Delete declined updates in WSUS

We have all seen poorly maintained WSUS servers.  This script can assist by deleting declined updates.  Combine this with a number of other methods of housekeeping on WSUS servers.

Additionally using the script we can see all the objects returned by the command $wsus.getupdates() | get-member | select name

Name
----
AcceptLicenseAgreement
Approve
ApproveForOptionalInstall
CancelDownload
CreateObjRef
Decline
Equals
ExpirePackage
ExportPackageMetadata
GetChangesFromPreviousRevision
GetHashCode
GetInstallableItems
GetLicenseAgreement
GetLifetimeService
GetRelatedUpdates
GetSummary
GetSummaryForComputerTargetGroup
GetSummaryPerComputerTargetGroup
GetSupportedUpdateLanguages
GetType
GetUpdateApprovals
GetUpdateCategories
GetUpdateClassification
GetUpdateEventHistory
GetUpdateInstallationInfoPerComputerTarget
InitializeLifetimeService
PurgeAssociatedReportingEvents
Refresh
RefreshUpdateApprovals
ResumeDownload
ToString
AdditionalInformationUrls
ArrivalDate
CompanyTitles
CreationDate
DefaultPropertiesLanguage
Description
HasEarlierRevision
HasLicenseAgreement
HasStaleUpdateApprovals
HasSupersededUpdates
Id
InstallationBehavior
IsApproved
IsBeta
IsDeclined
IsEditable
IsLatestRevision
IsSuperseded
IsWsusInfrastructureUpdate
KnowledgebaseArticles
LegacyName
MsrcSeverity
ProductFamilyTitles
ProductTitles
PublicationState
ReleaseNotes
RequiresLicenseAgreementAcceptance
SecurityBulletins
Size
State
Title
UninstallationBehavior
UpdateClassificationTitle
UpdateServer
UpdateSource
UpdateType

Quick start guide for cloning and committing a repo using Github for Windows and TFS

 

Create the project in TFS

Create a directory:  md d:\githubrepo\sitename

Navigate into directory:  cd /d d:\githubrepo\sitename

Clone the repo:  git clone http://TFSSite:8443/tfs/DefaultCollection/_git/sitename

Create files as required

Add the files into the repo:  git add .

Commit changes:  git commit

use nano (or vi / vim / notepad / vscode as required) to add comments

Push changes to master:  git push

Setting up a pop3s mail server at Server Mule

 

I had a VPS at Server Mule (www.servermule.com.au) and wanted to setup a pop3 mail server.  I will configure a catchall account to get all email, and include DNSBL to prevent spam.

Begin my provisioning the server at Server Mule.

Setup the firewall at server mule:

Allow inbound 22 tcp from your IP address

Allow inbound 80, 443, 995, 587 and 25 tcp from all

Set the default rule to block

Save the firewall

Apply the firewall

2017-08-25 09_27_46-Console Home - ServerMule

Logon to the server via SSH

apt-get -y remove apt-listchanges

To generate the SSL certificate using certbot, we need to edit /etc/apt/sources.list and add

deb http://ftp.debian.org/debian jessie-backports main

Run the command apt-get update && apt-get -y upgrade

Change the timezone by the command dpkg-reconfigure tzdata

install the required packages:

apt-get -y install certbot -t jessie-backports

apt-get -y install postfix dovecot-core dovecot-pop3d dovecot-lmtpd mailutils

During the postfix install, select Internet site and enter your domain name (not FQDN)

postfixInternetSite

postfixDomainName

Stop postfix while being configured: postfix stop

Backup /etc/postfix/master.cf

cp /etc/postfix/master.cf /etc/postfix/master.cf.old

edit /etc/postfix/master.cf

uncomment “submission inet n – – – – smtpd”

Under submission, uncomment “-o smtpd_sasl_auth_enable=yes”

Under submission, add “-o smtpd_sasl_auth_only=yes”, “-o smtpd_sasl_type=dovecot”, and “-o smtpd_sasl_path=private/auth”

