O365GroupSync v0.37 is out!

Version 0.37 is out, changes:

  • AD group selection filter
  • Automatic version check
  • Replaced Compare-Object to increase performance
  • Replaced searchExO function to increase performance loading groups from O365
  • Enhanced ExO caching (100+x faster)
  • Optionally ignore disabled accounts (parameter)
  • Categorised logging (| seperator in logfile)
  • Bugfixes

Get it here

Let us extend Intune MDM msi enrollment!

So, a while back Intune got the ability to deploy native MSI’s to MDM enrolled Windows 8.1 and Windows 10 clients. No Intune client is required, which gives a really awesome out of the box experience.

However, we can only deploy single MSI’s, and we can’t patch them with MSP’s, or deploy installers that are only available as .exe.

To spare us having to repackage them, please vote on my uservoice idea to extend MDM enrollment in Intune.

New-DlpComplianceRule usage / example

I was messing around a little with Office 365 Compliance settings using Powershell, as I’d like to configure a large number of tenants with certain Data Loss Prevention (DLP) rules based on sensitive data in Sharepoint Online, Onedrive for Business and  Exchange Online.

I then noticed that it wasn’t possible to use New-DlpComplianceRule in conjunction with predefined or custom sensitive data types, my code + error:

New-DlpComplianceRule -Name "SocialSecurityRule" -Policy "JosLTest" -ContentContainsSensitiveInformatio
n @{Name="Credit Card Number"; minCount="2"} -BlockAccess $True
The value specified in sensitive information is invalid.
+ CategoryInfo : NotSpecified: (:) [New-DlpComplianceRule], InvalidContentC...mationException
+ FullyQualifiedErrorId : [Server=DB5EUR01WS007,RequestId=4a19a0bd-abea-4e06-9dc1-47fc35be9d63,TimeStamp=16-11-201
6 12:02:24] [FailureCategory=Cmdlet-InvalidContentContainsSensitiveInformationException] D7D004DA,Microsoft.Office
+ PSComputerName : eur01b.ps.compliance.protection.outlook.com

Fun thing is, this is actually exactly as Technet shows how it should be done.

So I called support, apparently this is a bug. So, for now, if you want to create a DLP compliance policy and rule, follow this example: Continue reading New-DlpComplianceRule usage / example

Running OnedriveMapper from a shortcut

In some cases, your users might not want to use OnedriveMapper as a logon script, but want to manually start it, or both.

Powershell execution policy, and generally the complexity involved for most users in starting scripts can be avoided by building a ‘smart’ shortcut to the script with the following line as the ‘target’:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle Hidden -ExecutionPolicy ByPass -File “C:\Program Files (x86)\Lieben.nu\OnedriveMapper\OnedriveMapper_v2.45.ps1”

Obviously you’ll have to modify the path used there 🙂

How to start a “Trigger Start” windows service with Powershell without elevation / admin rights

Some Windows services can be triggered to start at certain events. These services have ‘Tigger Start’ in their startup name behind whatever you configured (like Manual).

Powershell does not have a native method to register the type of event that triggers such a service, C++ and C# do…..and Powershell can natively run C#.

To trigger a service, you’ll need its guid first:

run sc triggerinfo <SERVICENAME>

This will give you a GUID, for example for the WebClient service:


You can then use this GUID in the following script to trigger your service from Powershell 🙂 Continue reading How to start a “Trigger Start” windows service with Powershell without elevation / admin rights

OnedriveMapper v2.45 released!

Version 2.45 of OneDriveMapper has been released!

  • Better Sharepoint Online cookie generation to avoid error 224 when on a slow internet connection
  • bugfix in username selection when using ForceUsername
  • slightly more tolerant ADJoin SSO detection
  • now adds appropriate websites as wildcard to trusted sites list (when not being forced by a gpo)

Get the new version here