Author: Adam Fowler

Password Expiry Notification Script

Posted on by Adam Fowler

Going back to basics can often be a good solution to a problem. Emailing users letting them know that their password will expire soon is usually the most broad way of letting everyone know. If they are using ActiveSync only to get their emails, they won’t be notified when their password expires until it stops working.

With that in mind, I set out to find a simple script that runs daily, to let people know when their password is due to expire.

There’s a lot out there, but I wanted to use PowerShell and set it as a daily scheduled task.

Technet had a great one here from Johan Dahlbom. Except it didn’t work for me, as I recieved the error when testing:

get-aduser : One or more properties are invalid.

After some research, I found this blog post which had my exact issue. It seems that PowerShell v4 which comes with Windows 8.1 and Windows Server 2012 R2 doesn’t like the wildcard for -properties when running a get-aduser command, such as :

get-aduser -filter * -properties *

Richard Siddaway’s solution was to pipe it out and use get-object instead, but that doesn’t give all the same results as the original.

Instead I chose to specify the actual fields needed which turned the command into:

get-aduser -filter * -properties enabled, passwordneverexpires

That worked perfectly. So after adjusting a few parts of the script, I had it working.

I then decided that I didn’t want a daily email going out saying ‘You have 7 days” then “You have 6 days” etc, but just 2 variables – 7 days and 1 day.

So, here is the script (downloadable here: Password Change Notification)

#################################################
# Please Configure the following variables….
# expireindays1 + 2 = At what count of days left on a password do you want a notification?
$smtpServer=”smtp.yourmailserver.com”
$expireindays1 = 7
$expireindays2 = 1
$from = “Name <[email protected]>”
#################################################

#Get Users From AD who are enabled
Import-Module ActiveDirectory
$users = get-aduser -filter * -Properties enabled, passwordneverexpires, passwordexpired, emailaddress, passwordlastset |where {$_.Enabled -eq “True”} | where { $_.PasswordNeverExpires -eq $false } | where { $_.passwordexpired -eq $false }

foreach ($user in $users)
{
$Name = (Get-ADUser $user | foreach { $_.Name})
$emailaddress = $user.emailaddress
$passwordSetDate = (get-aduser $user -properties passwordlastset | foreach { $_.PasswordLastSet })
$PasswordPol = (Get-AduserResultantPasswordPolicy $user)
# Check for Fine Grained Password
if (($PasswordPol) -ne $null)
{
$maxPasswordAge = ($PasswordPol).MaxPasswordAge
}

else
{
$maxPasswordAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
}

$expireson = $passwordsetdate + $maxPasswordAge
$today = (get-date)
$daystoexpire = (New-TimeSpan -Start $today -End $Expireson).Days
$subject=”Your password will expire in $daystoExpire days”
$body =”
Dear $name,
<p> Your password will expire in $daystoexpire day(s).<br>
To change your password, do these things<br>
For remote password changes, sign in to this address and change it there’ <br>
<p>Thanks, <br>
IT
</P>”

if (($daystoexpire -eq $expireindays1) -or ($daystoexpire -eq $expireindays2))
{
Send-Mailmessage -smtpServer $smtpServer -from $from -to $emailaddress -subject $subject -body $body -bodyasHTML -priority High

}

}

iRobot Braava 380t Review

Posted on by Adam Fowler

I love gadgets! Having owned an iRobot previously (an old sweeper model) I was keen to try out a floor mopping robot.

As this is unavailable for purchase in Australia, I ordered it from US Amazon who luckily shipped this particular item overseas:

iRobot Braava 380t Floor Mopping Robot – Amazon

The iRobot arrived about 3 1/2 weeks later and I was looking forward to giving it a try, as most of our house is tiled.

The iRobot itself was a little smaller than I expected, a roughly 20cm box and about 8cm high. Unlike the Roomba models, this one doesn’t auto dock itself when it’s done, but instead needs to be placed upright on a stand to charge.

The iRobot has two modes – Sweep and Mop. Each mode uses a different cleaning cloth designed to be used for Dry (sweep) and Wet (Mop). Sweeping will make it go in straight lines back and forth, like a lawn being mode. It’s a dry mop too so at the end of it’s journey it will leave a pile of dust/hair/lego pieces to be picked up.

The Mop mode is what I bought this for, where you add a little water to a reservoir and let the little guy go around your house similar to how you’d run a quick mop over the floor. Instead of going in a straight line lawnmower style, it does a bit of an arc one way, reverses then goes the other way and inches along at the same time. Here’s a graphic to show what I mean:

http---media.memories.nokia.com-media-a31068bc-2969-47af-bf6a-5d9cfed1ef48iRobot Mopping – ignore the tiles getting trippy.

