Startup key combinations for Intel-based Macs

You can use the following startup key combinations with Intel-based Macs.

Keystroke	Description
Press C during startup	Start up from a bootable CD, DVD, or USB thumb drive (such as OS X install media).
Press D during startup	Start up in Apple Hardware Test (AHT).
Press Option-Command-P-R until you hear startup sound a second time.	Reset NVRAM
Press Option during startup	Start up in Startup Manager, where you can select an OS X volume or network volume to start from.
Press Eject, F12, or hold the mouse or trackpad button	Ejects any removable media, such as an optical disc.
Press N during startup	Attempt to start up from a compatible network server (NetBoot).
Press T during startup	Start up in Target Disk Mode.
Press Shift during startup	Start up in Safe Boot mode and temporarily disable login items.
Press Command-V during startup	Start up in Verbose mode.
Press Command-S during startup	Start up in Single-User mode.
Press Option-N during startup	Start from a NetBoot server using the default boot image.
Press Command-R during startup	Start from the OS X Recovery System1

Available on Macs that ship with OS X Lion. Some CPUs require an EFI BootROM update to support this feature.

 

SMTP Relay with Office 365

SMTP Relay with Office 365 is one of the more common questions we get at MessageOps.  It seems there is some confusion about what actually constitutes a relay, so let’s start off with trying to determine if you actually need to relay with Office 365 and then we’ll get into the options.  The question you must ask yourself to determine if you really need a relay is:

Do my applications, scanners, etc need to send ONLY to people in my domain?

If the answer is Yes, then you don’t need a relay server.  You can configure those applications/devices to send mail directly to your MX record in Office 365.  No authentication is necessary, no special ports are necessary.  When the mail comes into Office 365 in this scenario, it will be accepted like other messages from the Internet.  Granted it will look a little strange to Forefront that mail is coming from the Internet with a source address of @yourdomain.com, but by adding the IP address(es) of the on premise devices sending mail to the safe senders list, you should be able to avoid those messages going to junk or getting quarantined.

If the answer to the question above is No, your application or device needs to send mail to both people on the Internet and in your domain, then you need to relay mail.  The question then becomes how to do it.

Requirements for Relay with Office 365

The sending application must connect to the Office 365 servers on port 587

The sending application must support TLS

The sending application must authenticate with Office 365

The account you authenticate to the relay server with must be the same account as the from address on the messages you send through the relay.

And if those requirements aren’t strict enough, an account is limited to sending 1500 messages per day.  So it’s pretty clear that Microsoft does not want you sending mass mailings using Office 365.

So let’s walk through a couple scenarios.  Let’s say all your applications / devices meet those requirements.  That would then mean that you need to create an Office 365 account for each of those devices (if you wanted the From address on the message to be unique) or you could create a single account, with a generic name, which each application could then use to authenticate and send mail as.  In the shared account scenario you would just need to make sure the volume of mail per day does not exceed 1500 messages.

What we have found is that in most cases the existing applications don’t meet all those criteria or you need to send a higher volume of mail per day, so you then have to look at a couple other options.

Install a local IIS SMTP relay server

Use STunnel to allow a device or application which doesn’t support #1 and #2 in the requirements list above (Connect on Port 587 with TLS) , to connect to an on premise server over port 25.  STunnel acts as bridge for applications that don’t support TLS and/or connecting on port 587.

Installing a Local IIS SMTP Relay Server

If you install a local IIS SMTP Relay Server, it will be able to route mail to Office 365 or other destinations, such as hotmail.com, microsoft.com, etc.  Mail to domains not hosted on Office 365 will be delivered directly from the IIS SMTP server to the final destination, it will not pass through the Office 365 SMTP servers.  Once installed you’ll be able to configure all your applications, scanners, etc to use this server without authenticating.

You can install the SMTP Service on Windows 2008 by opening Server Manager.  The SMTP Service is a Feature which can be added.  Once the IIS SMTP service is installed, you’ll need to modify a few default settings.  The SMTP Service is administered by opening the Internet Information Services 6.0 Manager application in the Administrative Tools.

