Moodle migration to new server 

• /moodledata/cache 
• /moodledata/localcache 
• /moodledata/sessions 
• /moodledata/temp 
• /moodledata/trashdir 

Omitting these files will reduce transfer time substantially. 

Check the file permissions of the copied files. The web server needs read and write access. 

Copy the Moodle code from the old server to the new server 

You will need to copy the Moodle code itself to the new server (this is the Moodle folder found in your webroot folder e.g. /var/www or public_html). 

Check the file permissions of the copied files. The web server needs read access. 

Update config.php with the URL of the new server 

If the migration will move Moodle to a new URL, then update $CFG->wwwroot in config.php to point to the new location. 

Also check the other properties there. Is the path $CFG->moodledata still correct? Do the database connection settings need to be changed? 

Test the copied site 

You should now be able to log into the new site as admin, and verify that most things are working. 

Update links containing wwwroot in the database 

The one thing we have not fixed is any internal links stored in the database. To fix these use the Search and replace tool by going to {wwwroot}/admin/tool/replace/index.php. 

Enter the url for your old server (http://oldserver.com/) and new server (http://newserver.com/) and it will fix any links stored in the database. 

Take the site out of maintenance mode 

Test the migration some more, then when you are satisfied, remember to take the site out of maintenance mode. 

Quick and hacky method 

If you have shell access on both servers, here is a quick command-line based method. 

• Set up a new empty database on the new server. 
• Place your existing Moodle site into maintenance mode. 
• Login to shell on the old existing server. 
• Use rsync to copy moodledata and public_html or moodle folders (or whatever directory your Moodle install is in) to the new server – execute (replacing caps with your details; SOURCE = the directory you want to copy) for each directory: rsync -av -e ssh SOURCE/ USERNAME@NEW_SERVER.COM:/PATH/TO/DESTINATION/ 
• Dump existing database and move and import into database on new server by executing: mysqldump –allow-keywords –opt -uMySQL_USERNAME -pPASSWORD DATABASE | ssh USER@DOMAIN “mysql -uMySQL_USERNAME -pPASSWORD DATABASE” 
• Replace any links in the database that contin the full site URL: #sed -e ‘s/oldserver.com/newserver.com/g’ oldmysqldump.sql > newmysqldump.sql 
• On the new server, update config.php with relevant details where applicable (e.g. database name and user details, the wwwroot and the dataroot). 
• Check ownership and permissions are correct on both moodle code and moodledata directories. 
• Make sure everything is working. 

Takes about 15 minutes for a small site. However, transferring several Gigabytes of data for a larger site can take hours depending on your network connection and hard drive read/write speed. 

When you are happy all has gone well, set up redirects/make DNS changes if required, take new site out of maintenance mode and “switch off” old site. 

• If you are switching the ip address from the old server to the new one, you will need to turn off the old server before firing up the new one to avoid ip addressing conflicts and confusion! 

Other considerations 

Upgrade Moodle at the same time? 

While doing the work of migrating Moodle, you might want to upgrade Moodle to the latest version at the same time. On the other hand, if you do that, and something breaks, you won’t be sure which change caused the problem, so the more cautious approach is to change one thing at a time, and test in between to verify that all is well. 

DNS & masquerading changes 

You may have had to change the DNS entries for the new Moodle site. If you have done so, it will take some time for the changes to replicate, so be patient. If your server is located behind a firewall, you may also have to change your firewall rules to allow access to the new server. See the masquerading docs. 

Internal and external access 

If you have a set up where your Moodle site can be accessed via a network and via the internet, ensure you check that the new site can be accessed internally and externally. 

reCAPTCHA 

If you migrate to a new domain and have setup Email-based_self-registration, you need to create new API-Keys at google. You will find the explanation and links to google in Email-based_self-registration. 

Install WordPress on CentOS 8 

1. Updatte CentOS 8 Software Packages – > sudo dnf update 
2. Install Apache Web Server  ->  
   1.  sudo dnf install httpd httpd-tools 
   2. Sudo systemctl enable httpd 
   3. Sudo systemctl start httpd 
3. Enable Firewall 
   1. Sudo firewall-cmd –permanent –zone=public –add-service=http 
   2. Sudo firewall-cmd –permanent –zone=public –add-service=https 
   3. Sudo firewall-cmd –reload 
4. Install Maria DB Database 
   1. Sudo dnf install mariadb-server mariadb- y 
   2. Sudo systemctl start mariadb 
   3. Sudo systemctl enable mariadb 
   4. Sudo mysql_secure_installation 
5. sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm 

Install phpmyadmin 

Bare Metal Cloud now available at special prices! 

SEE DISCOUNTS 

• CALL 
• LOGIN 
• PARTNERS 

• PHOENIXNAP HOME 
    
• CONTACT SUPPORT 
    
• BLOG 
    
•  

How to Install phpMyAdmin on CentOS 8 

June 2, 2020 

APACHECENTOS 8PHPMYADMIN 

Home » SysAdmin » How to Install phpMyAdmin on CentOS 8 

Introduction 

PhpMyAdmin is a graphical utility for managing databases. It’s typically used to remotely manage MySQL or MariaDB databases. 

This tutorial explains how to install phpMyAdmin on a CentOS 8 system. 

Prerequisites 

• Server with CentOS 8 Linux Installed 
• Working MySQL or MariaDB database 
• Terminal window / command line (Search > terminal) 
• User account with sudo or root privileges 

Step 1: Install phpMyAdmin on CentOS 8 

The phpMyAdmin tool is not included in the default CentOS 8 repositories. However, the file can be download manually. 

1. In a terminal window, enter the following command to download the phpMyAdmin file: 

wget https://files.phpmyadmin.net/phpMyAdmin/4.9.4/phpMyAdmin-4.9.4-all-languages.zip 

Note: At the time this article was written, the latest version of phpMyAdmin was 4.9.4. Please check the developer’s download page for the latest version. 

