line"><span class="cl">add cs policy CswPol_autodiscover -rule &#34;HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(&#34;/AutoDiscover&#34;)&#34; -action CswAct_autodiscover </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">add rewrite action RewAct_exchange_insert_pback_cookie_1 insert_http_header COOKIE &#34;&#34;PBack=0;&#34;&#34; </span></span><span class="line"><span class="cl">add rewrite action RewAct_exchange_insert_pback_cookie_2 insert_after &#34;HTTP.REQ.HEADER(&#34;COOKIE&#34;).INSTANCE(0).SUBSTR(&#34;:&#34;)&#34; &#34;&#34; PBack=0;&#34;&#34; </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">add rewrite policy RewPol_exchange_insert_pback_cookie_1 &#34;HTTP.REQ.URL.CONTAINS(&#34;owa/auth/logon.aspx&#34;) &amp;&amp; HTTP.REQ.COOKIE.COUNT.GT(2).NOT&#34; RewAct_exchange_insert_pback_cookie_1 </span></span><span class="line"><span class="cl">add rewrite policy RewPol_exchange_insert_pback_cookie_2 &#34;HTTP.REQ.URL.CONTAINS(&#34;owa/auth/logon.aspx&#34;) &amp;&amp; HTTP.REQ.COOKIE.COUNT.GT(2)&#34; RewAct_exchange_insert_pback_cookie_2 </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">bind rewrite global RewPol_exchange_insert_pback_cookie_2 100 END -type REQ_DEFAULT </span></span><span class="line"><span class="cl">bind rewrite global RewPol_exchange_insert_pback_cookie_1 110 END -type REQ_DEFAULT </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">add responder action ResAct_exchange_ToOwa redirect &#34;&#34;/owa&#34;&#34; </span></span><span class="line"><span class="cl">add responder policy ResPol_exchange_ToOwa &#34;HTTP.REQ.URL.STARTSWITH(&#34;/owa&#34;).NOT&#34; ResAct_exchange_ToOwa </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">add responder action ResAct_ToHTTPS_301 respondwith q{&#34;HTTP/1.1 301 Moved Permanentlyrn&#34; + &#34;Location: https://&#34; + HTTP.REQ.HOSTNAME + HTTP.REQ.URL.PATH_AND_QUERY + &#34;rnrn&#34;} -bypassSafetyCheck YES </span></span><span class="line"><span class="cl">add responder policy ResPol_RedirToHTTPS true ResAct_ToHTTPS_301 </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">add responder action ResAct_ToHTTPS_404 respondwith q{&#34;HTTP/1.1 404 Not Foundrn&#34;} -bypassSafetyCheck YES </span></span><span class="line"><span class="cl">add responder policy ResPol_RespondWith404 true ResAct_ToHTTPS_404 </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">bind lb vserver LbVip_exchange_owa SvcGrp_exchange_owa </span></span><span class="line"><span class="cl">bind lb vserver LbVip_exchange_oa SvcGrp_exchange_oa </span></span><span class="line"><span class="cl">bind lb vserver LbVip_exchange_ews SvcGrp_exchange_ews </span></span><span class="line"><span class="cl">bind lb vserver LbVip_exchange_eas SvcGrp_exchange_eas </span></span><span class="line"><span class="cl">bind lb vserver LbVip_exchange_ecp SvcGrp_exchange_ecp </span></span><span class="line"><span class="cl">bind lb vserver LbVip_exchange_oab SvcGrp_exchange_oab </span></span><span class="line"><span class="cl">bind lb vserver LbVip_exchange_autodiscover SvcGrp_exchange_autodiscover </span></span><span class="line"><span class="cl">bind lb vserver LbVip_exchange_pop3 SvcGrp_exchange_pop3 </span></span><span class="line"><span class="cl">bind lb vserver LbVip_exchange_imap4 SvcGrp_exchange_imap4 </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">bind lb vserver LbVip_exchange_owa -policyName AaaTrafPol_exchange_private -priority 100 -gotoPriorityExpression END -type REQUEST </span></span><span class="line"><span class="cl">bind lb vserver LbVip_exchange_owa -policyName AaaTrafPol_exchange_public -priority 110 -gotoPriorityExpression END -type REQUEST </span></span><span class="line"><span class="cl">bind lb vserver LbVip_exchange_ecp -policyName AaaTrafPol_exchange_public -priority 100 -gotoPriorityExpression END -type REQUEST </span></span><span