The iRobot can go for a few hours between charges, and I had no problems with it going into carpet or getting stuck – it has a bumper that detects when it hits something, and smarts built into it which maps what it’s learnt on the current expedition (it doesn’t save this into memory).

There’s also a portable little cube that you’re supposed to put as far away as possible from the base station, which gives the iRobot a reference point. I’m figuring this is so if the wheels spin it doesn’t think it’s travelled further than what it really has (either distance or angle).

It actually does a decent job if you don’t have a dirty pawed troublemaker walking around on the wet floor leaving footprints where the hard working iRobot has just cleaned.

WP_20140109_21_13_57_ProDirty pawed culprit

It runs rather quietly too, since all it’s doing is spinning it’s wheels and slowly soaking out a bit of water. It works well if you turn it on as you are leaving the house so you can come back to a nice shiny floor.

There’s not too much else to say about the iRobot Braava 380t – it works as advertised, it’s not cheap but it’s made and designed very well, and it makes a few little songs depending if it’s being docked for charging, starting a cleaning routine or wants to go back to it’s dock as it’s had enough.

Remember though, this is the equivilent of pushing a wet rag along your floor and that’s it, so don’t expect it to clean up everything. This is more of a maintenance robot than a repair robot!

I’d be tempted to actually try the Scooba version of the iRobot which does actual scrubbing of floors too, but will have to save up a bit more for that one.

iRobot Scooba 390 Floor Scrubbing Robot – Amazon

How To Change IE10’s Default Search Engine

Posted on by Adam Fowler

Update 4th August 2018

Hopefully most people are on IE11 now – it’s pretty much the same process as below, but here’s an official Microsoft blog telling you how to do it.

Original Post

Automating the change of Internet Explorer 10’s default search engine from Bing to Google shouldn’t be a difficult task, but it is. I’ll first cover what we’re trying to automate, then the possible options on how to do it.

I found a lot of misinformation online when doing this too which was surprising, I’ll add notes in around what I found on that too.

Brief instructions are down the bottom if you just want to know what to do!

 

To do this manually on an individual PC, you need to do two things. Install the Search Provider addon, and then set it as the default.

The first part can be done by going to the iegallery website and finding an Add-on, for Google Search you can go here: http://www.iegallery.com/en-us/Addons/Details/813 and click the big ‘Add to Internet Explorer’ button.

Setting it as the default is possible from the popup when clicking the button, or going into your Add-ons and ticking the right search engine as your default.

Google provides some very basic instructions here https://support.google.com/websearch/answer/464?hl=en which are:

Internet Explorer 10

  1. Click the Gear icon in the top right corner of the browser window. 
  2. Select Manage add-ons.
  3. Select Search Providers.
  4. In the bottom left corner of your screen, click Find more search providers
  5. Select Google.
  6. Click the Add to Internet Explorer button.
  7. When the window appears, check the box next to Make this my default search provider.
  8. Click Add

So far this is incredibly simple!

If you were starting from scratch, you can package up IE10 using the Internet Explorer Administration Kit (IEAK) and add in extra search engines as well as specify the default. There’s a good guide at 4syops here http://4sysops.com/archives/internet-explorer-10-administration-part-4-ieak-10/ which covers this, but doesn’t help you if PCs already have IE10, or will get it via other means (e.g. WSUS or manual installs).

Group Policy is the obvious choice, but there is no inbuilt way to configure search engines natively via normal Group Policy Preferences. Preferences can be used to deploy registry settings though, which can configure pretty much everything IE does.

There are a lot of sites that have ADM files that claim they will configure IE’s search engine. They will, but there are a lot of caveats. One commonly found blog is http://blogofanitadmin.blogspot.com.es/2011/05/group-policy-changing-default-search.html which is a neat solution, but not ideal and here’s why.

The ADM file is just setting a few registry settings. Search providers are added into the registry under HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\ which lets the user change or configure it themselves, or under [HKEY_CURRENT_USER\Software\Policies\\Microsoft\Internet Explorer\SearchScopes\ which forces the settings upon the user.

