Terence Lau

Hi,

Can we setup alerts for emails that breach our DLP policies?

Wow… that was a very impressive article.
I have just under 50 years in the computer business, and it all went over my head.
My last employed position was doing PowerShell automation for system deployment.

After reading the above, I see just how much the world has moved on.
Kudos to those who can, and do, work in the above environment.
I’m glad to be retired now.

Note that while Windows Contacts also offers a vCard export option, a long-standing bug in all versions (Vista through 11) converts Unicode characters to question marks in the VCF files (CSV export does not suffer from this issue): https://tinyapps.org/blog/201402210715_editing_vcards_with_bash.html

It’s not a question of how worthy it is. It’s a question of what is going to happen.
And this IS going to happen. I read up on how the tool works and it will find and copy every email in every pst the end users have regardless of where it resides, with the exception of copies of pst files with the same contents.
Many of these end users also have legal obligations to retain emails for extensive amounts of time. So, like I said, this is going to happen. So how is performance affected when it is moving the contents of say a 20 gb pst file to the archive? And if it’s local, how long would that take? And if they still (many do) have their pst’s on network drives and are on vpn. how will that affect performance?

I am in IT at a global IT company working in an enterprise environment. While the video was educational, I don’t see how Outlook performance will not be degraded if the pst migrator tool is moving literally 10’s of gigabytes of data, often over a vpn connection to a network drive.
Even if the files are all local, I have personally seen pst files in the 60 gb and higher range or a number of them totaling that much space. How is moving that much data not going to impact Outlook performance and what measures can be implemented in the event this occurs? I saw the configuration guide but at my level, I won’t have access to that. I’m fairly certain they are deploying via gpo. What kinds of issues HAVE you seen with this software?

Good idea there, didn’t know that option existed, will come in useful.

You can get directly to the path regardless of the user using this rather than having to put in username too:

%userprofile%contacts

As soon as the restored machine boots it will contact the domain and set a new password.

If you only want some files use file level recovery.

If you want the full machine but not connected to the network get the attribute from your AD backup (you backup your AD, right?) or boot from a DaRT CD and use Locksmith to set a new local admin PW.

I can’t see any problem.

Hi Mohammed,

Thank you for a clear and neat explanation of affinity and anti-affinity rules.

Same with me. LAPs is useless. More damage from curing…

We are using LAPS and facing the next issue.
When we have to restore a machine from the backup before the moment the LAPS password has changed ,we cannot login with the local administrator account.
Do you have a solution for this issue?

Hi Graham,

very useful post for users who wish to track daily spend proactively. thanks.

One question, on this topic. AWS organizations with multi account setup and have centralised billing. In such cases, If we setup this daily spend alerts at root account, Is it going to send consolidated spend of all member accounts including root account?

Regards
Ganesh

How is this? Rather than try to grant permissions to a folder when it becomes created, what about just giving authenticated users full-control of the outer folder which already is there?

How do I define “all users”appdatalocal? That is all I need. I can grant full control to the local folder with inheritable permissions inward. I just can’t figure out the correct syntax to define the all-usersappdatalocal folder.

Hello,
I haven’t tried this. However, I will check and let you know. This is the link where they explain about advanced hunting query language.

Thank you so much saved the day

I ran this as a task step. It creates the appdatafolder regardless of whether the app has been launched or not. The folder should only get created when the app is opened (that is working within the exe). After the app is launched, then in the userappdata location, the folder will exist, but by default the permissions do not contain authenticated users.
So the batch is forcing the creation of the folder, rather than the app launch…and the authenticated user properties are still missing. I’d need a way for the job to see “when” the folder exists, add authenticated users…on a userprofile basis.

Thanks for the reply. I’m going to simply run this in MDT only on the task sequence that has this app installed. Not everyone who gets this image will be using that specific app, but once they open it, it creates the folder and my objective is to have authenticated users have full control of that newly created folder.
I look at it kind of like staging the admin acct. The administrator account gets created in MDT, along with a password you give it. Someone can sign onto that pc and keep it for 10 yrs and never sign on as admin. But, once they do, the admin acct is automatically activated and has the p/w you’ve stashed in the unattend 10 yrs ago.
The same with this app. A user may never sign onto this app for months, but once they do and the folder is auto created, authenticated users will get full control of it. It’s early Monday morning and my brain isn’t fully firing yet, but that’s the scenario I’m looking to create.

Can this batch file just be implemented in MDT as a task step….
staged for any user who signs on in the future? Or must it be run per user on startup?

I can try that method. As of right now,

for /d %%a in (C:Users*) do (
icacls “%%aappdatalocalfoldername” /grant:r “authenticated users”:(OI)(CI)F /t
)

This seems to create the folder immediately, with no permissions added other than the usual computer user names. This method was suggested to me, as I am not even sure what the %%a refers to without looking it up.
I’m just hoping the foldername gets created when the user launches the app (which it does) but ideally it would have authenticated users with full control. That is the only goal.