class="line"><span class="cl">bind lb vserver LbVip_exchange_ecp -policyName AaaTrafPol_exchange_private -priority 110 -gotoPriorityExpression END -type REQUEST </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">bind lb vserver LbVip_exchange_owa -policyName ResPol_exchange_ToOwa -priority 100 -gotoPriorityExpression END -type REQUEST </span></span><span class="line"><span class="cl">bind cs vserver CswVip_http_&lt;DOMAIN.LOCAL&gt; -policyName ResPol_RedirWebmailToHTTPS -priority 100 -gotoPriorityExpression END -type REQUEST </span></span><span class="line"><span class="cl">bind cs vserver CswVip_http_&lt;DOMAIN.LOCAL&gt; -policyName ResPol_RespondWith404 -priority 10000 -gotoPriorityExpression END -type REQUEST </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">bind cs vserver CswVip_https_&lt;DOMAIN.LOCAL&gt; -policyName CswPol_autodiscover -priority 100 </span></span><span class="line"><span class="cl">bind cs vserver CswVip_https_&lt;DOMAIN.LOCAL&gt; -policyName CswPol_eas -priority 110 </span></span><span class="line"><span class="cl">bind cs vserver CswVip_https_&lt;DOMAIN.LOCAL&gt; -policyName CswPol_ews -priority 120 </span></span><span class="line"><span class="cl">bind cs vserver CswVip_https_&lt;DOMAIN.LOCAL&gt; -policyName CswPol_oab -priority 130 </span></span><span class="line"><span class="cl">bind cs vserver CswVip_https_&lt;DOMAIN.LOCAL&gt; -policyName CswPol_oa -priority 140 </span></span><span class="line"><span class="cl">bind cs vserver CswVip_https_&lt;DOMAIN.LOCAL&gt; -policyName CswPol_ecp -priority 150 </span></span><span class="line"><span class="cl">bind cs vserver CswVip_https_&lt;DOMAIN.LOCAL&gt; -policyName CswPol_owa -priority 160 </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">set ns httpParam -dropInvalReqs ON </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">add lb monitor Mon_imap4 TCP-ECV -send &#34;GET /&#34; -recv &#34;The Microsoft Exchange IMAP4 service is ready.&#34; -LRTM ENABLED -interval 30 -destPort 143 </span></span><span class="line"><span class="cl">add lb monitor Mon_pop3 POP3 -scriptName nspop3.pl -dispatcherIP 127.0.0.1 -dispatcherPort 3013 -userName &lt;POPTESTUSER&gt; -password &lt;POPTESTPASSWD&gt; -LRTM ENABLED -interval 30 </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">#Not needed for Exchange 2007-2010 </span></span><span class="line"><span class="cl">add lb monitor Mon_owa TCP-ECV -send &#34;GET /owa/healthcheck.htm HTTP/1.1rnHost:&lt;EXCHANGEWEBMAILURL&gt;rnConnection:Closernrn&#34; -recv 200 -LRTM ENABLED -retries 10 -secure YES </span></span><span class="line"><span class="cl">add lb monitor Mon_ecp TCP-ECV -send &#34;GET /ecp/healthcheck.htm HTTP/1.1rnHost:&lt;EXCHANGEWEBMAILURL&gt;rnConnection:Closernrn&#34; -recv 200 -LRTM ENABLED -retries 10 -secure YES </span></span><span class="line"><span class="cl">add lb monitor Mon_ews TCP-ECV -send &#34;GET /ews/healthcheck.htm HTTP/1.1rnHost:&lt;EXCHANGEWEBMAILURL&gt;rnConnection:Closernrn&#34; -recv 200 -LRTM ENABLED -retries 10 -secure YES </span></span><span class="line"><span class="cl">add lb monitor Mon_eas TCP-ECV -send &#34;GET /Microsoft-Server-ActiveSync/healthcheck.htm HTTP/1.1rnHost:&lt;EXCHANGEWEBMAILURL&gt;rnConnection:Closernrn&#34; -recv 200 -LRTM ENABLED -retries 10 -secure YES </span></span><span class="line"><span class="cl">add lb monitor Mon_oab TCP-ECV -send &#34;GET /oab/healthcheck.htm HTTP/1.1rnHost:&lt;EXCHANGEWEBMAILURL&gt;rnConnection:Closernrn&#34; -recv 200 -LRTM ENABLED -retries 10 -secure YES </span></span><span class="line"><span class="cl">add lb monitor Mon_oa TCP-ECV -send &#34;GET /rpc/healthcheck.htm HTTP/1.1rnHost:&lt;EXCHANGEWEBMAILURL&gt;rnConnection:Closernrn&#34; -recv 200 -LRTM ENABLED -retries 10 -secure YES </span></span><span class="line"><span class="cl">add lb monitor Mon_Autodiscover TCP-ECV -send &#34;GET /Autodiscover/healthcheck.htm HTTP/1.1rnHost:&lt;EXCHANGEWEBMAILURL&gt;rnConnection:Closernrn&#34; -recv 200 -LRTM ENABLED -retries 10 -secure YES </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">bind serviceGroup SvcGrp_exchange_owa Srv_&lt;EXCH01.DOMAIN.LOCAL&gt; 443 -CustomServerID &#34;&#34;None&#34;&#34; </span></span><span class="line"><span class="cl">bind serviceGroup SvcGrp_exchange_owa Srv_&lt;EXCH02.DOMAIN.LOCAL&gt; 443 -CustomServerID &#34;&#34;None&#34;&#34; </span></span><span class="line"><span class="cl">#Exchange 2013 </span></span><span class="line"><span class="cl">bind serviceGroup SvcGrp_exchange_owa -monitorName Mon_owa </span></span><span class="line"><span class="cl">#Exchange 2007-2010 </span></span><span class="line"><span class="cl">#bind serviceGroup SvcGrp_exchange_owa -monitorName https-ecv </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">bind serviceGroup SvcGrp_exchange_oa Srv_&lt;EXCH01.DOMAIN.LOCAL&gt; 443 -CustomServerID &#34;&#34;None&#34;&#34; </span></span><span class="line"><span class="cl">bind serviceGroup SvcGrp_exchange_oa Srv_&lt;EXCH02.DOMAIN.LOCAL&gt; 443 -CustomServerID &#34;&#34;None&#34;&#34; </span></span><span class="line"><span class="cl">#Exchange 2013 </span></span><span class="line"><span class="cl">bind serviceGroup SvcGrp_exchange_oa -monitorName Mon_oa </span></span><span class="line"><span class="cl">#Exchange 2007-2010 </span></span><span class="line"><span class="cl">#bind serviceGroup SvcGrp_exchange_oa -monitorName https-ecv </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">bind serviceGroup SvcGrp_exchange_ews Srv_&lt;EXCH01.DOMAIN.LOCAL&gt; 443 -CustomServerID &#34;&#34;None&#34;&#34; </span></span><span class="line"><span class="cl">bind serviceGroup SvcGrp_exchange_ews Srv_&lt;EXCH02.DOMAIN.LOCAL&gt; 443 -CustomServerID &#34;&#34;None&#34;&#34; </span></span><span class="line"><span class="cl">#Exchange 2013 </span></span><span class="line"><span class="cl">bind serviceGroup SvcGrp_exchange_ews -monitorName Mon_ews </span></span><span class="line"><span class="cl">#Exchange 2007-2010 </span></span><span class="line"><span class="cl">#bind serviceGroup SvcGrp_exchange_ews -monitorName https-ecv </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">bind serviceGroup SvcGrp_exchange_eas Srv_&lt;EXCH01.DOMAIN.LOCAL&gt; 443 -CustomServerID &#34;&#34;None&#34;&#34; </span></span><span class="line"><span class="cl">bind serviceGroup SvcGrp_exchange_eas Srv_&lt;EXCH02.DOMAIN.LOCAL&gt; 443 -CustomServerID &#34;&#34;None&#34;&#34; </span></span><span class="line"><span class="cl">#Exchange 2013 </span></span><span class="line"><span class="cl">bind serviceGroup SvcGrp_exchange_eas -monitorName Mon_eas </span></span><span class="line"><span class="cl">#Exchange 2007-2010 </span></span><span class="line"><span class="cl">#bind serviceGroup SvcGrp_exchange_eas -monitorName https-ecv </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">bind serviceGroup SvcGrp_exchange_ecp Srv_&lt;EXCH01.DOMAIN.LOCAL&gt; 443 -CustomServerID &#34;&#34;None&#34;&#34; </span></span><span class="line"><span class="cl">bind serviceGroup SvcGrp_exchange_ecp Srv_&lt;EXCH02.DOMAIN.LOCAL&gt; 443 -CustomServerID &#34;&#34;None&#34;&#34; </span></span><span class="line"><span class="cl">#Exchange 2013 </span></span><span class="line"><span class="cl">bind serviceGroup SvcGrp_exchange_ecp -monitorName Mon_ecp </span></span><span class="line"><span class="cl">#Exchange 2007-2010 </span></span><span class="line"><span class="cl">#bind serviceGroup SvcGrp_exchange_ecp -monitorName https-ecv </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">bind serviceGroup SvcGrp_exchange_oab Srv_&lt;EXCH01.DOMAIN.LOCAL&gt; 443 -CustomServerID &#34;&#34;None&#34;&#34; </span></span><span class="line"><span class="cl">bind serviceGroup SvcGrp_exchange_oab