Generate the SSL certificate using the command certbot certonly

Choose the options standalone, enter a valid email address, and agree to the terms and conditions.  Enter your fully qualified domain name (not just domain name).

certbot1

certbot2

certbot3

Take note of the location of the certificate

certbot4

Backup /etc/postfix/main.cf

cp /etc/postfix/main.cf /etc/postfix/main.cf.old

edit /etc/postfix/main.cf

Add the following to enable SSL, ensuring you modify the directory location to the one indciated from the steps above

smtpd_tls_cert_file = /etc/letsencrypt/live/mail5.anonit.net/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail5.anonit.net/privkey.pem
smtpd_tls_security_level = may
smtp_tls_security_level = may

 

Edit the mydestination line so it is blank

mydestination=

Ensure the “myhostname” section is the FQDN

Comment out the following lines if they exist by putting a hash as the first character:

smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

 

Backup /etc/dovecot/dovecot.conf

cp /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.old

Add the following to enable pop3s, again modifying the directory the certificate location noted above.

service pop3-login {
inet_listener pop3 {
port = 0
}
inet_listener pop3s {
port = 995
}
}

ssl = required
ssl_cert = </etc/letsencrypt/live/mail5.anonit.net/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail5.anonit.net/privkey.pem

 

Restart postfix and dovecot

service postfix restart && service dovecot restart

Test SSL connections locally

openssl s_client -starttls smtp -connect mail5.anonit.net:587
openssl s_client -connect mail5.anonit.net:995

Both tests should return “Verify return code: 0 (ok)”

You may need to CTRL-C from the pop3s test (2nd command)

openssltest1

openssltest2

Test external access to port 25.

Run an open relay test http://www.mailradar.com/openrelay/

 

Create a user vmail that will own all virtual mailboxes:

groupadd -g 2000 vmail
useradd -g vmail -u 2000 vmail -d /var/vmail -m

Edit /etc/dovecot/dovecot.conf

Add the following

auth_mechanisms = plain login
disable_plaintext_auth = yes

service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
user = postfix
mode = 0666
}
}
mail_location = maildir:/var/vmail/%d/%n
passdb {
driver = passwd-file
args = scheme=CRYPT username_format=%u /etc/dovecot/userdb-file
}
userdb {
driver = static
args = uid=vmail gid=vmail home=/var/vmail/%d/%n
}

 

Create the user account for pop3

doveadm pw -s SHA512-CRYPT

Enter a password and take not of the hash provided

Create a new file /etc/dovecot/userdb-file and enter the hash provided by the previous command, in the format:

EmailAddress:HASH

EG:

anonit@anonit.net:{SHA512-CRYPT}$6$dFyP5PncotyXGmMU$IVZ3moV3YduogGXURiaCDWy5GeESfnxC453aMz4yzdBBXA6lvjmnKZFBNLTkcI8LNVHScODAh9K4ch.cun2UZ1

 

Add to  /etc/postfix/main.cf

virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_mailbox_domains = $mydomain
virtual_alias_maps = hash:/etc/postfix/virtual_aliases

Create a file /etc/postfix/virtual_aliases and add

@anonit.net         anonit
postmaster          root
webmaster           root
info                root
abuse               root
# redirect to the user that should get root’s mails
root                anonit

The first line should be the catch all domain, and the account to deliver to.

Update postfix config and restart postfix

postmap /etc/postfix/virtual_aliases
service postfix restart

 

Modify /etc/dovecot/dovecot.conf to enable local mail delivery and add

service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
mode = 0666
user = postfix
group = postfix
}
}
protocol lmtp {
postmaster_address =
anonit@anonit.net
}

Create a new SSH session to the server, and view mail.log by the following command

tail -f /var/log/mail.log

In the original session, run the commands and check the logs for errors:

service postfix restart

service dovecot restart

echo test | mail anonit@anonit.net

Perform another open relay test http://www.mailradar.com/openrelay/

Test that local delivery and remote delivery works.

