Bighand – Could not write value AuthenticationType to key \Software\Bighand\TotalSpeech\v3

March 26, 2019Research

Trying to deploy Bighand via GPO MSI , running the System App Via the Transform brings up the below error

That error relates AD authentication, but because you are using BigHand Professional, this should always be turned off.

Browse to –
[HKEY_LOCAL_MACHINE\Software\Bighand\Totalspeech\v3]
(on a 64 bit machine this will change to [HKEY_LOCAL_MACHINE\Software\Wow6432Node\BigHand\Totalspeech\v3])

The REG_DWORD to look for is called “AuthenticationType” This should be set to “0”

Rating: 0.0/10 (0 votes cast)

Rating: 0 (from 0 votes)

No Comments

How to download Device Management powershell scripts from intune

March 24, 2019InTune

There is no current way to download existing Powershell Scripts Uploaded to Intune Device Management. To do this you have to use the graph API. There is a Demo called : DeviceManagementScripts_Get.ps1 , however it wasn’t working for me , so I created the below

This downloads a Single Script for you , it asks you for the id ( shows you each linked to the file name )


#Function to get AuthToken for Azure GraphAPI
function Get-AuthToken {

<#
.SYNOPSIS
This function is used to authenticate with the Graph API REST interface
.DESCRIPTION
The function authenticate with the Graph API Interface with the tenant name
.EXAMPLE
Get-AuthToken
Authenticates you with the Graph API interface
.NOTES
NAME: Get-AuthToken
#>

[cmdletbinding()]

param
(
    [Parameter(Mandatory=$true)]
    $User

)

$userUpn = New-Object "System.Net.Mail.MailAddress" -ArgumentList $User

$tenant = $userUpn.Host

Write-Host "Checking for AzureAD module..."

    $AadModule = Get-Module -Name "AzureAD" -ListAvailable
    
    if ($AadModule -eq $null) {
        
        Write-Host "AzureAD PowerShell module not found, looking for AzureADPreview"
        $AadModule = Get-Module -Name "AzureADPreview" -ListAvailable

    }

    if ($AadModule -eq $null) {
        write-host
        write-host "AzureAD Powershell module not installed..." -f Red
        write-host "Install by running 'Install-Module AzureAD' or 'Install-Module AzureADPreview' from an elevated PowerShell prompt" -f Yellow
        write-host "Script can't continue..." -f Red
        write-host
        exit
    }

# Getting path to ActiveDirectory Assemblies
# If the module count is greater than 1 find the latest version

    if($AadModule.count -gt 1){

        $Latest_Version = ($AadModule | select version | Sort-Object)[-1]

        $aadModule = $AadModule | ? { $_.version -eq $Latest_Version.version }

        $adal = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.dll"
        $adalforms = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll"

    }

    else {

        $adal = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.dll"
        $adalforms = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll"

    }

[System.Reflection.Assembly]::LoadFrom($adal) | Out-Null

[System.Reflection.Assembly]::LoadFrom($adalforms) | Out-Null
 
# Client ID used for Intune scopes

$clientId = "d1ddf0e4-d672-4dae-b554-9d5bdfd93547"

$redirectUri = "urn:ietf:wg:oauth:2.0:oob"

$resourceAppIdURI = "https://graph.microsoft.com"

$authority = "https://login.microsoftonline.com/$Tenant"

    try {

    $authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority

    # https://msdn.microsoft.com/en-us/library/azure/microsoft.identitymodel.clients.activedirectory.promptbehavior.aspx
    # Change the prompt behaviour to force credentials each time: Auto, Always, Never, RefreshSession

    $platformParameters = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters" -ArgumentList "Auto"

    $userId = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserIdentifier" -ArgumentList ($User, "OptionalDisplayableId")
            
    $authResult = $authContext.AcquireTokenAsync($resourceAppIdURI,$clientId,$redirectUri,$platformParameters,$userId).Result