Srv_&lt;EXCH02.DOMAIN.LOCAL&gt; 443 -CustomServerID &#34;&#34;None&#34;&#34; </span></span><span class="line"><span class="cl">#Exchange 2013 </span></span><span class="line"><span class="cl">bind serviceGroup SvcGrp_exchange_oab -monitorName Mon_oab </span></span><span class="line"><span class="cl">#Exchange 2007-2010 </span></span><span class="line"><span class="cl">#bind serviceGroup SvcGrp_exchange_oab -monitorName https-ecv </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">bind serviceGroup SvcGrp_exchange_autodiscover Srv_&lt;EXCH01.DOMAIN.LOCAL&gt; 443 -CustomServerID &#34;&#34;None&#34;&#34; </span></span><span class="line"><span class="cl">bind serviceGroup SvcGrp_exchange_autodiscover Srv_&lt;EXCH02.DOMAIN.LOCAL&gt; 443 -CustomServerID &#34;&#34;None&#34;&#34; </span></span><span class="line"><span class="cl">#Exchange 2013 </span></span><span class="line"><span class="cl">bind serviceGroup SvcGrp_exchange_autodiscover -monitorName Mon_Autodiscover </span></span><span class="line"><span class="cl">#Exchange 2007-2010 </span></span><span class="line"><span class="cl">#bind serviceGroup SvcGrp_exchange_autodiscover -monitorName https-ecv </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">bind serviceGroup SvcGrp_exchange_pop3 Srv_&lt;EXCH01.DOMAIN.LOCAL&gt; 110 -CustomServerID &#34;&#34;None&#34;&#34; </span></span><span class="line"><span class="cl">bind serviceGroup SvcGrp_exchange_pop3 Srv_&lt;EXCH02.DOMAIN.LOCAL&gt; 110 -CustomServerID &#34;&#34;None&#34;&#34; </span></span><span class="line"><span class="cl">bind serviceGroup SvcGrp_exchange_pop3 -monitorName Mon_pop3 </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">bind serviceGroup SvcGrp_exchange_imap4 Srv_&lt;EXCH01.DOMAIN.LOCAL&gt; 143 -CustomServerID &#34;&#34;None&#34;&#34; </span></span><span class="line"><span class="cl">bind serviceGroup SvcGrp_exchange_imap4 Srv_&lt;EXCH02.DOMAIN.LOCAL&gt; 143 -CustomServerID &#34;&#34;None&#34;&#34; </span></span><span class="line"><span class="cl">bind serviceGroup SvcGrp_exchange_imap4 -monitorName Mon_imap4 </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">set ssl vserver LbVip_exchange_owa -ssl3 DISABLED </span></span><span class="line"><span class="cl">set ssl vserver LbVip_exchange_ews -ssl3 DISABLED </span></span><span class="line"><span class="cl">set ssl vserver LbVip_exchange_autodiscover -ssl3 DISABLED </span></span><span class="line"><span class="cl">set ssl vserver LbVip_exchange_ecp -ssl3 DISABLED </span></span><span class="line"><span class="cl">set ssl vserver LbVip_exchange_eas -ssl3 DISABLED </span></span><span class="line"><span class="cl">set ssl vserver LbVip_exchange_oab -ssl3 DISABLED </span></span><span class="line"><span class="cl">set ssl vserver LbVip_exchange_oa -ssl3 DISABLED </span></span><span class="line"><span class="cl">set ssl vserver LbVip_exchange_imap4 -ssl3 DISABLED </span></span><span class="line"><span class="cl">set ssl vserver LbVip_exchange_pop3 -ssl3 DISABLED </span></span><span class="line"><span class="cl">set ssl vserver AaaVip_&lt;AUTHVIPFQDN&gt; -ssl3 DISABLED </span></span><span class="line"><span class="cl">set ssl vserver CswVip_https_&lt;DOMAIN.LOCAL&gt; -ssl3 DISABLED </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">add tm sessionAction AaaSesPro_sso_exchange -sessTimeout 60 -defaultAuthorizationAction ALLOW -SSO ON -ssoCredential PRIMARY -ssoDomain Domain -httpOnlyCookie NO -persistentCookie ON -persistentCookieValidity 30 </span></span><span class="line"><span class="cl">add tm sessionPolicy AaaSesPol_sso_exchange ns_true AaaSesPro_sso_exchange </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">bind tm global -policyName AaaTrafPol_exchange_logoff_global -priority 100 </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">bind authentication vserver AaaVip_&lt;AUTHVIPFQDN&gt; -policy