Exchange 2013 default event log levels

Identity EventLevel
——– ———-
EX02\MSExchange ActiveSync\Requests Lowest
EX02\MSExchange ActiveSync\Configuration Lowest
EX02\MSExchange Antispam\General Lowest
EX02\MSExchange Assistants\Assistants Lowest
EX02\MSExchange Autodiscover\Core Lowest
EX02\MSExchange Autodiscover\Web Lowest
EX02\MSExchange Autodiscover\Provider Lowest
EX02\MSExchange Availability\Availability Service Lowest
EX02\MSExchange Availability\Availability Service General Lowest
EX02\MSExchange Availability\Availability Service Authentication Lowest
EX02\MSExchange Availability\Availability Service Authorization Lowest
EX02\MSExchange Cluster\Move Lowest
EX02\MSExchange Cluster\Upgrade Lowest
EX02\MSExchange Cluster\Action Lowest
EX02\MSExchange Common\General Lowest
EX02\MSExchange Common\Configuration Lowest
EX02\MSExchange Common\Logging Lowest
EX02\MSExchange RBAC\General Lowest
EX02\MSExchange RBAC\RBAC Low
EX02\MSExchange CmdletLogs\General Lowest
EX02\MSExchange Configuration Cmdlet – Management Console\General Lowest
EX02\MSExchange Configuration Cmdlet – Management Console\RBAC Lowest
EX02\MSExchange Delegated Authentication Module\General Lowest
EX02\MSExchange LiveId Redirection Module\General Lowest
EX02\MSExchange Organization Redirection Module\General Lowest
EX02\MSExchange Certificate Authentication Module\General Lowest
EX02\MSExchange Control Panel\General Lowest
EX02\MSExchange Control Panel\Performance Lowest
EX02\MSExchange Control Panel\Redirect Lowest
EX02\MSExchange Control Panel\Proxy Lowest
EX02\MSExchange Extensibility\Transport Address Book Lowest
EX02\MSExchange Extensibility\MExRuntime Lowest
EX02\MSExchange EdgeSync\Synchronization Lowest
EX02\MSExchange EdgeSync\Topology Lowest
EX02\MSExchange EdgeSync\SyncNow Lowest
EX02\MSExchange TransportService\TransportService Lowest
EX02\MSExchange Web Services\Core Lowest
EX02\MSExchange IMAP4\General Lowest
EX02\MSExchange IMAP4 BE\General Lowest
EX02\MSExchange Messaging Policies\Journaling Lowest
EX02\MSExchange Messaging Policies\AttachFilter Lowest
EX02\MSExchange Messaging Policies\AddressRewrite Lowest
EX02\MSExchange Messaging Policies\Rules Lowest
EX02\MSExchange Messaging Policies\Prelicensing Lowest
EX02\MSExchange Messaging Policies\PolicyApplication Lowest
EX02\MSExchange Messaging Policies\JournalReportDecryption Lowest
EX02\MSExchange Messaging Policies\RightsManagement Lowest
EX02\MSExchange Messaging Policies\TransportDecryption Lowest
EX02\MSExchange Messaging Policies\RedirectionAgent Lowest
EX02\MSExchange Messaging Policies\Information Rights Management Lowest
EX02\MSExchange Anti-spam Update\HygieneUpdate Lowest
EX02\MSExchange Mailbox Replication\Service Lowest
EX02\MSExchange Mailbox Replication\Mailbox Move Lowest
EX02\MSExchange Mid-Tier Storage\Xtc Lowest
EX02\MSExchange Mid-Tier Storage\Audit Lowest
EX02\MSExchange Mid-Tier Storage\Discovery Lowest
EX02\MSExchange Mid-Tier Storage\Information Rights Management Lowest
EX02\MSExchange Mid-Tier Storage\CopyOnWrite Lowest
EX02\MSExchange Mid-Tier Storage\ResourceHealth Lowest
EX02\MSExchange Management Application\Shell Lowest
EX02\MSExchange Management Application\Console Lowest
EX02\MSExchange Management Application\ProvisioningAgent Lowest
EX02\MSExchange Management Application\ComponentInfoBasedTask Lowest
EX02\MSExchange Management Application\AdminAuditLog Lowest
