Archive for the ‘Documentation’ Category

Exchange View the Mailboxes a User has Permission to Access

Exchange via EMC:

This will search all of the mailboxes to determine which a user has FullAccess permissions:

[PS] > Get-Mailbox | Get-MailboxPermission | Where { ($_.AccessRights -eq “FullAccess”) -and ($_.User -like “DOMAIN\USER”)} | FormatList

RunspaceId : 12345678-1234-5678-9012-123456789012
AccessRights : {FullAccess}
Deny : False
InheritanceType : All
Identity : DOMAIN.LOCAL/Users/Firstname Lastname
IsInherited : False
IsValid : True

It can take a while, but it will give you the results.

Mounting Shares via Windows Alternate Names In Linux

On the server you want to mount a share, use the following list all names for the server:



C:\>netdom computername dc01 /enum
All of the names for the computer are:

The command completed successfully.

To add a new name:

NETDOM COMPUTERNAME servername /ADD othername.domain.tld

And then to get the name registered into your DNS:


Now, when you list the names, you will see the new one:

C:\>netdom computername dc01 /enum
All of the names for the computer are:

The command completed successfully.

To delete a name:

NETDOM COMPUTERNAME servername /REMOVE othername.domain.tld

When using Samba in linux to mount via an alternate server name, you need to make sure you specify the SMB version as a option.

For example:


//othername.domain.tld/sharename /MountPoint cifs vers=3.0,iocharset=utf8,file_mode=0777,dir_mode=0777 0 0

Windows 2016 Create a Service

To run a program as a service, bring up an Administrator command prompt and:

C:\> SC CREATE “JGZs Service” binPath=”C:\MyPrograms\JGZsService.exe”

Then you can start the service via the SC command:

C:\> SC START “JGZs Service”

Or from the Services Control Panel applet.

Windows Server 2016 Proxy Settings For Local Computer

To set the proxy for all users that logon to Windows Server 2016 or Windows 10, you can configure your settings in Internet Explorer or through Internet Options from a Administrator level account on the machine.

Then, bring an Administrator command prompt and enter the following:

C:\>netsh winhttp import proxy source=ie

Turn off Server Manager startup at logon.

In Windows 2016, Server Manager starts up at logon. It does this in Windows 2012 R2, but I have not confirmed whether the solution is the same to prevent this behavior. To stop this, you do from the Task Scheduler.

You bring up Task Scheduler under Administrative Tools.

Expand Task Scheduler Library/Microsoft/Windows, and go down to ServerManager.

Under Server Manager, you will see two tasks: CleanupOldPerfLogs and ServerManager.

Right mouse click ServerManager and select Disable. This will turn this behavior off for all users that login to the server.

I have verified that can be modified the same way in Server 2012 R2 as well.

Using puttygen to generate OpenSSH public key

I was given the private key for an SFTP server on a remote network. The key was generate using puttygen.exe or similar program on a Windows system. I needed to using public key authentication to access the server. This is what I did to generate a public key to authenticate.

On a Windows system, I ran puttygen.exe and imported the private key. You can either do this as a parameter to the puttygen.exe program or import the key once you have started puttygen.exe:

puttygen somebodys.ppk

Once the key is imported, you can change the key comment from imported-openssh-key to something more meaningful. And enter and confirm your choice of passphrase.

Then save the public key by clicking the button.

Copy the newly generated public key to the openssh sftp client machine.

Put the file in file in the ~/.ssh directory and secure it (chmod 400 ~.ssh/

Then you just have to pass it to your sftp command.

$ sftp -i ~/.ssh/

Write protect a USB drive in Windows

You can write protect a USB (or any drive for that matter) using DISKPART.

With the drive plugged in open up a command prompt and enter DISKPART.

Then list the disks in your system to determine which one is the USB drive using LIST DISKS

Once identified, enter SELECT DISK #, where # is the number corresponding to your USB disk.

To list disk attributes enter ATTRIBUTES DISK.

To set disk to read only enter ATTRIBUTES DISK SET READONLY.

To remove read only restriction enter ATTRIBUTES DISK CLEAR READONLY.

CentOS 7 – smarthost authentication

Using the default MTA (Postfix), the following needs to be configured. I have tested authenticating to an Exchange 2010 server.

I am not really sure about the minimum software needed in CentOS 7 for this, but I did install the following in a minimum installation (postfix installed by default):


Create a credential file:

# cd /etc/postfix
# vi cr_info
[my.server.domain] theusername:andtheirpassword
# chmod 600 cr_info
# postmap hash:/etc/postfix/cr_info

Configure postfix for smarthost authentication:

# vi /etc/postfix/

# JGZ 4/27/2018
relayhost = [my.server.domain]
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/cr_info
smtp_sasl_security_options = noanonymous

Restart postfix:

# postfix reload

Import a Trusted Root Certificate Authority in Windows 2012 R2 GPO

Export the certificate when you go to the site. I did this in Chrome through the “Developers Tools”. The result was a pem file.

I brought up the group policy management console and edited the GPO where I wanted the certificate. Then, I imported it.

Import the certificate to:
Computer Configuration/Policies/Windows Settings/Security Settings/Public Key Policies/Trusted Root Certification Authorities

CentOS 7 – Certificate For Apache Notes.

Generate a key and CSR:

# openssl req -new -key ca.key -out ca.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:California
Locality Name (eg, city) [Default City]:Valencia
Organization Name (eg, company) [Default Company Ltd]:GreatTechHelp
Organizational Unit Name (eg, section) []:Information Systems
Common Name (eg, your name or your server’s hostname) []:myhostname
Email Address []:some@email.address

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Files created:

# ls
ca.csr ca.key

Sign the key:

# openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
Signature ok
subject=/C=US/ST=California/L=Valencia/O=GreatTechHelp/OU=Information Systems/CN=myhostname/emailAddress=some@email.address
Getting Private key

Copy the certificate, key and csr files and set the permisions:

# cp ca.crt /etc/pki/tls/certs/
# cp ca.key /etc/pki/tls/private/ca.key
# cp ca.csr /etc/pki/tls/private/ca.csr
# chmod 600 /etc/pki/tls/certs/
# chmod 600 /etc/pki/tls/private/ca.key
# chmod 600 /etc/pki/tls/private/ca.csr

Edit the apache configuration for the VirtualHost or site (Virtual host in this example.):

# cd /etc/httpd/conf.d/
# ls
autoindex.conf myhostname.conf php.conf README ssl.conf userdir.conf welcome.conf
# vi myhostname.conf

ServerName server.domain.tld
ServerAlias someothername
DocumentRoot /var/www/html

NameVirtualHost *:443

ServerAlias myhostname
DocumentRoot /var/www/html/myhostname
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key

AllowOverride All

DocumentRoot /var/www/html/myhostname
ServerAlias myhostname

Restart apache:

# systemctl restart httpd

To renew the cert:

# cp -p /etc/pki/tls/certs/ca.crt /etc/pki/tls/certs/ca.crt.bak
# cp -p /etc/pki/tls/private/ca.key /etc/pki/tls/private/ca.key.bak
# openssl req -new -days 365 -x509 -nodes -newkey rsa:2048 -out /etc/pki/tls/certs/ca.crt -keyout /etc/pki/tls/private/ca.key
# systemctl restart httpd

Return top