Author: Bob Lin

Yes, you can use Powershell to export Office 365 span filter allow and block list to a csv. Here are some examples:

Export blocked domain name list:

Get-HostedContentFilterPolicy | select -ExpandProperty BlockedSenderDomains | Select-Object @{Name=’Domain’;Expression={$_}} | Export-Csv .\blockeddomains.csv -NoType

Export bloced senders list

Get-HostedContentFilterPolicy | select -ExpandProperty BlockedSenders | Select-Object @{Name=’Domain’;Expression={$_}} | Export-Csv .\blockedsenders.csv -NoType

Export allow senders lsits

Get-HostedContentFilterPolicy | select -ExpandProperty AllowedSenders | Select-Object @{Name=’Domain’;Expression={$_}} | Export-Csv .\allowed.csv -NoType

Export allow domain name list

Get-HostedContentFilterPolicy | select -ExpandProperty AllowedSenderDomains | Select-Object @{Name=’Domain’;Expression={$_}} | Export-Csv .\alloweddomains.csv -NoType

Note: you may login remotely first:

Set-ExecutionPolicy RemoteSigned

Install-Module -Name ExchangeOnlineManagement

Import-Module ExchangeOnlineManagement

Connect-ExchangeOnline -UserPrincipalName blin@chicagotech.net

Many Windows 10 issues are related to hardware drivers. This article shows how to install and update hardware drivers in Windows 10

Option 1: Install drivers using Device Manager

Problems: The client has an old computer running windows 10. the machine is very slow when accessing network shared folder or going to the Internet.

Resolution:  Install drivers using Device Manager

* Type device manager in the Search bar

* Click on Device Manager

•Right click on the hardware, for example Network adapters.

• Click on Update driver.

Option 2: Installing drivers through Windows Update

Problem: The client can use an USB ternal drive on his Laptop, but not on the Desktop.

Resolution: Installing the latest Windows update on the Desktop fixes the problem.

* Go to Settings>Update & Security t download and install the latest Windows Update.

Option 2: Installing drivers through Windows Update

Problem: The client can use an USB ternal drive on his Laptop, but not on the Desktop.

Resolution: Installing the latest Windows update on the Desktop fixes the problem.

* Go to Settings>Update & Security t download and install the latest Windows Update.

Option 3: Download and install drivers from the manufacturer’s website

Problem: After a Windows update, client’s Dell Laptop Latitude 5290 Bluetooth doesn’t work anymore.

Resolution: Go to Dell Support website to search the Latitude 5290.

* Download and install the Bluetooth Driver.

Option 4: Check Compatibility Mode to Resolve Driver Problem: After upgrading from Windows 7 or Windows 8.1 to Windows 10, some features of the installed drivers and software may not work correctly.

Resolution: Uninstall all drivers and software in Windows® 7 or Windows® 8.1 before upgrading to Windows® 10.

You can search for the Compatibility Administrator utility in Windows

When re-installing Windows 10 on a product key built-in computer or installing a VM, you may not need to enter the Product Key. This article shows how to do so.

1.Run Windows installation from ISO or DVD.

* In the Windows Setup screen, select the Language, Time and currency format, Keyboard or input method, and then click on Next.

2. Click Install now to continue.

3. In Activate Windows page, click “I don’t have a product key”

5. Select Operation system and the Next.

Please view this step by step video:

Q: I plan to install a Windows 10 VM on my current Dell also running Windows 10 Pro. Do I need product key for the VM? How do I activate it?

A: No, you don’t. Quote from Microsoft:

Inherited Activation

Inherited Activation is a new feature available in Windows 10, version 1803 that allows Windows 10 virtual machines to inherit activation state from their Windows 10 host.

When a user with Windows 10 E3/E5 or A3/A5 license assigned creates a new Windows 10 virtual machine (VM) using a Windows 10 local host, the VM inherits the activation state from a host machine independent of whether user signs on with a local account or using an Azure Active Directory (AAD) account on a VM.

When install VM, just click on I don’t have a product key.

A user roaming profile contains personal information, and other users including administrator can’t access it. If you try to access or delete the roaming profile, you may get “Access denied” message. This article shows how to take ownership from the user and delete the roaming profile.

Step 1: Open Windows explorer

Step 2: Navigate to the roaming profile you want to delete. Right on the profile you want to delete. Select Properties

Note: You may receive this popup. Click Continue

Then you may receive another popup. Click on Close. You should be able to open the Properties.

Step 3: Click on Security tab

Step 4: Click on Advanced.

Step 5: Click on Change.