EX02\MSExchange OWA\FormsRegistry Lowest
EX02\MSExchange OWA\Core Lowest
EX02\MSExchange OWA\Configuration Lowest
EX02\MSExchange OWA\Themes Lowest
EX02\MSExchange OWA\SmallIcons Lowest
EX02\MSExchange OWA\Proxy Lowest
EX02\MSExchange OWA\Transcoding Lowest
EX02\MSExchange OWA\ADNotifications Lowest
EX02\MSExchange OWA\InstantMessage Lowest
EX02\MSExchange POP3\General Lowest
EX02\MSExchange POP3 BE\General Lowest
EX02\MSExchange Process Manager\ProcessManager Lowest
EX02\MSExchange Repl\Service Lowest
EX02\MSExchange Repl\Exchange VSS Writer Lowest
EX02\MSExchange ReportingWebService\General Lowest
EX02\MSExchange Topology\Topology Discovery Lowest
EX02\MSExchange Unified Messaging\UMWorkerProcess Lowest
EX02\MSExchange Unified Messaging\UMCore Lowest
EX02\MSExchange Unified Messaging\UMManagement Lowest
EX02\MSExchange Unified Messaging\UMService Lowest
EX02\MSExchange Unified Messaging\UMClientAccess Lowest
EX02\MSExchange Unified Messaging\UMCallData Lowest
EX02\MSExchange Unified Messaging\MWI General Lowest
EX02\MSExchange Unified Messaging\UMCallRouter Lowest
EX02\MSExchange ADAccess\General Lowest
EX02\MSExchange ADAccess\Cache Lowest
EX02\MSExchange ADAccess\Topology Low
EX02\MSExchange ADAccess\Configuration Lowest
EX02\MSExchange ADAccess\LDAP Lowest
EX02\MSExchange ADAccess\Validation Low
EX02\MSExchange ADAccess\Recipient Update Service Lowest
EX02\MSExchange ADAccess\Site Update Lowest
EX02\MSExchange ADAccess\Exchange Topology Lowest
EX02\MSExchange ADAccess\MSERV Lowest
EX02\MSExchange ADAccess\GLS Lowest
EX02\MSExchangeADTopology\General Lowest
EX02\MSExchangeADTopology\Configuration Lowest
EX02\MSExchangeADTopology\Topology Low
EX02\MSExchangeApplicationLogic\TextMessaging Lowest
EX02\MSExchangeApplicationLogic\ServerPicker Lowest
EX02\MSExchangeApplicationLogic\Extension Lowest
EX02\MSExchangeApplicationLogic\E4E Lowest
EX02\MSExchangeApplicationLogic\DiagnosticHandlers Lowest
EX02\MSExchangeIS\General Lowest
EX02\MSExchangeIS\Physical Access Lowest
EX02\MSExchangeIS\Lazy Indexing Lowest
EX02\MSExchangeIS\Logical Data Model Lowest
EX02\MSExchangeIS\Directory Services Lowest
EX02\MSExchangeIS\MAPI Lowest
EX02\MSExchangeIS\High Availability Lowest
EX02\MSExchangeMailboxAssistants\Service Lowest
EX02\MSExchangeMailboxAssistants\OOF Assistant Lowest
EX02\MSExchangeMailboxAssistants\OOF Library Lowest
EX02\MSExchangeMailboxAssistants\Resource Booking Attendant Lowest
EX02\MSExchangeMailboxAssistants\Email_Lifecycle_Assistant Lowest
EX02\MSExchangeMailboxAssistants\Junk Email Options Assistant Lowest
EX02\MSExchangeMailboxAssistants\Conversations Assistant Lowest
EX02\MSExchangeMailboxAssistants\Approval Assistant Lowest
EX02\MSExchangeMailboxAssistants\ELC Library Lowest
EX02\MSExchangeGlobalLocatorCache\General Lowest
EX02\MSExchangeTransport\SmtpReceive Lowest
EX02\MSExchangeTransport\SmtpSend Lowest
EX02\MSExchangeTransport\DSN Lowest
EX02\MSExchangeTransport\Routing Lowest
EX02\MSExchangeTransport\Logging Lowest
EX02\MSExchangeTransport\Components Lowest
EX02\MSExchangeTransport\RemoteDelivery Lowest
EX02\MSExchangeTransport\Pickup Lowest
EX02\MSExchangeTransport\Categorizer Lowest
EX02\MSExchangeTransport\PoisonMessage Lowest
EX02\MSExchangeTransport\MessageSecurity Lowest
EX02\MSExchangeTransport\TransportService Lowest
EX02\MSExchangeTransport\Exch50 Lowest
EX02\MSExchangeTransport\Process Lowest
EX02\MSExchangeTransport\ResourceManager Lowest