You should be able to view the emails in /var/vmail/domainname/user/new

EG:

incomingEmail

 

Add the DNSBL, edit /etc/postfix/main.cf

smtpd_recipient_restrictions =
reject_rbl_client zen.spamhaus.org,
reject_rbl_client dnsbl.sorbs.net
permit

References

https://www.servermule.com.au/help/servermule-articles/how-do-configure-my-servermule-firewall/
http://www.almost-working.com/how-to-setup-a-mail-server-on-debian-8-jessie-using-postfix-dovecot-and-lmtp/
http://www.almost-working.com/foundational-setup-on-a-debian-8-7-jessie-virtual-server/
https://www.faqforge.com/linux/how-to-enable-port-587-submission-in-postfix/
https://certbot.eff.org/#debianjessie-nginx
https://stackoverflow.com/questions/18377813/postfix-status-bounced-unknown-user-myuser
https://tecadmin.net/setup-catch-all-email-account-in-postfix/#
http://www.iredmail.org/docs/enable.dnsbl.html
https://serverfault.com/questions/474133/configure-postfix-with-a-threshold-for-reject-rbl-client

Prevent apt-get upgrade from showing the change log

I was scheduling an apt-get update && apt-get –y upgrade on a Debian 8 box and the process stopped waiting for keyboard input showing the change logs for CA-Certificates.

it had actually started VI and was displaying a text file.  This would stop the automatic update process.

To prevent this I ran apt-get –y remove apt-listchanges

References:

https://serverfault.com/questions/835303/is-there-a-way-to-make-apt-get-upgrade-not-show-changelogs

Install JDK10 on raspberry pi

install pi – http://anonit.net/headless-install-of-raspbian-jessie/

enable ssh
connect to wifi
change password

sudo apt-get install rpi-update && echo Y | sudo rpi-update
sudo apt-get update && sudo apt-get upgrade -y

(using nano instead of vi)

sudo apt-get install pv
sudo dd if=/dev/zero bs=1M count=1024 | pv | sudo dd of=/var/SWAPFILE
sudo mkswap /var/SWAPFILE
sudo nano /etc/dphys-swapfile

Modify the following lines:

CONF_SWAPFILE=/var/SWAPFILE

CONF_SWAPSIZE=1024

reboot

check the swap file size with

swapon -s
The swap size should be 1048572 (ish)
sudo apt-get install openjdk-9-jdk
sudo apt-get install build-essential libx11-dev libxext-dev libxrender-dev libxtst-dev libxt-dev libcups2-dev libasound2-dev libfontconfig1-dev zip mercurial

hg clone http://hg.openjdk.java.net/jdk/jdk10
(clones the repo – may take some time (30 mins internet dependant))
cd jdk10
bash configure –disable-warnings-as-errors –with-native-debug-symbols=none –with-version-pre=”armhf” –with-version-build=46 –with-version-opt=””
make LOG=cmdlines images
(builds java from source – may take some time (210 mins))
test:
cd jdk10/build/linux-arm-normal-server-release/jdk/
bin/java -version
openjdk version “10-armhf” 2018-03-20
OpenJDK Runtime Environment (build 10-armhf+46)
OpenJDK Server VM (build 10-armhf+46, mixed mode)

 

References: https://blogs.oracle.com/jtc/build-jdk-10-for-your-raspberry-pi-right-on-your-device

 

Connect to Exchange powershell remotely

Connect to Exchange powershell remotely using the following commands

$exchCred=Get-Credential
$exchUri=”
http://servername/powershell”

$exchSession=New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $exchUri -Authentication Kerberos -Credential $exchCred
Import-PSSession $exchSession

$exchCred is the credentials used to connect

$exchUri is the Uri of the Exchange server powershell virtual directory.  EG: http://exchange.anonit.net/powershell

 

To remove the session at the end, use Remove-PSSession $exchSession

 

See the powershell script here

 

Reference:

https://community.spiceworks.com/scripts/show/3956-connect-to-exchange-powershell-remotely

 

TFS fails to install with “Remove elasticsearch-service-x64”

Attempting to do a TFS upgrade, the install was failing with an error: “The following Windows service is installed on your computer: elasticsearch-service-x64. Remove elasticsearch-service-x64 to continue”

I was required to:

Go to the TFS Search directory and remove the search folder.