2. Extract the .zip file archive: 

unzip phpMyAdmin-4.9.4-all-languages.zip 

3. Move the extracted files to the /usr/share/phpmyadmin directory: 

sudo mv phpMyAdmin-4.9.4-all-languages.zip /usr/share/phpmyadmin 

4. Change directories: 

cd /usr/share/phpmyadmin 

5. Rename the sample php configuration file: 

sudo mv config.sample.inc.php config.inc.php 

6. Open the php configuration file for editing: 

sudo nano config.inc.php 

7. Find the following line: 

$cfg[‘blowfish_secret’] = ”; 

8. Edit the line and enter the new php root password between the single-quotes, as follows: 

$cfg[‘blowfish_secret’]=’my_password’; 

9. Save the file (Ctrl+o) and close (Ctrl+x). 

10. Next, create and set permissions on a temporary phpMyAdmin directory: 

mkdir /usr/share/phpmyadmin/tmp 

chown -R apache:apache /usr/share/phpmyadmin 

chmod 777 /usr/share/phpmyadmin/tmp 

Step 2: Configure Apache for phpMyAdmin 

1. Create an Apache configuration file: 

sudo nano /etc/httpd/conf.d/phpmyadmin.conf 

2. This creates a new, blank configuration file. Enter the following code: 

Alias /phpmyadmin /usr/share/phpmyadmin 
 

<Directory /usr/share/phpmyadmin/> 
   AddDefaultCharset UTF-8 
 

<IfModule mod_authz_core.c> 
     # Apache 2.4   
     <RequireAny> 
      Require all granted 
     </RequireAny> 
    </IfModule> 
    <IfModule !mod_authz_core.c> 
      # Apache 2.2 
      Order Deny,Allow 
      Deny from All 
      Allow from 127.0.0.1 
      Allow from ::1 
    </IfModule> 
</Directory> 
    
<Directory /usr/share/phpmyadmin/setup/> 
   <IfModule mod_authz_core.c> 
     # Apache 2.4 
     <RequireAny> 
       Require all granted 
     </RequireAny> 
   </IfModule> 
   <IfModule !mod_authz_core.c> 
     # Apache 2.2 
     Order Deny,Allow 
     Deny from All 
     Allow from 127.0.0.1 
     Allow from ::1 
   </IfModule> 
</Directory> 

3. Save the file (Ctrl+o) and exit (Ctrl+x). 

4. Finally, restart the Apache service to apply the changes made in the configuration file: 

systemctl restart httpd 

Note: Run systemctl status httpd to verify that Apache has restarted and is running. 

Step 3: Configure SELinux and Firewall 

SELinux stands for Security-Enhanced Linux. This is a kernel-level enhancement that improves security. Reconfigure this protocol for phpMyAdmin to work. 

1. Start by installing the following software package: 

yum –y install policycoreutils-python-utils 

Some versions of CentOS 8 may already have this package installed. In that case, the output indicates it has nothing to do and you can move on to the next step. 

2. Next, enable access to the phpmyadmin directory with the following commands: 

semanage fcontext –a –t httpd_sys_rw_content_t ‘/usr/share/phpmyadmin/’ 

semanage fcontext –a –t httpd_sys_rw_content_t “usr/share/phpmyadmin/tmp(/.*)?” 

restorecon -Rv ‘/usr/share/phpmyadmin/’ 

The first two commands may take a moment to complete. The third command recurses through the phpmyadmin directory to apply the changes. 

Adjust the Firewall to Allow Traffic 

1. Create a firewall rule to allow HTTP traffic with the command: 

firewall–cmd ––permanent ––add-service=http 

2. Make sure to reload the firewall after making these modifications: 

firewall-cmd ––reload 

Step 4: Test phpMyAdmin 

1. Open a web browser, and navigate to the following URL: 

localhost/phpmyadmin 

The browser should display the phpMyAdmin login page. However, if you attempt to log in, an error message may appear: 

“The server requested an authentication method unknown to the client.” 

This error occurs because MySQL 8.x upgraded the password authentication mechanism. PhpMyAdmin has not been updated yet to use this authentication method. 

2. To bypass this measure, open the MySQL shell and alter the root user: 

mysql –u root –p 
 

password 
 

ALTER USER ‘root’@’localhost’ IDENTIFIED WITH myswl_native_password BY ‘password’; 

3. Replace password with the actual password you set when securing the MySQL installation. 

4. Refresh the web browser phpMyAdmin page, and log in with your MySQL username and password. 

Step 5: Restrict Unauthorized Access to phpMyAdmin (Optional) 

You should now have a working phpMyAdmin utility. This section will help you prevent unauthorized access to sensitive databases. 

Allow phpMyAdmin Only From a Specific IP Address 

1. Open the phpmyadmin.conf file in a text editor (we will be using nano): 

sudo nano /etc/httpd/conf.d/phpmyadmin.conf 

2. Find the following sections: 

Require all granted 

3. Replace these lines with the following: 

Require ip your_system’s_ip_address 
Require ip ::1 

4. Save and close the file. 

Note: Replace your_system’s_ip_address with the system’s actual IP address. If you have multiple systems to allow, add a line for each IP address. 

