14 September 2021

Block attachments with macro's - Exchange Online transport rule

Macro's have become a serious threat with new malicious attachments entering your users mailboxes on a daily basis.

To stop the most obvious possible malicious attachments from entering your organization you can create this rule.
This is not the only thing that has to be done of course, but it's a start.

Sign into Microsoft 365 Portal and go to Exchange Admin Center.

Click Mail Flow on the left-side pane, and click the little + icon to add a new rule.

Then give it a name
Apply this rule if the recipient is located outside the organization
and
Any attachment's file extension matches
sldm
ppsm
ppam
potm
xlam
xltm
xlsm
dotm
docm
Do the following
Delete the message without notifying anyone (you could tweak this to your liking)
It will look like this:
And then test test test.




 

08 September 2021

Change the netconnection type to Private in the registry - Unable to find the netconnection

This one is quite common:

One of the network connection types on this machine is set to Public.

When trying to setup PSremoting you could run in to this error.


And when trying to find the connection that is marked as public you can't find it.

Chances are that your not connected to that connection at the moment, but the connection is there.
You can find all the connections that are configured on you machine in the registry:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles

There you will find all the GUID's with all the connection profiles in it. The value we are looking for is  "Category" DWORD. It will look like this:


Where the value of the "Category" DWORD means:

0 = Domain
1 = Private
2 = Public

So just set all "Category" DWORD's to value 1, reboot and your Enable-PSRemoting command should work.

If that doesn't work you could just run:

Enable-PSRemoting -SkipNetworkProfileCheck -Force

And if all else fails force all connections (in case of an Hyper-V server installation on your WIndows 10/11 box) to be set to "Private":

$networkListManager = [Activator]::CreateInstance([Type]::GetTypeFromCLSID([Guid]"{DCB00C01-570F-4A9B-8D69-199FDBA5723B}")) 
$connections = $networkListManager.GetNetworkConnections() 

# Set network location to Private for all networks 
$connections | % {$_.GetNetwork().SetCategory(1)}