Stop the elastic search service, and navigate to the program files folder for elastic search (C:\Program Files\Microsoft Team Foundation Server 15.0\Search\ES\elasticsearch-2.4.1\bin)

Run the command service.bat remove to uninstall the Elastic Search service.

Download TFS 2017 for offline use

I was using TFS2017 on a single machine, and needed to transfer it to a new machine.  I performed a backup, installed on the new machine, and attempted to restore my backup.  At this point I found I had not been using the latest version of TFS, and couldn’t restore my backup.

I still had the installer file for the old version I was using, and was able to install, restore and then upgrade.  But this got me thinking.  If I didn’t have the old install files, I’d be in trouble.  So I found a way to download the install files for offline use in the future.

Download the web installer for TFS from https://www.visualstudio.com/tfs/

Run the installer with the following switches: /layout %PATHTOSAVE%

eg:

tfsserver2017.1.exe /layout c:\temp\tfs\installfiles

The installer will begin, and confirm the file location

image

image

image

image

image

Put the install files in a safe place in case you ever need to reinstall and you find you are not on the latest version.

You can also use the /passive switch to bypass the are you sure prompt.

Check out all the switches by using /?

Now off to go find out how to get TFS to tell me that a new update is available!

Enabling Windows Defender definitions in Windows 10 using a metered connection

When connected to a metered connection, Windows 10 won’t download updates.  This includes Windows Defender definitions.

Create a scheduled task to run the following command:

“c:\program files\windows defender\mpcmdrun.exe” –signatureupdate –mmpc

This is to run a signature update from the microsoft malware protection center (eg: Update from the internet).

The scheduled task can run as the user system, whether the user is logged in or not, and must be run with highest privileges.

If you want to test if your task is running correctly, you can run an elevated command prompt, issue the command mpcmdrun.exe -removedefinitions –all and then run the scheduled task.  This initial download may take some time as it will do a full download, not just a dynamic update.

mpcmdrun.exe /? gives the following command line options:

Microsoft Antimalware Service Command Line Utility (c) 2006-2015 Microsoft Corp
Use this tool to automate and troubleshoot Microsoft Antimalware Service

Usage:
MpCmdRun.exe [command] [-options]

Command Description
-? / -h                                    Displays all available options
for this tool
-Scan [-ScanType #] [-File <path> [-DisableRemediation] [-BootSectorScan]]
[-Timeout <days>]
Scans for malicious software
-Trace [-Grouping #] [-Level #]            Starts diagnostic tracing
-GetFiles                                  Collects support information
-RemoveDefinitions [-All]                  Restores the installed
signature definitions
to a previous backup copy or to
the original default set of
signatures
[-DynamicSignatures]    Removes only the dynamically
downloaded signatures
-SignatureUpdate [-UNC | -MMPC]            Checks for new definition updates
-Restore  [-ListAll | [-Name <name>] [-All] [-Path <path>]]  Restore or list
quarantined item(s)
-AddDynamicSignature [-Path]               Loads a dynamic signature
-ListAllDynamicSignatures                  List the loaded dynamic signatures
-RemoveDynamicSignature [-SignatureSetID]  Removes a dynamic signature

Additional Information:

Support information will be in the following directory:
C:\ProgramData\Microsoft\Windows Defender\Support

   -Scan [-ScanType value]
0  Default, according to your configuration
1  Quick scan
2  Full system scan
3  File and directory custom scan

           [-File <path>]
Indicates the file or directory  to be scanned, only valid for custom scan.

           [-DisableRemediation]
This option is valid only for custom scan.
When specified:
– File exclusions are ignored.
– Archive files are scanned.
– Actions are not applied after detection.
– Event log entries are not written after detection.
– Detections from the custom scan are not displayed in the user interface.
– The console output will show the list of detections from the custom scan.

           [-BootSectorScan]
Enables boot sector scanning; only valid for custom scan.

           [-Timeout <days>]
Timeout in days; maximum value is 30.
If this parameter is not specified, default value is 7 days for full scan and 1 day for all other scans.