Add an Extra Password Authentication 

1. Create a new authentication file. In a terminal window, enter the following: 

mkdir /etc/phpmyadmin 

htpasswd –c /etc/phpmyadmin/.htpasswd admin 

2. You are prompted to enter and confirm an admin password. Do so, and make a note of the password. 

3. Next, update Apache to use .htpasswd by editing /etc/httpd/conf.d/phpmyadmin.conf as follows: 

nano /etc/httpd/conf.d/phpmyadmin.conf 

4. Just underneath the line labeled AddDefaultCharset UTF-8, add the following lines: 

    Options +FollowSymLinks +Multiviews +Indexes 
 

AllowOverride None 
 

AuthType basic 
 

AuthName “Authentication Required” 
 

AuthUserFile /etc/phpmyadmin/.htpasswd 
 

Require valid-user 

5. Save the file and exit. 

6. Finally, restart Apache: 

systemctl restart httpd 

Access phpMyAdmin with Updated Credentials 

1. Browse back to localhost/phpmyadmin. 

2. Enter the newly-defined admin username and password. 

It should take you to the main login screen as seen at the end of the previous section. 

Conclusion 

You should now have a working installation of phpMyAdmin on a CentOS 8 system. Use this graphic utility to manage your MySQL databases. 

Paul 

ABC pest control 

604 880 8788 

Install Moodle on Windows. 

Installation Packages 

If you are running a small (less than 30 users) Moodle server or just want to test Moodle on your Windows PC, pre-built packages are available for you to use. Here are links to pages containing step-by-step instructions for installing Moodle using install packages: 

• Complete install packages for Windows for most Windows versions (usually works in Windows 7, 8 and 10) 
• Installation guide for Windows using WAMP and Git How to install Moodle on your Windows PC and update it regularly via Git. 
• Installation guide for Windows using XAMPP A more typical webserver installation than a complete install package. Both use XAMPP. 
• Installation guide for Windows using EasyPHP 

Manual Installation 

For medium to large installations (e.g. a college, university or business), it is best practice to install Moodle on your server manually. 

• Plan your system capacity. This involves estimating the appropriate hardware to support the number of users in your organisation. See Installing Moodle in the How Many Users section for a method of doing this. 
• Install your database server. You have a choice of 

1. MySQL/MariaDB (recommended), 
2. PostgreSQL (recommended) 
3. Microsoft SQL Server 2005 
4. Oracle (not recommended – see https://moodle.org/mod/forum/discuss.php?d=65488). 

• Install your web server. You have several choices – the decision as to which one to use will depend on your in-house expertise and your required level of sustainability: 
• Apache 2 is recommended as the most tested and popular for Moodle installations. See these instructions for manually installing Apache 2 on Windows. 
• IIS 7/8 server can also be used. See these instructions for Installing and configuring IIS and PHP on Windows. 
• Other webservers are known to install on Windows, e.g. Lighttpd, so you may wish to experiment with these if available memory is low on your server. 
• Install PHP. Use Microsoft Web Platform Installer when using IIS server. 
• Install Moodle by getting the standard installation for Moodle from http://download.moodle.org/ and read Installing Moodle which has detailed generic information. 
• Setup backups. Once Moodle is setup and configured, you should setup backups of the system in case of failure or loss of data. 
• To perform full site backups you need to backup the moodledata and moodle directories, Apache webserver configuration (httpd.conf) if you’re using Apache, PHP configuration (php.ini) and any php extensions which are non-standard, and the mysql database. To do this use the integrated backup program (Start -> All Programs -> Accessories -> System Tools -> Backup) or your own proprietary backup software (e.g. BackupExec). To backup your mysql database see the Backup and restore FAQ. 
• To perform course backups see the Course backup page. 
• You should also perform a state backup of the server or PC. This is especially important if you’re using IIS as this will backup the IIS metabase. 
• Check your server security and performance. It is also good practice to read the Performance and Security documentation. Although much of the content is targeted at Linux/Unix users, there is a growing amount for Windows systems. 
• Set-up your Active Directory authentication. You can use the standard LDAP authentication which prompts users with a username/password, or integrated NTLM authentication which does not require campus users to enter their credentials. 

Export Office 365 Mailboxes to .PST 

Export mailboxes from Office 365 to .pst files 

Roland Eich  Fri, Sep 6 2019  cloud computing, exchange, office 365  1  

Exporting mailbox items to a .pst file is the ideal way to migrate mailboxes or to perform an ad hoc backup. When Exchange is used in the customer’s datacenter, PowerShell can handle this task. In Office 365, however, the GUI from eDiscovery is provided for this, but it makes this process relatively complicated. 

Roland Eich 

Roland Eich is an IT specialist for system integration and has been working in IT for over 10 years as a system administrator. His areas of expertise are Windows Server and IT infrastructures. Certifications: MCITP EA, MCSA and MCSE. 

Contents of this article 

• No cmdlets for .pst export in Office 365 
• Configuring eDiscovery 

The first steps to preparing for a .pst export in Office 365 are the same as for an on-prem Exchange. You must first create the permission for the import and export function with: 

1	New-ManagementRoleAssignment -Role “Mailbox Import Export” -User <username>

No cmdlets for .pst export in Office 365 ^ 

If you then look for the cmdlets for importing and exporting .pst files, you quickly realize they are not available in Office 365. 

Exchange’s well known cmdlets for importing and exporting .pst files are missing in Office 365 

Apparently, from Microsoft’s point of view, there seems to be no reason to migrate away from the cloud. As for backup purposes, there are dedicated programs like Veeam Backup for Office 365 or Altaro Office 365 Backup. 

However, there is a way for an administrator to export Office 365 mailboxes to a .pst file. The solution here is eDiscovery. This TechNet article contains basic information about this feature. 

Configuring eDiscovery ^ 

To use eDiscovery, log into the Office 365 portal (https://admin.microsoft.com or https://portal.office.com) and navigate to the Security & Compliance section. Alternatively you can directly enter the URL https://protection.office.com. Follow the Permissions link in the navigation pane. 

Open Security & Compliance in Office 365 

Select eDiscovery Manager from the permissions list. On the right-hand side, a window should now open in which you can configure this permission. 

Editing permissions for eDiscovery Manager 

First, you should check whether Export is included under Assigned roles. If not, the subsequent export to a .pst file will not be possible. 

