Calendar Invites from Office 365 forwarded to GMail / G-Suite lack Accept / Reject buttons

This post might be a bit of bear. I write it mainly for myself as a point of reference but perhaps it can help others.

In our case, we had recently acquired a new company that used Google G-Suite / GMail. While we waited to migrate them over we setup Mail Enabled User Objects (without Mailboxes) on Office 365 as Stubs. These stubs provided GAL entries for these employees and leveraging the “targetAddress” attribute forwards all emails to those users mailboxes on G-Suite (a different email domain).

For the most part this worked well. We get Calendar Free / Busy from the objects as well email forwarding worked. Except sometimes Calendar Invites did not have accept or reject buttons.

We finally got to the bottom of this… has everything to do with two factors (both are really the same but worth going through the motions)

  • TNEFEnabled Flagging must be set to $False ($null isnt good enough) in PowerShell
  • “Use Rich-Text Format” Set to “Never” in the ECP/Mail Flow/Remote Domains/<domain>

Connect to Microsoft Exchange Online PowerShell Module then run this:

Get-RemoteDomain | select Name, TNEFEnabled

If you dont have the GMail / GSuite domain listed add it with new-remotedomain:

New-RemoteDomain -Name <Name of External Domain> -DomainName domain.com

Then run this command:

Set-RemoteDomain -Identity -TNEFEnabled $false

Next up we want to validate things with RTF

  • Goto the ECP: https://outlook.office.com/ecp
  • Navigate to Mail flow on the Left
  • Navigate to Remote Domain on the top
  • Find the domain in question
  • Ensure “Use rich-text format:” is set to “Never”

That should be it, within 30 minutes or so to have setting sync to all exchange servers it should be working once more.

What I think I understand better now is the MS KB Docs are incorrect, $null on TNEFEnabled means to default to user defaults. You must use $False to force the corrective action.

Fix: NVidia Shield (Moonlight) selecting the wrong Monitor

A while back I stopped paying for consoles and put my efforts to a good PC rig. However I still like laying down on the couch and using a XBOX Controller. Moonlight fixed this for me (using a 4K Apple TV and full ethernet) . Full FPS, full resolution (with RTX I might add), no lag, perfection!

But there was a problem when I upgraded my PC. Moonlight kept using the right (wrong) monitor instead of dead center. This made it so I would have to get up, go in my office and force the game onto the wrong monitor (or worse).

However after a lot of trial and error I figured out how to fix it.

First you need to make sure the monitor in question is in fact the “BIOS Default”. What does that mean? Well for me, when I power on the tower the Dell logo shows up on that screen. I had to swap around DP cables until that happened.

Next you need your preferred monitor to be the Windows first found. Notice I didn’t say primary? NVidia doesn’t respect the primary monitor flag (they should but they dont).

Some background: Windows makes “profiles” for every unique pairing of monitors. It does this by using Monitor Serial Numbers which is why swapping cables doesn’t really fix the issue. My assumption is NVidia looks for Monitor 00 and that’s the one it uses. So the real trick is to get WINDOWS to address your preferred monitor first.

To get Windows to make your preferred monitor #00 (what I am calling first found) you need to figure out which cable its connected to. Make sure its the only one attached, then go to the following section of the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration

Delete all the sub keys of Configuration. I did this a few times, never did me much harm although be aware it could create issues for you. A system restore point might be a good idea or at least an export of Configuration *(right click -> export).

Then disconnect all other monitors except the one you care about and reboot. Once rebooted plug in your other monitors. You will have to reorder them again. And that should do it.

I figured this out after realizing even after purging drivers and configs I found it odd Windows always knew how to put the monitor order back to gather again (even when swapping cables). That is how I found these keys which kills that saved profile. The only other part to figure out was how to make sure the monitor I cared about was first.

Hope it helps and happy gaming!

Can not install Exchange Online PowerShell MFA Update due to ClickOnce Application Security Settings

If you can not install the Exchange Online PowerShell Update which enables MFA (which can be found here: https://outlook.office.com/ecp -> Hybrid -> Second Button) due to Windows not letting you install it then edit this area of the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Security\TrustManager\PromptingLevel

Set Internet to Enabled (and if that isnt enough set them all to Enabled)

Once installed set back to Disabled

 

 

Secure PowerShell Scripts running via Windows Task Scheduler using MD5 Hashes to safeguard against Tampering

Over the years the number of Task Scheduled based PowerShell scripts has increased. However, this poses serious potential security risks.

The Security Issue

Given that these tasks commonly run as a service account, with additional rights, it is a potential attack vector.

Simply changing the underlying script can allow a hacker access to anything the service account has access to.Even signing the scripts can be useless as the system can be configured to ignore signing.

The Solution

I have created this one-liner that Task Scheduler can use that will only run the script if the hash of the script matches the hash listed in the one-liner. If someone tries to change this in Task Scheduler they would be required to reenter the proper password.

powershell.exe -command if ([System.BitConverter]::ToString((New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider).ComputeHash([System.IO.File]::ReadAllBytes(‘C:\temp\test.ps1‘))) -eq ‘33-CD-2A-54-ED-F3-0F-94-5F-D2-97-D9-FE-4F-45-79‘) {. c:\temp\test.ps1} else {Send-MailMessage -SmtpServer smtp.server.domain.com -From whatever@domain.com -To you@domain.com -Subject ‘Failed to Run Script – Hash Not Correct’}

Notes about One Line Script Executor

  • You need to replace c:\temp\test.ps1 with the path to your script. (two places in this example)
  • You must supply the hash of the script. (use the following command to get it)

[System.BitConverter]::ToString((New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider).ComputeHash([System.IO.File]::ReadAllBytes(‘C:\temp\test.ps1‘)))

  • Script will email you if hash fails.
    • Change TO: and FROM: to match your needs.
  • Do NOT use double quotes in this script, do NOT forget that CMD will pass this to PowerShell, and will strip out double quotes.

If this helped you or perhaps you have suggestions to make it better, please do leave them in the comments.

Enjoy

-Eric

Fix: Windows 10 Start Menu (and Modern Subsystem) Freezes and Stops Working

Nothing gets me more upset than seeing a common issue that never seems to get fixed. Since Windows 10 inception I have noticed a rather odd issue that occurs about weekly where my Start Menu, all Metro (Modern) Apps, and even Internet Explorer (which is odd given its a Win32 App) locks up, freezes, and just plan stops working.

The only obvious cure had been to reboot the PC.

However through alot of trial an error have figured out a workaround to get your PC back on its feet.

The Workaround

  • Simply open Task Manager (CTRL + SHIFT + ESC)
  • Click More Details (if needed)
  • Go to Details
  • Locate: siHost.exe
  • Right Click, End Process Tree

Note: This may need to be done twice in my testing but should always return the start menu after that second try. Many times it only takes once.

More Detail

You may notice when this happens that there are the following events in the event logs:

The program ShellExperienceHost.exe version 10.0.10586.218 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 2290
Start Time: 01d1a082cc447ca3
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Report Id: 524e2a97-0c76-11e6-8dae-64006a80564a
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App

Also you may see errors about SearchUI.exe