      Return code is
0    if no malware is found or malware is successfully remediated and no additional user action is required
2    if malware is found and not remediated or additional user action is required to complete remediation or there is error in scanning.  Please check History for more information.

   -Trace [-Grouping value] [-Level value]
Begins tracing Microsoft Antimalware Service’s actions.
You can specify the components for which tracing is enabled and
how much information is recorded.
If no component is specified, all the components will be logged.
If no level is specified, the Error, Warning and Informational levels
will be logged. The data will be stored in the support directory
as a file having the current timestamp in its name and bearing
the extension BIN.

        [-Grouping]
0x1    Service
0x2    Malware Protection Engine
0x4    User Interface
0x8    Real-Time Protection
0x10   Scheduled actions
0x20   NIS/GAPA

        [-Level]
0x1    Errors
0x2    Warnings
0x4    Informational messages
0x8    Function calls
0x10   Verbose
0x20   Performance

   -GetFiles [-Scan]
Gathers the following log files and packages them together in a
compressed file in the support directory

        – Any trace files from Microsoft Antimalware Service
– The Windows Update history log
– All Microsoft Antimalware Service events from the System event log
– All relevant Microsoft Antimalware Service registry locations
– The log file of this tool
– The log file of the signature update helper tool

        [-Scan]
Scans for unusual files.  The files and results of the scan
will be packaged in the compressed file.

   -RemoveDefinitions
Restores the last set of signature definitions

        [-All]
Removes any installed signature and engine files. Use this
option if you have difficulties trying to update signatures.

        [-DynamicSignatures]
Removes all Dynamic Signatures.

   -SignatureUpdate
Checks for new definition updates

        [-UNC [-Path <path>]]
Performs update directly from UNC file share specified in <path>
If -Path is not specified, update will be performed directly from the
preconfigured UNC location

        [-MMPC]
Performs update directly from Microsoft Malware Protection Center

   -Restore
[-ListAll]
List all items that were quarantined

        [-Name <name>]
Restores the most recently quarantined item based on threat name
One Threat can map to more than one file

        [-All]
Restores all the quarantined items based on name

        [-Path]
Specify the path where the quarantined items will be restored.
If not specified, the item will be restored to the original path.
-AddDynamicSignature -Path <path>
Adds a Dynamic Signature specified by <path>

   -ListAllDynamicSignatures
Lists SignatureSet ID’s of all Dynamic Signatures added to the client
via MAPS and MPCMDRUN -AddDynamicSignature

   -RemoveDynamicSignature -SignatureSetID <SignatureSetID>
Removes a Dynamic Signature specified by <SignatureSetID>

 

References:

http://windowssecrets.com/forums/showthread.php/155034-Updating-Defender-automatically-without-automatic-downloads