If you’re using Policies path, you also probably want to set the Group Policy ‘Restrict search providers to a specific list of providers’ Group Policy under User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer. This will mean users can’t add their own search engines. If you don’t enable it, users can’t change settings on the search engines you’re pushing out, but can add others. Edit: Check Tim’s comment here for the registry setting on this one

Each added search provider has it’s own GUID randomly generated under the SearchScopes Key. One of Bing’s default GUIDs is {0633EE93-D776-472f-A0FF-E1416B8B2E3A} but this may differ based on OS etc. The full key path is HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} in that example, and under that key lives all the settings for that search provider.

The standard settings for a search provider (Google in this example) there are:

“URL”=”http://www.google.com.au/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}”

URL is the address used when you type a non-http formatted address into the URL address bar. It will put what you type into the {searchTerms} part, and pass that onto the full URL.

“SuggestionsURL”=”http://clients5.google.com.au/complete/search?q={searchTerms}&client=ie8&mw={ie:maxWidth}&sh={ie:sectionHeight}&rh={ie:rowHeight}&inputencoding={inputEncoding}&outputencoding={outputEncoding}”
SuggestionsURL is just where the search engine will get it’s suggestions from.

“ShowSearchSuggestions”=dword:00000001
ShowSearchSuggestions is an on or off option (0 off, 1 on) to configure if you’ll be shown the search suggestions or not.

“FaviconURL”=”http://www.google.com/favicon.ico”
FaviconURL is the little icon that appears in a few different spots in IE when doing searches.

“DisplayName”=”Google”
DisplayName just shows the name of the search provider in a few areas, this can be anything you want.

“OSDFileURL”=”http://www.iegallery.com/en-us/AddOns/DownloadAddOn?resourceId=813”
OSDFileURL is where the addon was obtained from, I’m not sure of the importance on this.

“FaviconPath”=”C:\\Users\\username\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0533EE93-D776-472f-A0FF-E1416B8B2E3A}.ico”
This will point to a local icon, it’s just a local copy of the FaviconURL ico file.

Getting back to GUIDs, they are randomly generated and don’t matter, as long as they’re unique. A lot of blogs seem to indicate there are particular ones for particular search engines, as well as amazingly saying:
the Bing key is {9F4BEE75-5E51-4568-87AF-67C35184D4B5} and Google is {9F4BEE75-5E51-4568-87AF-67C35184D4B5}.
Several people have decided to copy and paste this (just like I have), but failed to realise they’re the exact same key!

So far this is fine, but will not set the default search engine. The registry key that stores the default is located back in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\ under ‘DefaultScope’ and will match the GUID of the search engine.

If you do this though via Group Policy Preferences, the user will be prompted saying “An unknown program would like to change your default search provider to Google” which isn’t ideal at all. If your settings are being continually pushed then they’ll keep getting the popup, or if it’s a once off it’s still intrusive. You can push out the registry key once based on a version match of iexplore.exe to try and get it happening at the same time as the IE10 rollout, but that’s hardly clean (and still annoys all your users).

You can use the Policies registry path of HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\SearchScopes\ to force Google as the default, but remember this isn’t user configurable. Fine if you’re forcing Google as the default for everyone, but it doesn’t let people change their default search provider.

I’ve seen a few other suggestions on how to suppress the popup, but from my research it’s not possible without forcing the option. “Turn Off the Security Settings Check Feature” in Group Policy was a suggestion, but that just suppresses the message “Your current security settings put your computer at risk” and has nothing to do with the search provider popup.

There’s also the “Prevent programs from suggesting changes to my default search provider” option but that just toggles between absolutely blocking changes, or prompting.

Also I found that having some conflicting registry settings would make IE just go back to Bing after doing a search, even though it would do the first search with the new default Google – so make sure you’re taking a minimalist approach and have done proper testing of your settings.

There’s also a difference between IE8 and IE10 – IE10 doesn’t have a dedicated search bar, it just uses the URL bar. So when you’re doing a search it will use the settings of the current default search engine’s URL registry value which IE8 may not use.

Another catch is that the HKEY_LOCAL_MACHINE setting for the default search provider may be set, and that will override any user setting. That can be deleted.

If no search providers exist under the current user’s SearchScopes then IE10 will still use Bing, but use the URL string under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.

If you’d rather just have Google do a search based on anything you type in the URL field, you can either modify the Bing URL key under the current user, or delete all search providers and change the HKLM URL.

Again, all the ADMs I could find were just based on the few above registry keys – do the keys yourself and give yourself the flexibility to adjust them if required, rather than copying and pasting someone else’s. If Google or Bing changed a URL they used you want to be able to adjust this quickly.