Editing the list of eDiscovery administrators 

It is important to add any user who will later perform the export as the eDiscovery administrator. 

Adding an eDiscovery administrator for .pst export 

In the next step, select Content search in the left navigation bar under Search. 

Opening the overview for Content search 

Here you define a new search, and as a rule, you will not enter any keywords at this point. To avoid searching all of Office 365, it is advisable to limit the search to specific locations. We only want to search for mailboxes in Exchange and not get results from SharePoint or OneDrive. 

Configuring a new search for the .pst export 

Therefore, it makes sense here to activate the slider for Exchange email. Under Add Conditions, you can refine the search as much as you want, but this is not required for this scenario. 

Clicking on Save and Execute saves the search under a defined name. 

Saving an eDiscovery search 

After starting the search, you can go back to the overview. A short refresh will display the search job created earlier. 

Overview of search jobs 

If you click on it, the details of the job become visible. 

You can now start the export by clicking on the More button. 

Exporting the found mailboxes to a .pst file 

Here you can select different options on how to export the files. For example, you can specify whether to store each mailbox in its own .pst file or share a common file with others. For the purpose of this test, I have left everything as the defaults. 

Options for exporting mailboxes to a .pst file 

Now it seems the export depends on the browser you are using. With Google Chrome, I got a client error, and the export stopped. In Microsoft Edge, this problem did not occur. 

After clicking Export to complete the query, you can now click Export again in the upper bar to see the export job. If this does not display, you should refresh the browser window. 

Triggering the .pst file download in the export job details 

By clicking on the export job, you can now initiate the final save to local storage. 

Key the export tool will later require 

It is important that you copy or store the export key, as you will need it again later on. Click the Download results button to start the export. 

Microsoft Office 365 eDiscovery Export Tool setup 

This will launch the Microsoft Office 365 eDiscovery Export Tool setup. This is quite small and should install in a few seconds. The tool now asks for the export key you saved earlier and for a location for the .pst files. 

Enter the key in the Microsoft Office 365 eDiscovery Export Tool 

The export to the local computer will then start; it finished after a few seconds because my mailboxes are not that big. 

Successful download of exported .pst files 

My destination folder now contains the exported .pst files of my mailboxes. There are some additional reports about the export; however, they are not that significant. 

Install WordPress on CentOS 

Yum install policycoreutils-python-utils 

chcon -R -t httpd_sys_rw_content_t /var/www/html/ 

setsebool -P httpd_can_network_connect 1 

How to Install WordPress on CentOS 8 (linuxhint.com) 

Microsoft has enabled security defaults to keep your account secure. turn off 

Microsoft has enabled security defaults to keep your account secure. turn off 

Want Microsoft has enabled security defaults to keep your account secure. turn off? Follow the below steps: 

Step-1: 

Open Microsoft 365 admin center (https://admin.microsoft.com). Then expand Admin centers and then click on Azure Active Directory like below: 

disable microsoft security defaults office 365 

Step-2: 

Then in the Azure Active Directory admin center, click on Azure Active Directory link from the favorites like below: 

microsoft has enabled security defaults to keep your account secure. turn off 

Step-3: 

Then click on Properties and then click on Manage Security defaults like below: 

microsoft has enabled security defaults office 365 

Step-4: 

Then it will open the Enable Security defaults option, here select No like below: 

microsoft has enabled security defaults to keep your account secure disable 

Once your disable this option, it will never as for MFA to any of the users

“Access Denied”, “You need permission to access this site”, or “User not found in the directory” errors in SharePoint Online and OneDrive for Business 

Symptoms 

When using SharePoint Online or OneDrive for Business, you receive one of the following error messages: 

• Access Denied 
• You need permission to access this site 
• User not found in the directory 

Cause 

There are many scenarios which can prompt one of these messages. The most frequent cause is that permissions for the user or administrator are configured incorrectly or not configured at all. 

Resolution 

Follow the steps below depending on which area you are receiving the error: 

When accessing a SharePoint site 

When accessing a OneDrive site 

When an external user is accessing a site 

When an external user accepts a SharePoint Online invitation by using another account 

When accessing the “Access Requests” list 

When accessing a shared folder 

When a user tries to approve an Approval Workflow task 

When accessing a SharePoint site 

1. Determine what permission level the user should have to the site (member, owner, etc.) and verify the permission via the Check Permissions feature. 

1. To use the Check Permissions feature, navigate to the User.aspx page by selecting the gear icon in the upper right corner, then Site Permissions. In the flyout, select Advanced permissions settings. 
   For example, the full URL will resemble the following: https://contoso.sharepoint.com/_layouts/15/user.aspx 
2. In the top ribbon, choose Check Permissions. 
3. In the User/Group field, type the user’s name and select Check Now. 
4. The type of permissions the user has on a site and which security group it is derived from (if applicable) will be displayed. 

2. If the user does not have appropriate permissions, grant them permissions to the file or site. 
3. If the user continues to receive an error message, remove them from the site using the following steps: 
    Note 
   This option is available only if the user previously browsed to the site collection. They won’t be listed if they were granted access but never visited the site. 

1. Browse to the site and edit the URL by adding the following string to the end of it: /_layouts/15/people.aspx?MembershipGroupId=0 
   For example, the full URL will resemble the following: https://contoso.sharepoint.com/_layouts/15/people.aspx/membershipGroupId=0 
2. Select the person from the list, and then on the Actions menu, select Delete Users from Site Collection. 
3. Grant the user permissions back to the file or site. 