Exchange 2013 default event log levels

Identity EventLevel
——– ———-
EX02\MSExchange ActiveSync\Requests Lowest
EX02\MSExchange ActiveSync\Configuration Lowest
EX02\MSExchange Antispam\General Lowest
EX02\MSExchange Assistants\Assistants Lowest
EX02\MSExchange Autodiscover\Core Lowest
EX02\MSExchange Autodiscover\Web Lowest
EX02\MSExchange Autodiscover\Provider Lowest
EX02\MSExchange Availability\Availability Service Lowest
EX02\MSExchange Availability\Availability Service General Lowest
EX02\MSExchange Availability\Availability Service Authentication Lowest
EX02\MSExchange Availability\Availability Service Authorization Lowest
EX02\MSExchange Cluster\Move Lowest
EX02\MSExchange Cluster\Upgrade Lowest
EX02\MSExchange Cluster\Action Lowest
EX02\MSExchange Common\General Lowest
EX02\MSExchange Common\Configuration Lowest
EX02\MSExchange Common\Logging Lowest
EX02\MSExchange RBAC\General Lowest
EX02\MSExchange RBAC\RBAC Low
EX02\MSExchange CmdletLogs\General Lowest
EX02\MSExchange Configuration Cmdlet – Management Console\General Lowest
EX02\MSExchange Configuration Cmdlet – Management Console\RBAC Lowest
EX02\MSExchange Delegated Authentication Module\General Lowest
EX02\MSExchange LiveId Redirection Module\General Lowest
EX02\MSExchange Organization Redirection Module\General Lowest
EX02\MSExchange Certificate Authentication Module\General Lowest
EX02\MSExchange Control Panel\General Lowest
EX02\MSExchange Control Panel\Performance Lowest
EX02\MSExchange Control Panel\Redirect Lowest
EX02\MSExchange Control Panel\Proxy Lowest
EX02\MSExchange Extensibility\Transport Address Book Lowest
EX02\MSExchange Extensibility\MExRuntime Lowest
EX02\MSExchange EdgeSync\Synchronization Lowest
EX02\MSExchange EdgeSync\Topology Lowest
EX02\MSExchange EdgeSync\SyncNow Lowest
EX02\MSExchange TransportService\TransportService Lowest
EX02\MSExchange Web Services\Core Lowest
EX02\MSExchange IMAP4\General Lowest
EX02\MSExchange IMAP4 BE\General Lowest
EX02\MSExchange Messaging Policies\Journaling Lowest
EX02\MSExchange Messaging Policies\AttachFilter Lowest
EX02\MSExchange Messaging Policies\AddressRewrite Lowest
EX02\MSExchange Messaging Policies\Rules Lowest
EX02\MSExchange Messaging Policies\Prelicensing Lowest
EX02\MSExchange Messaging Policies\PolicyApplication Lowest
EX02\MSExchange Messaging Policies\JournalReportDecryption Lowest
EX02\MSExchange Messaging Policies\RightsManagement Lowest
EX02\MSExchange Messaging Policies\TransportDecryption Lowest
EX02\MSExchange Messaging Policies\RedirectionAgent Lowest
EX02\MSExchange Messaging Policies\Information Rights Management Lowest
EX02\MSExchange Anti-spam Update\HygieneUpdate Lowest
EX02\MSExchange Mailbox Replication\Service Lowest
EX02\MSExchange Mailbox Replication\Mailbox Move Lowest
EX02\MSExchange Mid-Tier Storage\Xtc Lowest
EX02\MSExchange Mid-Tier Storage\Audit Lowest
EX02\MSExchange Mid-Tier Storage\Discovery Lowest
EX02\MSExchange Mid-Tier Storage\Information Rights Management Lowest
EX02\MSExchange Mid-Tier Storage\CopyOnWrite Lowest
EX02\MSExchange Mid-Tier Storage\ResourceHealth Lowest
EX02\MSExchange Management Application\Shell Lowest
EX02\MSExchange Management Application\Console Lowest
EX02\MSExchange Management Application\ProvisioningAgent Lowest
EX02\MSExchange Management Application\ComponentInfoBasedTask Lowest
EX02\MSExchange Management Application\AdminAuditLog Lowest