AuthLdapPol_&lt;DC01.DOMAIN.LOCAL&gt; -priority 100 </span></span><span class="line"><span class="cl">bind authentication vserver AaaVip_&lt;AUTHVIPFQDN&gt; -policy AuthLdapPol_&lt;DC02.DOMAIN.LOCAL&gt; -priority 110 </span></span><span class="line"><span class="cl">bind authentication vserver AaaVip_&lt;AUTHVIPFQDN&gt; -policy AaaSesPol_sso_exchange -priority 100 </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">add ssl cipher HighSecurity </span></span><span class="line"><span class="cl">bind ssl cipher HighSecurity -cipherName TLS1-ECDHE-RSA-AES256-SHA </span></span><span class="line"><span class="cl">bind ssl cipher HighSecurity -cipherName TLS1-ECDHE-RSA-AES128-SHA </span></span><span class="line"><span class="cl">bind ssl cipher HighSecurity -cipherName TLS1-ECDHE-RSA-DES-CBC3-SHA </span></span><span class="line"><span class="cl">bind ssl cipher HighSecurity -cipherName TLS1-DHE-RSA-AES-256-CBC-SHA </span></span><span class="line"><span class="cl">bind ssl cipher HighSecurity -cipherName TLS1-DHE-DSS-AES-256-CBC-SHA </span></span><span class="line"><span class="cl">bind ssl cipher HighSecurity -cipherName TLS1-DHE-RSA-AES-128-CBC-SHA </span></span><span class="line"><span class="cl">bind ssl cipher HighSecurity -cipherName TLS1-DHE-DSS-AES-128-CBC-SHA </span></span><span class="line"><span class="cl">bind ssl cipher HighSecurity -cipherName TLS1-AES-256-CBC-SHA </span></span><span class="line"><span class="cl">bind ssl cipher HighSecurity -cipherName TLS1-AES-128-CBC-SHA </span></span><span class="line"><span class="cl">bind ssl cipher HighSecurity -cipherName SSL3-DES-CBC3-SHA </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">bind ssl vserver LbVip_exchange_owa -certkeyName &#34;&lt;CERTIFICATE&gt;&#34; </span></span><span class="line"><span class="cl">bind ssl vserver LbVip_exchange_ews -certkeyName &#34;&lt;CERTIFICATE&gt;&#34; </span></span><span class="line"><span class="cl">bind ssl vserver LbVip_exchange_autodiscover -certkeyName &#34;&lt;CERTIFICATE&gt;&#34; </span></span><span class="line"><span class="cl">bind ssl vserver LbVip_exchange_ecp -certkeyName &#34;&lt;CERTIFICATE&gt;&#34; </span></span><span class="line"><span class="cl">bind ssl vserver LbVip_exchange_eas -certkeyName &#34;&lt;CERTIFICATE&gt;&#34; </span></span><span class="line"><span class="cl">bind ssl vserver LbVip_exchange_oab -certkeyName &#34;&lt;CERTIFICATE&gt;&#34; </span></span><span class="line"><span class="cl">bind ssl vserver LbVip_exchange_oa -certkeyName &#34;&lt;CERTIFICATE&gt;&#34; </span></span><span class="line"><span class="cl">bind ssl vserver LbVip_exchange_imap4 -certkeyName &#34;&lt;CERTIFICATE&gt;&#34; </span></span><span class="line"><span class="cl">bind ssl vserver LbVip_exchange_pop3 -certkeyName &#34;&lt;CERTIFICATE&gt;&#34; </span></span><span class="line"><span class="cl">bind ssl vserver AaaVip_&lt;AUTHVIPFQDN&gt; -certkeyName &#34;&lt;CERTIFICATE&gt;&#34; </span></span><span class="line"><span class="cl">bind ssl vserver CswVip_https_&lt;DOMAIN.LOCAL&gt; -certkeyName &#34;&lt;CERTIFICATE&gt;&#34; </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">unbind ssl vserver LbVip_exchange_owa -cipherName DEFAULT </span></span><span class="line"><span class="cl">unbind ssl vserver LbVip_exchange_ews -cipherName DEFAULT </span></span><span class="line"><span class="cl">unbind ssl vserver LbVip_exchange_autodiscover -cipherName DEFAULT </span></span><span class="line"><span class="cl">unbind ssl vserver LbVip_exchange_ecp -cipherName DEFAULT </span></span><span class="line"><span class="cl">unbind ssl vserver LbVip_exchange_eas -cipherName DEFAULT </span></span><span class="line"><span class="cl">unbind ssl vserver LbVip_exchange_oab -cipherName DEFAULT </span></span><span class="line"><span class="cl">unbind ssl vserver LbVip_exchange_oa -cipherName DEFAULT </span></span><span class="line"><span class="cl">unbind ssl vserver LbVip_exchange_imap4 -cipherName DEFAULT </span></span><span class="line"><span class="cl">unbind ssl vserver LbVip_exchange_pop3 -cipherName DEFAULT </span></span><span class="line"><span class="cl">unbind ssl vserver AaaVip_&lt;AUTHVIPFQDN&gt; -cipherName DEFAULT </span></span><span class="line"><span class="cl">unbind ssl vserver CswVip_https_&lt;DOMAIN.LOCAL&gt; -cipherName DEFAULT </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">bind ssl vserver LbVip_exchange_owa -cipherName HighSecurity </span></span><span class="line"><span class="cl">bind ssl vserver LbVip_exchange_ews -cipherName HighSecurity </span></span><span class="line"><span class="cl">bind ssl vserver LbVip_exchange_autodiscover -cipherName HighSecurity </span></span><span class="line"><span class="cl">bind ssl vserver LbVip_exchange_ecp -cipherName HighSecurity </span></span><span class="line"><span class="cl">bind ssl vserver LbVip_exchange_eas -cipherName HighSecurity </span></span><span class="line"><span class="cl">bind ssl vserver LbVip_exchange_oab -cipherName HighSecurity </span></span><span class="line"><span class="cl">bind ssl vserver LbVip_exchange_oa -cipherName HighSecurity </span></span><span class="line"><span class="cl">bind ssl vserver LbVip_exchange_imap4 -cipherName HighSecurity </span></span><span class="line"><span class="cl">bind ssl vserver LbVip_exchange_pop3 -cipherName HighSecurity </span></span><span class="line"><span class="cl">bind ssl vserver AaaVip_&lt;AUTHVIPFQDN&gt; -cipherName HighSecurity </span></span><span class="line"><span class="cl">bind ssl vserver CswVip_https_&lt;DOMAIN.LOCAL&gt; -cipherName HighSecurity</span></span></code></pre></div></div> <p> </p>https://blog.j81.nl/posts/changing-microsoft-adcs-from-sha1-to-sha256/Wed, 05 Nov 2014 13:34:14 +0000https://blog.j81.nl/posts/changing-microsoft-adcs-from-sha1-to-sha256/<p>When ADCS uses sha1 for their certificates, you might want to change it to sha254. <em><strong>NOTE: Make sure all your devices support sha256</strong></em> sha1 <a href="https://blog.j81.nl/wp-content/uploads/2014/11/2014-11-05-13_59_49-sha1-1-1.png" ><img src="//10.250.1.231/wp-content/uploads/2014/11/2014-11-05-13_59_49-sha1.png" class="alignnone size-medium wp-image-228" width="300" height="104" alt="2014-11-05 13_59_49-sha1" /></a> sha256 <a href="https://blog.j81.nl/wp-content/uploads/2014/11/2014-11-05-13_59_12-sha256-1-1.png" ><img src="//10.250.1.231/wp-content/uploads/2014/11/2014-11-05-13_59_12-sha256.png" class="alignnone size-medium wp-image-229" width="300" height="108" alt="2014-11-05 13_59_12-sha256" /></a> To achieve this enter the following commands in an elivated DOS-box:</p>https://blog.j81.nl/posts/procmon-remote-monitoring/Wed, 27 Aug 2014 19:48:42 +0000https://blog.j81.nl/posts/procmon-remote-monitoring/<p>psexec \COMPUTERNAME -u domainuser -sd -i 0 &ldquo;c:Procmon.exe&rdquo; /accepteula /backingfile c:output.pml /nofilter /quiet Aanmelden met de gebruiker, en afmelden (kan wat langer duren door de logging) Daarna procmon stoppen (om de log file te sluiten) psexec \COMPUTERNAME -u domainuser -sd -i 0 &ldquo;c:Procmon.exe&rdquo; Terminate   Sysinternals tools benodigd:   psexec procmon</p>https://blog.j81.nl/posts/12-steps-to-remotely-manage-hyper-v-server-2012-core/Sun, 08 Jun 2014 15:47:51 +0000https://blog.j81.nl/posts/12-steps-to-remotely-manage-hyper-v-server-2012-core/<p>Install Hyper-V Server 2012 Core and log in to the console.</p> <ol> <li> <p>Configure date and time (select #9).</p> </li> <li> <p>Enable Remote Desktop (select #7). Also select the ‘Less Secure’ option.</p> </li> <li> <p>Configure Remote Management (select #4 then #1).