Update many SSL certificate site bindings in one go

If you have to deal with updating SSL certificates in IIS then you probably know how much of a pain it can be if you have lots of sites and bindings that all use the same certificate. I found a really simple PowerShell script that can go through and match the thumbprint of your old certificate on all bindings in IIS and replace them with the thumbprint of your new certificate! This is particularly useful if you have a wildcard multi-domain certificate that you can use on all sites regardless of hostname!

Open up a PowerShell window with administrative rights then enter the following commands. Obviously you will need to replace the thumbprint values below with yours.

The first one will set a variable for the old certificate

$OLDCertificateThumbprint = "123456789abcdefgh1a2b3c4d5e6f7g8h9a1a1a1"

The second will set a variable for the old certificate

$NEWCertificateThumbprint = "7a3b5a1g1a6a2j2a262a3343a333a5a64a4a4a4a"

The following will show bindings where the old certificate is in use

Get-WebBinding | Where-Object { $_.certificateHash -eq $OLDCertificateThumbprint} | Format-Table

This will select bindings where the old certificate is in use and switch it to the new certificate

Get-WebBinding | Where-Object { $_.certificateHash -eq $OLDCertificateThumbprint} | ForEach-Object {
Write-Host "Working on" $_
$_.RemoveSslCertificate()
$_.AddSslCertificate($NEWCertificateThumbprint, 'My')
}

Once the script above has completed you can use this to show bindings where the new certificate is in use

Get-WebBinding | Where-Object { $_.certificateHash -eq $NEWCertificateThumbprint}

Now that everything has been updated you can go into IIS to check it out.  Big thank you to the following people here and here for providing these solutions.

How to check Wi-Fi signal strength on Windows using command prompt (cmd)

On Windows 10 / 11 there are a number of ways to check the wi-fi signal strength but I find the most accurate and simple way is using command prompt.

  1. Open up a command prompt by clicking start, type cmd then click “Command Prompt”.
  2. Enter the following command and press “Enter”.
    netsh wlan show interfaces
  3. Check out the “Signal” value to determine the quality of your connection.

If the number is equal or higher than 80%, then the strength of the signal is good. Anything below 60% is pretty poor.

Office 365 Group not showing in Outlook (Exchange Hybrid Environment)

PROBLEM:-

I have an issue where a Microsoft 365 group has been created but will not appear in Outlook 2019 or Outlook on the web.

After a bit of digging, I found out that the following factors played a part in this.

  • Exchange is running in Hybrid environment
  • User had created the Group/Team from within MS Teams

Because we were running a hybrid environment and the user had created the Team/Group from within the MS Teams app it doesn’t do as good a job as it would if you created it via the web-based admin interface.

When the group is created from the MS Teams app it doesn’t set the exchange attribute –HiddenFromExchangeClientsEnabled:$false which means that by default the group will not appear in Outlook App or Outlook on the web.

If you create the group via the Microsoft 365 admin center it works fine.

SOLUTION:-

1. Open up Windows Powershell and connect to Exchange online using the following command. (Make sure you have Powershell 7 and the exchange EXO V2 module installed).

connect-ExchangeOnline -UserPrincipalName youremail@yourdomain.com

2. Set the groups visibility using the following command

Set-UnifiedGroup -Identity "Name of Your Group Here" -HiddenFromExchangeClientsEnabled:$false

Install the latest Windows PowerShell and Exchange Online Management EXO V2module

I often find that I’ll jump on to a server, PC or laptop and I’m trying to run commands in PowerShell that it doesn’t understand. Normally because it’s an old version of PowerShell, certain modules aren’t installed or I’m just bad at typing.

Here’s where to get the latest version of Windows PowerShell and EXO V2 that you will need if you’re working with Exchange Online.

PowerShell 7
https://aka.ms/PSWindows

Exchange Online Management
https://www.powershellgallery.com/packages/ExchangeOnlineManagement/

At the time of writing the following command will get you the module…

Install-Module -Name ExchangeOnlineManagement -RequiredVersion 2.0.5

Check what modules are installed…

Get-InstalledModule

Drivers for Digital Persona U.are.U 4500 Fingerprint Reader USB

Below you will find 2 zip files that can be used to get your Digital Persona U.are.U 4500 up and running. The first 4500_wbf_driver_5.0.0.5_rs3.zip is smaller in size and is just the basic drivers, probably all you need to get up and running on Windows 10. The second DP_UareU_WSDK223.zip I believe is the SDK kit and has all the drivers and full software.

