TechShizz | All posts tagged 'Security'

Take Ownership

Take ownership of folder + delete - Run all three commands

takeown /F D:\My Documents\OneNote Notebooks* /R /A

cacls D:\My Documents\OneNote Notebooks*.* /T /grant administrators:F

rmdir /S /Q D:\My Documents\OneNote Notebooks

Windows Credential Manager Shell Shortcut

In a locked down environment, the Windows Credential Manager might be unavailable. You can still access is by pasting this into the run command dialogue boxL

%windir%\explorer.exe shell:::{1206F5F1-0569-412C-8FEC-3204630DFB70}

Configuring Office 365 Admin Center Administration Roles

Admin Center Admin Roles


Global Administrator - All tasks in O365 admin center.

Manage Domains

Manage Organization information

Delegate administrator roles

Use Directory Syncronization



User Management - Manage users and groups, manage service requests, reset passwords and monitor health.

Cannot create other admins

Cannot delete global administrators

Cannot reset passwords for Billing, Global or Service Admins.


Password - Manage passwords, service requests and monitor health. (Not manage passwords of other admin roles)


Service - Manage service requests and monitor health. Must assign admin permissions to online service before this role.


Billing - Make purchases, manage subscriptions and support tickets and monitor health. (Only if bought from Microsoft).


PowerShell to Admin Center

Titles for administration groups vary in Office 365 to sharepoint. Below is a list of the equivelant role for each administraton role in each.PowerShell= left, SharePoint=right.

Company Administrator = Global Administrator


User Management Administrator = User Management


Helpdesk Administrator = Password Administrator


Service Support Administrator = Services Administrator


Billing Administrator = Billing Administrator


Managing in PowerShell





List the role groups:





Add a member to a role group:


Add-msolrolemember -rolename "User Account Administrator" -rolememberemailaddress ""


To list who is in a role group:


$Roleinfo = get-msolrole -rolename "user account administrator"


Get-msolrolemember -roleobjectid $roleinfo.objectid



Remove a member to a role group:


Remove-msolrolemember -rolename "User Account Administrator" -rolememberemailaddress ""




Managing Office 365 Password Policies via PowerShell

Password Expiry Settings


Default expiration = 90 Days

Min & Max = 14 to 730 Days (2 weeks to 2 years)

Default Notification = 14 Days

Password expiring notification - 1 to 30 Days


PowerShell  Only


Password never expires

Remove strong password complexity requirements.


Resetting a user password:


Set-MsolUserPassword -UserprincipalName "" -newpassword "Welcome123!"


Setting password policy settings:


Set-Msolpasswordpolicy -domainname "" -validityperiod "60" -NotificationDays "20"


Set a password to never expire:


Set-Msoluser -userprincipalname "" -PasswordNeverExpires $true


If we wanted to set all users passwords to never expire:


Get-Msoluser | Set-Msoluser -PasswordNeverExpires $true


Remove for all:


Get-Msoluser | Set-Msoluser -PasswordNeverExpires $false


Remove Complexity requirements


Set-Msoluser -userprincipalname "" -StrongPasswordRequired $false


Enable Complexity requirements


Set-Msoluser -userprincipalname "" -StrongPasswordRequired $true