    # If the accesstoken is valid then create the authentication header

        if($authResult.AccessToken){

        # Creating header for Authorization token

        $authHeader = @{
            'Content-Type'='application/json'
            'Authorization'="Bearer " + $authResult.AccessToken
            'ExpiresOn'=$authResult.ExpiresOn
            }

        return $authHeader

        }

        else {

        Write-Host
        Write-Host "Authorization Access Token is null, please re-run authentication..." -ForegroundColor Red
        Write-Host

        break

        }

    }

    catch {

    write-host $_.Exception.Message -f Red
    write-host $_.Exception.ItemName -f Red
    write-host
    break

    }

}

#Get Admin Username

$User = Read-Host -Prompt "Please specify your user principal name for Azure Authentication"
Write-Host
 
#Get Auth Token
 
$authToken = Get-AuthToken -User $User

#Get Scripts

$graphApiVersion = "Beta"
$Resource = "deviceManagement/deviceManagementScripts"

$uri = "https://graph.microsoft.com/$graphApiVersion/$Resource/"
$scriptarray = (Invoke-RestMethod -Uri $uri -Headers $authToken -Method Get).value


foreach ($script in $scriptarray) {
	$script.fileName + " ( " + $script.id + " )"
}


$scriptid = Read-Host -Prompt "Enter ID you would like to download, number in brackets without spaces"
Write-Host


$detailuri = "https://graph.microsoft.com/$graphApiVersion/$Resource/" + $scriptid
Invoke-RestMethod -Uri $detailuri -Headers $authToken -Method Get
$script64 = (Invoke-RestMethod -Uri $detailuri -Headers $authToken -Method Get).scriptContent
#Decode Base64 into Scripts
$decodedscript = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($script64))
#output File
New-Item -Path . -Name $script.fileName -ItemType "file" -Value $decodedscript

DownloadSingleIntunepowershellScript.ps1 view raw

This downloads all the Scripts in your InTune Directory

#Function to get AuthToken for Azure GraphAPI
function Get-AuthToken {

<#
.SYNOPSIS
This function is used to authenticate with the Graph API REST interface
.DESCRIPTION
The function authenticate with the Graph API Interface with the tenant name
.EXAMPLE
Get-AuthToken
Authenticates you with the Graph API interface
.NOTES
NAME: Get-AuthToken
#>

[cmdletbinding()]

param
(
    [Parameter(Mandatory=$true)]
    $User

)

$userUpn = New-Object "System.Net.Mail.MailAddress" -ArgumentList $User

$tenant = $userUpn.Host

Write-Host "Checking for AzureAD module..."

    $AadModule = Get-Module -Name "AzureAD" -ListAvailable
    
    if ($AadModule -eq $null) {
        
        Write-Host "AzureAD PowerShell module not found, looking for AzureADPreview"
        $AadModule = Get-Module -Name "AzureADPreview" -ListAvailable

    }

    if ($AadModule -eq $null) {
        write-host
        write-host "AzureAD Powershell module not installed..." -f Red
        write-host "Install by running 'Install-Module AzureAD' or 'Install-Module AzureADPreview' from an elevated PowerShell prompt" -f Yellow
        write-host "Script can't continue..." -f Red
        write-host
        exit
    }

# Getting path to ActiveDirectory Assemblies
# If the module count is greater than 1 find the latest version

    if($AadModule.count -gt 1){

        $Latest_Version = ($AadModule | select version | Sort-Object)[-1]

        $aadModule = $AadModule | ? { $_.version -eq $Latest_Version.version }

        $adal = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.dll"
        $adalforms = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll"

    }

    else {

        $adal = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.dll"
        $adalforms = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll"

    }

[System.Reflection.Assembly]::LoadFrom($adal) | Out-Null

[System.Reflection.Assembly]::LoadFrom($adalforms) | Out-Null
 
# Client ID used for Intune scopes

$clientId = "d1ddf0e4-d672-4dae-b554-9d5bdfd93547"

$redirectUri = "urn:ietf:wg:oauth:2.0:oob"

$resourceAppIdURI = "https://graph.microsoft.com"

$authority = "https://login.microsoftonline.com/$Tenant"

    try {

    $authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority

    # https://msdn.microsoft.com/en-us/library/azure/microsoft.identitymodel.clients.activedirectory.promptbehavior.aspx
    # Change the prompt behaviour to force credentials each time: Auto, Always, Never, RefreshSession

