How many time have you researched where the account lockouts are happening? which computer is locking the AD account? It could be

• disconnected remote desktop session
• scheduled task
• Application on a server
• Service running with AD account context
• Wireless profile with PEAP setup on Phones and devices

So I wrote this PowerShell script to query the Security events from domain controller, and list the callercomputer of where the lockouts are happening.

This following script takes two parameters. Username and domain controller name.

Note: You need run this script as Domain Administrator or at least with server operations privilege.

e.g.,
Search-Lockout-Events.ps1 -username JohnDoe -DomainControllerName HQ-IT-DC01.company.com

Here is the script, either download is from HERE or copy/paste from below:

<#
    Script: Search-Lockout-Events.ps1
    Parameters:
    UserName : SAMAccountName of the user
    DomainControllerName: domain Controller name (FQDN is better)

    Purpose: Search given domain controller for "bad password attempts" and
    "Account lock out" events from the Security Event Logs and list the 
    CallerComputer of where the account lockouts are coming from. 

    Written By: Anand, the Awesome, Venkatachalapathy
#>
param($Username,$DomainControllerName)

#Filenme to store the lockout events
$ReportFile = ".\$Username-Lockedout-Events.txt"

#Query the domain controller event log for lockout events
$LockoutEvents = Get-WinEvent @{logname='Security';starttime=[DateTime]::Today;id=644,4740,4625} `
    -ComputerName $DomainControllerName | ?{$_.Message -like "*$username*" } 

#Display the Date and caller computer from the event logs
"Date/time`t`tCallerComputer"
foreach($LockoutEvent in $LockoutEvents)
{
    $message = ($LockoutEvent.Message).Split("`n`r")
    $TimeCreated = [String] $LockoutEvent.TimeCreated

    #Find the Caller Computer from the event log message
    foreach($line in $message) 
    { 
        if($line -like '*Caller Computer Name:*')
        { $CallerComputer = $line  ; $CallerComputer = $CallerComputer.Replace("Caller Computer Name: ","")} 
    }

    $TimeCreated + "`t`t" + $CallerComputer

    #Store the event log details to the file
    $LockoutEvent | Format-List |  Out-File -FilePath $ReportFile -Append
    
}
#  * * * End of the Script * * * 

It’s a one line code. Make sure you run this code on a SQL server. OR on your computer where SQL Admin Console is installed.

Note: Make sure SQL Browser service is started on the computer you are running this code.

Open PoweShell, copy/paste this line:

[System.Data.Sql.SqlDataSourceEnumerator]::Instance.GetDataSources()

That is it. Here is the sample Output:

Well, there are situations you need to delete an Office 365 (MSOL) account permanently.

E.g., I need to create a new account with the same name but for a different user. Since there is a deleted MSOL account still exists, you can’t create the new user.

It is very easy. Open PowerShell and connect to AzureAD:

Connect-MSOLService -Credential (Get-Credential)

First you need to get the ObjectID of the deleted account. Here is how you do it.

Command: Get-MsolUser
-ReturnDeletedUsers -searchstring *UserUPN here* | fl UserPrincipleName,
ObjectID

Example: Get-MsolUser -ReturnDeletedUsers -searchstring JohnDoe@mycompany.com | fl UserPrincipleName, ObjectID

Now note down the ObjectID from the above command and use it for next command. Then we need to purge the deleted account.

Command: Remove-MsolUser
-ObjectID *ObjectID here* -RemoveFromRecycleBin -Force

Example: Remove-MsolUser
-ObjectID c4d86044-bd23-7218-c226-e556a25a2dac -RemoveFromRecycleBin -Force

That’s it. You sent this specific MSOL account to Hell forever.

Now, do you want to “Purge” all deleted MSOL accounts? Get Nasty. Here is how you do it.

Get-MsolUser -ReturnDeletedUsers -All |
Remove-MsolUser -RemoveFromRecycleBin -Force

After you created an Exchange Retention Policy either in Exchange Online or On-Prem Exchange, you have to make this new retention policy as Default, so new mailboxes will get this policy automatically.

