Take Ownership

Take ownership of folder + delete - Run all three commands


takeown /F D:\My Documents\OneNote Notebooks* /R /A

cacls D:\My Documents\OneNote Notebooks*.* /T /grant administrators:F

rmdir /S /Q D:\My Documents\OneNote Notebooks

Windows Credential Manager Shell Shortcut

In a locked down environment, the Windows Credential Manager might be unavailable. You can still access is by pasting this into the run command dialogue boxL

%windir%\explorer.exe shell:::{1206F5F1-0569-412C-8FEC-3204630DFB70}

Integrating Information Rights Management in Office 365 with SharePoint

Prerequisites

 

To have the ability to enable IRM you need to have the "Design" permission. (This is included in Global Admin)

 

There is only one global settings required to enable IRM in SharePoint. From the SharePoint Admin panel we need to enable IRM.

 

O365 Admin > Admin > SharePoint > Settings

 

 

Information Rights Services

 

 

Once this has been enabled, in site settings from within a SharePoint site (from the library tab in a SharePoint site you can create an IRM policy for the site.

Information Rights Services Settings

===================================================

 

This policy prevents un-supported documents from being uploaded. When tested see the error below.

 

 

This library does not accept files of the given type


Configuring Office 365 Admin Center Administration Roles

Admin Center Admin Roles

 

Global Administrator - All tasks in O365 admin center.

Manage Domains

Manage Organization information

Delegate administrator roles

Use Directory Syncronization

 

 

User Management - Manage users and groups, manage service requests, reset passwords and monitor health.

Cannot create other admins

Cannot delete global administrators

Cannot reset passwords for Billing, Global or Service Admins.

 

Password - Manage passwords, service requests and monitor health. (Not manage passwords of other admin roles)

 

Service - Manage service requests and monitor health. Must assign admin permissions to online service before this role.

 

Billing - Make purchases, manage subscriptions and support tickets and monitor health. (Only if bought from Microsoft).

 

PowerShell to Admin Center


Titles for administration groups vary in Office 365 to sharepoint. Below is a list of the equivelant role for each administraton role in each.PowerShell= left, SharePoint=right.



Company Administrator = Global Administrator

 

User Management Administrator = User Management

 

Helpdesk Administrator = Password Administrator

 

Service Support Administrator = Services Administrator

 

Billing Administrator = Billing Administrator

 

Managing in PowerShell

 

Remember:

connect-msolservice

 

List the role groups:

 

Get-Msolrole

Get-Msolrole

 

Add a member to a role group:

 

Add-msolrolemember -rolename "User Account Administrator" -rolememberemailaddress "[email protected]"

 

To list who is in a role group:

 

$Roleinfo = get-msolrole -rolename "user account administrator"

 

Get-msolrolemember -roleobjectid $roleinfo.objectid

Get-msolrolemember

 

Remove a member to a role group:

 

Remove-msolrolemember -rolename "User Account Administrator" -rolememberemailaddress "[email protected]"

 

Remove-msolrolemember

 


Integrating with Exchange


This enables IRM in Office 365 - It will allow the control of content in exchange via use of the menus as shown:

 

Set Permissions - Do Not Forward

It also allows us to create rights protection mail rules in Exchange online:

Apply Right Protecting to Messages

 

 

 

 

 

In order to enable IRM in Exchange online we need to do the following.

 

Open PowerShell as Admin and run the following commands in order.

 

Set-ExecutionPolicy RemoteSigned


$usercred = Get-Credential

$sessioninfo = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/PowerShell -Credential $usercred -Authentication Basic -AllowRedirection


Import-PSSession $sessioninfo


Set-IRMConfiguration -RMSOnlineKeySharingLocation "https://sp.rms.eu.aadrm.com/tenantmanagement/servicepartner.svc"


Import-RMSTrustedPublishingDomain -RMSOnline -Name "RMS Online"


Set-IRMConfiguration -InternalLicensingEnabled $true


Test-IRMConfiguration -RMSOnline


Test-IRMConfiguration -Sender $usercred.username


Remove-PSSession $sessioninfo