We use cookies on this page to better serve you. You can find more information about cookies here.

Latest posts

Microsoft 365 Enable DKIM
by

DKIM (DomainKeys Identified Mail) is a way to help validate the authenticity of the emails you send.

DKIM adds a signature to your email by using a private key and a public key. Your public key is your DKIM DNS record and only your email server knows your private key. When you have DKIM setup every email you send gets signed with DKIM.

A DKIM signature is built from the hashed values of some of the email headers, one of which is the hash of the email body itself. With the hashed value of the email headers, DKIM encrypts it by using a private key and a public key and adds the encrypted result to the email as a DKIM header signature. This is similar to how PGP works. If you want to know more about PGP you can read more in my post about PGP.

When the recipient receives an email that was signed with DKIM, the recipient’s email server can validate that the email hasn’t been tampered with by decrypting the DKIM header signature using the sender’s public key. If the message was altered the DKIM header signature wouldn’t exist or the decrypted result wouldn’t match.

In this post, I will detail step-by-step how to enable DKIM on a Microsoft 365 tenant by using the GUI and PowerShell.

GUI Way

  • Login to Microsoft 365 admin center
  • Click on Security
  • Click on Policies & rules
  • Click on Threat policies
Read more
IT
CustomizeEncryptionExchange OnlineHardeningHow ToMicrosoftMicrosoft 365Office 365PowerShellsecurity

VMware Horizon Enable Copy Paste
by

I’m a big fan of using copy paste as it helps me reduce typos and allows me to paste links or other information quickly between systems. Previously I wrote a post that covers how to enable copy paste with VMRC (VMware Remote Console) however that’s not super useful for the users that are using Omnissa Horizon (formerly VMware Horizon). If you want to know how to enable copy paste with VMRC you can read my post about it called VMware Copy Paste Enabler.

The default configuration of VMware Horizon is that copy paste only works in one direction. You can paste items into VMware Horizon but you can’t copy items out, from an end-user perspective they may report that as broken. Thankfully there’s an easy way to enable full copy paste in both directions in Omnissa Horizon.

In this post, I will detail step-by-step how to enable copy paste in both directions in VMware Horizon.

Perquisites

  • Have the Horizon GPO templates deployed to your Central Store.

Here’s how to deploy the VMware Horizon GPO Templates.

The Process

  • Create a new GPO.
  • Go to Computer Configuration > Policies > Administrative Templates > VMware View Agent Configuration > Clipboard Redirection
Read more
IT
Active DirectoryEUCGPOHow ToOmnissaOmnissa HorizonVMwareVMware Horizon

PGP
by

PGP (Pretty Good Privacy) has been around for a long time. PGP is a system that allows you to encrypt a message using a key pair. A key pair consists of a public key and a private key. The public and private key pair are created at the same time and are permanently linked; one can not work without the other.

The basics of PGP are that the private key has a passphrase on it that only the creator knows. When you encrypt a message with PGP you encrypt it with your private key and a public key you specify, be that your public key or someone else’s public key. This makes it so the PGP encrypted message can only be decrypted using the public key you specified.

Here is a step-by-step example of using PGP.

Setup

For this example I will use an online PGP Tool.

First we need to generate our key pair to get our public and private key.

  • Fill in the options and click Generate keys
PGP key pair options
  • Download the public and private key.
My example public and private keys

Below is my full PGP public key for this example.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: Keybase OpenPGP v2.0.76
Comment: https://keybase.io/crypto