EX02\MSExchangeTransport\Configuration Lowest
EX02\MSExchangeTransport\Storage Lowest
EX02\MSExchangeTransport\Agents Lowest
EX02\MSExchangeTransport\Transport Address Book Lowest
EX02\MSExchangeTransport\Orar Lowest
EX02\MSExchangeTransport\Unused Lowest
EX02\MSExchangeTransport\ShadowRedundancy Lowest
EX02\MSExchangeTransport\Approval Lowest
EX02\MSExchangeTransport\TransportSafetyNet Lowest
EX02\MSExchangeTransport\TransportTenantAttribution Lowest
EX02\MSExchangeTransportSyncCommon\General Lowest
EX02\MSExchangeTransportSyncManager\General Lowest
EX02\MSExchangeTransportSyncWorker\General Lowest
EX02\MSExchangeTransportSyncWorkerFramework\General Lowest
EX02\MSExchange OutlookProtectionRules\Outlook Protection Rules Lowest
EX02\MSExchange Provisioning MailboxAssistant\Provisioning Assistant General Lowest
EX02\MSExchangeThrottling\General Lowest
EX02\MSExchangeThrottlingClient\General Lowest
EX02\MSExchange FailFast Module\General Lowest
EX02\MSExchange Store Driver Delivery\MSExchangeStoreDriverDelivery Lowest
EX02\MSExchange Store Driver Delivery\MeetingMessageProcessing Lowest
EX02\MSExchange Store Driver Delivery\OofHistory Lowest
EX02\MSExchange Store Driver Delivery\Approval Lowest
EX02\MSExchange Store Driver Delivery\UnifiedMessaging Lowest
EX02\MSExchange Store Driver Submission\MSExchangeStoreDriverSubmission Lowest
EX02\MSExchangeSubmission\MSExchangeSubmission Lowest
EX02\MSExchange Antimalware\General Lowest
EX02\MSExchange Antimalware\Init Lowest
EX02\MSExchange Antimalware\ScanResults Lowest
EX02\MSExchange Antimalware\ScanError Lowest
EX02\MSExchange OAuth\Requests Lowest
EX02\MSExchange OAuth\Configuration Low
EX02\MSExchange OAuth\Server 2
EX02\MSExchange BackEndRehydration\Requests Lowest
EX02\MSExchange BackEndRehydration\Configuration Low
EX02\MSExchange BackEndRehydration\Server 2
EX02\MSExchange Front End HTTP Proxy\Core Lowest
EX02\MSExchange RemotePowershell BackendCmdletProxy Module\General Lowest
EX02\MSExchange Error Logging Module\General Lowest
EX02\MSExchange Client Diagnostics Module\General Lowest
EX02\MSExchangeFrontEndTransport\SmtpReceive Lowest
EX02\MSExchangeFrontEndTransport\SmtpSend Lowest
EX02\MSExchangeFrontEndTransport\DSN Lowest
EX02\MSExchangeFrontEndTransport\Routing Lowest
EX02\MSExchangeFrontEndTransport\Logging Lowest
EX02\MSExchangeFrontEndTransport\Components Lowest
EX02\MSExchangeFrontEndTransport\RemoteDelivery Lowest
EX02\MSExchangeFrontEndTransport\Pickup Lowest
EX02\MSExchangeFrontEndTransport\Categorizer Lowest
EX02\MSExchangeFrontEndTransport\PoisonMessage Lowest
EX02\MSExchangeFrontEndTransport\MessageSecurity Lowest
EX02\MSExchangeFrontEndTransport\TransportService Lowest
EX02\MSExchangeFrontEndTransport\Exch50 Lowest
EX02\MSExchangeFrontEndTransport\Process Lowest
EX02\MSExchangeFrontEndTransport\ResourceManager Lowest
EX02\MSExchangeFrontEndTransport\Configuration Lowest
EX02\MSExchangeFrontEndTransport\Storage Lowest
EX02\MSExchangeFrontEndTransport\Agents Lowest
EX02\MSExchangeFrontEndTransport\Transport Address Book Lowest
EX02\MSExchangeFrontEndTransport\Orar Lowest
EX02\MSExchangeFrontEndTransport\Unused Lowest
EX02\MSExchangeFrontEndTransport\ShadowRedundancy Lowest
EX02\MSExchangeFrontEndTransport\Approval Lowest
EX02\MSExchangeFrontEndTransport\TransportSafetyNet Lowest
EX02\MSExchangeFrontEndTransport\TransportTenantAttribution Lowest

