HTTP Security Headers for IIS 8 and up

Bored of those wannabe “Security Researchers” who respond to your Bug Bounty program because you don’t have a HSTS policy set or some ‘exploit’ that you can only do to yourself? Here I wrote down a few examples that you can copy/paste in your Powershell console to apply to your sites.

Of course, be careful and read up about the possible consequences of these settings! I will try to give a brief overview about the possibilities where it applies in a later stage.

View members of a dynamic distribution group

Recently I noticed it wasn’t easy to view members of a dynamic distribution group, which was set up by a somewhat incapable sysadmin. The following line shows how the list was set up:

((((((((((((((((((((CustomAttribute1 -eq 'All_everyone') -or (Company -eq '[companyname1]'))) -or (Company -eq '[companyname2]'))) -and (((((RecipientType -eq 'UserMailbox') -or (RecipientType -eq 'MailUser'))) -or (RecipientType -eq 'MailContact'))))) -and (-not(Name -like 'SystemMailbox{*')))) -and (-not(Name -like 'CAS_{*')))) -and (-not(RecipientTypeDetailsValue -eq 'MailboxPlan')))) -and (-not(RecipientTypeDetailsValue -eq 'DiscoveryMailbox')))) -and (-not(RecipientTypeDetailsValue -eq 'PublicFolderMailbox')))) -and (-not(RecipientTypeDetailsValue -eq 'ArbitrationMailbox')))) -and (-not(Name -like 'SystemMailbox{*')) -and (-not(Name -like 'CAS_{*')) -and (-not(RecipientTypeDetailsValue -eq 'MailboxPlan')) -and (-not(RecipientTypeDetailsValue -eq 'DiscoveryMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'PublicFolderMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'ArbitrationMailbox')))

Yes, it does it’s job but not as simple as a distribution group.

Now, from now on I use the following:

$FTE = Get-DynamicDistributionGroup "Name Of Your Group"
Get-Recipient -RecipientPreviewFilter $FTE.RecipientFilter -OrganizationalUnit $FTE.RecipientContainer

Of course you can pipe that into a text document or something, but at least you got the start now.