xo0EZSHBoAEEAOgwPyzB0SK3qTcMm4qAdPy5v3uB+pEydKIypNMW+aDPc4ybYAYy
lPgKXmLqAEFE7QkE6zkvOJwUAoqZLOHinAD41f66pxZfEGCcdfPF5X7PPJHyr5/y
znNZLs28O54yZ2lLbsecTR+znyADMK3oebSDnuiJURlqC8L0Y8xekwm9ABEBAAHN
GW15IG5hbWUgPGVtYWlsQGdtYWlsLmNvbT7CugQTAQoAJAUCZSHBoAIbLwMLCQcD
FQoIAh4BAheAAxYCAQIZAQUJAAAAAAAKCRAZDnvqP9lqifE8A/4ytKWOSQJLSVzY
p2K0gtSLmFOfgD+kaMQ+CdtUEBbU/V6UoMu8w1/eRS9XMX4eDTY5n+paT0r6+Vis
ej9tFhTR1O0iZ+6Bose/MBIiSElZrw38rqmlh3tJd7iL1J3/THTM58+hjj2Ld4QZ
oomr1U4ORvLRF8vUNpTlxrOKRcyiz86NBGUhwaABBADiTMFd/AcihKHreVmHpxxW
buZHdtyj7sk6j7eEWAv40LnnhtZWASiW0BR07DRQzFMQmOrHaSqwdI5Ey/B/XBIl
el5+fIp/9/wEuAL7i3/fc8ugGJoEMuW4NLSNLjzHHasd8b9QT4mxD/F96JLx1ewF
masTU56csW2UqJnrUA5LTwARAQABwsCDBBgBCgAPBQJlIcGgBQkAAAAAAhsuAKgJ
EBkOe+o/2WqJnSAEGQEKAAYFAmUhwaAACgkQ0I8cDT2aUH6QjgQAikUt4cpoaGMO
ZmuqKytMDNk8WNbcCNjuMvJFEWa5UrSlhPv//7TP/8d7fxVeQzMn1I/Z4xmbtoz9
Yg6B0opMD0BV/FO1HOkYZ+9s1CqCQTy5frKrFppf1EC176FunBXAZtenUzBpCDxb
80SVarDHo6JFF9pkuf1b6Yixp7VGzaU2DAQAvfofR3/dZ15B0eLp1kVfq49b/9uj
g/yJjG8/86xUMTh6IoHEWuWOedVo3PHiAObYTNkv8IDWxLKBJDZcDE8STpF1kWO7
lVBP2JM2VSyUPqbH/A78Its00DiEeDH1n9PyTta2SJHrRPpneTUzuCQns6KarEfn
8bxBYJMxYAyf1SXOjQRlIcGgAQQAv1rfDxtbuhBzRtzrIYC8w9O5SH34HNDiZi9d
Zdhryku358l8sQhnSnQgeHO4v0s3yk1mdCFLNBZmeBgZ0UgDH0Kw+P1S96Qj6RKs
H26e0PkUgSTtfx2KpNx/QuYLRYJJtsULyTWmT8jUvapjcNggb8rhrAtmXDwrBD0g
EK1ZkoEAEQEAAcLAgwQYAQoADwUCZSHBoAUJAAAAAAIbLgCoCRAZDnvqP9lqiZ0g
BBkBCgAGBQJlIcGgAAoJEE4F+cdvR1VK9mED/0AvioatNTUcTQyuZ6d5+/ZRRiQL
3Oxtxbn9TmHmSO8F7h7qujsTNLz17D7bPUl4V7+spWpP30sjSYu7EzFJdv0VnEUZ
c7NcGlMM3krDbgK0QnV6iX65iQ1mWFlnatXl0OVzaTYHhZZ5EAimz2HbHSeW7PTW
I/X/WfruK6LfrObQBpgD/1l20D/5yPmp7hc/CxHYQewhhg6XsO+NoE2clpyRmPg+
dqFqwMQ31gLF0z5Ob9OOnzH+dB9W7r/T5whG/VKuJMctF7URCvWJn0DA/aRs0px5
5v0gvzo6TJekLPqfajK2TRqk8ZQdZ5iM+GIYLjnstooYVJ40Hl5B9N7m6ZPBvpiv
=vnvb
-----END PGP PUBLIC KEY BLOCK-----
Code language: plaintext (plaintext)

Encrypting

Now lets encrypt a message.

Read more
IT
EncryptionHow ToPGPsecurity

Log PuTTY Output
by

I use PuTTY a lot and sometimes I want to log my changes as I make them or I want a quick and dirty way to get a config file off a device. In this post, I will show step-by-step how to log the PuTTY output to a log file.

  • Open PuTTY
  • Click on Session > Logging
Selecting Logging
  • Select Printable output
Selecting Printable output
  • Select the location where you want the log file to be saved. I’m going to save mine in C:\temp
Set the save location for the log file
Read more
IT
How ToLogsPuTTY

Intune Deploy Default Taskbar
by

Update

The process detailed below works perfectly on Windows 11 however, on Windows 10 the process below will lock the Start Menu layout preventing users from being able to pin anything to the Windows 10 Start Menu or change anything in the Start Menu. The process to fix this is to also deploy a default Windows 10 Start Menu the process for the fix is detailed in my post Intune Deploy Windows 10 Default Start Menu.

