Loading ...

Month: December 2022

RMM Automation: Credential Manager Empty After Reboot

As our business continues to focus on providing white labeled Tier 3 IT support services, RMM as a service, and co-managed IT services this blog will be highlighting tips for using Powershell to fix Credential Manager empty after reboot. There has been several users at a bunch of clients recently that have lost access to a network share due to saved passwords and we found Credential Manager empty after reboot. It was easy enough to re-add their password to Credential Manager, but it was not sticking around. This sounds like a job for automation, so we created a script to clear the errant Credential Manger files and create a new entry for the user to connect to file shares.

Variables

$user = username to add to Credential Manager of network share connection

$pass = password to add to same

Script Snippet

### Remove file folder associated with Credential Manager
Remove-Item -Path %localappdata%\Microsoft\Vault -Recurse

### Install Credential Manager Powershell Module
Import-Module -Name CredentialManager -Force

### Convert password to Secure String and create credential
$password = ConvertTo-SecureString -string $pass -AsPlainText -Force
$Credential = new-object -typename System.Management.Automation.PSCredential -argumentlist $user, $password

# Save the credential object directly without unwrapping it:
New-StoredCredential -Credentials $Credential -Target 'Share Credentials' -Persist Enterprise -Comment "Share Credentials for $($Credential.UserName)" > $null

This script will need to be run in the context of the user who needs the credential created. Please use caution with this script as it will empty Credential Manager completely for the user context run with. Also it is advised to run a full CHKDSK /R on the root (C:\ usually) directory to make sure that nothing else is corrupt on the drive.

If your company is a MSP or wants to become one and automation just seems out of reach, then contact us to run your RMM for you.

RMM Automation: Create Office 365 User

As our business continues to focus on providing white labeled Tier 3 IT support services, RMM as a service, and co-managed IT services this blog will be highlighting tips for using Powershell to create Office 365 User and add them to groups. We have several clients with high employee turn-over which makes it necessary to often create Office 365 user. We will detail how to find all the needed data to create the proper script for each client (yes it will take a different script for each client due to different group names for each client).

Research

You need to get two pieces of information – the license type used by the organization to create users and the names of the groups to add users to

To find out the license types used use this commands:

Connect-MsolService
Get-MsolAccountSku

To find out all the groups in the organization use this commands: 

Connect-ExchangeOnline
Get-UnifiedGroup | Format-Table Alias

Variables

$displayName = Full user name – usually First name & Last Name
$userPrincipleName = Email address for user
$adminuser = Email address for admin of Office 365 Tenant
$adminpass = Password for admin of Office 365 Tenant
$licenseType = Office 365 license type found in research above

There is also the need for variables for each group you will be adding users to (found in research above). For this example I will be using:


$CompanyShared = Company Shared Contacts
$CompanyTimeOff = Company Time Off Calendar
$BillingPayroll = Billing & Payroll Group Email

Script Snippet

###Use this command to be allowed to use DotNet assemblies
Add-Type -AssemblyName System.web

$displayName = "UserFirst UserLast"
$userPrincipleName = “User@Company.com”
$adminuser = "admin@Company.com"
$adminpass = '@dm1nP4ssw0rd'

$CompanyShared = "yes"
$CompanyTimeOff = "yes"
$BillingPayroll = "no"

###converts admin credentials to useable format for connections to Office 365
$adminpassword = ConvertTo-SecureString -string $adminpass -AsPlainText -Force
$admincred = new-object -typename System.Management.Automation.PSCredential -argumentlist $adminuser, $adminpassword

Connect-AzureAD -Credential $admincred
Connect-MsolService -Credential $admincred

$mailNickname = $userPrincipleName.Split("@")[0]

###To find User License Types use Get-MsolAccountSku
$licenseType = "companytenantID:SPB"

###Generates a random password length
$minPassLength = 8 ## characters
$maxPassLength = 15 ## characters
$passlength = Get-Random -Minimum $minPassLength -Maximum $maxPassLength

###Generates a random number of non-alpha characters in the password
$minNonAlphaChars = 1 ## characters
$maxNonAlphaChars = 5 ## characters
$nonAlphaChars = Get-Random -Minimum $minNonAlphaChars -Maximum $maxNonAlphaChars

###Creates the password, makes it useable by Azure, sets it up to not require password change, and creates account
$password = [System.Web.Security.Membership]::GeneratePassword($passlength, $nonAlphaChars)
$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
$PasswordProfile.Password = "$password"
$PasswordProfile.ForceChangePasswordNextLogin = $false
Write-Host "Password is set to $password for $displayName"
$user = New-AzureADUSer -DisplayName $displayName -PasswordProfile $PasswordProfile -UserPrincipalName $userPrincipleName -mailNickname $mailNickname -AccountEnabled $true

###Waits 5 minutes for the user creation process in Office 365
Start-Sleep -Seconds 300

###Sets additional parameters for account that are needed like location, license type, and sets password to never expire
Get-MsolUser -UserPrincipalName $userPrincipleName | Set-MsolUser -UsageLocation US
Get-MsolUser -UserPrincipalName $userPrincipleName | Set-MsolUserLicense -AddLicenses $licenseType
Get-MsolUser –UserPrincipalName $userPrincipleName | Set-MsolUser –PasswordNeverExpires $True

###Adds new user to groups
if ($CompanyShared -eq "yes")
{ Add-MailboxPermission -Identity companyshared@premieror.com -User $userPrincipleName -AccessRights FullAccess -InheritanceType All}

if ($CompanyTimeOff -eq "yes")
{ Add-MailboxPermission -Identity companytimeoff@premieror.com -User $userPrincipleName -AccessRights FullAccess -InheritanceType All}

if ($BillingPayroll -eq "yes")
{ Add-MailboxPermission -Identity billing_payroll@premieror.com -User $userPrincipleName -AccessRights FullAccess -InheritanceType All}

This script requires that the admin account you use to setup the user have multifactor authentication turned off (I know not secure), so use a really long complex password. The script creates a random password for the new user and write it to output. The script will take several minutes to run due to the waiting for the account to finish setup before adding additional parameters and adding them to groups.