Step 6: Enter your usernameand who will take over ownership. Then click OK

Step 7: Check Replace owner on subcontainers and objects and click all Oks to save the settings

Note: You may receive this popup. Click Yes to continue.

Step 8: Now, try to delete the profile. If you can’t delete the profile and receive this message, go step 9.

Step 9: Go back to Advanced Security Setting. Check Replace all child object permission entries with inheritable permission entries from this object. Then try to delete the profile again.

Please view this step by step video:

Using Chromebook, you may want to access files such as phots, movies on another computer.  This article shows how to configure Chromebook to access Network Share Files on Windows.

1. On the Chromebook, click on time and then Settings icon. 

2. Click Advanced and Files.

3. Click on Network File Shares narrow key.

4. Click Add File Share

5. Enter File share URL, display name, username and password. You may want to check Remember sign-in info.

Click Add.

* If you receive “Error mounting share: The specified share was not found on the network, you may try IP address instead of the hostname

* Alternatively, you may want to add File System for Windows. Google it and add to Chrome.

Now, you should be able to access the network shar files or folders, Images in our example.

Please view this step by step video:

This article shows how to add and manage a printer on Chromebook.

1. On the Chromebook, click on time and then Settings icon. 

2. Click Advanced and then Printing.

3. You can add a printer by click on Printers.

4. You have options to Add printer and Set Up.

5. Click Print jobs icon to view the current printing jobs

Please view this step by step video:

This article shows how to change languages and input in Chromebook.

1. Click on time and then Settings icon.

2. Click on Advanced on the left pane.

3. Under Advanced, click on Languages and inputs.

4. Under Languages and Inputs, you have options to change languages and Inputs.

5. Click on Languages, you have options to change the device language and Add languages.

6. Under Inputs, you have options to switch the input methods and Add input methods. 

Please view step by step video:

This article shows how to take screenshot in Chromebook and transfer it to the Google drive or another computer.

1. Press Ctrl + Show windows at the same time

2. The screenshot popup. Click Show in folder.

Or you can open file folder by clicking on Lunch icon.

Then click on Files

If you don’t see the Files, click arrow up key. 

Now, you should see all folders such as Docs, Files, Google drive.

3. Click on Files, you should see the screenshot yuo just took in Download folder. 

* You can also find all screenshots took recently in Recent folder.

Or you may see them under Images.

4. You can copy or cut the screenshot to Google drive. 

Please view this step by step video:

This video shows how to configure a failover IPSec VPN between PA-850 firewall and AWS. Assuming the AWS has configured their IPSec VPN and sent the configuration file to you. Here are the steps:

Step 1: Configure Tunnel

Step 2: Create IKE Crypto Profile

Step 3: Configure IKE Gateway

Step 4: Configure IPSec Crypto

Step 5: Configure IPSec Tunnel

Step 6: Configure Virtual Router

Step 7: configure Security and Policy Rules

Step 8: Create a tunnel monitor for failover

Step 9: Commit the configuration and test

Step 1: Configure Tunnel

AWS configuration

 edit network interface tunnel units tunnel.1

  set ip 169.x.x.26/30

  set mtu 1427

On PA-850

1. With Paloalto web utility open, Go to Network >Interface > Tunnel tab.

2. Click Add to create a new tunnel interface.

3. Enter the following parameters:

* Name: tunnel.1

•Virtual router: (select the virtual router you would like your tunnel interface to reside)

•Click OK to save the settings.

* Re-open Tunnel.1

* Create a new Security Zone. Or you can create the zone in Network>Zones

•Enter Zone name, for example AWS

•Click on Add under Interface

•Select the Tunnel.1 which you just created.

* Click OK to save the settings.

•We need to configure ip-address since we intend to run dynamic routing protocols over the tunnel interface. However, if the Tunnel interface is in the zone where the traffic run Static Routing, configuring ip-address on the tunnel interface is optional

•To configure IP Address, click on IPv4 tab.

•Click Add

•Entre the public IP address for connecting to AWS.

* You may want to create a Management Profile, PING-Only in our example

* The Tunnel.1 setting looks like this

Step 2: Create IKE Crypto Profile

AWS configuration

 configure

 edit network ike crypto-profiles ike-crypto-profiles vpn-xxxx-0

  set dh-group group2

  set hash sha1

  set lifetime seconds  28800

  set encryption aes-128-cbc

On PA-850

•Go to Network>Network Profiles>IKE Crypto.

•Click Add

* Enter the IKE Crypto profile (IKEv1 Phase-1) parameters, which should match on the remote firewall for the IKE Phase-1 negotiation to be successful.