Deploying the same taskbar to all users is a very nice quality of life improvement, as it can help eliminate the problems of users using Windows Mail instead of the already installed Microsoft Outlook.

I opted to deploy a standard default taskbar using Microsoft Intune as Microsoft Office is a required application on all Intune systems in my setup so I didn’t need to worry about a system trying to pin Microsoft Outlook when it wasn’t installed.

In this post, I’ll show you step-by-step how to create the taskbar XML file and how to deploy it to Windows 10 and Windows 11 using Microsoft Intune.

Create the XML

<?xml version="1.0" encoding="utf-8"?>
<LayoutModificationTemplate
    xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification"
    xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout"
    xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout"
    xmlns:taskbar="http://schemas.microsoft.com/Start/2014/TaskbarLayout"
    Version="1">
  <CustomTaskbarLayoutCollection>
    <defaultlayout:TaskbarLayout>
      <taskbar:TaskbarPinList>
        <taskbar:UWA AppUserModelID="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" />
        <taskbar:DesktopApp DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk" />
      </taskbar:TaskbarPinList>
    </defaultlayout:TaskbarLayout>
 </CustomTaskbarLayoutCollection>
</LayoutModificationTemplate>
Code language: HTML, XML (xml)

We will need to make some changes as it isn’t perfect. We will start by telling Windows to unpin all the default pinned apps.

  • To remove all the default pinned apps we need to change <CustomTaskbarLayoutCollection> to be   <CustomTaskbarLayoutCollection PinListPlacement="Replace">

Even though we configure the taskbar XML to replace the default pinned apps this has no impact on the apps the user has pinned, it may move the items to the start of the taskbar if they have them pinned further down but that’s it.

Now we can start adding the pinned apps we want. I like to have Edge, File Explorer, and Outlook pinned.

Read more
IT
CustomizeEUCHow ToIntuneMicrosoftMicrosoft Endpoint ManagerTaskbarWindows

Microsoft 365 Exchange Online 150 MB Message Size
by

Back in 2015, Microsoft enabled all Microsoft 365 (aka Office 365) Exchange Online tenants the ability to change their message sizes to a maximum size of 150 MB. Originally the default size was 25 MB and previously Microsoft increased that to 35 MB, your tenant will likely be set to one of those values.

The new 150 MB message size limit is not enabled by default you must enable it. In this post, I will detail step-by-step how to change the message size limit in Exchange Online for all existing mailboxes and all new mailboxes.

Prerequisites

The Process

  • Connect to Exchange Online with PowerShell
  • Run the following PowerShell command to see what the current message size limit is Get-Mailbox -Resultsize Unlimited | Format-List displayname,MaxSendSize,MaxReceiveSize
Checking the current message size limit
  • Run the following PowerShell command to set all existing mailboxes to 150 MB Get-Mailbox -Resultsize Unlimited | Set-Mailbox -MaxReceiveSize 150MB -MaxSendSize 150MB
Increasing the message size limit
Read more
IT
CustomizeExchange OnlineHow ToMicrosoftMicrosoft 365Office 365PowerShell

Aruba Access Point Firmware Upgrade
by

I’m a fan of doing as much as possible with CLI. It always feels more complete and can sometimes be automated. In this post, I will detail step-by-step how to upgrade the firmware image on an Aruba AP (Access Point) with CLI.

ArubaOS is also called Aruba Instant and has nothing to do with Aruba Instant On as that is another product line that is cloud-managed but not cloud-managed with Aruba Central. I’ll be using the term ArubaOS (AOS) in this post to try and keep things as clear as possible.

If you upgrade to AOS 10 you will need to manage the APs with Aruba Central. AOS 8 is the last and still currently developed version that does not require Aruba Central. You can confirm that AOS 8 is still being developed and maintained by checking the Aruba End of Life page for AOS 8.

The Process

  • Review the release notes for the version of AOS you want to upgrade to. Specifically the section Supported Hardware Platforms as that will help you determine your upgrade path.
  • SSH into the Virtual Controller

If you have more than on AP in your VC (Virtual Controller) you need to define one of them as the preferred conductor. When a preferred conductor is set that will always be the AP running the VC.

