function Create-Group
{

Param(
[parameter(Mandatory=$true)]
$ManagementServer,
[parameter(Mandatory=$true)]
$ManagementPackID,
[parameter(Mandatory=$true)]
$GroupID,
[parameter(Mandatory=$true)]
$GroupName,
[parameter(Mandatory=$true)]
$SiteCode
)

Write-Host “ManagementServer: “$ManagementServer
Write-Host “ManagementPackID: “$ManagementPackID
Write-Host “GroupID: “$GroupID
Write-Host “GroupName: “$GroupName
Write-Host “SiteCode: “$SiteCode
[bool]$SUCCESS

function CreateManagementPack
{
param([object]$MG, [string]$ManagementPackID)
$MPStore = New-Object Microsoft.EnterpriseManagement.Configuration.IO.ManagementPackFileStore
$MP = New-Object Microsoft.EnterpriseManagement.Configuration.ManagementPack($ManagementPackID, $ManagementPackID, (New-Object Version(1, 0, 0)), $MPStore)
$MG.ImportManagementPack($MP)
}

function XMLEncode
{
param([string]$s)
$s = $s.Replace(“&”, “&”)
$s = $s.Replace(“<“, “&lt;”)
$s = $s.Replace(“>”, “&gt;”)
$s = $s.Replace(‘”‘, “&quot;”)
$s = $s.Replace(“‘”, “&apos;”)
return $s.ToString()
}

Write-Host “Adding SCOM Snap-in”
Add-PSSnapin Microsoft.EnterpriseManagement.OperationsManager.Client

Write-Host “Connecting to SCOM Management Group”
$ManagementServer = New-Object Microsoft.EnterpriseManagement.ManagementGroup($ManagementServer)

Write-Host “Getting MP Information and Incrementing Version”
try
{
$MP = $ManagementServer.GetManagementPacks($ManagementPackID)[0]
$VIncrement = $MP.Version.ToString().Split(‘.’)
$VIncrement[$VIncrement.Length – 1] = ([system.int32]::Parse($VIncrement[$VIncrement.Length – 1]) + 1).ToString()
$MP.Version = ([string]::Join(“.”, $VIncrement))
}
catch
{
Write-Host “MP Not Found, Creating New MP”
CreateManagementPack $ManagementServer $ManagementPackID
$MP = $ManagementServer.GetManagementPacks($ManagementPackID)[0]
}

<#
$Formula = ‘<MembershipRule Comment=”Empty Membership Rule”>’ + `
‘<MonitoringClass>$MPElement[Name=”SCIG!Microsoft.SystemCenter.InstanceGroup”]$</MonitoringClass>’ + `
‘<RelationshipClass>$MPElement[Name=”SCIG!Microsoft.SystemCenter.InstanceGroupContainsEntities”]$</RelationshipClass>’ + `
‘<Expression>’ + `
‘<SimpleExpression>’ + `
‘<ValueExpression>’ + `
‘<Value>True</Value>’ + `
‘</ValueExpression>’ + `
‘<Operator>Equal</Operator>’ + `
‘<ValueExpression>’ + `
‘<Value>False</Value>’ + `
‘</ValueExpression>’ + `
‘</SimpleExpression>’ + `
‘</Expression>’ + `
‘</MembershipRule>’

$Formula = ‘<MembershipRule Comment=”Dynamic Membership Rule”>’ + `
‘<MonitoringClass>$MPElement[Name=”MicrosoftWindowsLibrary7585010!Microsoft.Windows.Computer”]$</MonitoringClass>’ + `
‘<RelationshipClass>$MPElement[Name=”MicrosoftSystemCenterInstanceGroupLibrary7585010!Microsoft.SystemCenter.InstanceGroupContainsEntities”]$</RelationshipClass>’ + `
‘<Expression>’ + `
‘<SimpleExpression>’ + `
‘<ValueExpression>’ + `
‘<Property>$MPElement[Name=”MicrosoftWindowsLibrary7585010!Microsoft.Windows.Computer”]/ActiveDirectorySite$</Property>’ + `
‘</ValueExpression>’ + `
‘<Operator>Equal</Operator>’ + `
‘<ValueExpression>’ + `
‘<Value>EUR</Value>’ + `
‘</ValueExpression>’ + `
‘</SimpleExpression>’ + `
‘</Expression>’ + `
‘</MembershipRule>’
#>

$Formula = ‘<MembershipRule Comment=”Dynamic Membership Rule”>’ + `
‘<MonitoringClass>$MPElement[Name=”MicrosoftWindowsLibrary7585010!Microsoft.Windows.Computer”]$</MonitoringClass>’ + `
‘<RelationshipClass>$MPElement[Name=”MicrosoftSystemCenterInstanceGroupLibrary7585010!Microsoft.SystemCenter.InstanceGroupContainsEntities”]$</RelationshipClass>’ + `
‘<Expression>’ + `
‘<SimpleExpression>’ + `
‘<ValueExpression>’ + `
‘<Property>$MPElement[Name=”MicrosoftWindowsLibrary7585010!Microsoft.Windows.Computer”]/ActiveDirectorySite$</Property>’ + `
‘</ValueExpression>’ + `
‘<Operator>Equal</Operator>’ + `
‘<ValueExpression>’ + `
‘<Value>’ + $sitecode + ‘</Value>’ + `
‘</ValueExpression>’ + `
‘</SimpleExpression>’ + `
‘</Expression>’ + `
‘</MembershipRule>’