Step 3: Configure IKE Gateway

AWS Configuration

edit network ike gateway ike-vpn-xxxx-0

  set protocol ikev1 ike-crypto-profile vpn-xxxx-0 exchange-mode main

  set protocol ikev1 dpd interval 10 retry 3 enable yes

  set authentication pre-shared-key key xxxx

  set local-address ip 12.x.x.130

  set local-address interface ethernet1/1

  set peer-address ip 52.x.x.251

On PA-850

•Go to Network>Network Profiles>IKE Gateway.

•Click on Add to configure the IKE Phase-1 Gateway.

* Enter these local and peer IP addresses and info to match AWS configuration.

•Click on Advanced Options

* The IKE Gateway configuration looks like this

Step 4: Configure IPSec Crypto

AWS Configuration

 edit network ike crypto-profiles ipsec-crypto-profiles ipsec-vpn-xxxx-0

  set esp authentication sha1

  set esp encryption aes-128-cbc

  set dh-group group2 lifetime seconds 3600

 On PA-850

* Go to Network>Network Profiles>IPSec Crypto

* Click Add to create a new Profile

•Configure the IPSec Crypto profile to specify protocols and algorithms for identification, authentication, and encryption in VPN tunnels based on IPSec SA negotiation (IKEv1 Phase-2), which should match AWS configuration

* IPSec Crypto Profile looks like this

Step 5: Configure IPSec Tunnel

AWS Configuration

set zone untrust network layer3 tunnel.1

On PA-850

•Go to Network>IPSec Tunnels.

•Click Add to create a new IPSec Tunnel.

* In the General window select the Tunnel Interface, the IKE Gateway and IPSec Crypto Profile you just created above to set up the parameters to establish IPSec VPN tunnels between firewalls.

* IPSec Tunnel configuration looks like this

Step 6: Configure Virtual Router

AWS Configuration

set network virtual-router default interface tunnel.1

 edit network tunnel ipsec ipsec-tunnel-1

  set auto-key ipsec-crypto-profile ipsec-vpn-xxxx-0

  set auto-key ike-gateway ike-vpn-xxxx-0

  set tunnel-interface tunnel.1

  set anti-replay yes

On PA-850

* Go to Network>Virtual Routers.

* Click on your Virtual router profile

* Click Static Routes and then Add to add a new route for the network that is behind the other VPN endpoint 

•Be sure to use the proper Tunnel Interface.

•Note: If we configure failover, the Metric # should be bigger for example the first tunnel is 10 and second tunnel Metric is 20.

•Virtual Router configuration looks like this

Step 7: configure Security and Policy Rules

AWS Configuration

 edit rulebase pbf rules pbf-vpn-vpn-xxxx-0

  set action forward nexthop ip-address 169.x.x.25

  set action forward egress-interface tunnel.1

  set action forward monitor profile tunnelmonitor disable-if-unreachable yes ip-address 169.x.x.25

  set source LAN-CIDR source-user any destination VPC-CIDR application any service any

  set from zone trust

  set disabled no

On PA-850

* By default the ike negotiation and ipsec/esp packets would be allowed via the intrazone default allow.

If you wish to have more granular control, you could specifically allow the required traffic and deny the rest.

Step 8: Create a tunnel monitor for failover

AWS Configuration

edit network profiles monitor-profile tunnelmonitor

  set interval 2 threshold 5 action fail-over

On PA-850

•Repeat above 1 to 7 steps to create a second IPSec Tunnel with different parameters.

•Go to Network>Virtual Routes

•Select the default

•Click on Static Routes

•Select the Route we configured before, Route to AWS in our example

•Check Path Monitoring, and enter info based on AWS configuration

•Note 1: you configure Path Monitoring on the first IPSec tunnel only Note: Destination IP is Tunnel Interface next Hop IP, 169.x.x.25 (169.x.x.26/40)

* Go to Network>IPSec Tunnels
* Select each Tunnel
* Check the first Tunnel Monitor
* Enter the destination IP 169.x.x.25 in our example
* Go to the second tunnel’ Monitor, enter destination IP 169.x.x.223 in our example
* Click OK to save the settings.

Step 9: Commit the configuration and test

To check the IPSec Status, go to Network>IPSec Tunnels

Or ping other side IP address for example ping 10.60.3.12

And check the Monitor

To test failover, you can change the first tunnel monitor IP address, for example 169.x.x.25 to 169.x.x.1 which is not a good Ip address so that the Tunnel 1 status is red and not available. The ping other side IP address. You can check the monitor to find which tunnel issuing.

In below example, we ping other side IP 10.60.3.12 using tunnel3. After the Tunnel3 doesn’t work, we can ping 10.60.3.12 using Tunnel4. Then we use Tunnel3 fix the problem.

Please view this step by step video: