TechShizz | All posts tagged 'Security'

Take Ownership

Take ownership of folder + delete - Run all three commands


takeown /F D:\My Documents\OneNote Notebooks* /R /A

cacls D:\My Documents\OneNote Notebooks*.* /T /grant administrators:F

rmdir /S /Q D:\My Documents\OneNote Notebooks

Windows Credential Manager Shell Shortcut

In a locked down environment, the Windows Credential Manager might be unavailable. You can still access is by pasting this into the run command dialogue boxL

%windir%\explorer.exe shell:::{1206F5F1-0569-412C-8FEC-3204630DFB70}

Configuring Office 365 Admin Center Administration Roles

Admin Center Admin Roles

 

Global Administrator - All tasks in O365 admin center.

Manage Domains

Manage Organization information

Delegate administrator roles

Use Directory Syncronization

 

 

User Management - Manage users and groups, manage service requests, reset passwords and monitor health.

Cannot create other admins

Cannot delete global administrators

Cannot reset passwords for Billing, Global or Service Admins.

 

Password - Manage passwords, service requests and monitor health. (Not manage passwords of other admin roles)

 

Service - Manage service requests and monitor health. Must assign admin permissions to online service before this role.

 

Billing - Make purchases, manage subscriptions and support tickets and monitor health. (Only if bought from Microsoft).

 

PowerShell to Admin Center


Titles for administration groups vary in Office 365 to sharepoint. Below is a list of the equivelant role for each administraton role in each.PowerShell= left, SharePoint=right.



Company Administrator = Global Administrator

 

User Management Administrator = User Management

 

Helpdesk Administrator = Password Administrator

 

Service Support Administrator = Services Administrator

 

Billing Administrator = Billing Administrator

 

Managing in PowerShell

 

Remember:

connect-msolservice

 

List the role groups:

 

Get-Msolrole

Get-Msolrole

 

Add a member to a role group:

 

Add-msolrolemember -rolename "User Account Administrator" -rolememberemailaddress "kengle@teamrou.onmicrosoft.com"

 

To list who is in a role group:

 

$Roleinfo = get-msolrole -rolename "user account administrator"

 

Get-msolrolemember -roleobjectid $roleinfo.objectid

Get-msolrolemember

 

Remove a member to a role group:

 

Remove-msolrolemember -rolename "User Account Administrator" -rolememberemailaddress "kengle@teamrou.onmicrosoft.com"

 

Remove-msolrolemember

 


Managing Office 365 Password Policies via PowerShell

Password Expiry Settings

 

Default expiration = 90 Days

Min & Max = 14 to 730 Days (2 weeks to 2 years)

Default Notification = 14 Days

Password expiring notification - 1 to 30 Days

 

PowerShell  Only

 

Password never expires

Remove strong password complexity requirements.

 

Resetting a user password:

 

Set-MsolUserPassword -UserprincipalName "laurak@teamrou.onmicrosoft.com" -newpassword "Welcome123!"

 

Setting password policy settings:

 

Set-Msolpasswordpolicy -domainname "teamrou.onmicrosoft.com" -validityperiod "60" -NotificationDays "20"

 

Set a password to never expire:

 

Set-Msoluser -userprincipalname "laurak@teamrou.onmicrosoft.com" -PasswordNeverExpires $true

 

If we wanted to set all users passwords to never expire:

 

Get-Msoluser | Set-Msoluser -PasswordNeverExpires $true

 

Remove for all:

 

Get-Msoluser | Set-Msoluser -PasswordNeverExpires $false

 

Remove Complexity requirements

 

Set-Msoluser -userprincipalname "rich@domain.onmicrosoft.com" -StrongPasswordRequired $false

 

Enable Complexity requirements

 

Set-Msoluser -userprincipalname "rich@domain.onmicrosoft.com" -StrongPasswordRequired $true