EX02\MSExchange OWA\FormsRegistry Lowest
EX02\MSExchange OWA\Core Lowest
EX02\MSExchange OWA\Configuration Lowest
EX02\MSExchange OWA\Themes Lowest
EX02\MSExchange OWA\SmallIcons Lowest
EX02\MSExchange OWA\Proxy Lowest
EX02\MSExchange OWA\Transcoding Lowest
EX02\MSExchange OWA\ADNotifications Lowest
EX02\MSExchange OWA\InstantMessage Lowest
EX02\MSExchange POP3\General Lowest
EX02\MSExchange POP3 BE\General Lowest
EX02\MSExchange Process Manager\ProcessManager Lowest
EX02\MSExchange Repl\Service Lowest
EX02\MSExchange Repl\Exchange VSS Writer Lowest
EX02\MSExchange ReportingWebService\General Lowest
EX02\MSExchange Topology\Topology Discovery Lowest
EX02\MSExchange Unified Messaging\UMWorkerProcess Lowest
EX02\MSExchange Unified Messaging\UMCore Lowest
EX02\MSExchange Unified Messaging\UMManagement Lowest
EX02\MSExchange Unified Messaging\UMService Lowest
EX02\MSExchange Unified Messaging\UMClientAccess Lowest
EX02\MSExchange Unified Messaging\UMCallData Lowest
EX02\MSExchange Unified Messaging\MWI General Lowest
EX02\MSExchange Unified Messaging\UMCallRouter Lowest
EX02\MSExchange ADAccess\General Lowest
EX02\MSExchange ADAccess\Cache Lowest
EX02\MSExchange ADAccess\Topology Low
EX02\MSExchange ADAccess\Configuration Lowest
EX02\MSExchange ADAccess\LDAP Lowest
EX02\MSExchange ADAccess\Validation Low
EX02\MSExchange ADAccess\Recipient Update Service Lowest
EX02\MSExchange ADAccess\Site Update Lowest
EX02\MSExchange ADAccess\Exchange Topology Lowest
EX02\MSExchange ADAccess\MSERV Lowest
EX02\MSExchange ADAccess\GLS Lowest
EX02\MSExchangeADTopology\General Lowest
EX02\MSExchangeADTopology\Configuration Lowest
EX02\MSExchangeADTopology\Topology Low
EX02\MSExchangeApplicationLogic\TextMessaging Lowest
EX02\MSExchangeApplicationLogic\ServerPicker Lowest
EX02\MSExchangeApplicationLogic\Extension Lowest
EX02\MSExchangeApplicationLogic\E4E Lowest
EX02\MSExchangeApplicationLogic\DiagnosticHandlers Lowest
EX02\MSExchangeIS\General Lowest
EX02\MSExchangeIS\Physical Access Lowest
EX02\MSExchangeIS\Lazy Indexing Lowest
EX02\MSExchangeIS\Logical Data Model Lowest
EX02\MSExchangeIS\Directory Services Lowest
EX02\MSExchangeIS\MAPI Lowest
EX02\MSExchangeIS\High Availability Lowest
EX02\MSExchangeMailboxAssistants\Service Lowest
EX02\MSExchangeMailboxAssistants\OOF Assistant Lowest
EX02\MSExchangeMailboxAssistants\OOF Library Lowest
EX02\MSExchangeMailboxAssistants\Resource Booking Attendant Lowest
EX02\MSExchangeMailboxAssistants\Email_Lifecycle_Assistant Lowest
EX02\MSExchangeMailboxAssistants\Junk Email Options Assistant Lowest
EX02\MSExchangeMailboxAssistants\Conversations Assistant Lowest
EX02\MSExchangeMailboxAssistants\Approval Assistant Lowest
EX02\MSExchangeMailboxAssistants\ELC Library Lowest
EX02\MSExchangeGlobalLocatorCache\General Lowest
EX02\MSExchangeTransport\SmtpReceive Lowest
EX02\MSExchangeTransport\SmtpSend Lowest
EX02\MSExchangeTransport\DSN Lowest
EX02\MSExchangeTransport\Routing Lowest
EX02\MSExchangeTransport\Logging Lowest
EX02\MSExchangeTransport\Components Lowest
EX02\MSExchangeTransport\RemoteDelivery Lowest
EX02\MSExchangeTransport\Pickup Lowest
EX02\MSExchangeTransport\Categorizer Lowest
EX02\MSExchangeTransport\PoisonMessage Lowest
EX02\MSExchangeTransport\MessageSecurity Lowest
EX02\MSExchangeTransport\TransportService Lowest
EX02\MSExchangeTransport\Exch50 Lowest
EX02\MSExchangeTransport\Process Lowest