If your company is a MSP or wants to become one and automation just seems out of reach, then contact us to run your RMM for you.

Restore OneDrive Files Deleted by Any Office 365 User

Here is how to restore OneDrive files deleted by any Office 365 user:

  • Login to Office 365 admin portal: https://admin.microsoft.com
  • Might need to click Show More to see the SharePoint Admin Center – click on that
  • Click on Active Sites
  • Click on Site Name
  • Click on the URL for the site in the side bar
  • Click on Recycle Bin
  • Select one or many files to restore and then click the Restore button at the top

It will then take several minutes for the files to repopulate into OneDrive on all computers, so be patient.

If your company is using OneDrive for Business and wants expert management, then contact us for assistance.

RMM Automation: Synology Resource Monitoring

As our business continues to focus on providing white labeled Tier 3 IT support services, RMM as a service, and co-managed IT services this blog will be highlighting tips for Synology resource monitoring. We have developed best practices for alerting on a Synology device for resources like CPU, Memory, and Disk Usage. When these Synology resource monitoring alerts are consistently triggered it show that the device is over utilized or if they remain triggered for long periods of time then it shows there is an issue on the device itself. We also setup weekly Storage Reports to get an accurate view of the changes and growth going on with client storage.

Setup Notifications

Make sure that Notifications are setup on the Synology first

  1. Open Control Panel
  2. Click on Notifications
    • Check enable email notifications
    • Choose Service Provider
    • Login to Gmail or use Custom SMTP server for Office 365 as the sender
    • Change Subject to indicate name of device
    • Add recipient email (Best to use one that ties into a PSA or RMM)
    • Click Apply
    • Send a Test Email

Setup Synology Resource Monitoring

  1. Open Resource Monitor app
    1. Click on Performance Alarm to the left
    2. Click on Rules tab
    3. Click Create
    4. Create the following Rules one by one
      1. Volume Critical
        1.  Select which volume [create multiple rules if more than one volume]
        2. Select Disk I/O utilization
        3. Greater than 90%
        4. Level Critical
      2. Volume Warning
        1.  Select which volume [create multiple rules if more than one volume]
        2. Select Disk I/O utilization
        3. Greater than 75%
        4. Level Warning
      3. System Memory Critical
        1. Memory Usage
        2. Greater than 90%
        3. Level Critical
      4. System Memory Warning
        1. Memory Usage
        2. Greater than 75%
        3. Level Warning
      5. System CPU Critical
        1. CPU Usage
        2. Greater than 90%
        3. Level Critical
      6. System CPU Warning
        1. CPU Usage
        2. Greater than 75%
        3. Level Warning
    5. Click Settings and check box to Enable usage history then click Save

Setup Storage Reports

  1. Open Storage Analyzer
    1. Select new location
    2. Create new shared folder named Log Files – hide from network
    3. Go back to Storage Analyzer and select new folder
    4. Set volume usage data to be collected Daily at 2am 
    5. Create report task
      1. Send to email (Best to use one that ties into a PSA)
      2. Generate reports at Monday 4am
      3. Keep 60 reports then click Next
      4. Select report items
        1. Volume Usage
        2. Shared Folders
        3. Potential Duplicate Files
        4. Large Files
        5. Least Recently Modified Files then click Next
      5. Analyze all folders then click Next
      6. Leave duplicate file defaults then click Next
      7. Click Done
    6. Close App

Once this is setup you will start getting email alerts sent to you or better yet your PSA / RMM for ticket creation and review.

If your company is a MSP or wants to become one and automation just seems out of reach, then contact us to run your RMM for you.

Zero Trust – Application Whitelisting

This is the eighth in a series about the concept of Zero Trust, which means in the IT sense that you trust nothing and always verify everything surrounding and connected to your network. Today’s discussion will be on Application Whitelisting. 

Application Whitelisting

Application Whitelisting is a process of determining which software programs the company absolutely needs to do business, marking them as safe, and blocking any other program that tries to run on company computers. This methodology has the distinct advantage of blocking almost all forms of malware on computers. Pairing this with a good next-gen antivirus creates an impenetrable wall against malware threats. It also prevents users from accidentally or intentionally running something that should not be on company computers. Here are some questions to ask:

  • Do you know all software on your computers?
  • Do your users spend time on company computers listening to music?
  • Have any of your users ever downloaded software without asking?
  • Do you have a computer use policy? How is that enforced?

If your company is wanting to lock down what is running on company computers, then contact us for assistance.

Archives

Categories

Plant a Seed @ 541-761-9549
233 Rogue River Hwy #873 Grants Pass, OR 97527
Mon-Fri: 9:00am-5:00pm
support@farmhousenetworking.com
© 2016-2023- Farmhouse Networking. All rights reserved
Terms and Conditions Privacy Policy

Evaluation Signup

[contact-form-7 id="452" title="Free Network Evaluation"]