Recently I was trying to use Item Level targeting on some group polices using just NOT statements ( so it should apply to anything that isn’t NOT ) 

NOT UserA OR NOT User3

However it was not working , Turns out your statement cannot be all NOT’s it has to have a IS in it as well

So it needs to look something like

User IS in Domain Users and NOT UserA or NOT User3

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Australian drivers’ licence: \b[A-Z0-9][0-9]{5,7}\b

Australian passport: \b[A-Z][0-9]{7}\b

Australian tax file number: \b[0-9]{3}( ?)[0-9]{3}\1[0-9]{2,3}\b

Exclude

1 exclude “Automatic reply:” “Undeliverable:” “Accepted:”

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

We wanted to swap a new SAN for a customer and our distributor wanted us to run the Nimble Space Savings Estimator , to find out how big the device needed to be.  Unlike Dell with LiveOptics tool , you have to run this across EVERY virtual machine, and run it across all drives for it to scan. I wrote a tool we could use inside BatchPatch to run this .exe from a share across all VM’s

This needs to be run out of hours due to heavy scanning of disk


#Find All Drives on PC (Not CDRom\System Partition)
$drives = Get-Volume | Where-Object {($_.FileSystemLabel -ne "System Reserved") -and ($_.DriveType -eq "Fixed")}

Foreach ($drive in $drives)

{
#Get DriveLetter
$drive = $drive.DriveLetter
& "\\share\Space Savings Estimator\NimbleSSE.exe" $drive`:

}
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Mimecast Best Practice

Setup

  • Remove text on stationary ( HTML and plain text ) before sending emails via Mimecast
  • Disable Office 365 Spam Filter
     

 

Maintenance

  • Enabled Digest Sets every Hour ( not every 4 hour )
  • Disable Device Enrollment
    1. Log on to the Administration Console.
    2. Click on the Administration menu item.
    3. Select the Account | Account Settings menu item.
    4. Expand the User Access and Permissions section.
    5. Select the Targeted Threat Protection Authentication option.
  • SAML for Authentication SSO via a provider like Office 365 for 2fa and Brute Force protection. If not Fall back to LDAPS ( EWS basic Auth is not Secure ) 
  • Disable Cloud Auth ( Or enable only for Continuity , and expire logins after 30 days ) 
  • Service Monitoring Setup
  • Acknowledge Disabled Users ( Make sure Receipt Validation is set to Known 
  • Setup impersonation protection for VIP
  • Restrict Administration Console to IP
  • Continuity Test
  • Confirm you have an account as Super Admin
  • Enable Outbond DKIM\SPF\DMARC
  • Inbound (  this we recommend a “Reject” setting. Out of the box we set it to ignore/managed permitted sender entries as some customers didn’t like that it was too aggressive. ) 
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

When users try and use the Mimecast for Outlook Add-in they login and get Application Disabled

  1. Make sure this is ticked
  2. Restart Outlook then try again
  3. Sometimes Mimecast caches Authentication Profiles locally in C:\Users\%username%\AppData\Roaming\Mimecast\msw.s3db , Delete this file with Outlook closed and try again
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Mimecast has a method to be able to replay emails to OnPremise Exchange which is neat 

We had a case needing to do this recently for a customer in 365. Mimecast tout their own product “Sync & Recover” for this however it was a one off thing and the extra cost couldn’t be justified

Thought of a way to do this without this , however you need to export the PST of individual users 

  1. Export Mail to PST of each user missing mail
  2. Reimport to PST to the office365 in the background for each user ( User the RootFolder in the CSV File as /Inbox

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Both Mailguard and Mimecast have a list of allowed emails for users. When migrating from one platform to another you will need to copy these over.

Mailguard does not have an export function for its “Active Whitelist” so you will need to copy the Table produced in the Admin Panel into Excel and remove all but your two columns of emails.

These two columns will need some more manipulation as they mix up Senders and Receivers in the lists and Mimecast needs one Column for Each. But the First Column in A in Excel and he Second in B

In C1 add the following ( If A1 does has @domain.com in it list it , if B1 has @domain.com in it list it ) 

=IF(ISNUMBER(SEARCH(“@domain.com”,A1)),A1,””)&IF(ISNUMBER(SEARCH(“@domain.com”,B1)),B1,””)

In D1 add the following ( If A1 does not have @domain.com in it list B1 , if B1 has @domain.com in it list A1) 

=IF(NOT(ISNUMBER(SEARCH(“@domain.com”,A1))),,B1)&IF(NOT(ISNUMBER(SEARCH(“@domain.com”,B1))),,A1)

Example

Once one , create a .xls file with columns

# addresstrusted_sendersblocked_sendersapproved_senders

Add the domain.com to #Address

Add the other domain field to either trusted_senders ( Allow Spam and Attachments ) or Approved Senders ( Allow Spam ) 

Import into Mangaed Senders using the PostIni Option 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Symptoms – staff unable to login to Outlook for Desktop 

Error found in event log on patched Domain controller

The Netlogon service denied a vulnerable Netlogon secure channel connection from a machine account.  

Workaround

Deploy GPO to allow insecure connections (this should be done only until machines are patched)

 

Refer to https://support.microsoft.com/en-au/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Error is show per attached

 

This is because Personal Enrollment is disabled

Go to Intune Blade – Device Enrollment and Enrollment restrictions. Click on Default policy under Device Type Restriction:

Allow Windows (MDM) on Corporate as well as Personal

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Trying to setup a Mimecast Sync Engine Application on Prem out the Box comes up with 

“validation failed: invalid mimecast user or insufficient permissions”

This is because by default 2fa is enabled on all Accounts created in Mimecast , you need create a new Authentication Profile and Disable 2fa on this , then assign it to that user group and bind it all together with a Profile

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)