29 March 2017

Update App Deployment Client Connectivity Restriction | SCCM

I recently had a client who's using SCCM, and was needing to install a particular application on many computers.  These machines happened to be in a workshop and they were testing the deployment by doing the manual install (through Software Centre).  They noticed that whilst they elected to install this particular app on about 30 machines, most of the workstations would say "Waiting to install", whilst only about 5 or so machines would actually be installing the app at one time.

Ultimately every machine received the application, however they wanted to know why it was limited to this small number, and what we could do to increase that.

To update this number to allow more machines simultaneously installing applications, we need to do the following:

Administration > Site Configuration > Sites > Configure Site Components > Software Distribution

The highlighted section is what I had updated.

The next part I updated was the following:

Administration > Site Configuration > Sites > Right-click site name and click Properties > "Sender" tab

I updated the circled settings to be 15 each.

21 March 2017

Increase Public Folder Quotas | Office 365

Recently a client of mine received a warning message saying a certain Public Folder was running low on space and they needed to delete some items.

This is the standard message you get from Exchange/Office 365 if your mailbox is running out of space etc, however with this being Office 365, I would have thought this limit would be much larger (or at least the client wouldn't have encountered this message for a period of time).

I logged into Office 365 and checked the Public Folder settings to make sure nothing was explicitly set, and that they were just getting the default quotas.

Whilst you can simply change the storage quotas section to not use the organisation quota defaults, this wasn't really practical as this client had about 15 different Public Folders.  It was much easier to just change the entire organisation's quota defaults and have it affect all the Public Folders.

In order to change this, you will need to do the following:

1. Sign into Office 365 through PowerShell
Note: this links to a previous blog post of mine which goes through how to sign into O365 using PS
2. Type the following command to find out what the current warning and prohibit quotas are set to:

Get-OrganizationConfig -DefaultPublicFolderIssueWarningQuota,DefaultPublicFolderProhibitPostQuota

As you can see here, the warning message is set to 1.7GB, and the prohibit message is set to 2GB. Neither of which is really acceptable. 

I changed this to warn at mailbox size 45GB, and prohibit at mailbox size 49GB.  This will mean that they will not have to worry about this filling up for a long period of time.

In order to do this, I typed two commands:

  1. Set-OrganizationConfig -DefaultPublicFolderProhibitPostQuota 49GB
  2. Set-OrganizationConfig -DefaultPublicFolderIssueWarningQuota 45GB
You can see in the below screenshot that after doing this, I then ran the Get-OrganizationConfig again to confirm the limits.

20 March 2017

Configure Squid Proxy with LDAP Auth | Active Directory

Recently a client of mine asked if we could implement a proxy server which forced each user to authenticate with their AD credentials.  They currently had a rather cut-down Squid server running in their environment and it was logging traffic, but there was no way to work out which users were browsing the most.  There was IP tracking, but when using a hot-desk situation, no user had a specific machine.

The following steps are what I've done to get this up and running where it forces each user to authenticate against AD, and denies all access if they don't authenticate correctly.

Assumptions: there is the assumption that you've already got a working copy of Linux up and running in your virtual environment.  In this case, I was using Ubunut 16.04.
The other assumption is that you have installed the LDAP role within Server Manager within your AD environment.

1. Download/Install Squid
sudo apt-get install squid
This will install Squid onto the Linux machine.  

2. Open ldap.conf which can be found at /etc/ldap/ldap.conf
3. Set BASE to your domain (in my case its test.internal as I've blogged this within a test environment).  I've updated the URI section too, however it's hashed out and not needed.
4. Edit squid.conf which can be found here: /etc/squid/squid.conf
5. Search for the follow section auth_param basic program, then enter the following details:
Note: most of this will already be there, you will just need to un-hash it.  The IP address used is the DC.  The blurred out section is the password I have used for the Administrator account which is mentioned within this section.
Also note that the credentialsttl will be how long a user can be logged in for before they're prompted again.  For testing purposes I set it to 15 minutes, you could set this to 2 hours.
6. Within the same document, search for acl safe_ports and then add the highlighted section below:
7. In the same document, search for http_access allow localhost, then add the highlighted section underneath it
8. Search for cache_dir ufs and then un-hash that section
9. Update the proxy settings within your environment to point to the Squid server on port 3128.  When you try to access a website, you should be greeted with the following message:

Install reporting tool for tracking user's browsing
In order to track the user's browsing, you will need to get Webmin, and also SARG.  These work together to allow you to make nice little reports which will show where users have been going and how much data they're using etc.

The following tasks will be completed within the Terminal
1. sudo nano /etc/apt/sources.list
2. Add the following two lines to the document you've just opened up
deb http://download.webmin.com/download/repository sarge contrib
deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib
3. Save the document and close out of it
4. sudo wget http://www.webmin.com/jcameron-key.asc
5. sudo apt-key add jcameron-key.asc
6. sudo apt-get update
7. sudo apt-get install webmin -y
8. sudo ufw allow 10000

This will then allow you to access the Webmin web portal on https://localhost:10000
Log in with your administrator (local admin) credentials

Click on un-used modules then find Squid Proxy
You will most likely see a message saying it wasn't able to find squid.  This will be because it's looking for /squid3/ rather than just /squid/.  You will need to edit the config and change squid3 to just squid everywhere you see it.

In order to use the Squid Report Generator, you will need to install SARG.  To do this, open Terminal and type the following:

sudo apt-get install sarg

Then you can click on Squid Report Generator within Webmin and be able to run reports on usage etc.