Posts Tagged ‘Tips and Tricks’

How to get international phone numbers with SIP dirt cheap

Having a business that expands to multiple markets, also means purchasing domain names, advertising and phone numbers. Having multiple phone numbers and especially international phone numbers, thru the regular phone pusher is something that can quickly become hugely expensive. So when asked by a not for profit organization, how they could have multiple international phone numbers for their customers to contact them, I started looking thru the different SIP providers.

After quite a lot of research and some testing. I found LocalPhone that offers SIP services for international lines and numbers at a low cost. They of course offer all the usual services, such as a SIP connection to receive calls directly, SIP trunks, SIP international calls dirt cheap, redirects, voicemail and so on.

So how do you get more than one number on your regular phone line without the whole SIP thingy ? Read the rest of this entry »

Boost your internal PKI/Microsoft CA security with FREE green Extended Validation SSL in 15 minutes or close your eyes until 2016!

One of the new CAB Forum baseline requirements is that all SSL certificate issuers are to stop issuing SSL certificates with internal host names and IP addresses. Currently it is possible to get internal host names in public certificates until 2016, but after 1. July it will be shortened to 2015. But keep reading and you will remove this threat today, instead of waiting to 2015-2016.

Normal usage of SSL certificates

Most companies with a medium to large infrastructure, use an internal PKI solution like Microsoft Certification Authority for identity and encryption on internal workstations and accounts. They will also use internal CA to issue certificates for server systems that are only accessed by internal computers where Root CA trust can be controlled automatically thru GPO or similar.

But external facing websites and server systems use public external CA issued SSL certificates, to ensure trust by all units including mobile units and external computers.

(did you see the padlock in the above image?)

Example of attack

It makes sense to prevent easy attacks on the identity part of SSL security for internal systems. Any internal website would be easy to replace with a fake site or do a man in the middle attack with a real external publically trusted SSL certificate that includes the internal host names. Example: an internal password management portal on https://mypassword.abc-organization.local. The intruder gets a certificate issued to www.notyours.dk including a SAN name “mypassword.abc-organization.local”. It would be easy for the intruder to setup a fake website to harvest passwords with a real SSL certificate that all clients would trust equally to their internally issued SSL certificate on the existing system. Clients would see the padlock with no visible changes. Read the rest of this entry »

How to get Outlook 2007 to save sent e-mail from a shared mailbox in the shared mailbox, and not pay for it!

What company with more than well.. 2 employees do not need a shared mailbox? well almost all the ones I know use some system to share a company general e-mail address and mailbox, this could be info@sole.dk, spamtrap@sole.dk or support@sole.dk and so on.

One of the pains of shared mailboxes has always been to get the Sent e-mail to actually land in the SENT folder of the shared mailbox, and not the users default SENT folder.

It is actually possible to get Outlook 2007 to do this, without having to pay for 3rd party add-ons that may or may not be stable and time consuming.

So since, youre still reading and haven't jumped to another Google result, You must be wanting to know how, well it's quite simple, all we have to do is.

  • Ensure we have a specific hotfix on Outlook 2007
  • Set one little registry key

So first up the registry key, we need to add it for current user.

Shared Mailbox Registry Fix (dont forget hotfix)

Read the rest of this entry »

VBScript to remove network printers, when RemovePrinterConnection fails and still have time for popcorn and a movie

For the last couple of months, and some months ahead, I am working primarely on migration projects, currently I have just finished developing a lot of scripts to automatically migrate from Novell & ZenWorks to a purely Microsoft environment. So I might share some tips and tricks from my experiences.

Novell LogoTrying to uninstall Novell printers automatically with VBScripting in a login script gave me a headache, for some reason the good old function WshNetwork.RemovePrinterConnection would fail every time trying to uninstall a Novell printer. After some searching and testing I found that by executing a command to RUNDLL32 PRINTUI.DLL,PrintUIEntry, I could successfully uninstall the printers. My personal experience shows no warnings or errors to the user, as long as the computer can still access Novell, however I did have some warning messages appear when the computer could not connect, but the printer was still deleted, and the user could not abort it, so in my book thats a success!

Also i found some examples removing the printers with /dn instead of the /dl that I am using Read the rest of this entry »

Dont forget to google it and take a vacation!

Most experienced consultants use Google daily to find descriptions of problems and solutions, knowing your way around Google and making a good search, can mean the difference between identifying and solving a problem within minutes or hours.

google logoMany times a customer have asked me how to solve a problem, that I didnt know the answer to on the top of my head, after all there is a lot of issues and only so much memory and experience. Not once have I recieved any negative responses from saying "let me do a little research and i will come right back to you", on the contrary the customer is happy and relieved that I will help them. Dont drop the ball and say "no sorry cant help you", must customers dont have the time or experience to search for an answer them self, why else would they be asking. Read the rest of this entry »

How to install a SSL certificate backup file on Exchange 2007 and still have time for facebook

The easiest way (I love easy!) to order and install an SSL certificate on Exchange 2007, is to order a SAN (Subject Alternative Name) certificate with AutoCSR meaning you dont have to create a CSR but instead get a certificate backup file (PKCS#12, P12. PFX). You also save time with the SAN because you only use one certificate for all services and can move services from one domain to another in the certificate with no problems.

Make sure you get a SAN certificate including the full domain name(s) you use to access Outlook Web Access, Outlook Anywhere, Autodiscover and any internal servernames using the certificate (usually free).

The Certificate you order should contain something like this:

  • mail.sole.dk and/or owa.sole.dk - for Outlook Web Access
  • autodiscover.sole.dk and any other e-mail domain you use with Autodiscover/OA.
  • MYSERVER01 and MyServer01.domain.local - and any other internal servername that will be using the certificate

Personally I setup servers to respond only to OWA and ActiveSync on the mail./owa. domain, and use all other services like Outlook Anywhere, etc. on the autodiscover. address, this way I can use Forms Based Authentication/Basic with my OWA/ActiveSync website, and NTLM with my other services. You can see more information about this from my previous blogs here. Some people argue for and against having internal server names in the certificate, but I figure if they are free anyways, and might help why not add them - and if security is so much an issue that internal server names must not be revealed, you have other much bigger problems anyway.

Now some simple commands to manipulate Exchange 2007 SSL certificates. (Stolen from the danish Exchange 2007 guide on FairSSL, I co-authored the manual) Read the rest of this entry »