Renewing locally signed TLS Certificates on Exchange 2010

Get the thumbprint with..


 Get-ExchangeCertificate | fl

 copy and paste into following commands...

Get-ExchangeCertificate -thumbprint “0FDB0D02E7E9806EB7F252E5296E098287A21DBC” | New-ExchangeCertificate

TO have it not be used for any services, use this other add your services (SMTP IIS IMAP, etc)

enable-exchangecertificate -Thumbprint "5904E1FF48088BB3EE472F61E718CE8516B7327F" -Services:None

: Corrections are welcome

Giving users access to Exchange Management console snap-in (Exchange 2003/2007/2010)

source : http://publib.boulder.ibm.com/infocenter/tivihelp/v24r1/index.jsp?topic=%2Fcom.ibm.itcamms.doc_6.3%2Fexchange%2Fassign_admin_rights.html

Assigning administrator rights to the Microsoft Exchange Server user

The user that you have created for the Microsoft Exchange Server agent must be a domain administrator with full administrator rights on Microsoft Exchange Server. The administrator rights are required to access the Microsoft Exchange Server components. You must provide administrative rights to the user.

Before you begin

Create a Microsoft Exchange Server user who has the mailbox on the Exchange Server that is being monitored.

About this task

This task provides information about assigning administrator rights to the user. Minimum rights required for the Microsoft Exchange Server agent to run and display data are as follows:

• Exchange Server 2003 - Exchange Administrator
• Exchange Server 2007 - Exchange Recipient Administrator
• Exchange Server 2010 - Exchange Recipient Management

Procedure

For Microsoft Exchange Server 2003, complete the following steps to grant full administrator rights to the user:

1. Click Start > Programs > Microsoft Exchange > System Manager. The Microsoft Exchange Systems Manager opens.
2. Click Action > Delegate control. The Exchange Administration Delegation Wizard opens. Click Next.
3. On the Users or Groups page, click Add.
4. In the Delegate Control window, click Browse. Select the new user that you have created, and then click OK.
5. From the Role list, select Exchange Full Administrator, and then click OK.
6. Click Next, and then click Finish.

For Microsoft Exchange Server 2007, complete the following steps to grant recipient administrator rights to the user:

1. Click Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Console. The Exchange Management Console window opens.
2. In the Console tree, click Organization Configuration.
3. In the Action pane, click Add Exchange Administrator.
4. On the Add Exchange Administrator page, click Browse. Select the new user that you have created, and then select Exchange Recipient Administrator role.
5. Click Add.
6. On the Completion page, click Finish.

For Microsoft Exchange Server 2010, complete the following steps to grant recipient administrator rights to the user:

1. Click Start > Programs > Microsoft Exchange Server 2010 > Exchange Management Console. The Exchange Management Console window opens.
2. In the Console tree, click Toolbox.
3. In the Work pane, double-click the Role Based Access Control (RBAC) User Editor tool. The Exchange Control Panel window opens.
4. Enter the user credentials for the account with permissions to open the user editor in the Exchange Control Panel. Click Sign in.
5. Click the Administrator Roles tab.
6. Select the Recipient Management role group, and then click Details.
7. In the Members area, click Add.
8. Select the user that you want to add to the role group, and then click OK.
9. Click Save to save the changes to the role group.
10.  
11. source : http://publib.boulder.ibm.com/infocenter/tivihelp/v24r1/index.jsp?topic=%2Fcom.ibm.itcamms.doc_6.3%2Fexchange%2Fassign_admin_rights.html

Getting the IP and MAC address from a ChromeBook and ChromeCast

ChromeCast

1. open the Chromecast app on your Android phone or tablet 
2. tap on upper left corner icon for Devices to appear 
3. tap on a Chromecast device you have named (Ready to Cast)
4. wait for it to connect
5. Chromecast Settings - Device Info; name, WiFi settings, time zone, SHARE DATA, IP address, MAC Address and Build number.

 source: https://groups.google.com/forum/#!topic/chromebook-central/VABcRQydXXY 


ChromeBook

• Click on the Network and Settings window on your tray (where it shows the time, battery, avatar, etc.).
• Click on the WiFi section to see network details.
• There will be an “i” button in the bottom-right corner, click on it and your MAC and IP addresses will be displayed.

That’s it! Pretty simple, right?

source: http://chromespot.com/2013/12/02/how-to-get-chromebook-mac-ip-address/

Renewing an Exchange Certificate - Self signed / StartTLS or Transport (Exchange 2007 / 2010 / 2013)

source: http://forums.msexchange.org/Renewing_self-signed_SMTP_certificate/m_1800558152/tm.htm

Bharat's article is what I've used numerous times.

Just do a Get-exchangeCertificate | FL

Then with what youve provided you just highlight the SMTP cert
Thumbprint : 15405C99D3837CFF0DD2EA0213DAD6A241B

and then type out

Get-ExchangeCertificate -thumbprint “15405C99D3837CFF0DD2EA0213DAD6A241B” | New-ExchangeCertificate

then just bounce the microsoft exchange transport service.

source: http://forums.msexchange.org/Renewing_self-signed_SMTP_certificate/m_1800558152/tm.htm

Check Exchange Server Patch Level

Source: http://serverfault.com/questions/448827/how-do-i-determine-the-sp-and-rollup-version-of-an-exchange-installation

Slow method

Open "Programs and Features", select view updates, and search for the relevant Exchange 2010 patch.

Fast method

Run this command in Powershell

 gcm exsetup | %{$_.fileversioninfo}

Then use this URL to decipher the version number:

http://social.technet.microsoft.com/wiki/contents/articles/240.exchange-server-and-update-rollups-build-numbers-en-us.aspx




Source: http://serverfault.com/questions/448827/how-do-i-determine-the-sp-and-rollup-version-of-an-exchange-installation

Exchange 2013 (version 15) Viewing and setting Message Size Limits

http://technet.microsoft.com/en-us/library/jj150562%28v=exchg.150%29.aspx

How enable/disable FIPS cryptography in WIndows - all version

source: http://stackoverflow.com/questions/4886368/how-to-enable-fips-on-windows-7


In WIndows 8, open up a command prompt wondoe and kick off gpedit.msc and go from there...

First, be aware of what actually happens when you enforce FIPS140-2 complient encryption within Windows. Details are at http://technet.microsoft.com/en-us/library/cc750357.aspx. However, the main 'gotcha' (old SSL website's don't work in IE anymore) is detailed in the article linked below.
The official instructions to enable FIPS 140-2 complience are at http://support.microsoft.com/kb/811833, but can be summarised as follows:

1. Using an account that has administrative credentials, log on to the computer.
2. Click Start, click Run, type gpedit.msc, and then press ENTER.
3. In the Local Group Policy Editor, under the Computer Configuration node, double-click Windows Settings, and then double-click Security Settings.
4. Under the Security Settings node, double-click Local Policies, and then click Security Options.
5. In the details pane, double-click System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing.
6. In the System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing dialog box, click Enabled, and then click OK to close the dialog box.
7. Close the Local Group Policy Editor.

If you wish to do this manually, you can also simply change the registry key HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled to 1
Finally, to repeat, it is very important that you read through the documentation before you enable this - it changes cryptography system wide, including how the file system (both EFS and Bitlocker) and network (IE, Remote Desktop and the main cryptographic libraries) are allowed to encrypt, as well as if you allowed to recover lost encryption keys.

source: http://stackoverflow.com/questions/4886368/how-to-enable-fips-on-windows-7