Downloading the Latest Malwarebytes Definitions File for Offline Use with PowerShell

Looking through my blog stats I saw that one of my old articles was still getting a lot of views – the one about downloading an offline copy of the Malwarebytes definitions file.

I decided to write a quick version 2 of the script so that it can now run natively in PowerShell without any third party tools (wget) – it’s also easier to understand and slightly more elegant only requiring four lines to do the job.

Continue reading Downloading the Latest Malwarebytes Definitions File for Offline Use with PowerShell

Remove Old ActiveSync Devices on Exchange Using PowerShell

This will be a quick how-to guide on removing old/stale ActiveSync devices from Microsoft Exchange.

Note 1: I have only run this on an on-premises Exchange 2007 server so I am not sure if it will work in 2010, 2013 or Office 365 but hopefully the script will come in handy anyway

Note 2: This is my first ever PowerShell script so I am sure there are better ways of doing this but it does the job!

Okay so if you want to run a report on old devices (I have defined old as no successful sync in the past 30 days but you can change this to whatever you want) before you go ahead and remove them, run the following command:

Get-Mailbox | ForEach {Get-ActiveSyncDeviceStatistics -Mailbox:$_.Identity} | where {$_.LastSuccessSync -lt ((Get-Date).AddDays(-30))}

To actually remove these devices (this command removes the relationship between the device and Exchange – it will NOT wipe the device) run this command:

# Assign the full identity string for each of the old devices to the $staleDevices variable - this identity string is required for the Remove-ActiveSyncDevice cmdlet
$staleDevices = Get-Mailbox | ForEach {Get-ActiveSyncDeviceStatistics -Mailbox:$_.Identity} | where {$_.LastSuccessSync -lt ((Get-Date).AddDays(-30))} | select -expand Identity
# Loop through the identities and pass them in to Remove-ActiveSyncDevice. The -confirm at the end forces the command to go through. Remove it if you want to manually confirm each removal
foreach ($device in $staleDevices) {Remove-ActiveSyncDevice -Identity $device -confirm:$false}

Setting Office 365 User Passwords to Never Expire

The default policy for Office 365 user accounts is to automatically expire their passwords after 90 days.

Some of our users experienced this today and the most annoying thing about it was that they were not warned beforehand about it. They were simply locked out their account until they changed it there and then; unlike the Windows OS counterpart which gives you a comfortable 15 day warning before forcing you to change your password.

Anyway, this article will tell you how to set the password expiry from 90 days to never.
Office 365 already enforces a strong password policy BUT I do not recommend you change this setting if your users often use public terminals or are prone to writing their passwords on sticky notes and keeping them under their keyboards :)

Continue reading Setting Office 365 User Passwords to Never Expire

Archiving a User’s Mailbox on Office 365

So an employee has left the company and you now need to archive the mailbox due to legal and/or company policies.
This article will give you a quick overview on how you can achieve this goal on an Office 365 mailbox while maintaining the integrity and security of your organisation’s 365 account.
Although not necessary, I recommend (as a pre-requisite) disabling account ‘sign-in’ capabilities and resetting the user account password.
This will prevent the user from logging in to the account and messing around with it whilst you are attempting to archive their mailbox.

Continue reading Archiving a User’s Mailbox on Office 365

Disable Remote PowerShell for Office365 Users

For one reason or another, you may want to disable remote PowerShell access for all the users in your organisation.
The main reason for doing so would be to prevent ‘reconnaissance’ type attacks whereby a user will try to gain information about your network/organisation/topology/system etc by simply running (in this case) PowerShell queries against your organisation.

Continue reading Disable Remote PowerShell for Office365 Users

Add E-mail Aliases to Your Office 365 Distribution Groups

If you’ve set up distribution groups on Office 365, you will notice a section in the DG ‘details’ page titled ‘E-Mail Options’… under this title is the following text:
“The group can receive messages sent to the following addresses.”

From this, you can safely assume that it is possible to add e-mail aliases to the group so that the group can receive e-mails sent to several different e-mails.
Sadly, there is no easy way of actually doing this via the UI so it must be done via a PowerShell command…

Continue reading Add E-mail Aliases to Your Office 365 Distribution Groups

Grant and Revoke Access to Mailboxes – Office 365

There may be times where you may need to grant an IT administrator or other employees access to another user’s mailbox.
Below I will demonstrate how to:

  • Grant an Admin access to a single mailbox
  • Grant an Admin access to all mailboxes
  • Revoke the above permissions (recommended cause of action after the Administrator has finished his/her tasks)

Continue reading Grant and Revoke Access to Mailboxes – Office 365