Configuring the Local IIS SMTP Server

How to Configure the Local IIS SMTP Server

First you’ll need to open the Properties of the Default Virtual Server. From there go to the Access tab, and click the Relay button.

 

You’ll need to enter the IP addresses of the hosts that you want to relay.

Next click on the Messages tab and review the maximum message size, the default of 2 MB might be too small.

The final setting you’ll likely want to review is the Advanced Delivery options, which can be found on the Delivery Tab, and then clicking the Advanced button.

 

Here you specify the host name that will be advertised when this server connects to the remote hosts. It’s best practice to have the IP address of the mail server resolve to this hostname when a reverse lookup is performed on the IP. You can also configure a smarthost on this page that all outgoing mail will be sent through.

At this point, the IIS server is ready to send mail, but there are a few more things you’ll probably want to do to help ensure that messages sent through the server don’t get flagged as spam.

1. Ensure the IIS server can connect to remote mail servers over port 25. It doesn’t need to accept incoming connections, it just needs to be able to connect to remote hosts on port 25.

2. Ensure the IP address that the IIS server is sending from has a PTR record created in the external DNS. If you are unsure what the external IP of your mail server is, send a test message to an external account and look at the message headers to determine the IP Addresses. Then use nslookup to query the IP to see if there is a reverse record for it. As mentioned earlier, its best practice to have the IP resolve to the name configured in Advanced Delivery Options.

3. Update your SPF record to include the IP address of the new IIS server.

Once you have these settings configured, you should be able to test your new relay server. When sending to remote hosts during your testing, check out the message headers to make sure the SPF record is working properly and your messages aren’t being rejected or marked with a high Spam score.

4. Add the IIS server IP address to the allow list in Office 365.

Using STunnel to Allow Non SSL SMTP Clients to Connect to Office 365

In some cases your applications or devices don’t support the requirements for connecting to Office 365 using SSL or on the non standard SMTP port of 587.  If you have applications which don’t support these requirements, but you would like to use the Office 365 SMTP and POP3 servers, you can use Stunnel to bridge the gap.

Stunnel listens for non-SSL connections and converts them to SSL or TLS connections.  This allows you to configure your applications to connect without using SSL to the stunnel service, and then stunnel builds an encrypted tunnel to the Office 365 POP3 or SMTP services.

You can install stunnel on a server or workstation in your environment and configure your devices which don’t support TLS or POP3 over SSL to connect through that server to Office 365.

 

 

Useful Powershell Commands - Lync Server 2010 / 2013

To search for one or more users

 To search for a user based on the value of a Microsoft Lync Server-specific attribute, use the Get-CsUser cmdlet and the Filter parameter. For example, this command searches for all users who have not been assigned a per-user voice policy:

 Get-CsUser -Filter {VoicePolicy -eq $Null}

 To search for a user based on the value of a generic Active Directory attribute, use the Get-CsUser cmdlet and the LdapFilter parameter. For example, this command searches for all users who are members of the Finance department:

 Get-CsUser -LDAPFilter "Department=Test"

Add a New User

 To create a new Lync Server user

 To enable a user to use Lync Server, use the Enable-CsUser cmdlet:

 Enable-CsUser -Identity "John Smith" -RegistrarPool "gs-lab.pro.com" -SipAddressType SamAccountName  -SipDomain pro.com

 The preceding command includes the SipAddressType and SipDomain parameters; this causes Lync Server to automatically create a SIP address for the user based (in this case) on the user's SamAccountName and the domain name litwareinc.com. Alternatively, you can use the SipAddress parameter to assign a specific SIP address to a user:

 Enable-CsUser -Identity "John Smith" -RegistrarPool "gs-lab.pro.com" –SipAddress "sip:john@pro.com"

 

 

 

Enable or Disable Users for Lync Server

 To disable or re-enable a previously enabled user account for Lync Server

 To permanently disable a Lync Server user account, use the Disable-CsUser cmdlet:

 Disable-CsUser –Identity "John Smith"

 When you run the preceding command, the user's Lync account will be disabled and all Lync Server-related attributes (including the policies assigned to that user) will be deleted from the user account. (Note that the user's Active Directory user account will not be deleted.) If you later decide to once more give the user access to Lync Server you will need to re-run the Enable-CsUser cmdlet, reassign any per-user policies, and reset property values such as the user's line URI and SIP address.