Enable / Disable Windows Photoviewer in Windows 10

 

To enable / disable Windows Photoviewer in Windows 10

Use the .reg files below.

 

Enable

 

Windows Registry Editor Version 5.00

; Enable Windows Photoviewer in Win 10

[HKEY_CLASSES_ROOT\Applications\photoviewer.dll]

[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell]

[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\open]
“MuiVerb”=”@photoviewer.dll,-3043”

[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
00,31,00,00,00

[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\open\DropTarget]
“Clsid”=”{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}”

[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\print]

[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\print\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
00,31,00,00,00

[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\print\DropTarget]
“Clsid”=”{60fd46de-f830-4894-a628-6fa81bc0190d}”

 

Disable

 

Windows Registry Editor Version 5.00

; Disable Windows Photoviewer in Win 10

[-HKEY_CLASSES_ROOT\Applications\photoviewer.dll]

 

Save the file as a .reg file.  Double click it.

image

Select Yes

image

Select Yes

image

Click OK

image

Right click an image file, select Open With –> Choose another app

image

Select More apps

image

Select Windows Photo Viewer, and tick Always use this app to open this type of file, and click Ok.

image

Powershell if file does not exist

Small gotcha that caught me recently, I needed to do a test-path but action if a file did NOT exist, and I had trouble getting it to work first go, so I’m writing this here:

$FileToCheck="c:\windows\system32\notepad.exe"
## check file exists
if (!(Test-Path $FileToCheck))
{
     throw "$FileToCheck not found"
}

This will throw the exception if the file can not be found.

Batch converting video combining FFMpeg and Powershell

I had a bunch of MKV files that I needed to convert to mp4.  I don’t have any fancy video editing software, and found that a program called ffmpeg exists, which is a command line tool that will do this.  Once I verified that it would do what I wanted, I decided to write a powershell script that will do the work for me, which you can find here.

You will need to download and install ffmpeg and run the script.  I have defaulted ffmpeg to “c:\program files\ffmpeg\ffmpeg.exe” as this seems like the logical place for me.

If you have any comments, or ideas on how to improve, please let me know in the comments below.

Disable Office 2016 typing animation

To disable the office 2016 typing animation, navigate to:

HKCU\Software\Microsoft\Office\16.0\Common

Create a new Key called Graphics

In the Graphics key, create a new DWORD 32 bit value for DisableAnimations

Set a value of 1.  Log out and back in and the animations should no longer be active.