 

MFA not working in Outlook 2019 – Exchange Online

Scenario:-

Microsoft 365 tenant, mainly using Exchange Online (Plan 1) licenses. I enabled MFA for a couple of users which works fine logging in to https://office.com

Users can access Outlook on the web without any problems and get notifications sent to the “Microsoft Authenticator” app to approve or SMS if they choose one of the other authentication options.

When it comes to Outlook 2019 they just repeatedly get asked for their email credentials in a standard type popup box as opposed to the newer MFA style popup that you see like when you login to https://office.com where it asks for email, then password, then MFA option.

I know this type of problems exists with older versions of Outlook 2013 and lower and there are workarounds for it but this is Office 2019!

Solution:-

After raising a support ticket with Microsoft and getting a call back pretty much straight away from a very knowledgeable “Support Ambassador” we managed to sort the problem. Turns out that if your tenant was created before 2017 (ours was 2014) then the default policies in place for the basic Azure type licenses that come with the lower tiered licenses like Exchange Online might not work very well when enabling MFA on a user account! Tenants created later than 2017 tend to work just fine.

Here’s what we did…

  1. Run PowerShell as admin
  2. Connect to Exchange Online (If user has MFA enabled) using the following steps:-
    $MFA = New-Object -ComObject InternetExplorer.Application -Property @{Navigate2="https://cmdletpswmodule.blob.core.windows.net/exopsmodule/Microsoft.Online.CSE.PSModule.Client.application"}

    The command above installs a module which then launches another PowerShell window.

  3. In the newly opened window enter the following:-
    Connect-EXOPSSession

    Enter your tenant administrator login information.

  4. Enter the following command:-
    Set-OrganizationConfig -OAuth2ClientProfileEnabled $true 

This pretty much enables the use of MFA now for your Exchange Online tenant. It can take a few hours for things to propagate and for Outlook 2019 to make use of this. If you need to speed this process up you can add the following registry key to the users computer. Make sure to close Outlook first.

  • HKEY_CURRENT_USER\Software\Microsoft\Exchange
  • On the Edit menu, point to New, and then click DWORD Value.
  • Type AlwaysUseMSOAuthForAutoDiscover, and then press Enter.
  • Right-click AlwaysUseMSOAuthForAutoDiscover, and then click Modify.
  • In the Value data box, type 1, and then click OK.
  • Exit Registry Editor.

Open Outlook and you should now get the MFA type prompt as you would expect. I think if you continue to have problems then it’s worth deleting the Outlook profile on the computer and starting again.

The following article may also be of use as it goes into a lot more detail about how to enable or disable modern authentication for Outlook in Exchange Online https://docs.microsoft.com/en-us/Exchange/clients-and-mobile-in-exchange-online/enable-or-disable-modern-authentication-in-exchange-online

One last thing… enabling modern authentication for Outlook in Exchange Online wont affect any of your other users who may not have MFA setup.

Hopefully this may help someone somewhere one day!

Enable or Disable write protection to a USB drive

PROBLEM: I need to stop users saving data to a bitlocker usb flash drive that they use to unlock their laptop.

SOLUTION: Use the DiskPart command line utility to enable read only access to the USB flash drive in question.

STEPS:-

  1. Press the Windows key + R to open the run box.
  2. Type diskpart and press enter.
  3. If you receive a UAC prompt asking for permission click Yes.
  4. At the DISKPART > prompt type list disk and press enter.
  5. Figure out which is your USB disk based on the size (mine was disk 1) so I typed select disk 1 and pressed enter.
  6. You can check the attributes for the disk by typing attributes disk.
  7. To enable disk write protection (making it not possible to save files to the disk) use the command attributes disk set readonly and press enter.
  8. You’re done! Type exit to quit.
  9. If you ever wanted to revert back and disable write protection then use the command attributes disk clear readonly and press enter.

DiskPart

Please note that the above method will only enable write protection for that particular usb flash drive on that specific windows machine. If you were to put the same usb flash drive in a different machine you can still write files to it.