IT

There’s Some Spam On Your Slacks

I’m a member of a few different Slack channels – they’re great for collaboration, helping others out and asking for assistance when you get stuck on something.

The biggest one is Windows Admins; winadmins.slack.com with over 1700 members (highly recommended if you’re a Windows Administrator).

An interesting event occured today, where an account called ‘jb’ joined, and immediately posted this:

 

Rather spammy in itself from where I sit, and a few others piped up being unimpressed with this action. ‘jb’ apologised and removed the post.

Doing this in a sysadmin channel however, is asking for a bit of further investigation. Putting aside the name itself (which along with the logo, looks like it should be a product for a completely different industry), it was a bit weird that ‘jb’ appeared to be doing marketing, but had also signed up with an email address which was admin@theirdomain – not something that a marketer would have access to.

I’ve censored the image as I don’t have permission to use it, and it’s not about them at all – but for context, it was a black and white face shot of a young, white female, with their title as ‘designer and inventor’

Slack for iOS Upload

A reverse google image search on the profile picture used revealed this:

person

…which turns out to be photos of people at a clothing launch in Berlin, and ‘jb’s’ photo was a cropped version of that. Now, it could be that this fashion industry person in Berlin is also the the person that runs this Japanese based tech company’s PR, AND has access to the admin email account for their domain.

Asking this mystery person what was going on was just met with silence, and then the account became inactive. What happened?? We may never know.

There’s a few take away points from all from this:

  1. Don’t steal a photo from the internet to use as your marketing tool, reverse Google images is good enough to find even part of a photo if it’s indexed.
  2. Don’t go into a sysadmin channel and spam your product; it won’t end with a positive experience from the people who generally have to stop spam.
  3. Slack communities should be treated as open available information – if an account gets approval, they could be scraping the conversations (and using for legitimate business purposes too)
  4. Don’t be fake when peddling your wares; people see through it.
  5. Spellcheck your automated messages; morarale isn’t a word.

Again, I don’t know how much of this applies to the company in question, draw your own conclusions. Maybe it was an elaborate test to see how the mood changed in the Slack channel?

Adaxes User Management Customisation

At the start of 2016, I reviewed a product called Softera Adaxes, which automates user management. I’m a big fan of it, and have been continually using it since (yes I’m a paying customer!).

The more we’ve used it, the more refined my rules have been. Sometimes they need to be adjusted to cover a scenario I didn’t consider (such as, a new starter with a hyphen in their last name, but not wanting the hyphen in the username). Other times it’s been a new requirement, and a re-think on how the rules need to be modified to cover new scenarios.

How Easy Was It To Change?

I’m happy to report that these changes have been quite easy to do. You need to be careful and think about changes before you do them. One trick for testing new user creations was to not send out email alerts if a certain field had the word ‘Test’ in it, which let me test the system live without other staff getting advised. Pretty simple, but effective:

adaxes1

Since using it, I’ve learnt through both trial and error, as well as Softerra support, several improvements on how to manage my rules based on my personal requirements. I thought it would be a good idea to share these tips which should help both new and existing users.

One quick one that Adaxes Support on their forums helped me with, was stopping a new user creation before it started, if the username already existed. A quick ‘Before User Creation’ business rule created with this script ensures the task will bomb out with a nice message, rather than potentially making changes on an existing user that were unwanted.

For the bigger picture on how I’d designed Adaxes for new users, I’d originally created a bunch of steps in the business rules for ‘After User Creation’. I had a big runsheet of many ‘ifs’ and ‘ands’ for a new user, but then had a thought; what if I want to re-enable a disabled user? None of these rules could be applied, because they’re against a new user. I don’t want to delete and re-create the account as that causes a lot of 3rd party app issues. Adaxes Support helped me on this one again, and suggested Custom Commands instead.

Now You’re Working With Modules

The idea was to make the whole design modular. Instead of having all the steps inside the ‘After User Creation’ business rule, move each step into it’s own custom command. From there, the custom commands can be called in order from the ‘After User Creation’ business rule. This reduced the Business Rule from 40 lines down to 9:

adaxes3

Of course that complexity was moved to the Custom Commands, but as each grouping (e.g. Enable Email) was it’s own command, it became much cleaner and easier to read as well as manage.

adaxes4

After chopping up all the rules this way, I created a dummy user. I was impressed that it worked perfectly first time! (side note – when you run something via the web interface, you’ll get back a very useful report on each step that ran and any errors. This is really helpful when troubleshooting.)

My next step will be to now create a ‘modify user’ rule that is for returning staff, and will call most of these modules. The ones that don’t fit for an existing account can just be replaced by a modified custom command for what I need.

Another basic point I worked out by going through this process, is that I should be more granular in where by business rules are pointing. Originally I pointed the ‘after a user is created’ business rule at my entire AD structure. After realising that I want a different process for contractor accounts, I narrowed down the rule to only point to the OUs that normal new users would be placed in, allowing for a different set of rules when a new user is created in the contractor’s OU.

Conclusion

One of the great things about all this, is that it’s easy to change your setup. There’s no re-writing from scratch – everything can be modified, or copy/pasted to where you want it to go.

I’m still really enjoying managing and using Softerra Adaxes, often with it sitting in the background for months while other staff use it for user management; with very little room for user error.

Softera sponsored the writing of this post.

Crane Game Toreba – I Won A Japanese Toy?