So what this all comes down to is there’s no way I could find to do both a silent install of a search engine and default it, without either the user knowing or not having the option to change it.

The above will hopefully give you an idea of what you want to do – for the record I’ve decided to just push out Google as an option, but let users choose to change their default search engine if they choose to.

If you’ve found any different to the above or have any other information, I’d be very happy to hear it.

 

Brief Instructions:

You came here to be told what to do? OK, follow these steps:

1. Add your chosen search provider manually via IE10 and set as default. Different regions have slightly different settings, so don’t just get it off the net.

2. Export settings to .reg or Group Policy Preferences Wizard from HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\ – Default Scope key as well as everything in the key that matches the name.

3a. Push those settings out to other PCs. Users will get prompted next time they open IE asking if they want to change their default search engine.

OR

3b. Adjust all the key paths by adding the “Policies” part – path HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\SearchScopes\ – this will force the settings but be silent to the user.

Also to set the policy “Restrict search providers to a specific list of providers”.

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions]
“UsePolicySearchProvidersOnly”=dword:00000001

4. That’s it. Don’t bother trying to get tricky as IE has several failsafes which will revert it back to Bing because it doesn’t know what’s going on anymore.

Nokia Lumia 1520 Quick Review

Posted on by Adam Fowler

As I’m doing a bigger review elsewhere, I’ll keep this one brief.

Nokia brought out the Lumia 1520 earlier this month, so I grabbed one. Details on the phone are at Nokia’s site here: http://www.nokia.com/au-en/phones/phone/lumia1520/

Here’s the basic specs taken from that site:

  • Display

    • Display size: 6 ”
    • Display technology: ClearBlack, IPS LCD
    • Display resolution: Full HD (1920 x 1080)
    • Touch screen technology: Super sensitive touch

  • Photography

    • Primary camera sensor size: 20 MP, PureView
    • Camera Flash Type: Dual-LED Flash

  • Power management

    • Maximum 2G talk time: 27.4 h
    • Maximum 3G talk time: 25.1 h
    • Maximum music playback time: 124 h

  • Processor

    • Processor name: Qualcomm Snapdragon™ 800
    • Processor type: Quad-core 2.2 GHz

I’ve been using the Nokia Lumia 1520 for a little while now, and it’s grown on me.

I’d been using the Nokia Lumia 1020 before this, and wrote about it here: http://www.adamfowlerit.com/2013/10/04/nokia-lumia-1020-whinge/

Yes I had a bad start, but after getting a faultless phone it was a good experience.

I’m happy to say that I’ve had no such issues with the 1520 – the first one I got just worked which was a huge relief.

I do have one concern though, and I don’t think the Windows Phone 8 OS is properly calibrated to the size and resolution of this large phone yet. I have had multiple issues of typing and double pressing letters – which I’ve had someone else using my phone also do. Also, when scrolling around sometimes it takes it as a press on an item rather than a swipe to scroll. Maybe it’s just the way we’re doing it which is wrong, or maybe it’s been designed around smaller screens and resolutions. Either way, we’ll see if I do get used to it or an update from Microsoft or Nokia fixes it.

It’s a very large phone and does take some getting used to, but two points I’ll raise:

1. My wife disliked the Nokia Lumia 1020 as she wasn’t used to the OS and found it confusing. After handing her the 1520 she liked it – same OS (OK, almost the same, slightly different versions – Lumia Amber and Lumia Black) but the screen size made her immediately like the phone. I was suprised.

2. I briefly tried to type a message on a Samsung Galaxy S3 I was setting up, and thought ‘wow the keyboard keys are small’. Shows how quickly you can get used to a new normal, and it does worry me that I’ll now be stuck on giant phones due to this :)

Oh, the battery life is awesome on this phone too but makes me run it all the way down, as I don’t plug it in every night!

Anyway I’m overall quite happy with the phone, and look out for my ‘proper’ review soon :)

Polycom VVX 600 vs CX 600 on Lync 2010

Posted on by Adam Fowler

A few months ago, Polycom released Lync firmware for their VVX series of phones. Check out the different models here

 vvx600Polycom VVX600

They differ to the CX series in several ways – the CXs here are specifically built for Lync while the VVX is a bit more generic and will work with other phone systems. This might sound bad, but it does give Polycom a bit more flexibility in the functions they can offer.

Taken from here is a comparison of the CX 600 and VVX 600 phones at the bottom of this post.

Before I go any further, it’s worth pointing out that Jeff Schertz is the pro at this stuff, and a lot of the information was sourced at his blog so you’ll see several links there.

