David Jones BladeFireLight

## Discription.txt
In an exchange hybrid environment without password sync. ADFS is the gate keeper for access.

On-premises email enabled users accounts for some reason are able send email via EWS protocol on the outlook.office365.com servers

Under normal circumstances the auto discovery for an on-premises user would not use outlook.office365.com, but some apps bypass auto discovery when a connection failed. This is very apparent in BlueMail that will try every known endpoint and protocol until it finds one that works.

Office 365 EWS does not require modern auth and cashes credentials making troubleshooting the ADFS portion of this what allows and what does not somewhat time consuming

Once a proxied authentication is cashed even a disabling the account in AD or shutting off the on-premises ADFS server will not stop the user from authenticating and sending email.

## Deploy.ps1
Write-Warning "Starting Deployment"

## Advanced.log
**********************
Windows PowerShell transcript start
Start time: 20160220181407
Username: SHODAN\Blade_000
RunAs User: SHODAN\Blade_000
Machine: SHODAN (Microsoft Windows NT 10.0.10586.0)
Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe
Process ID: 9456
PSVersion: 5.0.10586.63
PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0.10586.63

## 1-readme.txt
I have tested on Windows 10 and Hyper-V server 2012 R2

When a drive is mounted from a function inside a moduel the drive is not avalible to the module.

but if the function is part of a script or dot sorced it works.

Run Fails.ps1 first. (Fails)
Run Always-works.ps1 (Works)
the run Fails.ps1 again (Works)

## verbose.ps1
function test-function
{
[CmdletBinding()]
Param()
$key = 'template'
$IsoPath = 'c:\iso\win2012r2.iso'
$UnattendPath = 'g:\temp\unattent.xml'
$Configdata = @{Template = @{ IsoEdition = 4} }

$CwiParamaters = @{

## Convert-WindowsImage.ps1
<#
    .NOTES
        Copyright (c) Microsoft Corporation.  All rights reserved.

        Use of this sample source code is subject to the terms of the Microsoft
        license agreement under which you licensed this sample source code. If
        you did not accept the terms of the license agreement, you are not
        authorized to use this sample source code. For the terms of the license,
        please see the license agreement between you and Microsoft or, if applicable,
        see the LICENSE.RTF on your install media or the root of your tools installation.

## Build-RootCA.ps1

#region Configuration
$VMName = 'Root-CA'
$DSCConfigSCript = "$PSScriptRoot\RootCA_Config.ps1"

$Start_Deploy_param = @{
    VHDSourcePath        = 'G:\UpdateOut\Template_Production.vhdx'
    InitializeScriptPath = "$PSScriptRoot\VMScripts\FirstRun.ps1"
    HelperScriptPath     = "$PSScriptRoot\Helpers"
    AtStartupScriptPath  = "$PSScriptRoot\VMScripts\SSC-Init.ps1"

## Update-SourceAndTemplate.ps1
#requires -Version 3 -Modules Dism, Hyper-V
#Wrapper arround Convert-WindowsImage script to it acts like a function.
function Convert-WindowsImage
{
  Param
  (
    [Parameter(ParameterSetName = 'SRC', Mandatory = $true, ValueFromPipeline = $true)]
    [Alias('WIM')]
    [string]
    [ValidateNotNullOrEmpty()]

## unattend.xml
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
    <settings pass="oobeSystem">
        <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <InputLocale>en-us</InputLocale>
            <SystemLocale>en-us</SystemLocale>
            <UILanguage>en-us</UILanguage>
            <UserLocale>en-us</UserLocale>
        </component>
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

## WinUpdate.ps1
#requires -Version 2
Function Add-WindowsUpdate

{
  param (
    [string]$Criteria = "IsInstalled=0 and Type='Software'" ,
    [switch]$AutoRestart,
    [Switch]$ShutdownAfterUpdate,
    [switch]$ForceRestart,
    [Switch]$ShutdownOnNoUpdate
	In an exchange hybrid environment without password sync. ADFS is the gate keeper for access.

	On-premises email enabled users accounts for some reason are able send email via EWS protocol on the outlook.office365.com servers

	Under normal circumstances the auto discovery for an on-premises user would not use outlook.office365.com, but some apps bypass auto discovery when a connection failed. This is very apparent in BlueMail that will try every known endpoint and protocol until it finds one that works.

	Office 365 EWS does not require modern auth and cashes credentials making troubleshooting the ADFS portion of this what allows and what does not somewhat time consuming

	Once a proxied authentication is cashed even a disabling the account in AD or shutting off the on-premises ADFS server will not stop the user from authenticating and sending email.
	**********************
	Windows PowerShell transcript start
	Start time: 20160220181407
	Username: SHODAN\Blade_000
	RunAs User: SHODAN\Blade_000
	Machine: SHODAN (Microsoft Windows NT 10.0.10586.0)
	Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe
	Process ID: 9456
	PSVersion: 5.0.10586.63
	PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0.10586.63
	I have tested on Windows 10 and Hyper-V server 2012 R2

	When a drive is mounted from a function inside a moduel the drive is not avalible to the module.

	but if the function is part of a script or dot sorced it works.

	Run Fails.ps1 first. (Fails)
	Run Always-works.ps1 (Works)
	the run Fails.ps1 again (Works)
	function test-function
	{
	[CmdletBinding()]
	Param()
	$key = 'template'
	$IsoPath = 'c:\iso\win2012r2.iso'
	$UnattendPath = 'g:\temp\unattent.xml'
	$Configdata = @{Template = @{ IsoEdition = 4} }

	$CwiParamaters = @{
	<#
	.NOTES
	Copyright (c) Microsoft Corporation. All rights reserved.

	Use of this sample source code is subject to the terms of the Microsoft
	license agreement under which you licensed this sample source code. If
	you did not accept the terms of the license agreement, you are not
	authorized to use this sample source code. For the terms of the license,
	please see the license agreement between you and Microsoft or, if applicable,
	see the LICENSE.RTF on your install media or the root of your tools installation.

	#region Configuration
	$VMName = 'Root-CA'
	$DSCConfigSCript = "$PSScriptRoot\RootCA_Config.ps1"

	$Start_Deploy_param = @{
	VHDSourcePath = 'G:\UpdateOut\Template_Production.vhdx'
	InitializeScriptPath = "$PSScriptRoot\VMScripts\FirstRun.ps1"
	HelperScriptPath = "$PSScriptRoot\Helpers"
	AtStartupScriptPath = "$PSScriptRoot\VMScripts\SSC-Init.ps1"
	#requires -Version 3 -Modules Dism, Hyper-V
	#Wrapper arround Convert-WindowsImage script to it acts like a function.
	function Convert-WindowsImage
	{
	Param
	(
	[Parameter(ParameterSetName = 'SRC', Mandatory = $true, ValueFromPipeline = $true)]
	[Alias('WIM')]
	[string]
	[ValidateNotNullOrEmpty()]
	<?xml version="1.0" encoding="utf-8"?>
	<unattend xmlns="urn:schemas-microsoft-com:unattend">
	<settings pass="oobeSystem">
	<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
	<InputLocale>en-us</InputLocale>
	<SystemLocale>en-us</SystemLocale>
	<UILanguage>en-us</UILanguage>
	<UserLocale>en-us</UserLocale>
	</component>
	<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
	#requires -Version 2
	Function Add-WindowsUpdate

	{
	param (
	[string]$Criteria = "IsInstalled=0 and Type='Software'" ,
	[switch]$AutoRestart,
	[Switch]$ShutdownAfterUpdate,
	[switch]$ForceRestart,
	[Switch]$ShutdownOnNoUpdate