    $platformParameters = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters" -ArgumentList "Auto"

    $userId = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserIdentifier" -ArgumentList ($User, "OptionalDisplayableId")
            
    $authResult = $authContext.AcquireTokenAsync($resourceAppIdURI,$clientId,$redirectUri,$platformParameters,$userId).Result

    # If the accesstoken is valid then create the authentication header

        if($authResult.AccessToken){

        # Creating header for Authorization token

        $authHeader = @{
            'Content-Type'='application/json'
            'Authorization'="Bearer " + $authResult.AccessToken
            'ExpiresOn'=$authResult.ExpiresOn
            }

        return $authHeader

        }

        else {

        Write-Host
        Write-Host "Authorization Access Token is null, please re-run authentication..." -ForegroundColor Red
        Write-Host

        break

        }

    }

    catch {

    write-host $_.Exception.Message -f Red
    write-host $_.Exception.ItemName -f Red
    write-host
    break

    }

}

#Get Admin Username

$User = Read-Host -Prompt "Please specify your user principal name for Azure Authentication"
Write-Host
 
#Get Auth Token
 
$authToken = Get-AuthToken -User $User

#Get Scripts

$graphApiVersion = "Beta"
$Resource = "deviceManagement/deviceManagementScripts"

$uri = "https://graph.microsoft.com/$graphApiVersion/$Resource/"
$scriptarray = (Invoke-RestMethod -Uri $uri -Headers $authToken -Method Get).value


foreach ($script in $scriptarray) {
	$detailuri = "https://graph.microsoft.com/$graphApiVersion/$Resource/" + $script.id
	#Show Scripts in Output
	Invoke-RestMethod -Uri $detailuri -Headers $authToken -Method Get
	$script64 = (Invoke-RestMethod -Uri $detailuri -Headers $authToken -Method Get).scriptContent
	#Decode Base64 into Scripts
    $decodedscript = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($script64))
	#output Files
	New-Item -Path . -Name $script.fileName -ItemType "file" -Value $decodedscript
}

DownloadAllInTunePowershellFiles.ps1 view raw

Rating: 0.0/10 (0 votes cast)

Rating: 0 (from 0 votes)

No Comments

iManage Desksite – Register Server Connection Pop up on Opening PDF

March 23, 2019Research

Recently we had deployed Desksite to a few users , however some of them when opening PDF would get a connection Dialog box opening up and clicking on Connect in the Server List would freeze the screen with

“Not Responding”

And the connection would stay disconnected, even though the user was connected fine to Desksite.

We made sure Adobe Protected Mode was disable and ran a Repair of Desksite.

In the End we had to remove and reinstall Desksite from Scratch to repair this

Rating: 0.0/10 (0 votes cast)

Rating: 0 (from 0 votes)

No Comments

How to deploy trusteer rapport via Intune or GPO silently

March 20, 2019Research

Download from

http://download.trusteer.com/Gcur4Wtnu/RapportSetup-Full_x64.exe

Intune :

RapportSetup-Full_x64.exe /s /p NOICONS=true NOBROWSER=true ACCEPTLICENSE=TRUE

GPO Powershell Computer Startup Script :

If(!(Test-Path -path "C:\Program Files (x86)\Trusteer\Rapport\Console.ico"))

 {
 cd "\\local\to\installer\GroupPolicy\Trustee"
.\RapportSetup-Full_x64.exe /s /p NOICONS=true NOBROWSER=true ACCEPTLICENSE=TRUE

}

Rating: 0.0/10 (0 votes cast)

Rating: 0 (from 0 votes)

No Comments

This device hasn’t been setup for corporate use yet – Company Portal

March 15, 2019Research

Trying to open the Company Portal as a user after Intune Enrollment shows the below

When clicking continue to Enroll you then get the error

The device is already registered in Intune

You will need to re-enroll the device using the following method

Delete ( or as much as you can ) : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments

Re-enroll PC as the correct User using the Access Work and School Method

If it asks you for the Server URL for MDM you can use this

EnterpriseEnrollment-s.manage.microsoft.com

Rating: 0.0/10 (0 votes cast)

Rating: 0 (from 0 votes)

No Comments

Intune Management Extension Application / Service not installing after InTune deploy

March 15, 2019InTune

Recently I found an InTune pc having issues deploying software and PowerShell

In the “Company Portal” Store App it showed there was a: Delay in Downloading files error

I then found there was no Management Extension Application Service installed as all

This can be manually downloaded and installed from here :

https://prodamsub0102data.azureedge.net/IntuneWindowsAgent.msi

After installing , software started Deploying

Rating: 0.0/10 (0 votes cast)

Rating: 0 (from 0 votes)

No Comments

How to Use Powershell to Mail Merge Outlook Signature for Users out of Active Directory

March 11, 2019Research

#Get Active Directory information for current user

$UserName = $env:username

$Filter = “(&(objectCategory=User)(samAccountName=$UserName))”

$Searcher = New-Object System.DirectoryServices.DirectorySearcher

$Searcher.Filter = $Filter

$ADUserPath = $Searcher.FindOne()

$ADUser = $ADUserPath.GetDirectoryEntry()

$ADDisplayName = $ADUser.name

$ADTitle = $ADUser.title

$ADOffice = $ADUser.physicalDeliveryOfficeName

$script:ADMobileNumber = $script:ADUser.mobile

$ADTelePhoneNumber = $ADUser.telephoneNumber

$ADExtension1 = $ADUser.extensionAttribute1

$ADExtension2 = $ADUser.extensionAttribute2

$ADExtension3 = $ADUser.extensionAttribute3

 

#Additional Variables

$AppData=(Get-Item env:appdata).value

$SigPath = ‘\Microsoft\Signatures’

$LocalSignaturePath = $AppData+$SigPath

$SignatureName = '%signaturename%'

$DomainName = '%domainname%'

$fulladdetails = $ADDisplayName+$ADExtension1+$ADTitle+$ADOffice+$script:ADMobileNumber+$ADTelePhoneNumber

 

#Check if signature directory exists and, if not, update it

If (Test-Path $LocalSignaturePath)

{}

Else

{New-Item $LocalSignaturePath -type directory}

 

Write-host $fulladdetails

 

#Check if  Signature has changed

If ("$fulladdetails" -eq "$SigChkDetails")

{ Exit }

Else

{  }

 

#Delete old signature files

Remove-Item "$LocalSignaturePath\$ADDisplayName.htm" -Recurse -Force

 

#Copy over signature template

$SigSource = “\\path\to\signature\source"

$filename = "\\path\to\signature\template.htm"

$filename2 = "\\path\to\logo.jpg"

 

Copy-Item $filename $LocalSignaturePath -Recurse -Force

Copy-Item $filename2 $LocalSignaturePath -Recurse -Force
 

#Modify Signature and Insert Variables

(Get-Content $LocalSignaturePath\template.htm) -replace 'FullName', $ADDisplayName | Set-Content $LocalSignaturePath\template.htm

(Get-Content $LocalSignaturePath\template.htm) -replace 'PositionTitle', $ADTitle | Set-Content $LocalSignaturePath\template.htm

(Get-Content $LocalSignaturePath\template.htm) -replace 'PhoneNumber', $ADTelePhoneNumber | Set-Content $LocalSignaturePath\template.htm

 

If(!$script:ADMobileNumber -or !$ADExtension2){

(Get-Content $LocalSignaturePath\template.htm) -replace '<b>M</b> MobileNumber', $NULL | Set-Content $LocalSignaturePath\template.htm}

ELSE

{(Get-Content $LocalSignaturePath\template.htm) -replace 'MobileNumber', $script:ADMobileNumber | Set-Content $LocalSignaturePath\template.htm}

 

If(!$ADExtension1){

(Get-Content $LocalSignaturePath\template.htm) -replace ', Qualification', $NULL | Set-Content $LocalSignaturePath\template.htm}

ELSE

{(Get-Content $LocalSignaturePath\template.htm) -replace 'Qualification', $ADExtension1 | Set-Content $LocalSignaturePath\template.htm}