This post will also assume you’re fairly familiar with the Polycom CX series (particularly the CX600) as most people with Lync have these, or at least know about them.

There are a few key benefits of looking at the VVX series:

Firstly, there’s no USB tethering requirement to the PC for advanced functionality. You do have to install a small piece of software called the BToE connector. I’d highly recommend installing this, as you’ll get a lot more functionality out of your phone the same way a CX would via USB Tether.

Another benefit is the webcam addon that plugs into the top of the phone. You can do video chats through just the phone, which a lot of people expected out of the CX series but wasn’t possible. This gets closer to matching some of the extra functionality out of Cisco’s phone range.

The phone has a built in basic web browser, as well as the ability to remotely manage the device via a browser too. The CX series has neither of these so from a managability and usability view, the VVX is very tempting.

Oh and of course, the VVX has touch screen! It’s quite responsive, so no complaints about that.

The negatives or considerations of the VVX series that I’ve noticed so far are:

No dedicated light for presence. I’ve gotten used to this on the CX series, a nice glowing green/yellow/red indicator to remind you of your own presence. There is a small indicator on the screen showing your current presence, but it’s not very obvious.

You’ll also need to set up Lync to have the firmware for your phones to be ready to use. Jeff Schertz has great instructions here on how to do this – yes it’s a fairly detailed article but worth going through all of it.

You can’t just type in names to do a lookup like the CX series which I miss. It’s possible to do via the directory with a few extra presses, so the flow of doing name lookups is no-where near as smooth.

The actual layout of the menu buttons isn’t as nice as I’d like, but then neither is the CX. I don’t think you could place a VVX phone in front of someone who’s used to a CX phone and expect them to just ‘get it’.

Tips:
Read everything on Jeff Schertz’s Blog http://blog.schertz.name/category/lync/.
The default admin password for these phones is ‘456’.
The management page for your phone is just http://IPOfPhone
Hold 1,4,9 for a factory reset.
Hold 1,8,3 for a restart, or 1,0,3 for a full reboot.
Userguide available from Polycom here

I’ve only started with basic testing and there are a lot of things to learn about the VVX series as there’s not too much in common with CX, but it is worth investigating with the large amount of benefits that come with it.

 

Comparison:

 

Polycom VVX600

  

Polycom CX600
Manufacturer: Polycom VVX600 Polycom CX600
Price Range: $250 – $350 $250 – $350
Supports Version: Lync 2010, Lync 2013 Lync 2010, Lync 2013, Lync Online
Qualify Date: March 2013 February 2013
Firmware Version Tested: Lync 2013 – Polycom firmware version 4.1.2.25646 Lync Phone Edition 2013
Recommended Use: Full featured desk phone Full featured desk phone
Audio Quality: Wideband Wideband
Speakerphone: Yes Yes
Headset Support: RJ-9 port wired/wireless, USB port and EHS RJ9 port
Display: 4.3-inch Color LCD 3.5 inch QVGA Color LCD
Power: PoE (AC sold separately) PoE (AC sold separately)
Ethernet Ports: 2 port 10/100/1000 2-port 10/100/1000
Wall Mountable: Yes Yes
UC Presence Indicator: No Yes
Message Waiting Indicator: Yes Yes
View Contacts and Corporate Directory Users Presence: Yes Yes
Easy Configuration with PIN Authentication: No Yes
CODEC Supported: G.711 (A-law and u-law), G.729AB, G.722, G.722.1, G.722.1C, iLBC RT Audio, G.711, G.722.1
LLDP: Yes Yes
Browser: Yes
Add Multiple People to an Existing Call: No Yes
Boss / Admin: No No
Branch Resiliency: Yes Yes
Call Park: No Yes
E911 Support: Yes Yes
Invite Address Book Contacts to Call: Yes Yes
Malicious Call Trace: No Yes
Merge Existing Calls: Yes Yes
Music on Hold: No No
Private Incoming Line: Yes Yes
Search Global Address List: Yes No
Search Lync Contacts: No No
Uninterrupted Call Transfer to Mobile Phone: Yes Yes
Assign Contact Presence to Button: Yes
Integrated Video, Sharing Applications, Whiteboard, etc.: No No
One click to join conference call: No No
Search Outlook Contacts: No
View Outlook Calendar: Yes
Lync Server Managed Updates: Yes Yes
Lync Server Integrated Manageability: Yes Yes
Single Identity (Active Directory): Yes Yes