November 2014 – Stephen Hirst

While looking into migrating mailboxes between completely separate Exchange systems I could not find a simple approach to moving mailbox rules for an Exchange 2007 system. Exchange mailbox rules appear to only be accessible through Exchange Web Services from Exchange 2010 onwards.

The only approach I’ve found is to script outlook to make the changes, see http://blogs.technet.com/b/heyscriptingguy/archive/2009/12/16/hey-scripting-guy-december-16-2009.aspx

The code from the article is:

#Requires -version 2.0
Add-Type -AssemblyName microsoft.office.interop.outlook 
$olFolders = "Microsoft.Office.Interop.Outlook.OlDefaultFolders" -as [type]
$olRuleType = "Microsoft.Office.Interop.Outlook.OlRuleType" -as [type]
$outlook = New-Object -ComObject outlook.application
$namespace  = $Outlook.GetNameSpace("mapi")
$inbox = $namespace.getDefaultFolder($olFolders::olFolderInbox)
$MoveTarget = $inbox.Folders.item("FromBob")
$rules = $outlook.session.DefaultStore.GetRules()
$rule = $rules.Create("MyNewRule",$olRuleType::OlRuleReceive)
$FromCondition = $rule.Conditions.From
$FromCondition.Enabled = $true
$FromCondition.Recipients.Add("bob")
$fromCondition.Recipients.ResolveAll()
$MoveRuleAction = $rule.actions.MoveToFolder
$MoveRuleAction.Folder = $Movetarget
$MoveRuleAction.Enabled = $true
$rules.Save()

General

Smart card tools and Debugging (2007) https://blogs.msdn.microsoft.com/shivaram/2007/02/26/smart-card-tools-and-debugging/

Certutil (Windows Server 2012/R2

Deleting old smart card keys

certutil –delkey –csp "Microsoft Base Smart Card Crypto Provider" KeyContainerName
certutil –key –csp "Microsoft Base Smart Card Crypto Provider"
certutil –scinfo

Use virtual smart cards

Certificate stores for Smart card logon

Saving a pfx file to a smart card http://www.mysmartlogon.com/knowledge-base/save-pfxp12-file-smart-card/

Get smart card crypto provider, usually “Microsoft Base Smart Card Crypto Provider”:

HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Calais\SmartCards

Enable import

HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Smart Card Crypto Provider\AllowPrivateExchangeKeyImport=DWORD:0x1
HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Smart Card Crypto Provider\AllowPrivateSignatureKeyImport=DWORD:0x1

Import certificate

certutil –csp “Microsoft Base Smart Card Crypto Provider” –importpfx foo.pfx

Smart cards and BitLocker

BitLocker configuration with SafeNet Smart Card (Windows 7)

Book excerpt

Using Smart Cards with BitLocker (Windows 7)

SmartCard certificates with BitLocker

The process I use to create a BitLocker certificate on a smart card is the following:

Create an openssl extensions file for the required attributes. TechNet provides the details here.
Create an RSA key and self signed x509 certificate using the attribute file. Backup your private key (and certificate).
Create a pfx file from the key and certificate.
Update the registry to allow saving of pfx files to the smart card: HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Smart Card Crypto Provider\AllowPrivateExchangeKeyImport=DWORD:0x1 (see this TechNet blog)
Import the key: certutil –csp “Microsoft Base Smart Card Crypto Provider” –importpfx {PFXfile}
On the system where the BitLocker drive it to be initialised allow Self Signed Certs: HKLM\Software\Policies\Microsoft\FVE\SelfSignedCertificates=DWORD:0x01 (see the TechNet article)and modify the BitLocker policies to allow the use of smart cards on the drive.

Using openssl to create a bitlocker certificate:

# openssl req -new -x509 -out BitlockerAndEFS.cer -keyout BitlockerAndEFS.key -config BitlockerAndEFS.conf -extensions req_extensions -days 1000

[default]

default_bits = 2048
encrypt_key = yes
distinguished_name = subject
req_extensions = req_extensions
prompt=no

[req_extensions]

keyUsage=keyEncipherment, dataEncipherment, keyAgreement
extendedKeyUsage=1.3.6.1.4.1.311.10.3.4, 1.3.6.1.4.1.311.67.1.1

[subject]

CN=Bitlocker and EFS