To see the available retention policies, type

Get-RetentionPolicy 

To change your Default Retention Policy for all users, run the following (Copy the retention policy name from the results of the above command):

Set-RetentionPolicy -Identity "Your Policy Name" -IsDefault:$true  

Now, we need to assign this policy to all existing mailboxes.

Get-Mailbox -ResultSize Unlimited | Set-Mailbox -RetentionPolicy "Your Policy Name"

That’s it. Enjoy!

This question has been asked many times and usually assumed it is not possible. It is possible to create a stand-alone Outlook mail profile for Office 365 / Exchange Online or even in On-Premises Exchange server. You don’t need to enable Shared Mailbox’s AD account or use Shared Mailbox’s AD account. All you need to verify is you have FULL access permissions to the Shared Mailbox.

Now, this is how it is done:

1. Close Outlook if it is already open.
2. Open Control Panel and Open Mail (Microsoft Outlook 2016)

   

3. Click Show Profiles.. and Click Add… to create a new profile. Enter the appropriate name of the profile.
4. In Add Account window, Enter the Name of the Shared Mailbox (well you can type anything here), then enter the Email Address of the Shared Mailbox.

   Note: You don’t need to type password at all here.

5. Click Next

1. When asked, enter YOUR CREDENTIALS. Since you have full access permission on the Shared Mailbox, profile should create it successfully.

That’s all. Don’t forget to change the default Outlook profile in Mail settings.

Enjoy.

This is client side solution of automatically deleting emails after X number of days.  We are going to use Outlook’s AutoArchive feature. Don’t worry AutoArchive feature can delete emails also. 

I would recommend create an Outlook rule to move the emails you want to delete after X number of days. Just to make sure this tip is for Outlook on Windows. 

Lets get to the instructions:

• Open Outlook
• Go to Files >> Options >> Advanced >> Auto Archive Settings
  1. Set Run AutoArchive every ___days to you liking. This means the emails will be deleted every X number of days automatically.
  2. Do you need to be prompted before AutoArchive Runs? Check the box for Prompt before AutoArchive runs
  3. Choose Permanently delete old items. Do not click on Apply these settings to all folders now.
  4. Close OK.

• Go and find the Outlook folder where the email needs to be deleted. 
• Right click on the folder and choose Properties, then open AutoArchive tab.
  • Select Archive this folder using these settings
  • Select Clean out items older than __ Weeks. If you want to delete the emails after 90 days, type 90 and select days. 
  • Select Permanently delete old items
  • Click OK

That’s all. You have done it. Wait for the AutoArchive to kick in and watch it delete the emails automatically.

Hope that helped you. Enjoy and Leave me a reply.  

Hackers can run a script on your computer by any available methods (Malware, downloaded program, java script) to get your wireless password easily. That’s why you should not download any executable program from unknown and unreliable websites or a USB disk from parking lot. Once they have the wireless password, they can connect to the wireless network from parking lot or closed location around the property and get into the network.

This PowerShell script demonstrates how to grab the remembered wireless network names and it’s password in clear text on the running computer.

P.S. It is pretty dump to leave the output of the script on your computer for others to read.

<#

    Script to get all remembered wireless networks and their
passwords on the running computer.

    This script display the wireless network name and its
password and also saves it in wireless-passwords.csv
file

#>
$wprofiles = @()

(((netsh wlan show profiles) | out-string ).split(“`r`n”)).ForEach({
if ($_ -like “*All user profile*”)
{
$profiletextline = $_.Split(“:”)
$wprofiles += $profiletextline[1].trim()
}
})
“WirelessName`tPassword” | Out-File -FilePath .\Wireless-passwords.csv
$wprofiles.foreach({
$profilename = $_
(((netsh wlan show profile $profilename key=clear) | Out-String).Split(“`r`n”)).ForEach({
if ($_ -like “*Key content*”)
{
$passwordline = ($_.Split(“:”))[1].trim()
“$profilename`t$passwordline” | Out-File -FilePath .\Wireless-passwords.csv -Append
“$profilename = $passwordline”
}
})

})
# End of the Script