Some Notes on the Machines

If one has a Contact Group within Outlook which contains any in-company contacts, and you try to forward it outside the company, you will find that the receiver doesn’t get much. There is a way to do this:

Sender

1. First open the contact group into its own window.
2. Open Forward Group, and choose In Internet Format (vCard).
3. Send the result to your recipient. This does not generate or send a standard vCard, but it does do something we need.

Receiver

1. Receive the email. It will have a .txt file attached which looks something like the below.

Contact Group Name:	Test Contact group

Members:	

Firstname1 Lastname1	emailaddy1@company1.com
Firstname2 Lastname2	emailaddy2@company2.com
Firstname3 Lastname3	emailaddy3@company3.com

2. Copy to clipboard, the lines of the txt file which contain names and email addresses.
3. Create a blank Contact Group of appropriate name.
4. Click Add Members, From Outlook Contacts. A box named Select Members: Contacts will come up.
5. Paste the copied lines, directly into the white box to the right of the word “Members” in the Select Members: Contacts box.
6. Click OK, and the new Contact Group will be created appropriately.

Condensed from here: https://support.google.com/a/answer/2589954?hl=en:

• google.com
• googledrive.com
• google-analytics.com
• googleapis.com
• googleusercontent.com
• ytimg.com
• gstatic.com

The above are all on port 443, HTTPS, only. There is a legacy product which uses talk.google.com on port 5222, XMPP.

From the profound Mike Crayton. We do this:

1. Create an admin role group named “Manage Distribution Groups”, with the admin role of “Distribution Groups”, setting as members the user(s) to be given this ability
2. Give them this URL for getting to the management console:
   https://outlook.office.com/ecp/

Definitions and items:

• VPN stands for Virtual Private Network. A true VPN connects two different networks, using an encrypted “tunnel” through Internet or other non-private connectivity.
• SSL VPN as defined by OpenVPN (and its wrappers like Watchguard SSL VPN), is not a true VPN. It is an SSL-encryption agreement between devices, building either a TCP tunnel or a UDP dataflow, over which tightly controlled network redirection traffic is distributed.
• This means that the source and destination subnets, though not IPs, can be the same.

So let’s say that we need to give a PC which is sitting on someone else’s 192.168.1.0/24 network, an encryption-protected connection for RDP and file sharing, to the office Windows machine at 192.168.1.20. If SSL VPN were true VPN, this would require a subnet change at either the remote side or the home LAN, no further option. But it’s not, so we can do this:

1. Restrict the SSL VPN capability on the office side, to just the domain controller (e.g., 192.168.1.250) and the RDP destination (192.168.1.20).
2. Make sure that the IP of the device on the remote side, is not a duplicate of either the domain controller or the RDP destination on the office side. So it can’t be either 192.168.1.250 or 192.168.1.20.
3. We can do this by setting a static IP on the remote device; alternatively, we can change the DHCP subnet of the remote site. Either of these are vastly easier than changing subnets!
4. The only loose end left, may be network printing on the remote side. Just make sure that the printer’s IP is not any of the vitals at the office, and is IPv4, and it will work just fine. Some printers (generally consumer-grade) are defaulting to semi-proprietary IPv6 modes in their Windows configurations, and at least some SSL VPN configurations will not play ball; in this scenario you’ll want to convert the PC setup(s) to use v4.

This is “Cornell Chicken Barbecue Sauce”, created in 1950 by Robert C. Baker in order to encourage certain kinds of agriculture, especially that of chicken. The sauce remains extremely popular in certain places. And it has no added sugar, unlike every BBQ sauce this writer has ever seen in many supermarkets.

1 cup cooking oil
1 pint cider vinegar
3 tablespoons salt
1 tablespoon poultry seasoning
1/2 teaspoon pepper
1 egg

Beat the egg, then add the oil and beat again. Add other ingredients and stir. The recipe can be varied to suit individual tastes. Leftover sauce can be stored in a glass jar in a refrigerator for several weeks.

There are multiple ways to set printers up by group policy in Windows. There is a printer administration role which can make things easier or harder, depending on how well everything is working. The simplest way, is to open the Group Policy Management Console from a domain controller, open up an appropriate policy, and open it to here:

then right-click in the white box, you’ll get a menu, choose “New”, choose “Shared Printer”, Action should be “Update” or “Replace” if “Update” doesn’t work, and you’ll choose the printer by “Share Path”. You can leave everything else alone unless you need something special. Sometimes it works better to do a Delete and then Create for each printer. The vagueness here is due to unknown but widely experienced vagaries in behavior of Group Policy which are addressed in no known documentation.

Please do note that we set these up under “User Configuration” not “Computer Configuration”. It is possible to do it under Computer, but removals can be far more difficult if we do, there have been messes seen.

This tool appears to be made for this, among several other things:

https://www.bitvise.com/tunnelier

Some firsthand reports:

https://superuser.com/questions/235395/automatic-ssh-tunneling-from-windows

There are a few others options on that page also.

1. Turn on.
2. Move mouse and press buttons until done.
3. Turn off.

These are not very documented, and at least at this writing, the informatives in the console were incomplete. Here’s the steps I have working at this writing, postulating the domain at hand being “emaildomain.com”:

1. First, in the O365 Exchange administrative console, go to the Protection area, and the rightmost tab is “dkim”, click on that. Then try to Enable any which are disabled. You will see an error message which says you need to create two CNAMEs. The two strings given, are the alias targets, the alias names are not given. Use these in the next step.

2. Set CNAMEs in Internet DNS. The alias names are the same every time; the targets are taken from the error message in step 1. They are not always entirely predictable, sometimes you will see “0i” buried within and there may be other variations. But the result will not be very distant from this:

selector1._domainkey.emaildomain.com
CNAME to
selector1-emaildomain-com._domainkey.emaildomain.onmicrosoft.com.
TTL 3600

selector2._domainkey.emaildomain.com
CNAME to
selector2-emaildomain-com._domainkey.emaildomain.onmicrosoft.com.
TTL 3600

3. Once your DNS changes have propagated thoroughly, go back to step #1 and try to enable DKIM again for the domain whose records you have just changed. If you have done your CNAMEs correctly, O365 will turn DKIM on. You may need to wait for DNS propagation.

From the indefatigable Matt Quick:

Sometimes, trying to install .NET 3.5 either via Add/Remove Programs or via the standalone offline installer produces an error code. This is due to WSUS not having the files for .NET 3.5. Use the following workaround to avoid taking the machine off the domain, installing .NET 3.5, then putting it back on the domain:

This worked for me. Windows has to download the 3.5 installation files, but the server is configured not to use Windows Update (common for managed servers), but WSUS. The above article describes how to fix this. In a nutshell:

1. Start the Local Group Policy Editor or Group Policy Management Console.
2. Expand Computer Configuration, expand Administrative Templates, and then select System.
3. Open the Specify settings for optional component installation and component repairGroup Policy setting, and then select Enabled.
4. Select the Contact Windows Update directly to download repair content instead of Windows Server Update Services (WSUS) check box.

Make sure Windows Updates Service is set to Manual or Automatic to apply this fix.