When accessing a OneDrive site 

• If the user is the owner of the OneDrive site: 
• This issue most frequently occurs when a user is deleted and re-created with the same user principal name (UPN). The new account is created by using a different Unique ID value. When the user tries to access a site collection or their OneDrive, the user has an incorrect ID. A second scenario involves directory synchronization with an Active Directory organizational unit (OU). If users have already signed into SharePoint, are moved to a different OU that is not currently synchronized with Office365 and then resynced with SharePoint, they may experience this problem. 
• To resolve this issue, you will need to delete the new UPN (if it exists) and restore the original UPN. 
• To delete the new UPN, follow the steps in this article. 
• Once the new user has been deleted, you can restore the original user using these steps. 
• If you cannot restore the original user and are still in this state, create a support request using the following steps: 
• Navigate to https://admin.microsoft.com. 
• In the left navigation pane, select Support and then New Service Request. This will activate the Need Help? pane on the right-hand side of your screen. 
• In the Briefly describe your issue area, enter ”OneDrive Site User ID Mismatch”. 
• Select Contact Support. 
   Note 
  If you are using the old M365 admin center, you can skip the “Description” step listed below as that field will not exist. 
• Under Description enter ”OneDrive Site User ID Mismatch”. Fill out the remaining information and select Contact me. 
• Once the ticket has been opened please provide the support agent with the UPN and OneDrive URL that is having the issue. 
• If the user is attempting to access another user’s OneDrive site: 
• Determine what permission level the user should have to the site (member, owner, etc.) and then verify the permissions via the Check Permissions feature. 
• To use the Check Permissions feature, navigate to the User.aspx. For example, the full URL will resemble the following: https://contoso-my.sharepoint.com/personal/admin_contoso_onmicrosoft_com/_layouts/15/user.aspx. 
• In the top ribbon, choose Check Permissions. 
• In the User/Group field, type the user’s name and select Check Now. 
• The kind of permissions that the user has on a site and which security group it is derived from (if applicable) will be displayed. 
• If the user does not have appropriate permissions, grant them permissions to the file or site. 
• If the user continues to receive an error message, remove them from the site using the following steps: 
   Note 
  This option is available only if the user previously browsed to the site collection. They won’t be listed if they were granted access but never visited the site. 
• Browse to the site and edit the URL by adding the following string to the end of it: /_layouts/15/people.aspx?MembershipGroupId=0 
  For example, the full URL will resemble the following: https://contoso-my.sharepoint.com/personal/admin_contoso_onmicrosoft_com/_layouts/15/people.aspx/membershipGroupId=0 
• Select the person from the list, and then on the Actions menu, select Delete Users from Site Collection. 
• Grant the user permissions back to the file or site. 

If an external user is accessing a site 

1. Determine what permission level the user should have to the site (member, owner, etc.) and verify the permission via the Check Permissions feature. 

1. To use the Check Permissions feature, navigate to the User.aspx page by selecting the gear icon in the upper right corner and then Site Settings Under Users and Permissions, select Site Permissions. 
   For example, the full URL will resemble the following: https://contoso.sharepoint.com/_layouts/15/user.aspx 
2. In the top ribbon, choose Check Permissions. 
3. In the User/Group field, type the user’s name and select Check Now. 
4. You will now see what kind of permissions the user has on a site and via which security group (if applicable). 

2. If the user does not have appropriate permissions, grant them permissions to the file or site. 
3. If the user still receiving an error message, please remove them from the site using the following steps: 
    Note 
   This option is available only if the user previously browsed to the site collection. They won’t be listed if they were granted access but never visited the site. 

1. Browse to the site and edit the URL by adding the following string to the end of it: /_layouts/15/people.aspx?MembershipGroupId=0 
   For example, the full URL will resemble the following: https://contoso.sharepoint.com/_layouts/15/people.aspx/membershipGroupId=0 
2. Select the person from the list, and then on the Actions menu, select Delete Users from Site Collection. 
3. Grant the user permissions back to the file or site. 
4. If there are still errors with the account after the previous steps, we recommend that you completely remove the guest account from M365: 

1. Sign in to https://admin.microsoft.com as a global or SharePoint admin. 
2. In the left pane, select Users > Guest users. 
3. Select Delete a user. 
4. Select the user, then Select, and then select Delete. Once the above action has been completed, ensure the account is completely removed from the site collection you are sharing with the user. 
5. Browse to the site and edit the URL by adding the following string to the end of it: /_layouts/15/people.aspx?MembershipGroupId=0 
   For example, the full URL will resemble the following: https://contoso.sharepoint.com/_layouts/15/people.aspx/membershipGroupId=0 
6. Select the person from the list, and then on the Actions menu, select Delete Users from Site Collection. 
7. Grant the user permissions back to the file or site. 

When an external user accepts a SharePoint Online invitation by using another account 

To resolve this issue, determine which account accepted the invitation, remove the incorrect account if this is necessary, and then re-invite the user to the resource. 

Note Many examples in this article use <contoso> as a placeholder. In your scenario, replace <contoso> with the domain that you use for your organization. 

Determine which account has access as an external user 

If you can access the site as the incorrect external user, follow these steps: 

1. Sign in as the external user account that you used to accept the invite. 
2. Select the profile image in the upper-right corner, and then select My Settings. 
3. In the Account field, review the email address. For example, i:0#.f|membership|JonDoe@contoso.com. 
    Note 
   In this example, JonDoe@contoso.com is the email account that accepted the user invitation. 
4. If the address is incorrect, go to the “Remove the incorrect external user account” section. 

If you can’t access the site as the incorrect external user, follow these steps: 

1. As a SharePoint Online administrator, sign in to the site collection that was shared with the external user. 
2. Select the gear icon for the Settings menu, and then select Site settings. 
3. In the Users and Permissions section, select People and groups. 
4. At the end of the URL in your browser window, after the people.aspx? part of the URL, replace MembershipGroupId=<number> with MembershipGroupId=0, and then press Enter. 
5. In the list of users, locate the name of the external user. Right-click the user name, and copy the shortcut. 
6. In a new browser window or tab, paste the URL that you copied in the previous step into the address box. Add &force=1 to the end of the URL, and then press Enter. 
7. In the Account field, review the email address. For example, i:0#.f|membership|JonDoe@contoso.com. 
    Note 
   In this example, JonDoe@contoso.com is the email account that accepted the user invitation. 
8. If the address is incorrect, go to the “Remove the incorrect external user account” section. 