</p>https://blog.j81.nl/posts/nested-hypervisor-on-vsphere/Sun, 08 Jun 2014 08:43:14 +0000https://blog.j81.nl/posts/nested-hypervisor-on-vsphere/<p>VM Hardware version 9 or Higher VM Advanced settings add:</p> <ul> <li>vhv.enable = &ldquo;true&rdquo;</li> <li>hypervisor.cpuid.v0 = &ldquo;FALSE&rdquo; (Hyper-V)</li> </ul> <p>And in vSphere Webclient enable &ldquo;Expose hardware assisted virtualization to the guest OS&rdquo; under CPU.</p>https://blog.j81.nl/posts/active-directory-recyclebin/Sun, 23 Feb 2014 08:57:10 +0000https://blog.j81.nl/posts/active-directory-recyclebin/<p><strong>Requirements:</strong></p> <ul> <li>At least one Domain Controller running Windows Server 2012 with the Active Directory Administrative Center enabled.</li> <li>All Domain Controllers (or servers running AD LDS) must be running Windows Server 2008 R2 or higher.</li> <li>The Forest must be running at Windows Server 2008 R2 functional level.</li> </ul> <p>Import the Active Directory modules in PowerShell</p>https://blog.j81.nl/posts/via-netsh-dhcp-reserveringen-toevoegen/Tue, 12 Nov 2013 02:58:41 +0000https://blog.j81.nl/posts/via-netsh-dhcp-reserveringen-toevoegen/<p><code>netsh dhcp server mySRV scope 192.168.1.0 add reservedip 192.168.1.111 XXXXXXXXXXXX host.domain.local</code></p>https://blog.j81.nl/posts/ad-defragmentatie-server-2012/Tue, 14 May 2013 10:16:42 +0000https://blog.j81.nl/posts/ad-defragmentatie-server-2012/<p>Stop de ADDS Service</p> <div class="highlight-wrapper"><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">ntdsutil </span></span><span class="line"><span class="cl">activate instance ntds </span></span><span class="line"><span class="cl">files </span></span><span class="line"><span class="cl">compact to c: </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">copy &#34;c:ntds.dit&#34; &#34;c:WindowsNTDSntds.dit&#34; </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">del c:WindowsNTDS*.log</span></span></code></pre></div></div> <p>Start de ADDS Service  </p>https://blog.j81.nl/posts/profile-permissions/Mon, 18 Mar 2013 18:40:37 +0000https://blog.j81.nl/posts/profile-permissions/<p><strong>NTFS Permissions for Roaming Profile Parent Folder</strong> User Account    : Minimum Permissions Required Creator Owner    : Full Control, Subfolders and Files Only Administrator    : Full Control (Microsoft actually recommends none but it simplifies things if you give admins full control) Security group of users needing to put data on share    : List Folder/Read Data, Create Folders/Append Data - This Folder Only Everyone    : No permissions Local System    : Full Control, This Folder, Subfolders and Files <strong>Share level (SMB) Permissions for Roaming Profile Share</strong> User Account    : Minimum Permissions Required Everyone    : No permissions Security group of users needing to put data on share    : Full Control</p>https://blog.j81.nl/posts/send-mail-through-telnet/Mon, 25 Feb 2013 12:04:13 +0000https://blog.j81.nl/posts/send-mail-through-telnet/<p>hello smtp.server.nl mail from:&lt;test@domain.nl&gt; rcpt to:&lt;to@domain.nl&gt; data subject: This is a test mail to: <a href="mailto:to@domain.nl" >to@domain.nl</a> This is the text of my test mail. . quit</p>https://blog.j81.nl/posts/exchange-2010-reconnect-archive-mailbox/Thu, 21 Feb 2013 15:43:36 +0000https://blog.j81.nl/posts/exchange-2010-reconnect-archive-mailbox/<p>Find (disconnected) mailbox: <strong>Get-MailboxServer | Get-MailboxStatistics | where { $_.DisconnectDate } | fl DisplayName, DisconnectDate</strong> Recconnect mailbox: <strong>Get-MailboxDatabase | Get-MailboxStatistics | Where-Object {$_.DisconnectDate –and $_.DisplayName –eq “Personal Archive - Tinnus Est”} | Connect-Mailbox –user T.Est –archive</strong></p>https://blog.j81.nl/posts/windows-icons-full-list-with-details-locations-images/Mon, 18 Feb 2013 09:55:06 +0000https://blog.j81.nl/posts/windows-icons-full-list-with-details-locations-images/<p>Good qual­ity icons and images, espe­cially ones with an alpha trans­par­ency can be time con­sum­ing to make, and are often also hard to find.  One source of lots of high qual­ity icons in a range of sizes is Win­dows.  <a href="http://diymediahome.org/windows-icons-reference-list-with-details-locations-images/B002DGS82G" target="_blank" title="Windows 7">Win­dows 7</a> includes lots of icons which can be use­ful as the major­ity are avail­able in sizes from 16×16 up to 256×256, and come with alpha trans­par­ency.  You may have noticed that we use some on our down­loads page — they’re handy to quickly indic­ate file type. Win­dows stores most of its icons inside exe and dll files which makes them inac­cess­ible to stand­ard image manip­u­la­tion applic­a­tions like Pho­toshop.  How­ever, once they have been loc­ated they can eas­ily be extrac­ted with the free­ware util­ity IcoFX. Track­ing some of them down seems to be the trick­ier part. Below is a quick ref­er­ence for the loc­a­tions of many of the icons avail­able on <a href="http://diymediahome.org/windows-icons-reference-list-with-details-locations-images/B002DGS82G" target="_blank" title="Windows 7">Win­dows 7</a>. I will peri­od­ic­ally add more details and any extra icon lib­rar­ies I dis­cover to this list.</p>https://blog.j81.nl/posts/how-to-image-sysprep-and-deploy-windows-7-a-complete-guide-using-sysprep-and-imagex/Tue, 04 Dec 2012 15:49:51 +0000https://blog.j81.nl/posts/how-to-image-sysprep-and-deploy-windows-7-a-complete-guide-using-sysprep-and-imagex/<h2 class="relative group">Getting Ready <div id="getting-ready" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#getting-ready" aria-label="Anchor">#</a> </span> </h2> <ul> <li>Install Windows 7 from scratch on to your test machine. <strong>DO NOT</strong> upgrade from Windows XP, this needs to be a fresh install.</li> <li>Customise Windows 7 with any software, security settings or general settings you wish. When you install from this image all the settings as well as user accounts will be installed by default.</li> <li>Install WAIK for 7/2008 on the test PC. Download from <a href="http://www.microsoft.com/downloads/details.aspx?displaylang=en&amp;FamilyID=696dd665-9f76-4177-a811-39c26d3b3b34" target="_blank" rel="noreferrer">here</a> (1.7GB).</li> </ul> <h2 class="relative group">Create WINPE Disk <div id="create-winpe-disk" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#create-winpe-disk" aria-label="Anchor">#</a> </span> </h2> <ul> <li>Right click command prompt run as admin</li> </ul> <!-- --> <ul> <li>Change to directory <strong>“C:Program FilesWindows AIKToolsPETools”</strong></li> </ul> <!-- --> <ul> <li>run command <strong>“copype x86 c:winpe”</strong></li> </ul> <!-- --> <ul> <li>run command <strong>“imagex /mountrw c:winpewinpe.wim 1 c:winpemount”</strong></li> </ul> <!-- --> <ul> <li>copy imagex.exe from <strong>“C:Program FilesWindows AIKToolsx86imagex.exe”</strong> to <strong>“c:winpemountwindowssystem32″</strong></li> </ul> <!-- --> <ul> <li>Create wimscript.ini in <strong>“c:winpemountwindowssystem32″</strong> with following inside</li> </ul> <!-- --> <pre><code>[ExclusionList] ntfs.log hiberfil.sys pagefile.sys &quot;System Volume Information&quot; RECYCLER WindowsCSC [CompressionExclusionList] *.mp3 *.zip *.cab WINDOWSinf*.pnf </code></pre> <ul> <li>Run Command <strong>“imagex.exe /unmount /commit c:winpemount”</strong></li> </ul> <!-- --> <ul> <li> Run Command <strong>“copy c:winpewinpe.wim c:winpeisosourcesboot.wim /y”</strong></li> </ul> <!-- --> <ul> <li>Run Command <strong>“oscdimg -n -h -bc:winpeetfsboot.com c:winpeiso c:winpewinpe.iso”</strong></li> </ul> <!-- --> <ul> <li> This will create an ISO in <strong>c:winpewinpe.iso</strong>.</li> </ul> <!-- --> <ul> <li><strong>Burn this and keep.</strong> Now we need to sysprep our machine. (You can remove WAIK and any files you don’t need, test your iso first!)</li> </ul> <p>Sysprep Your Machine</p>