I’m still not sure what I think about this, but thought it was worth sharing:

I saw an advert online to install an app from the Play Store – ‘Crane Game Toreba; win real prizes!’. Out of interest due to a childhood of playing skilltesters, I wanted to check out what it was

logo_toreba_en

I’d been watching a few YouTube videos on arcade games, and the Japanese ones are a bit different to the ones I’m used to in Australia:

I installed the app; their main website is toreba.net with links to Android and iOS versions of the app. Weirdly, the app lets you pick a Japanese crane game with a particular prize, and play it. You get 3 shots for free with a new account, then need to start paying for turns.

I say weirdly, because this isn’t an animated game. It’s a real life crane that you control, with two webcam views. Via the internet, you’re remotely controlling an electronic and mechanical crane in Japan, trying to win a prize.

The prizes themselves are very Japanese, of which many I have no idea what they are. You can also win food, or sometimes both; such as a soft toy watermelon slice. Something we all need in our lives.

Here’s someone winning a ‘Grand Blue fantasy Byi stuffed’ with the crane, which again I’m not sure what it is….

I was suckered in after my 3 free shots and not winning, but decided to play a ‘ping pong’ game instead. This is where a ping pong ball is scooped up, and dropped into a second area. You win if the ball lands in a particular hole.

It took a few shots, but I won! They sent me a link of the replay of my win, which you can watch too.

The cost to play incudes free shipping worldwide, which means this thing should turn up on my doorstep in a few weeks:

9443f6b7cd8a0f81e4a354cbc6021aeb_1920_KR

I’m sure my son will have fun with it, being 17 months old. I don’t think I’ll play the game again either, but there’s something both interesting and strange about this whole setup. Remote controlling a silly game somewhere else in the world to try and win a prize seems both so right, and so wrong.

If nothing else, try the game for your free 5 shots. You don’t have to use a credit card, and it just seems to use your Play Store or Google Play account.

Referrals used to exist but seem to be gone now, but you can register your credit card for 5000TP: http://www.toreba.net/info/topic/info_news/128016

Update 1st August 2016

A few days ago, my prize turned up in a giant box! Here it is on my couch for scale.. makes a great pillow.

20160728_210254

Update 31st August 2016

I decided to play again with some credit I received, and won a ‘Star Master’ which projects a bunch of lights and stuff. Here’s me winning it!

http://www.toreba.net/replay/detail/10493172

Update 19th June 2017

I hadn’t played this for ages, but some comments here reminded me to try again. This time I won some sort of racing track, which took about 8 turns to win:

http://www.toreba.net/replay/detail/27242352

Update 20th August 2017

OK, I played a bunch this time and wrote up a separate post with all my wins!

Search Group Policy with PowerShell Script

I was looking for a certain Group Policy Preferences setting, where a registry value was being changed. Resultant Set Of Policy (RSOP) won’t help with these, and I couldn’t see a nice PowerShell command for searching through Group Policies.

I put the shoutout on Twitter to see who could help, and Tony Murray came back quickly with a script he’d created, and promptly uploaded to the Microsoft TechNet Gallery where I could download it.

It’s a reasonably simple script (which for me would have taken at least an hour to do beginning to end!) and is very easy to use.

Running the ps1 file will provide you with a prompt, asking what string you’re searching for. Enter the string, and it’ll give back all the Group Policy objects, along with if there was a match or not:

match

After seeing it work, I decided to make one slight change; I removed this section:

    else { 
        Write-Host "No match in: $($gpo.DisplayName)" 
    } # end else 

which results in the script only showing matches, and displaying no output otherwise. Handy if you have a long list of objects to look through!

Thanks again Tony for both writing this and sharing it!

 

Update 20th Dec 2018

Although the script is really useful, it didn’t like special characters for the search string which makes it hard to search for registry settings. I’ve changed how the search function works on a single line, and it now seems to be happy with special characters. This also appears to come at a cost of speed, it’s a bit slower to search. I’m letting Tony know so he can consider updating his master script, but if you want to do it, just replace the line:

if ($report match $string) {

with

if ($report.contains(“$string”) -eq $true) {

Again since it’s not my script I don’t really want to put the entire end result up, but here’s how it should look after the comments section:

Mass Import PSTs To Different Folders In A Single Mailbox

I had a scenario come up where someone had 50 or so PST files. I wanted to add them all into their mailbox, but have a separate folder for each PST’s contents to go to.

This was on Exchange 2010 SP3 but should apply to newer versions too, and this is assuming you have at least Exchange 2010 SP1 – importing was done differently before this.

For starers, ExchangeServerPro covers the basics of PST importing. PeteNetLive delves a bit deeper into batch importing, which was close to what I wanted but had to modify somewhat.

I had the PST files in a UNC path, so started by navigating there – in Powershell, you can just ‘cd //server/sharename/’ (even though “cd” is an alias for “Set-Location”, I can’t help but use it!)

Once in the share that contains the PST files (and it HAS to be a share, can’t be an admin $ share, and needs the correct permissions as per ExchangeServerPro’s article), you can run this command:

dir *.pst | %{ New-MailboxImportRequest -BatchName Recovered -Mailbox alias -name $_.BaseName -FilePath “$_.” -TargetRootFolder $_.BaseName}

This will get the list of files, and run a mailbox import request against each one. “alias” needs to be changed to the mailbox name. The Filepath is just being called as itself “$_.” and the Target Root Folder is using BaseName, which is the filename without the extension .pst.

I’m also using the filename as the name for the job, if you leave that out it’ll hit a wall after 10 jobs and want a unique name (if not specified, the name is MailboxImport, then MailboxImport1, MailboxImport2 etc and hits a wall at MailboxImport9). That also makes it easy if one of the jobs fail, to work out which PST was involved.

This worked really well for me, so hopefully it helps someone else out there!