Remove the incorrect external user account 

External users are managed from a site collection by site collection basis. An external user account will have to be removed from each site collection to which the account was given access. You can do this from the SharePoint Online user interface or through the SharePoint Online Management Shell, depending on your version of Office 365. 

For Office 365 Small Business subscriptions, use the SharePoint Online UI. To do this, follow these steps: 

1. Browse to the Office 365 admin center at https://portal.office.com. 
2. In service settings, select Manage Organization-wide settings. 
3. Select sites and document sharing from the left-side menu, and then select Remove individual external users. 
4. Select the external user who has to be removed, and then select the Delete icon. 

All other subscriptions must use the SharePoint Online Management Shell by following these steps: 

 Note 

This option doesn’t apply to Office Small Business (P) organizations. 

1. Download and install the SharePoint Online Management Shell. For more information, go to Introduction to the SharePoint Online Management Shell. 
2. Start the SharePoint Online Management Shell. 
3. Type the following cmdlet: 
   PowerShellCopy 
   $cred = Get-Credential 
    
4. In the Windows PowerShell Credential required dialog box, type your admin account and password, and then select OK. 
5. Connect to SharePoint Online, and then type the following cmdlet: 
   PowerShellCopy 
   Connect-SPOService -Url https://<contoso>-admin.sharepoint.com -Credential $cred 
    
6. Remove the user from each site collection. Type the following cmdlet, and then press Enter: 
   PowerShellCopy 
   $ExtUser = Get-SPOExternalUser -filter <account@contoso.com> 
    

 Note 

In this cmdlet, replace account@contoso.com with the affected account. Then, to remove the user, type the following cmdlet, and then press Enter: 

PowerShellCopy 

 Remove-SPOExternalUser -UniqueIDs @($ExtUser.UniqueId) 
 

The steps below remove the external user’s ability to access SharePoint Online. However, the user will still appear in any people searches and within the SharePoint Online Management Shell Get-SPOUser cmdlet. To remove the user completely from SharePoint Online, you’ll have to remove the user from the UserInfo list. There are two ways to achieve this. 

1. Use the SharePoint Online UI. To do this, browse to each site collection to which the user previously had access, and then follow these steps: 

1. At the site collection, edit the URL by adding the following string to the end of the URL: 
   Copy 
   _layouts/15/people.aspx/membershipGroupId=0 
    
   For example, the full URL will resemble the following: 
   Copy 
   https://<contoso>.sharepoint.com/_layouts/15/people.aspx/membershipGroupId=0 
    
2. Select the user from the list. 
3. Select Remove User Permissions from the ribbon. 
4. Use the SharePoint Online Management Shell. For more information about how to use the SharePoint Online Management Shell, go to Introduction to the SharePoint Online Management Shell. 

 Note 

This option doesn’t apply to Small Business subscriptions. 

1. Start the SharePoint Online Management Shell. 
2. Type the following cmdlet: 
   PowerShellCopy 
   $cred = Get-Credential 
    
   In the Windows PowerShell Credential required window, type your admin account and password, then select OK. 
3. Connect to SharePoint Online, and then type the following cmdlet: 
   PowerShellCopy 
   Connect-SPOService -Url https://<contoso>-admin.sharepoint.com -Credential $cred 
    
4. Remove the user from each site collection. To do this, type the following cmdlet: 
   PowerShellCopy 
   Get-SPOUser -Site https://<contoso>.sharepoint.com | FT –a 
    
   Notice the external user’s Login Name in the returned results. As an external user, it might have a “live.com#” prefix if it’s a Microsoft Account. 
   Type the following cmdlet: 
   PowerShellCopy 
   Remove-SPOUser -Site https://<contoso>.sharepoint.com -LoginName live.com#jondoe@company.com 
    

 Note 

Replace live.com#jondoe@company.com with the user in your scenario. 

Next, you have to remove the account from Azure Active Directory. To do this, follow these steps: 

1. Download and install the Azure Active Directory PowerShell Module and its prerequisites. To this, go to Manage Azure AD using Windows PowerShell. 
2. Open the Azure Active Directory PowerShell Module, and then run the following commands: 
   PowerShellCopy 
   Connect-MSOLService 
    
   Enter your administrator credentials in the dialog box: 
   PowerShellCopy 
   Get-MsolUser -ReturnDeletedUsers -UnlicensedUsersOnly | ft -a 
    
3. Locate the external user who you just deleted, and then confirm they’re listed. 
   PowerShellCopy 
   Remove-MsolUser -RemoveFromRecycleBin -UserPrincipalName ‘jondoe_contoso.com#EXT#@yourdomaint.onmicrosoft.com’ 
    

 Note 

Replace jondoe_contoso.com#EXT#@yourdomain.onmicrosoft.com with the specific user in your scenario. 

Clear the browser cache 

SharePoint Online uses browser caching in several scenarios, including the in the People Picker. Even though a user was fully removed from the system, he or she may still remain in the browser cache. Clearing the browser cache resolves this issue. To do this for Internet Explorer, follow the steps given in Viewing and deleting your browsing history. 

When you clear the cache, make sure that you also select the Cookies and website data option. 

Re-invite the external user 

After you follow these steps, re-invite the external user to the site by using the desired email address. To make sure that the end-user accepts with the appropriate email address, it is a best practice to copy the link in the invitation and then paste it into an InPrivate Browsing session. This makes sure that no cached credentials are used to accept the invitation. 

