1. Log into your Office 365 organization with an Admin account.
2. Click on the Admin in the upper right hand corner and select Exchange.  Go to Mail Flow on the left, make sure you are on Rules
3. Click the + to Create New Rule.  Name it Block EXE or something you’ll understand
4. Click the More Options… link.
5. In the Apply this rule if… drop down select Any attachment has executable content
6. In the Do the following… drop down select Block the message -> Reject the message with the explanation… and type in Attachment contains an executable.  This will trigger a Transport Rule response to the sender with that explanation.
7. Leave the Audit this rule with severity level: checked drop down as is (Not specified).
8. Choose a mode for this rule: radio button should be on Enforce.
9. Now click Save.  and you should see the rule detail on the right.

If you want to stop Office 365 passwords from expiring and / or you want to eliminate the password complexity requirements you must use PowerShell as these changes are not permitted through the Office 365 admin pages

1. Download the Office 365 Online Services Module here
   https://support.office.com/en-ca/article/Windows-PowerShell-cmdlets-for-Office-365-06a743bb-ceb6-49a9-a61d-db4ffdf54fa6 and install it
2. Start the module (click the START BUTTON and type MODULE and select
   Windows Azure Active Directory Module for Windows PowerShell
   and be sure to right click and RUN AS ADMINISTRATOR
3. Connect to your Office 365 using:
   Connect-MsolService
4. Enter your Office365 username and password at the prompt
5. Set all Office365 passwords to never expire using:
   Get-MsolUser | Set-MsolUser -PasswordNeverExpires $True
6. Set all Office 365 passwords to not have any complexity requirements:
   Get-MsolUser | Set-MsolUser -StrongPasswordRequired $false
7. Enjoy not having insane password requirements!

If you want to confirm the results use:

1. Get-MSOLUser | Select UserPrincipalName, PasswordNeverExpires
2. Get-MSOLUser | Select UserPrincipalName, StrongPasswordRequired

HTML signatures in Outlook 2013 or Outlook 365 no longer convert and embed pictures. Instead, a URL to the picture source is used.  The result is, though all looks well when composing a message, the recipient won’t see the picture unless it is online somewhere and available via a standard URL.  Locally stored and referenced pictures will not be visible because, to the recipient, a reference to the sender’s C drive means nothing.

To revert to the behavior of previous versions of Outlook, where images are converted and sent with the message, add the following registry key:

Key: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Options\Mail
Value type: REG_DWORD
Value name; Send Pictures With Document
Value: 1

1. Log into the server and press Windows key + R then type MMC.exe.
2. Click on File > Add/Remove Snap-in > click on Group Policy Object > Add> Finish > OK.
3. Double click on Local Computer Policy > double click on Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections.
4. Limit Number of Connections = 999999.
5. Restrict Remote Desktop Services users to a single Remote Desktop Services session = DISABLED.

When your computer boots up, the desktop looks different with some icons missing.  If Winidows has any trouble loading a profile, it will load a temporary substitute profile.  To fix this:

1. Start regedit and browse to the following Key:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList

2. The profile in question will appear twice, one of which has been renamed with the .bak extension

3. Rename the one without the .bak extension (this is the temporary substitute) with another extension such as .sub

4. Remove the .bak extension from the original profile.

5. Within the original GUID key (now without the .bak extension) is a  DWORD value “State” which is set to “8100.”  Remove the 8 so the value is now “100.”

6. Close the registry editor and reboot.

This is usually resolved by changing settings within Acrobat.  However, in some cases, a modification to the registry will resolve this (no rebooting is required.)

HKCU/software/microsoft/internet explorer/main/TabProcGrowth

Change value from 0 to 1

Suddenly we started getting the security prompt when opening PDF files.  You can click Yes, but it unblocks only that single file.  This can be eliminated via Group Policy:

Via GPEDIT.MSC, navigate to:

Local Computer Policy
User Configuration
Administrative Templates
Windows Components
Attachment Manager

Enable the “Inclusion list for low file types” policy and add the file type(s) with a leading period and trailing semicolon like this:

.pdf;.gif;

We found a workstation getting this error because it was configured to get its updates from a non-existent WSUS server.  The fix is to remove the following registry key:

HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate

This will revert the WUAgent to the original installed behavior of Automatic Updates (i.e., from Mocrosoft.)

You will probably get update Error 8024A006 after this change which can be resolved by stopping the Windows Update service, renaming the SoftwareDistribution folder in C:\Windows, then starting Windows Update service.

(Note that if you get the Windows Update Error 800B0001 in a WSUS environment, that situation is resolved by installing KB2720211 on the WSUS server.)

It seems that when you add an incoming connection in Windows 8 for VPN connections, the connection is automatically placed in the “Public” category which subjects it to the most stringent firewall rules and won’t let you connect to shares on the machine.

This can be altered using the Group Policy editor.

Start GPEdit.msc and you’ll find it here:

Computer Configuration -> Windows Settings -> Security Settings -> Network List Manager Policies

Right-click the “RAS (Dial In) Interface” and change it from “Not Defined” to “Private”