5 feb 2018

Office 365: Customize the maximum message size to 150MB

#Note
The default maximum message size for Office 365 mailboxes is still 25 MB but you can choose the size setting that’s right with a maximum size of 150MB

#Product Affected
Office 365, Exchange Online

#Solution
For your convenience use PowerShell to do it

Update a single mailbox
Set-Mailbox -Identity alias@domain.com -MaxSendSize 150MB -MaxReceiveSize 150MB

Update multiple mailboxes 
(“alias”, “alias2”, “alias3”) | % {Set-Mailbox –Identity $_ -MaxSendSize 150MB -MaxReceiveSize 150MB}

Update all mailboxes
Get-Mailbox | Set-Mailbox -MaxSendSize 150MB -MaxReceiveSize 150MB

Update the default settings (For mailboxes you create in the future.)
Get-MailboxPlan | Set-MailboxPlan -MaxSendSize 150MB -MaxReceiveSize 150MB



26 gen 2018

Migrate DHCP from different Windows Server versions

#Note
How to migrate DHCP server configuration from different versions

#Product Affected
Windows Server - All versions

#Solution

1. On the source DCHP server run the following cmdlet (wh administrative privilege)

Export-DhcpServer -File C:\yourpath\DHCPdata.xml -Leases -Force -ComputerName sourcedhcp.domain.ext –Verbose

2. On the source DCHP server run the following cmdlet (wh administrative privilege)

Import-DhcpServer -File C:\yourpath\DHCPdata.xml -BackupPath C:\yourpath\ -Leases -ScopeOverwrite -Force -ComputerName destinationdhcp.domain.ext –Verbose

Windows Server 2016: Recently added DC do not work, inexistent SYSVOL

#Note
Recently added DC do not work, do not replicate and it's affected by inexistent SYSVOL and NETLOGON .
The SYSVOL share and NETLOGON share are not showing shared on the new DC Windows Server 2016 and it cause GPO issue.

In the DCDIAG you'll find this:
   SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.

#Product Affected
Windows Server 2016, 2012 R2, 2012, 2008 R2, 2008

#Solution
On the new DC:

1.Click Start, click Run, type regedit, and then click OK.
2.Locate the following subkey in Registry Editor:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
3.In the details pane, right-click the SysvolReady flag, and then click Modify.
4.In the Value data box, type 0, and then click OK.
5.Again in the details pane, right-click the SysvolReady flag, and then click Modify.
5.In the Value data box, type 1, and then click OK.
6. Restart the Netlogon service and use “net share” to check if the both folders are shared and if the GPO information start replicating.
7. Copy all files in the SYSVOL from the primary DC
8. Manually share C:\Windows\SYSVOL\sysvol\iqd.local\SCRIPTS. We can set the share the same as primary DC.
9. Restart DFSR e NETLOGON services 


5 gen 2018

Mitigations for speculative execution side-channel vulnerabilities in CPU Microcode from Microsoft side

#Note
Mitigations for speculative execution side-channel vulnerabilities in CPU Microcode  “speculative execution side-channel attacks”
•CVE-2017-5715 - Bounds check bypass
•CVE-2017-5753 - Branch target injection
•CVE-2017-5754 - Rogue data cache load

This class of vulnerabilities will affect many modern processors and operating systems, including hardware (Intel, AMD, and ARM), software(Windows, Linux, Android, Chrome, iOS, Mac OS). Both physical and virtual machine will be affected. At the time of publication, Microsoft has not received any information to indicate that these vulnerabilities have been used to attack customers at this time.

#Product Affected
All versions, client and server

#Solution
To be fully protected, updates are required at many layers of the computing stack and include software and hardware/firmware updates. Microsoft has released several updates to help mitigate these vulnerabilities. We have also taken action to secure our cloud services. Meanwhile, since the issue affect hardware, we may also need to install firmware updates from device manufacturer for increased protection. Please check with device manufacturer for relevant updates.

Microsoft Azure has taken steps to address the security vulnerabilities at the hypervisor level to protect Windows Server VMs running in Azure, for more detailed information please check the following link:
https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/

For customers using Windows client operating systems including Windows 7 Service Pack 1, Windows 8.1, and Windows 10, we suggest:

-Verify that you are running a supported antivirus application before you install OS or firmware updates. Contact the antivirus software vendor for compatibility information.

-Apply all available Windows operating system updates, including the January 2018 Windows security updates.

- Apply the applicable firmware update that is provided by the device manufacturer
https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in  

For customers using Windows server operating systems including Windows Server 2008 R2 Service Pack 1, Windows Server 2012 R2, and Windows Server 2016, we suggest:

- Apply the Windows operating system update.
- Make necessary configuration changes to enable protection.
- Apply an applicable firmware update from the OEM device manufacturer.

For Windows Server 2008, Windows Server 2012, please make the system up-to-date and pay close attention to the official article for latest updates.
https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution

Microsoft will continue to work closely with industry partners to improve mitigations against this class of vulnerabilities. If any further information, we will update as soon as possible, your patience is much appreciated.

Please check the link below for more detailed information:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002 

13 dic 2017

RITORNA IL SID ROADSHOW: L'EVENTO A CASA TUA!


Sarò presente a Mestre e parleremo di migrazione di Exchange Server verso Exchange Online.



RITORNA IL SID ROADSHOW: L'EVENTO A CASA TUA!
Anche nel 2018 ci sarà il SID Roadshow, l'evento itinerante, in tre tappe, che porta a casa tua l'esperienza della conferenza IT Pro for Business più importante d'Italia.
GDPR, security, virtualizzazione, cloud, storage, management, container e molto altro. Ecco alcuni degli argomenti che tratteremo durante le varie tappe, che per la prima volta non avranno la stessa agenda. I temi proposti verteranno sulle ultime tecnologie, come Windows Server v1709, Windows 10, Microsoft Azure, Microsoft Office365, Microsoft Intune e molto altro ancora. Non mancheranno le sessioni dei nostri sponsor, e partner, che vi proporanno le loro soluzioni per migliorare il vostro reparto IT, ottimizzare i costi e migliorare la produttività.
SAVE THE DATE!
Ti aspettiamo il 25 gennaio a Reggio Emilia (in collaborazione con Progel), il 30 gennaio a Torino (in collaborazione con ACME Consulting) ed il 1 febbraio a Mestre (in collaborazione con Walk2Talk).
I posti sono limitati, quindi non perdere tempo ad iscriverti! Ma ricordati di farlo solo se sei realmente certo di poter essere dei nostri.
STAY TUNED!
Seguici tramite i nostri canali social per rimanere sempre aggiornato sulle ultime novità della conferenza ed usa l'hashtag #sidrs18 per vivere assieme noi l'attesa del SID Roadshow 2018.
Se pensi che questa occasione sia importante anche per qualcuno che conosci, sentiti libero di invitarlo ad iscriversi subito alla conferenza. Ricorda che i posti sono limitati.