 

If($ADOffice -ne 'Singapore'){

If(!$ADExtension3){

(Get-Content $LocalSignaturePath\template.htm) -replace 'ImageRow', '<img src="./logo.jpg" width="259" height="74" border="0" />' | Set-Content $LocalSignaturePath\template.htm}

}ELSE

{(Get-Content $LocalSignaturePath\template.htm) -replace 'ImageRow', $null | Set-Content $LocalSignaturePath\template.htm}



 

Rename-Item -Path $LocalSignaturePath\template.htm -NewName "$ADDisplayName.htm"

 

#Set company signature as default for New messages

[Void] [Reflection.Assembly]::LoadWithPartialName("Microsoft.Office.Interop.Word")

$MSWord = New-Object -com word.application

$EmailOptions = $MSWord.EmailOptions

$EmailSignature = $EmailOptions.EmailSignature

$EmailSignatureEntries = $EmailSignature.EmailSignatureEntries

$EmailSignature.NewMessageSignature=$ADDisplayName

$MSWord.Quit()

 

#Set company signature as default for Reply messages

[Void] [Reflection.Assembly]::LoadWithPartialName("Microsoft.Office.Interop.Word")

$MSWord = New-Object -com word.application

$EmailOptions = $MSWord.EmailOptions

$EmailSignature = $EmailOptions.EmailSignature

$EmailSignatureEntries = $EmailSignature.EmailSignatureEntries

$EmailSignature.ReplyMessageSignature=$ADDisplayName

$MSWord.Quit()

Rating: 0.0/10 (0 votes cast)

Rating: 0 (from 0 votes)

No Comments

GPO to Add Shared Calendar to Users Outlook

March 10, 2019Research

VBA Script to Add a Shared Calendar to Users Outlook

'You will need to disable Macro Security for this to run
'Use GPO to deploy VbaProject.OTM to %appdata%\Microsoft\Outlook folder

Private Sub Application_Startup()
 
Call OpenMeetingRoom1
 
End Sub

Sub OpenMeetingRoom1()

    Dim myNamespace As Outlook.NameSpace
    Dim myRecipient As Outlook.Recipient
    Dim CalendarFolder As Outlook.Folder
    
    Set myNamespace = Application.GetNamespace("MAPI")
    Set myRecipient = myNamespace.CreateRecipient("Meeting Rooom 1")
    myRecipient.Resolve
    If myRecipient.Resolved Then
        Call ShowCalendar(myNamespace, myRecipient)
    End If
 
End Sub



Sub ShowCalendar(myNamespace, myRecipient)
    Dim CalendarFolder As Outlook.Folder

    Set CalendarFolder = _
        myNamespace.GetSharedDefaultFolder _
        (myRecipient, olFolderCalendar)
    'Open up the Calendar
    'CalendarFolder.Display
End Sub

Rating: 0.0/10 (0 votes cast)

Rating: 0 (from 0 votes)

No Comments

How to find current Modem code of Draytek Router

March 10, 2019Research

Navigate to the Online Status of Router

Rating: 0.0/10 (0 votes cast)

Rating: 0 (from 0 votes)

No Comments

How to update email Domain for iManage worksite communication server using 365

March 10, 2019Research

Make sure you have a Send Connector in O365 so that I route all emails from your subdomain e.g. imanage.domain.com back to the Public IP where your Communication Server is , use the Router to NAT port 25 from this IP to the communication server and make sure SMTP is allowed through the local firewall
Update the ‘Email Domain’ on the ‘WorkSite Server’ properties to ‘imanage.domain.com’ stop and start the ‘WorkSite Server’ service.
Then update the ‘Domain’ in the communication server ‘Exchange Online’ properties to ‘imanage.domain.com’ stop and start the ‘Exchange Online’ service.
The above will allow internal recipients to Send and File , if wanting external recipients to be able to file emails to this server, make sure you create an MX Record for imanage.domain.com externally to route to your communications server ( preferably via your Spam Filter)

Rating: 0.0/10 (0 votes cast)

Rating: 0 (from 0 votes)

No Comments