Install netdata on C.H.I.P (or a raspberry PI)

 
Netdata details: https://github.com/firehol/netdata/wiki

Requirements:
C.H.I.P: http://anonit.blogspot.com.au/2016/08/installing-chip-headless.html; or
Raspberry PI:  http://anonit.blogspot.com.au/2016/05/headless-install-of-raspbian-jessie.html

Logon to the device using SSH.
Check if CURL is installed by using the command
which curl
if it is not installed then install using sudo apt-get install curl.
Install the full install packages for netdata:
curl -Ss ‘https://raw.githubusercontent.com/firehol/netdata-demo-site/master/install-required-packages.sh’ >/tmp/kickstart.sh && bash /tmp/kickstart.sh -i netdata-all
(There is a minimum install package that can be used if necessary: curl -Ss ‘https://raw.githubusercontent.com/firehol/netdata-demo-site/master/install-required-packages.sh’ >/tmp/kickstart.sh && bash /tmp/kickstart.sh -i netdata)
Download the netdata installer:
git clone https://github.com/firehol/netdata.git –depth=1
go into the netdata folder:
cd netdata
install netdata:
sudo ./netdata-installer.sh
Once installed, you can access the website on %IPADDRESS%:19999
to update, go into the netdata folder:
cd netdata
and run the updater:
sudo ./netdata-updater.sh
references:  https://github.com/firehol/netdata/wiki/Installation

Installing Pi-hole on a C.H.I.P

Requirements: C.H.I.P configured as: http://anonit.blogspot.com.au/2016/08/installing-chip-headless.html, with a static IP address

Type the command
sudo cp /etc/resolv.conf resolv.conf.bak
sudo nano /etc/resolv.conf

Edit the nameserver to have the DNS forwader settings of your choice.

Save and Exit Nano.

Install curl using the command

sudo apt-get –y install curl

Download and install pi-hole:
wget –O basic-install.sh https://install.pi-hole.net
chmod +x basic-install.sh
./basic-install.sh

Press OK

You should donate (I did!).  Press OK

Chose wlan0 and press OK (wlan1 is bluetooth)

Choose IPv4, IPv6 or both and press OK

If the IP address is correct, select YES

If the IP address you have assigned the CHIP is within the DHCP range of your DHCP Server or router, you may need to exclude this IP address, or modify the range.
Click OK

Select the DNS servers to use as forwarders.  If you are not sure, choose Google, and select OK.

Once the install is complete, press OK

You can add additional block lists by doing the following:
sudo cp /etc/pihole/adlists.default /etc/pihole/adlists.list
sudo nano /etc/pihole/adlists.list

Add the bottom to the file (or add your own)

##############
# Additional #
##############
#easylist
https://easylist.to/easylist/easylist.txt
https://easylist-downloads.adblockplus.org/easyprivacy.txt
#malwaredomains
http://www.malwaredomainlist.com/hostslist/hosts.txt
http://mirror1.malwaredomains.com/files/justdomains
#Peter Lowes Ad Server List
https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=1&mimetype=plaintext
#Ublock Filters
https://github.com/gorhill/uBlock/blob/master/assets/ublock/filters.txt
https://github.com/gorhill/uBlock/blob/master/assets/ublock/badware.txt
https://github.com/gorhill/uBlock/blob/master/assets/ublock/privacy.txt
https://github.com/gorhill/uBlock/blob/master/assets/ublock/unbreak.txt
Reboot the chip with
sudo reboot

Change the DNS on your computer / or router to point to the IP address of the chip.  In a Window DNS environment, change the DNS forwarders

You can check the status and modify the blocklist / whitelist by navigating to:
http://nnn.nnn.nnn.nnn/admin/

References:
https://github.com/pi-hole/pi-hole
http://jacobsalmela.com/network-wide-hardware-ad-blocking-9-chip-hole/