 To temporarily disable a Lync Server user account, use the Set-CsUser cmdlet to set the account's Enabled property to False:

 Set-CsUser –Identity "John Smith" –Enabled $False

 When you run the preceding command the user will still have a valid Lync Server account, and that account will retain all its current settings (including any per-user policies that have been assigned to the user). However, the user will not be able to log on to Lync Server until his or her account has been re-enabled.

 To re-enable a user whose Lync Server account has been temporarily disabled, use the Set-CsUser cmdlet to set the account's Enabled property to True:

 Set-CsUser –Identity "John Smith" –Enabled $True

 

 

Set, View, and Send a User's Dial-in Conferencing PIN

 To set a user’s PIN

 Lync Server PowerShell provides two different ways to assign a PIN number to a user. To have Lync Server randomly generate a PIN number for the user, use a command similar to this one:

 Set-CsClientPin -Identity "John Smith"

 The assigned PIN number will appear onscreen, like this:

 Identity                    Pin                PinReset

--------                     ---                --------

Sip:john@pro.com             55279                  True

 Note. It will be up to you to notify the user of his or her new PIN number; Lync Server will not automatically send these notifications for you.

 Alternatively, you can include the Pin parameter and assign a specific PIN number to a user:

 Set-CsClientPin -Identity "John Smith" -Pin 10122231

 You can also pipe multiple user accounts to Set-CsClientPin and Lync Server will automatically assign a new PIN number to each of those accounts. For example:

 Get-CsUser –LdapFilter "Department=Test" | Set-CsClientPin

Move Users to Another Pool

 To move selected users to a different server or pool

 To move a user from one Registrar pool to another, use the Move-CsUser cmdlet:

 Move-CsUser -Identity "John Smith" -Target "gs-lab.pro.com"

 You can also move multiple users by piping more than one user Identity (in this case, the Active Directory display name) to the Move-CsUser cmdlet:

 "John Smith", "Alex Branon", "Gareth Winner" | Move-CsUser -Target "gs-lab.pro.com"

To move all users from one server or pool to a different server or pool

 To move all the users from a specified pool to a different pool, first use the Get-CsUser cmdlet to retrieve all the users from that pool; in the following command, the Filter value {RegistrarPool –eq "gs-lab2.pro.com"} limits the returned user accounts to those users homed on the pool gs-lab2.pro.com. That collection of user accounts can then be piped to the Move-CsUser cmdlet:

 Get-CsUser -Filter {RegistrarPool –eq "gs-lab2.pro.com"}| Move-CsUser -Target "gs-lab.pro.com"

To move users from one pool to a different pool by using a filter

 To move a selected group of users (based on an Active Directory attribute) first use the Get-CsUser cmdlet and the LdapFilter parameter to retrieve the desired set of users. After retrieving the appropriate user accounts you can then pipe all those accounts to the Move-CsUser cmdlet:

 Get-CsUser -LdapFilter "Department=Finance" | Move-CsUser -Target "gs-lab.pro.com"

 Assign Policies to Users

 Assign a Conferencing Policy to Modify a User's Default Meeting Experience

 To assign a per-user conferencing policy

 To assign a per-user conferencing policy to a user, use a command similar to this, specifying the Identity of the per-user policy as the parameter value for the PolicyName parameter:

 Grant-CsConferencingPolicy –Identity "John Smith" –PolicyName "GLabConferencingPolicy"

 If you later decide to remove that conferencing policy (and thus have the user managed by the global policy or his or her site policy) use the following command, which sets the PolicyName property to a null value:

 Grant-CsConferencingPolicy –Identity "John Smith" –PolicyName $Null

Specify Client Versions Supported for Sign-in by a User

 To assign a per-user client version policy

 To assign a per-user client version policy to a user, use a command similar to this, specifying the Identity of the per-user policy as the parameter value for the PolicyName parameter:

 Grant-CsClientVersionPolicy –Identity "John Smith" –PolicyName "GLabClientVersionPolicy"

 If you later decide to remove that client version policy (and thus have the user managed by the global policy, a service policy, or his or her site policy) use the following command, which sets the PolicyName property to a null value:

 Grant-CsClientVersionPolicy –Identity "John Smith" –PolicyName $Null

 

 

Assign Specific Dial-in Conferencing PIN Security Settings to a User

 To assign a per-user PIN policy

 To assign a per-user PIN policy to a user, use a command similar to this, specifying the Identity of the per-user policy as the parameter value for the PolicyName parameter:

 Grant-CsPinPolicy –Identity "John Smith" –PolicyName "GLabPinPolicy"

 If you later decide to remove that PIN policy (and thus have the user managed by the global policy or his or her site policy) use the following command, which sets the PolicyName property to a null value:

 Grant-CsPinPolicy –Identity "John Smith" –PolicyName $Null

Apply External User Access Policies to Users

 To apply an external user policy to a user account

 To assign a per-user external access policy to a user, use a command similar to this, specifying the Identity of the per-user policy as the parameter value for the PolicyName parameter:

 Grant-CsExternalAccessPolicy –Identity "John Smith" –PolicyName "GLabExternalAccessPolicy"

 If you later decide to remove that external access policy (and thus have the user managed by the global policy or his or her site policy) use the following command, which sets the PolicyName property to a null value:

 Grant-CsExternalAccessPolicy –Identity "John Smith" –PolicyName $Null

 Configure Archiving of a User's Communications

To assign a per-user archiving policy

 To assign a per-user archiving policy to a user, use a command similar to this, specifying the Identity of the per-user policy as the parameter value for the PolicyName parameter:

Grant-CsArchivingPolicy –Identity "John Smith" –PolicyName "GLabArchivingPolicy"

If you later decide to remove that archiving policy (and thus have the user managed by the global policy or his or her site policy) use the following command, which sets the PolicyName property to a null value:

Grant-CsArchivingPolicy –Identity "John Smith" –PolicyName $Null

 

 

Assign a Location Policy to a User

To assign a per-user location policy

To assign a per-user conferencing policy to a user, use a command similar to this, specifying the Identity of the per-user policy as the parameter value for the PolicyName parameter:

 Grant-CsLocationPolicy –Identity "John Smith" –PolicyName "GLabLocationPolicy"

 Enable a User for Enterprise Voice

 To enable a user account for Enterprise Voice

 To enable a user for Enterprise Voice, use Set-CsUser to set the EnterpriseVoiceEnabled property to True and to assign the user a unique line URI:

Set-CsUser –Identity "John Smith" -EnterpriseVoiceEnabled $True –LineUri "TEL:+440207123456"

 Configure Telephony for Users

 To configure telephony for a specific user account

 To configure telephony options for a user, use the Set-CsUser cmdlet. The following command enables a user for Enterprise Voice and assigns that user a line URI:

 Set-CsUser –Identity "John Smith" –EnterpriseVoiceEnabled $True –LineUri "TEL:+440207123400"

 To enable remote call control for a user, use the following command:

 Set-CsUser –Identity "John Smith" -RemoteCallControlTelephonyEnabled $True –LineUri "TEL:+440207123400"

 This command enables PC-to-PC audio communications for the user, but without enabling either remote call control or Enterprise Voice:

 Set-CsUser –Identity "John Smith" –EnterpriseVoiceEnabled $False -RemoteCallControlTelephonyEnabled $False –LineUri "TEL:+440207123400"