  • Run the command show ap-env to see if you have preferred conductor.

If the output doesn’t show iap_conductor:1 then you currently don’t have a preferred conductor. (If your firmware is really old it might show up as iap_master:1 as that was the old name for it.)

VC with no preferred conductor
  • Run the command iap-conductor to set the AP that is currently running the VC to be the preferred conductor. (If your firmware is really old the command won’t be recognized and you’ll need to run the command iap-master instead.)
Running the iap-conductor command
Read more
IT
ArubaFirmwareHow ToHPENetworkingUpdateUpgradeWiFi

VMware Horizon GPO Templates
by

In this post, I will detail step-by-step how to install the Omnissa Horizon (formerly VMware Horizon) GPO templates.

Technically speaking you can fully use Horizon without any of the GPO templates however there are a lot of useful settings in them that you can configure.

Before installing the Horizon GPO templates I recommend you create a Central Store. Here’s how to Create Active Directory Central Store.

I recommend making a note that you’ve added an extra GPO template to the Central Store.

The Process

  • Download the Horizon GPO Bundle from Omnissa.
Horizon GPO Bundle Download
  • Extract the contents of the VMware Horizon Extra Bundle zip file.
Extracting Horizon GPO Bundle
Read more
IT
Active DirectoryEUCGPOHow ToOmnissaOmnissa HorizonVMwareVMware Horizon

Base64
by

Base64 is a form of binary-to-text encoding that is very widely used, you can encode almost anything into Base64. Learning how to leverage Base64 has been a major eye-opener for me.

I’ve seen Base64 used in countless places such as SSL certificates. Ransomware loves to use it, as a lot of basic Antivirus don’t check to see what’s happening in a Base64 string and ignores it. You can encode an entire PowerShell command with Base64 and just run PowerShell with the -EncodedCommand option to run something that a basic Antivirus might not notice.

Base64 is also widely used in phishing emails, be it the URL or even the username or the entire phishing page being an HTML attachment in an email and everything is in Base64.

Even though there are malicious things that can be done when using Base64 to obfuscate or even double obfuscate things, there are genuine day-to-day use cases.

Let’s say you need to install a program but you need to use a transform file. The vendor might host the installer publicly but what do you do about the transform file? You could host it somewhere but maybe the transform file has specific information that shouldn’t be public like the SKEY and IKEY for a Duo install.

A solution could be to take the transform file and encode it with Base64 and put that in an install script. Now everything is self-contained. Yes if someone gets ahold of the install script they also have the transform file info. However, I feel like the risk for that is less than publicly publishing the transform file be it an obscure URL or not.

Read more
ITScripts
Base64EncodingPowerShellScript

ONIE and Onyx (MLNX-OS) Install
by

Switches that support ONIE (Open Network Install Environment) are amazing switches because you can just change which NOS (Network Operating System) you are running relatively easily.

ONIE was created by Cumulus Networks in 2012. In 2020 Nvidia bought Cumulus just after purchasing Mellanox the year before.

I will detail step-by-step how to install ONIE and how to install the Onyx (MLNX-OS) NOS on the SN2410 switch. The process for other NOS and other switches should be similar.

Prerequisites

  • Compiled ONIE recovery image for your switch.

I need the one for Mellanox/Nvidia that file will have a name similar to this onie-recovery-x86_64-mlnx_x86-r0.iso

  • The NOS install file.

I’ll be installing Onyx, the Onyx install file will have a name similar to this one X86_64-3.9.3202-installer.bin if you google around you should be able to find it.

  • Console connection to the switch
  • USB drive
  • Network cable plugged into mgmt0 on a network with DHCP.
  • BIOS password if one is applied. Here’s how to reset the BIOS password for Onyx (MLNX-OS) switches. If the SSD in the switch has nothing on it then you can get by without the BIOS password.

Installing ONIE

  • Download the most recent version of Rufus.
  • Write the ONIE recovery image to the USB drive.

The default settings should be fine. This is what I used.

Rufus Settings
Read more
IT
CumulusHow ToInstallMellanoxMLNX-OSNetwork OSNetworkingNvidiaONIEOnyxSwitch
theDXT on GitHub
theDXT on X (Twitter)
theDXT on YouTube