by lunarg on March 18th 2021, at 16:22

If you are annoyed by the Notification Manager for Adobe Creative Cloud and/or are using VDI and want to get rid of it, use this PS one-liner:

Get-AppxPackage -AllUsers *AdobeNotificationClient* | Remove-AppxPackage -AllUsers
by lunarg on March 18th 2021, at 12:36

With PowerCLI it is very easy to get a list of provisioned storage for a list of VMs:

Get-VM | Select-Object Name,@{n="ProvisionedGB"; e={(Get-HardDisk -VM $_ | Measure-Object -Sum CapacityGB).Sum}}

You can combine this with other cmdlets to limit the search to a specific folder, datastore, etc...

To get a complete sum of all the VMs, add | Measure-Object -Sum ProvisionedGB at the end.

by lunarg on March 15th 2021, at 16:46
The most easy way to debug the sending of the FortiToken activation e-mails from a FortiGate firewall is by using the CLI debugging tools. The sending of activation e-mails is part of the alerts e-mail system so we need to enable debugging on that system.

To enable debugging from the CLI:

diag debug resetdiag debug enablediag debug console timestamp enablediag debug application alertmail -1

Sending the activation e-mail will output the e-mail contents and the SMTP session. Particularly useful are the SMTP return codes after each SMTP command. See this page on Wikipedia to see a list of return codes.

The debug session will remain active for 30 minutes after which it will stop automaticall  ...
by lunarg on March 15th 2021, at 09:28

When configuring a provisioning link (e.g. for 3CX) in DHCP server on a Draytek firewall, and are using certain phones (particular Snom), you may run into the issue where the firewall is complaining about illegal characters when attempting to add the link through the web interface.

The solution is to configure the option through the CLI. Log in using either telnet or SSH (whichever is enabled), and type:

srv dhcp option -e 1 -i 1 -c 66 -v{mac}

Take particular care to the -i option, which defines the LAN subnet to be used: in this case, 1 references LAN 1 on the Draytek.

by lunarg on February 19th 2021, at 09:54

You can enforce a password change for Office 365 (Azure AD) users without having to reset the password through Powershell.

For a single user:

Set-MsolUserPassword -UserPrincipalName -ForceChangePasswordOnly $true -ForceChangePassword $true

To force all users to change their password:

Get-MsolUser -All | Set-MsolUserPassword -ForceChangePasswordOnly $true -ForceChangePassword $true

You can also use filters ? {} to limit the password change enforcement to specific groups of users.

Note that it is recommended to also use Revoke-AzureADUserAllRefreshToken to end all current open sessions, and immediately enforcing the user(s) to log in again and change their passwords.

by lunarg on February 18th 2021, at 17:35
Offline installation of PowerCLI module is possible by following these easy steps:Uninstall all older PowerCLI software (6.5R1 or earlier).

Download the PowerCLI offline bundle (ZIP-file) from the PowerCLI home page.

Transfer the ZIP to the machine on which PowerCLI is to be installed.

Open Powershell on the target machine.

To determine the modules folder paths, run this:$env:PSModulePath

The modules will have to be extracted in one of the folders from the output of the above command. Both user-based and machine-based installation is possible (e.g. C:\Windows\System32\WindowsPowerShell\v1.0\Modules).

Extract the contents of the ZIP file directly into the folder.

For Windows, run this   ...
by lunarg on January 25th 2021, at 09:34
When using credentials in Powershell, you usually use Get-Credential, which essentially creates PSCredential objects. Creating such an object prompts the user to enter a username and password, which is not really usable in unattended scripts. There's a method where you can specify an unencrypted password but this is not secure. Fortunately, there's also a method where you can store the encrypted password in a file and use it to set the password.

Note that the password is stored in the file using a computer-based encryption key. This means that the file would only work on the computer it was generated on. Trying to use it elsewhere would invalidate the password file.

To create a passwo  ...
by lunarg on December 9th 2020, at 11:02
I had an issue where a forwarder service would not work even though all settings were correctly configured (firewall/LM/real server). When troubleshooting using on the LM itself (using tcpdump), I noticed that forwarded requests (from the LB to the real server) were been sent out using the right interface but with the wrong source IP, causing return traffic not to work. As it was a migration from an older Kemp LM, I established the configuration was indeed correct but there was another reason why it was not working.

After some more troubleshooting and comparing against the backup from the original LM (backup files are in fact TGZ-archives and can be unpacked), and found these settings to be  ...
« April 2021»
« I needed a password with eight characters so I picked Snow White and the Seven Dwarves. »