EX02\MSExchangeTransport\ResourceManager Lowest
EX02\MSExchangeTransport\Configuration Lowest
EX02\MSExchangeTransport\Storage Lowest
EX02\MSExchangeTransport\Agents Lowest
EX02\MSExchangeTransport\Transport Address Book Lowest
EX02\MSExchangeTransport\Orar Lowest
EX02\MSExchangeTransport\Unused Lowest
EX02\MSExchangeTransport\ShadowRedundancy Lowest
EX02\MSExchangeTransport\Approval Lowest
EX02\MSExchangeTransport\TransportSafetyNet Lowest
EX02\MSExchangeTransport\TransportTenantAttribution Lowest
EX02\MSExchangeTransportSyncCommon\General Lowest
EX02\MSExchangeTransportSyncManager\General Lowest
EX02\MSExchangeTransportSyncWorker\General Lowest
EX02\MSExchangeTransportSyncWorkerFramework\General Lowest
EX02\MSExchange OutlookProtectionRules\Outlook Protection Rules Lowest
EX02\MSExchange Provisioning MailboxAssistant\Provisioning Assistant General Lowest
EX02\MSExchangeThrottling\General Lowest
EX02\MSExchangeThrottlingClient\General Lowest
EX02\MSExchange FailFast Module\General Lowest
EX02\MSExchange Store Driver Delivery\MSExchangeStoreDriverDelivery Lowest
EX02\MSExchange Store Driver Delivery\MeetingMessageProcessing Lowest
EX02\MSExchange Store Driver Delivery\OofHistory Lowest
EX02\MSExchange Store Driver Delivery\Approval Lowest
EX02\MSExchange Store Driver Delivery\UnifiedMessaging Lowest
EX02\MSExchange Store Driver Submission\MSExchangeStoreDriverSubmission Lowest
EX02\MSExchangeSubmission\MSExchangeSubmission Lowest
EX02\MSExchange Antimalware\General Lowest
EX02\MSExchange Antimalware\Init Lowest
EX02\MSExchange Antimalware\ScanResults Lowest
EX02\MSExchange Antimalware\ScanError Lowest
EX02\MSExchange OAuth\Requests Lowest
EX02\MSExchange OAuth\Configuration Low
EX02\MSExchange OAuth\Server 2
EX02\MSExchange BackEndRehydration\Requests Lowest
EX02\MSExchange BackEndRehydration\Configuration Low
EX02\MSExchange BackEndRehydration\Server 2
EX02\MSExchange Front End HTTP Proxy\Core Lowest
EX02\MSExchange RemotePowershell BackendCmdletProxy Module\General Lowest
EX02\MSExchange Error Logging Module\General Lowest
EX02\MSExchange Client Diagnostics Module\General Lowest
EX02\MSExchangeFrontEndTransport\SmtpReceive Lowest
EX02\MSExchangeFrontEndTransport\SmtpSend Lowest
EX02\MSExchangeFrontEndTransport\DSN Lowest
EX02\MSExchangeFrontEndTransport\Routing Lowest
EX02\MSExchangeFrontEndTransport\Logging Lowest
EX02\MSExchangeFrontEndTransport\Components Lowest
EX02\MSExchangeFrontEndTransport\RemoteDelivery Lowest
EX02\MSExchangeFrontEndTransport\Pickup Lowest
EX02\MSExchangeFrontEndTransport\Categorizer Lowest
EX02\MSExchangeFrontEndTransport\PoisonMessage Lowest
EX02\MSExchangeFrontEndTransport\MessageSecurity Lowest
EX02\MSExchangeFrontEndTransport\TransportService Lowest
EX02\MSExchangeFrontEndTransport\Exch50 Lowest
EX02\MSExchangeFrontEndTransport\Process Lowest
EX02\MSExchangeFrontEndTransport\ResourceManager Lowest
EX02\MSExchangeFrontEndTransport\Configuration Lowest
EX02\MSExchangeFrontEndTransport\Storage Lowest
EX02\MSExchangeFrontEndTransport\Agents Lowest
EX02\MSExchangeFrontEndTransport\Transport Address Book Lowest
EX02\MSExchangeFrontEndTransport\Orar Lowest
EX02\MSExchangeFrontEndTransport\Unused Lowest
EX02\MSExchangeFrontEndTransport\ShadowRedundancy Lowest
EX02\MSExchangeFrontEndTransport\Approval Lowest
EX02\MSExchangeFrontEndTransport\TransportSafetyNet Lowest
EX02\MSExchangeFrontEndTransport\TransportTenantAttribution Lowest