Exchange 2007: more tasks

Removing disconnected mailboxes in Exchange Server 2007
Exchange Server 2007 doesn’t allow us to purge the disconnected mailbox. In order to remove one or multiple disconnected mailboxes we can be performing these steps:

Listing all disconnected mailboxes

Get-MailboxStatistics | where-object { $_.DisconnectDate -ne $null } | Select DisplayName,MailboxGuid

Removing a single entry
Remove-Mailbox -Database -StoreMailboxIdentity -confirm:$false

Removing all users at the same time
$users = Get-MailboxStatistics | where-object { $_.DisconnectDate -ne $null } | Select DisplayName,MailboxGuid

Now that we have all disconnected mailboxes in a var, we can run the following cmdlet to remove all of them:
$users | ForEach { Remove-Mailbox -Database "Mailbox Database" -StoreMailboxIdentity $_.MailboxGuid -confirm:$false }

Windows: RDP encryption

The protection offered depends on the selected security layer.
TLS security uses standard TLS/SSL mechanisms to protect all the data (to and from the server) using public key crypto for key exchange together with symmetric encryption and HMAC integrity protection. RDP layer works using the same basic principles as TLS but is a Microsoft homebrew solution that may not encrypt everything (depending on your security level settings).

The problem with both of these is the server public key is not verified (by default) and so an active attacker can perform a MITM attack (Cain and Able). To prevent this you need to enforce TLS security and install a client trusted TLS certificate on the server which the client can use to check the public key it is encrypting with is really the servers certificate and not an impostor’s.
Alternatively you can use CredSSP. This uses Kerberos or NTLM to authenticate the server’s public key, but an offline brute force attack by an server imposter may be possible with NTLM so I would suggest the use of a strong password policy with NTLMv2 level security (LMCompatabilityLevel 3-5).

Easiest way to enterprise activate a Blackberry

1. Connect BB to PC with a BB Desktop Manager installed
2. Log in as domain user you want to enterprise activate
3. Make sure the Outlook is configured with the users email
4. Open up BB Desktop Manager and once the BB is connected you should find an option to do enterprise activation pointing to the existing Outlook profile

OR
1. Login as administrator to workstation
2. Login to BB Administration Console in Internet Explorer
3. Plug in BB via USB
4. On the BB portal inside Attached Devices you should see that BB is connected
5. Remove the association with the old user if any and assign the phone to a new user from the list

Clonezilla & partclone

Weird thing with Clonezilla is that it allows to do images of multiple disks (not partitions) at once, but you won’t be able to recover any of them in easy way!
It will simply throws an error message that this is not supported (during recovery process)!
If you do a backup of multiple disks at once it puts all of them in the same directory then it complains when you want to make use of them.
In this case you have to create separate directories per disk and copy to that location all the files from the top e.g. part, disk, clonezilla.img and of course all MBR and filesystem backups with sdx at the beginning.
The you have to modify disk and part files so it includes only the desired disk and partitions you want to recover. Otherwise Clonezilla wizard will complain and fail.
Because the main partition is massive and to save time and disk space instead of making a copy of that image use symbolic link from main image backup directory to a new one.
ln -s /path/to/sdx-xx-xx-xx-gz.a /path/to/sdx-xx-xx-xx-gz.a (asymlink)
if you have made a mistake use
unlink symlink.txt to remove it in the right way

Worth mentioning is that the partclone v0.2.70 which is included in the latest stable release of Clonezilla, but at least its essential component partclone.restore is broken and is not able to restore previously created image. You need to use older version of Clonezilla that has older version of partclone which is below v0.2.69.
cat sbd1.ntfs-ptcl-img.gz.* | gzip -d -c | partclone.restore -C -s - -o sbd1.img
will fail.
Clonezilla will still of course manage to restore the disk and partitions using its own routines, but if you try to access files on that image you have to first decompress it, then convert from partclone image type to image that can be mounted with a loop device. By the way this image will be massive.
You need a decent amount of disk space (few Terabytes) on an external hard drive to safely manipulate with images created by Clonezilla. Of course you can create images without compression and relying only od dd command, but this is not default Clonezilla approach.
If you are doing the migration and you have a couple of ONLY data partitions the best way is to just copy over files to external hard drive as a backup otherwise to get access to partclone image will