Write-Host “Getting Alias for the Microsoft.SystemCenter.InstanceGroup.Library Management Pack Reference”
$Alias = ($MP.References | where {$_.Value -like ‘*Microsoft.SystemCenter.InstanceGroup.Library*’}).key
If (!($Alias))
{
Write-Host “Management Pack Reference Not Found, Exiting”
exit
}
ElseIf ($Alias -ne ‘SCIG’)
{
Write-Host “Management Pack Reference Found but Alias Not Equal to SCIG. Modifying Formula”
$Formula = $Formula.Replace(“SCIG”, $Alias)
}

Write-Host “Creating Group”
$Group = New-Object Microsoft.EnterpriseManagement.Monitoring.CustomMonitoringObjectGroup($ManagementPackID, $GroupID, (XMLEncode -s $GroupName), $Formula)

Write-Host “Adding Group”
try
{
$MP.InsertCustomMonitoringObjectGroup($Group)
“Successfully Created Group”
$SUCCESS=$true
return $success
}
catch [System.Exception]
{
Write-Host $_.Exception
$SUCCESS=$false
return $success
}

Write-Host “Script Completed”

}

$SITECODE=’AMS4′
$GROUPNAME=’BK CORPFS – ‘ + $SITECODE
$GROUPID = $GROUPNAME.Replace(‘ ‘,”).Replace(‘-‘,”)

$output=Create-Group -ManagementServer ‘lhr4-omms-01′ -ManagementPackID ‘BK.Offices’ -groupID $groupId -GroupName $GROUPNAME -SiteCode $SITECODE
$output

Leveraging the flexibility of the F5 APM module, this solution extends the ability to single sign on using integrated credentials. This is currently possible by installing the various browser based F5 APM plugins, this solution however, is back end based and allows failback to basic authentication. Included is a simple ASP.NET web site that will take care of the authentication. When using an external logon page with APM, the module expects a username and password. In this example, we post back a dummy password once the user is authenticated.

Now this dummy password thing can’t be secure right? Of course it isn’t. Using cryptographic methods native to .Net and the F5 interpreter, we can validate the sign on with simple AES encryption algorithms. AES uses an initialisation vector (starting vector) to randomize the encrypted output, you want to do this to make it that little bit harder to break. Below in figure 1.1 is the workflow designed in the VPE (Visual Policy Editor). So what happens is: the user lands at the cloud service, at logon request the browser is redirected to your  IDP (SAML identity provider). The IDP passes the request to your own internal web site, validating the user using with NTLM authentication. It creates an encrypted string which gets sent back to the APM and presto, password-less authentication! All of this in milliseconds.

Figure 1.1

An example of the Access Policy Workflow.

An example of the Access Policy Workflow.

Read the rest of this entry »

Came across this method to validate a textbox for integers only:

As simpled as referencing the validateTextInteger Textbox textchanged event

       private void validateTextInteger(object sender, EventArgs e)
       {
           Exception X = new Exception();

           TextBox T = (TextBox)sender;

           try
           {
               if (T.Text != “-“)
               {
                   int x = int.Parse(T.Text);
               }
           }
           catch (Exception)
           {
               try
               {
                   int CursorIndex = T.SelectionStart – 1;
                   T.Text = T.Text.Remove(CursorIndex, 1);
                   MessageBox.Show(“Please use a valid integer”);
                   //Align Cursor to same index
                   T.SelectionStart = CursorIndex;
                   T.SelectionLength = 0;
               }
               catch (Exception) { }
           }
       }

The Exchange 2010 EMC has some limitations with regard to the management of Room and Shared Mailbox permissions. This is especially when in resource forest deployment, then it is not possible to add the user forest’s accounts to to mailbox permissions or send-as permissions. When your production user account belong to one forest and Exchange is deployed in another, the Exchange Management Console can not manage principles outside of the forest it’s deployed in.

While for any seasoned PowerShell whiz it’s a quick and easy job to add AD extended rights for example, not so easy for a junior helpdesk staff member to do. Hence I wish to share this app, written in C#. I will release it freely in the next few days if I have time before the holidays.

What it does:

Manage Mailbox send-as, send-on-behalf and mailbox permissions from a forms based application, when a room mailbox is detected it will only work in the context of mailbox permissions. It has the ability to add permissions in bulk (handy irrespective of in which forest the user accounts belong to). It was written for the purpose of managing shared mailboxes but can work with regular mailboxes also.

If your company uses RemoteApp for publishing administrative software over RDP then this is for you.

Capture

If anyone is interested please comment, I hope to have the application ready for download soon!

Follow

Get every new post delivered to your Inbox.