More information 

An external user invitation doesn’t require that it be accepted by the email address to which it was first sent. It is a one-time invite. If another user accepts the invitation, or if the user who accepts the invitation signs up by using an account other than the email address to which the invitation was sent, you may encounter an access denied message. 

For example, a user is signed in through a browser by using a Microsoft account, and the user receives an email invitation to the user’s external user account in the user’s email application. Then, the user selects the link to accept the invite. However, based on the user’s browser cookies, the user accidentally accepts the invite by using the incorrect identity. 

When the user signs in to the resource by using the user’s external user account, the user receives the error that the user isn’t found in the directory. 

When accessing the “Access Requests” list 

To resolve this issue, users must be either site collection administrators or be members of the Owners group for the site. The Owners group must also have permissions to access the Access Requests list. Use the following solutions as appropriate for your specific configuration. 

Site collection administrator 

If an affected user should be a site collection administrator, go to the following Microsoft website for more information about how to manage administrators for your sites: 

Manage site collection administrators 

Add the user to the Owners group for the site 

If the user should be a site owner, you must add the user to the Owners group for the site. To do this, follow these steps: 

1. As a user who can change site permissions, browse to the affected site or site collection. Select the gear icon for the Settings menu, and then select Site settings. 
2. Select Site permissions. 
3. Select the Owners group for the site. 
4. Select New. 
5. In the Share dialog box, enter the user account of the user who you want to add to the group. Then, select Share. 
6. Test to verify that the user can now access the list and approve or decline requests. 

Make sure that the Owners group has permissions to the Access Requests list 

If the Owners group is changed or was removed from the Access requests list, you must add the Owners group permissions for the list. You must also make sure that the affected user is included in the Owners list. To do this, follow these steps: 

1. As a user who has the Manage Permissions Permission Level on the affected site and who also has access to the Access Requests list (for example, a Site Collection administrator), browse to the Access Requests list in Internet Explorer. 
2. Press F12 to open the F12 Developer Tools window. 
3. Select the Network tab, and then press F5 to enable network traffic capturing. 
4. Refresh the Access Requests page in Internet Explorer. After the page has loaded, press Shift+F5 to stop capturing network traffic. 
5. In the Developer Tools window, double-select the first result in the URL list. This URL ends in “pendingreq.aspx.” 
6. In the Developer Tools window, select Response body. 
7. In the search box, type pagelistid:, and then press Enter. 
    Note 
   The search highlights the pageListId text. 
8. Copy the GUID that follows the pageListId. The GUID will be between an opening brace ( { ) character and a closing brace ( } ) character as follows: 
   {GUID} 
    Note 
   Include the opening and closing brace characters when you copy the GUID. This GUID is the identifier for the SharePoint Online Access Requests list for your organization. 
9. In the browser address bar, enter https://<URL of affected site, or site collection>/_layouts/15/ListEdit.aspx?List=<{GUID}>, and then press Enter. 
    Note 
   In this address, <URL of affected site or site collection> represents the URL for the site collection in which you want to change the access requests (for example, https://contoso.sharepoint.com). And <{GUID}> represents the GUID that you copied in step 8. 
10. On the Settings page, select Permissions for this list. 
11. Make sure that the Owners group for the site is included in the list of permissions for the Access Requests list. If the Owners group for the site collection does not exist, select Grant Permissions, enter the name of the Owners group for the site in the Share dialog box, and then select Share. 
12. Follow the steps in the “Add the user to the Owners group for the site” section to make sure that the user is included in the Owners group. 

More information 

This issue occurs because only site collection administrators or users who are members of the Owners group for the site collection have permission to approve or decline pending requests in the Access Requests list. For situations in which users are members of the Owners group for the site, the Owners group must also have Full Control permissions to be able to access the Access Requests list. 

For more information about how to set up and manage access requests, go to Set up and manage access requests. 

For more information about how to use the F12 developer tools, go to Using the F12 developer tools. 

When accessing a shared folder 

To work around this issue, use one of the following workarounds as appropriate for your situation: 

• Share individual files but not folders. 
• Share a whole site collection or subsite. 
• If your site doesn’t require Limited-access user permission lockdown mode, deactivate this site collection feature. 
   Note 
  Other features such as publishing may require this feature to work correctly. 

More information 

When you share a folder with a user who can’t access the parent folder or site, SharePoint assigns the user limited access to the parent items. Specifically, SharePoint lets the user access the folder without obtaining permission to access the parent folder and other items (other than limited access). However, after Limited-access user permission lockdown mode is enabled, the user doesn’t have access to the folder because the necessary limited access permission on other items no longer works correctly. 

What is “Limited Access” permission? 

The Limited Access permission level is unusual. It lets a user or group browse to a site page or library to access a specific content item without seeing the whole list. For example, when you share a single item in a list or library with a user who doesn’t have permission to open or edit any other items in the library, SharePoint automatically grants limited access to the parent list. This lets the user see the specific item that you shared. In other words, the Limited Access permission level includes all the permissions that the user must have to access the required item. 

For more information about site collection features that includes Limited-access user permission lockdown mode, see Enable or disable site collection features. 

When a user tries to approve an Approval Workflow task 

To resolve this issue, grant Edit access to the specific task list for the workflow to the affected user. 

Additionally, the user who is approving the item as part of the workflow is also required to have Read access to the item that’s the target of the workflow. 

More information 

This behavior is by design. Users who try to approve a SharePoint 2010 Approval Workflow task, but who have only Edit permissions to the task list item, can’t view the task’s form page. The user must have at least Read access to the workflow task list. 

For more information about approval workflows, go to Understand approval workflows in SharePoint 2010. 

For more information about permission levels in SharePoint Online, go to Understanding permission levels. 

Still need help? Go to SharePoint Community. 

