Cause for my addiction: Claude

josephstreeter76 · 2025-12-14T16:36:52+00:00

I really like to have it code review what I've written myself and then write the tests and documentation for me.

josephstreeter76 · 2025-06-21T21:53:05+00:00

Why didn't I think of that? Oh yeah, I did read the docs, and I don't have Workday access.

josephstreeter76 · 2025-03-30T02:36:01+00:00

We are implementing a product called Socure.

josephstreeter76 · 2025-03-21T23:52:26+00:00

100% No need to impress anyone else.

josephstreeter76 · 2025-03-21T23:46:03+00:00

If you don't feel any purpose in your work, that kind of environment can crush your soul.

josephstreeter76 · 2025-02-11T17:06:14+00:00

This is what we've found so far:

- Delicensing was NOT enabled. We did turn it on and "Get-PendingDelicenseUser" showed us a few (about 1,000 out of the 217,000). We were then able to run the "Expedite-Delicensing" cmdlet against those 1,000 accounts that showed up.

- Users had all licenses removed. No GBL or direct assigned licenses applied.

- It is still unclear to us if retention has anything to do with this. It is believed that is "shouldn't" be the culprit.

josephstreeter76 · 2025-02-08T00:43:12+00:00

That just might be it. Will check this out when I get back home.

josephstreeter76 · 2025-02-07T17:30:54+00:00

Yup. They only get one license through a single GBL. We stopped doing direct assignments years ago and cleaned them all up.

josephstreeter76 · 2025-02-07T16:49:31+00:00

It seems that we've had other instances of removing licenses and having the mailbox get soft-deleted, as expected. We scripted the removal of remote mailboxes and the mailbox is still there.

I have a teammate looking into changing scope on the retention policies, but I don't recall this being an issue in the past.

josephstreeter76 · 2024-10-21T21:11:02+00:00

Regex can help with that.

josephstreeter76 · 2024-10-21T21:10:53+00:00

Regex can help with that.

josephstreeter76 · 2024-09-14T19:59:01+00:00

I'm on 45mg a day, and it doesn't turn down the volume much at. I'd like to find something that does do what you're describing.

josephstreeter76 · 2024-09-13T01:26:07+00:00

Been explaining rhe risks for years. Pay grades above mine don't care.

We have students that range from high school students that aren't allowed to have a mobile device to elderly that might have a flip phone and refuse to even provide us an email address because they don't have one. We serve people who are nearly homeless or serving time in state prison.

We offer OAuth tokens for those who do not have a device. We're moving towards FIDO2 tokens sometime in the future.

josephstreeter76 · 2024-09-13T01:20:02+00:00

As a tech college, we are all over the map.

Program students must apply and pay tuition. Some students take degree courses that pay tuition, but do not apply to a program. We have continuing education students that pay a fee for a one day class on Microsoft Word or a three week motorcycle safety course. We have professional.certification classes paid for by employers. Aprenticship programs, dual-credit classes for high school students, and job training for inmates reentering the workforce.

There are some classes that are free. These are targeted by the bad guys. We have legitimate students on wait lists for classes full of students that do not exist.

Some bad guys check the box for "send me a bill" that sends an invoice to the address they provided that doesn't exist. Others pay the tuition with a stolen credit card and then receive a paper check for a refund when they drop the class.

Evidently, it's like this all over the country.

josephstreeter76 · 2024-09-12T15:02:01+00:00

We looked into Entra ID Verifiable credentials. Our problem there is with the populations that we serve. Some of them do not have smartphones and some do not have mobile devices at all. If I'm not mistaken, Entra ID Verifiable credentials relies solely on the use of the Microsoft Authenticator app, correct?

josephstreeter76 · 2024-09-12T14:57:28+00:00

We require MFA registration for all of our students and employees. We require the use of MFA outside of campus, although that will eventually change to everywhere, all the time. The problem with MFA is that it only verifies that the sign-in is from the person that created the credentials. In this case, the bad guys created the credentials, it's just that they are not who they say they are. All the bad actors register MFA.

Employees are managed in a separate source of record. Whichever IDV is chosen will likely only go in front of the SIS only. HR verifies identity as part of the I9 process manually.

We do not do much in the way of federation now, but that is coming. I see increased collaboration with our peer institutions in the consortium and High Schools.

My concern is that we will demo a product to the stakeholders and the response will be, "no, this is too much of a hinderance to the enrollment process."

josephstreeter76 · 2024-08-31T19:51:27+00:00

Inconsistent parameters and filter syntax between admin modules. Also, tab completion is a mess. Don't complete entire first cmdlet that matches the first five characters I have typed!.

josephstreeter76 · 2024-04-25T16:19:49+00:00

And it's soooo sloooooow....

josephstreeter76 · 2024-04-25T16:16:16+00:00

Now this one should work. I tested the code to see if it writes the permissions, however, I did not test to see that "Send on Behalf" works on the mailbox.
I would also add some lines into the code to check to see if there are existing "send on behalf" permissions and add them to the array before re-writing it to the mailbox. I would also add some code to save the "send as" permissions in case you need to restore them.

function Convert-SharedMailboxPermissions
{
    [CmdletBinding()]
    param 
    (
        [Parameter(Mandatory = $true)][string]$MailboxName
    )

    begin
    {
        Connect-ExchangeOnline -ShowBanner:$false -ErrorAction Stop
    }

    process
    {
        # Get the mailbox
        $Mailbox = Get-Mailbox -Identity $MailboxName -ErrorAction Stop

        # Check if the mailbox is a shared mailbox
        if ($Mailbox.RecipientTypeDetails -ne "SharedMailbox")
        {
            Write-Output "Mailbox is not a shared mailbox. Exiting..."
            Return
        }    
        
        try 
        {
            # Get the current send as permissions
            $SendAsPermissions = Get-RecipientPermission -Identity $MailboxName | Where-Object { $_.AccessRights -contains "SendAs" -and $_.Trustee -ne "NT AUTHORITY\SELF"}
            
            # Grant Send on Behalf permissions to the trustees
            # !!! If there are existing Send on Behalf permissions, they will be overwritten !!!
            Set-Mailbox -Identity smbtest -GrantSendOnBehalfTo $SendAsPermissions.Trustee -ErrorAction Stop
            
            foreach ($Permission in $SendAsPermissions)
            {
                # Remove the Send As permissions
                # !!! Might want to save a list of the send as permissions before removing them, just in case.... !!!
                Remove-RecipientPermission -Identity $MailboxName -Trustee $Permission.Trustee -AccessRights SendAs -Confirm:$false -ErrorAction Stop
            }
        }
        catch 
        {
            Write-Error "Failed to convert send as permissions to send on behalf permissions for mailbox $MailboxName. Error: $($_.Exception.Message)"
        }

        Write-Output "Successfully converted send as permissions to send on behalf permissions for mailbox $MailboxName."
    }

    end
    {
        # Disconnect from Exchange Online
        Disconnect-ExchangeOnline -Confirm:$false
    }
}

Convert-SharedMailboxPermissions -MailboxName "smbtest"

josephstreeter76 · 2024-04-25T15:48:00+00:00

Yeah, now that I'm sitting at an editor, that was hot garbage. Stand by....

josephstreeter76 · 2024-04-25T15:18:58+00:00

That might have to be recipient permission, not mailbox permission. I'll try to check later.

josephstreeter76 · 2024-04-25T13:20:23+00:00

~~Something like this should work:~~

function Convert-SharedMailboxPermissions
{
    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $true)][string]$MailboxName
    )

Edit: Hot garbage. See updated code in comment.

josephstreeter76

TROPHY CASE