Thursday, September 29, 2016

Windows 10 Anniversary Update download location

Since it seems to take me 30 seconds to wade through various pages to find the Windows 10 anniversary update, I'm documenting the best link here:

http://go.microsoft.com/fwlink/?LinkID=823759

Wednesday, September 28, 2016

SSL certificate errors on Outlook for Mac caused by Outlook bug

Outlook 2016 for Mac has a bug in it that causes Outlook to show a security error when connecting to an Exchange server even when the Exchange server and all parts are properly configured.  This post will talk about what the error looks like and how to make the error disappear.

When opening or configuring Outlook for Mac that connects to an Exchange account, users will get an error like this:











You can hit "continue" to get through the error, but to remove the error forever more . . .

Hit "Show Certificate"
Check the box for "Always trust"
Hit Continue
Enter your password at the prompt that comes up.



Friday, September 23, 2016

Moving Quick Parts from one computer to another

I have one client who loves Quick Parts (preformatted sections of text you can insert into the body of an email in Outlook).  I'm documenting how to move those Quick Parts from one computer/profile to another.

The Quick Parts are stored in Normalemail.dotm

You can simply move that single file from profile to profile or computer to computer from the standard location overwriting the default normalemail.dotm).  The default location is:
 
c:\users\%username%\appdata\roaming\microsoft\templates


Sunday, September 18, 2016

Removing email proxy addresses from AD (helpful if you sync your AD to Office365)

Right now, this is a partial post while I get the PowerShell scripting components together. I needed to remove all the proxy addresses for a certain domain in advance of removing that certain domain from our Office365 account. Because we sync our local AD with Office365, I need to remove the proxy addresses from the local AD.  I could do this manually, of course - which is long and inefficient.  The crucial command I used is this one:

Set-ADUser username -Remove @{ProxyAddresses="smtp:username@domain.com"}

I ran this from "Active Directory Powershell for Windows PowerShell"



Because I'm not good enough with PowerShell yet, here's what I did.  I tried to remove the domain from the account in Office365.  Office365 returned all the mailboxes that had the domain as aliases.  I copied and pasted the list of mailboxes to Excel.  I extracted the mailbox user names from the list and made a single column in Excel of those mailbox names (in my case - our domain uses a username of joe.smith as the username for Joe Smith) so the single column included Joe.Smith.  Then I did a mail merge with that list to create a get that PowerShell command listed above to be individualized with each username.  And then I copied and pasted those commands into PowerShell.  Not ideal.  Ideally, you'd have a foreach command that would run though all AD users, but this is a story about what I did at this moment.  I'll update this post.


Friday, September 16, 2016

update rollups for Windows 7 or other OSes (convenience updates)

If (for some reason) Windows update isn't working, which oddly I've seen a couple times in the last week when I needed to update Windows 7 in advance of a Windows 10 update (the checking for updates progress bar just cycles and cycles for hours) . . .

You can install update via a "convenience" update.

As an example, here's a convenience update for convenience update for Windows 7 and Windows 2008:

https://support.microsoft.com/en-us/kb/3125574

Before installing the update, install the April 2015 servicing stack update from here:
https://support.microsoft.com/en-us/kb/3020369

Also - you may need to stop the "Windows Update" service so that the convenience update does not try to check for existing updates since the Windows Update service has already shown instability.

Sunday, September 4, 2016

Group policy changes to enable ping response and remote desktop (and remote desktop firewall exception)

I recommend these changes on Windows domains to enable ping/ICMP responses from domain connected computers and remote desktop enabling (with network level authentication) and a remote desktop exception on the firewall.  Not all of these items are default on Windows 10 and/or Group Policy.  I think these are best practices so here is how you can add them to Group Policy.

Open Group Policy Management on a domain controller.  Right click on default domain policy and choose edit.



















Enable ping responses via Computer Configuration -> Policies -> Administrative Templates Policy -> Network -> Network Connections -> Windows Firewall -> Domain Profile and enable Windows Firewall: Allow ICMP exceptions
















Choose the option for "allow inbound echo request."


























To enable a remote desktop firewall exception, in the same location, change "Windows Firewall: Allow inbound Remote Desktop exceptions"











To enable network level authentication, go to:
Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections

Enable "Allow users to connect remotely by using Remote Desktop Services"











To make all remote desktop connections use network level authentication, go to:
Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Security

Enable "Require user authentication for remote connections by using network level authentication"