How to prevent an RDS (Terminal Services) Server from prompting you for credentials before logging in.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\SecurityLayer value from 1 to 0 does indeed allow the user to change their expired password on Windows Server 2012 R2. I also found that, as an alternative, leaving the SecurityLayer value set to 1 but changing the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\MinEncryptionLevel value from 3 or 2 to 1 also allows the user to change their expired password.

How to mount a VMDK in Linux Mint / Ubuntu

This took way too much googleing.  This is what worked-

sudo su
losetup /dev/loop0 <vmdk file>
kpartx -av /dev/loop0
mkdir /mnt/vmdk
mount /dev/mapper/loop0p1 /mnt/vmdk

If loop0 comes back as busy, use another one like loop5.

How to configure Exchange 2013 to Rest the Out of Office to send an email every day instead of once-

Here is how you set up Exchange 2013 to send an Out of Office Response Daily instead of just once-

1) Create a folder on your Exchange server.  For Example, C:\ExchangeOOOReset.

2) Open Notepad and enter the following-
$enabled = get-mailbox -resultsize unlimited |get-mailboxautoreplyconfiguration | where {$_.autoreplystate -eq "enabled"} | select identity,autoreplystate

$enabled | foreach-object {
 set-mailboxautoreplyconfiguration $_.identity -autoreplystate "Disabled"
 set-mailboxautoreplyconfiguration $_.identity  -autoreplystate $_.autoreplystate
 }

3) Save the file as OOOReset.ps1, save it in C:\ExchangeOOOReset.  Make sure you select "All Files" so it doesn't add .txt to the files.

4) Open Task Scheduler, click Create Basic Task.

5) Name it, ExchangeOOO, click Next, Next, select the time of day it should reset, Next, Start a Program.

6) Under Program/Script-

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

7) Under Add Arguements-

-NonInteractive -WindowStyle Hidden -command ". 'C:\Program Files\Microsoft\Exchange Server\V15\bin\RemoteExchange.ps1'; Connect-ExchangeServer -auto; C:\ExchangeOOReset\oooreset.ps1"

That's it!

How to Secure ECP on a Single Exchange 2013/2016 Server

You do not want ECP accessible from the internet.  Here is an easy way to resolve this.  Note, if you do not have a wildcard cert you will get an SSL error.  Do not create an EXTERNAL dns record for this or you will re-enable ECP to the internet.

In my example-
Server Name- ExchSRV1
Default web site- Default Web Site
New ECP Site- InternalECP
Domain Name- contoso.com
New ECP URL- ecp.contoso.com

1) Go into IIS, right click on Sites, Add Website.  

Name- "InternalECP"
Physical Path- "C:\inetpub\wwwroot2"
Binding, Type- https
IP address- All Unassigned,
Port- 443 (Feel free to use another port for added security.)
Host Name- "ecp.contoso.com"

2) On your DNS servers, make a DNS A record for "ecp.contoso.com" pointing to your exchange server IP address.

3) Open the Exchange Management Console and enter the following commands-

New-EcpVirtualDirectory -Server "ExchSRV1" -WebSiteName "InternalECP" -InternalUrl "https://ecp.contoso.com/owa"

New-OWAVirtualDirectory -Server "ExchSRV1" -WebSiteName "InternalECP" -InternalUrl "https://ecp.contoso.com/owa"

4) Test that you can log into the new url and get into ECP.

5) Enter the following to disable ECP on the main site-

Set-EcpVirtualDirectory -identity "ecp (Default Web Site)" -AdminEnabled $false

"Adam's List" - Best Businesses I've deal with in Brighton, CO

Electrician

Quynmlectric, Inc.
644 N. 7th Ave. #1 Brighton, CO 80601
Phone: (303) 835-2258
http://www.quynnlectric.com/

Quynnlectric doesn't shy away from the small jobs.  I needed an electric service upgrade.  I had other companies flat out refuse to do it, or quote me exorbitant prices.  Quynnlectric gave a fair price, communicated their availability, and even called me the day before to ensure I knew they were coming and what to expect.  These guys are great!

Roofing

Paramount Enterprises

992 S. 4th Ave., Suite 100 # 116  Brighton, CO 80601

Phone: (303) 659-3735

http://paramountroofingandgutters.com/

Paramount earned my business by coming out and replacing shingles for a few hundred bucks.  No other company would take a small job like that.  They did a new roof for us, at a very fair price.  They were fast and professional.

Plumbing, Heating & Air

FixIT 24/7

12061 Pennsylvania St #105  Thornton, CO 80241

Phone: (303) 659-3400

https://www.fix-it24.com/

FixIT is a good company that publishes there rates up-front.  They replaced my furnace and did a good job.  They also snaked out a drain and gave me a coupon price that I didn't even know about.

Fireplace Service & Repair

A Brighter Glow

Phone: (303) 655-9595

http://www.abrighterglow.com/

A Brighter Glow did a wonderful job servicing our gas fireplace.

Garage Doors

Alpha Door Systems

212 Mesa St  Brighton, CO 80601

Phone: (303) 210-9893

http://www.alphadoorsystemsinc.com/

When a spring broke on my Garage Door, these guys did a great job.

Add Second NIC to Ubuntu Server

1) Type- dmesg | grep enp

2) Look for your network adapters, you'll see you're primary one (enp1s0) - look for the second one.  In my case in was enp2s0.

3) Type- sudo nano /etc/network/interfaces and add the following (using the name of your adapter you found in step 2)
For DHCP-
auto enp2s0
iface enp2s0 inet dhcp

For Static ip-
auto enp2s0
iface enp2s0 inet static
        address 192.168.0.3
        netmask 255.255.255.0
        network 192.168.0.0
        broadcast 192.168.0.255
        gateway 192.168.0.1
        dns-search example.com
        dns-nameservers 8.8.8.8 4.2.2.2

Ubuntu Server Command-line black screen instead of login, Intel Graphics Media Accelerator (GMA) 3600

I bought this cool little MITXP D2500CCE, basically a tiny little Intel Atom PC with dual nics with the intention on loading Debian on it.  All I got was a black screen after the initial boot.  I loaded Ubuntu Server (16.04) and same thing.  Since I installed SSH, I SSH'd in and dug around.

It took me a near eternity to figure out the solution.  So in the interest in saving you an eternity, here's what fixed it-

Type-
sudo nano /etc/default/grub

Change-
GRUB_CMDLINE_LINUX_DEFAULT=""
to
GRUB_CMDLINE_LINUX_DEFAULT="video=LVDS-1:d"

Hit Control X, save the file.

Type-

sudo update-grub

sudo update-grub2

sudo reboot

That's it!  :)

Troubleshooting Windows Server Account Lockouts when the Security Log Fails You

Many times, you may encounter a windows domain account that rapidly locks out.  You've enabled auditing and used tools to evaluate the security log.  And you come up with something like-

The computer attempted to validate the credentials for an account.

Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account: adam1115
Source Workstation:
Error Code: 0xC0000234


Great!  I'll head right over to the blank source workstation and check it out.  One option is to find out what domain controller is locking it out and enable verbose logging of the netlogon service.

Open up the command prompt as administrator and run the following-

nltest /dbflag:0x2080ffff

Then once the account locks out again, open the log file as administrator (I do it from the same command prompt)-

notepad c:\windows\debug\netlogon.log 

You will see each logon attempt and which machine is generating them.  To turn off the debuging, type the following-

nltest /dbflag:0x0

In Exchange, you can check the IIS logs and device statistics-

Get-ActiveSyncDeviceStatistics -Mailbox <Mailbox Name> | ft DeviceType, DeviceUserAgent, LastSuccessSync