Whitelist Website 

Sophos XG Firewall: How to allow/block websites using custom categories and/or URL groups 

KB-0000369012020/02/128 people found this article helpful 

Overview 

This article describes how to allow/block websites regardless of their category using custom categories and/or URL groups. 

The following sections are covered: 

• Categorization and changing categorization behavior 
• Objects type and wildcards 
• Related information 

Applies to the following Sophos products and versions 

Sophos Firewall 

Categorization and changing categorization behavior 

If a website has been categorized incorrectly, you can tell Sophos about it so that we can improve the categorization for all Sophos Firewall users. Please submit a sample of the URL. However you can also create additional steps in the Web policy to handle websites differently from their category. 

The most common reason to treat a website differently is because a website is being blocked (or allowed) when it should not be. In Sophos Firewall there are three ways to create objects and policy rules for websites and URLs to achieve the business needs. 

• Custom category with domain 
• Custom category with keyword 
• URL groups 

When using a custom category or URL group, the URL will still maintain its original category. Therefore in addition to adding the URL to either a custom category or URL group, you must also create a Web policy rule to handle it. This rule should at the top of the list so that it takes priority. 

As an example, you can create a custom category called Whitelist for Sales Dept and put into it a list of domains that the sales team should always have access. 

Then in the Web policy, create a rule at the top that only applies to the sales user group and set the Whitelist for Sales Dept category to Allow. 

In the firewall rule allowing Internet access, make sure to select the appropriate web policy. In this example, it is the Default Policy.  

Objects type and wildcards 

RegEx and other forms of wildcards are not supported within the text string. Strings are used verbatim in a substring match. However the three different methods have slightly different automatic wildcarding, allowing for some flexibility in matching. The following table describes how entries (with and without a slash) are matched within the system: 

	URL group	Custom category with domain		Custom category with keyword
	Text is a verbatim string that will match the right side in domain name. Path is not allowed.  Note: This is FQDN aware which parses the URL to match that domain name and subdomains rather than a text string match.	Text is a verbatim string that will match anywhere in the domain name.  If the text contains a slash (/), then it can only match the end of domain name and the beginning of the path.		Text is a verbatim string that will match anywhere in the domain name or path.
		Entry does not contain a slash (/)	Entry contains a slash (/)	Entry does not contain a slash (/)	Entry contains a slash (/)
Left side wildcard	Any subdomains (FQDN aware).	Any characters in domain name or subdomains.	Any characters in domain name or subdomains.	Any characters in domain name or subdomains.	Any characters in domain name or subdomains.
Right side wildcard	Any path.	Any characters in domain name, top level domain or path.	Any path.	Any characters in domain name, top level domain or path.	any path.
String entered into the GUI	example.com	example.com	example.com/foobar	example.com	example.com/foobar
Equivalent RegEx	^([A-Za-z0-9.-]*\.)?example\.com\.?/	^[^\/]*example\.com.*$	^[^\/]*example\.com\/foobar.*$	^.*example\.com.*$	^.*example\.com\/foobar.*$
Matching samples:
http://example.com/foobar	matches	matches	matches	matches	matches
http://mail.example.com/foobar/morestuff	matches	matches	matches	matches	matches
http://www.example.com.co.uk/foobar	does not match	matches	does not match	matches	does not match
http://myexample.com/foobar	does not match	matches	matches	matches	matches
http://sample.com/example.com/foobar	does not match	does not match	does not match	matches	matches

Unable to activate Office 365 on Shared Computing (RDS) 

We have received the SR number and thanks for sharing the workaround with us. 

I would like to share a summary here with the community. 

Description: 

For Office 365 applications installed by using Shared Computer Activation, the token for users won’t renew automatically and they have to activate it from time to time. 

The location of Tokens: 

For Office 2013: %localappdata%\Microsoft\Office\15.0\Licensing 

For Office 2016: %localappdata%\Microsoft\Office\16.0\Licensing 

Workaround: 

Find the following registry path and delete the affected accounts of the Office profile: 

For Office 2013: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\Identity\Identities 

For Office 2016: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\Identities 

Regards, 

William 

From <https://answers.microsoft.com/en-us/msoffice/forum/all/office-365-shared-computer-activation-not-renewing/7a5153e0-d07e-4238-ab91-849983903aa2>  

Transfer Cache Email address to another PC 

Import or copy the Auto-Complete List to another computer 

Applies To: Outlook for Office 365 Outlook 2016 Outlook 2013 Outlook 2010 Outlook 2007  

The Auto-Complete List is a feature that displays suggestions for names and email addresses as you begin to type them. These suggestions are possible matches from a list of names and email addresses from the email messages that you have sent. 

2016, 2013, 2010 2007  

Outlook 2016, Outlook 2013, and Outlook 2010 store the AutoComplete list entries as a hidden message in your primary message store, in your Microsoft Exchange Server mailbox or in the Outlook Data File (.pst) for your account. To copy the AutoComplete list to and from Outlook 2016, 2013, or 2010, see Copy the AutoComplete list.  

If you want to copy the Auto-Complete List (.nk2) from another computer that was using a POP3 email account or Outlook 2007, you must import the file. See Copy and import an .nk2 file.  

Copy the AutoComplete list 

Step 1: Export the AutoComplete mailbox message 

1. Exit Outlook, and then close Outlook Web Access or Outlook Web App (OWA) on all workstations that are connected to your mailbox. 
2. Download and install MFCMAPI from http://mfcmapi.codeplex.com. 
3. Run mfcmapi.exe. 
4. On the Session menu, click Logon. 
5. If you are prompted for a profile, select the desired profile name, and then click OK. 
6. In the top pane, locate the line that corresponds to your mailbox, and then double-click it. 
7. In the left-side navigation pane, expand Root Container, and then expand Top of Information Store or IPM_SUBTREE. 
8. Right-click the Inbox folder, and then click Open Associated Content Table. This action opens a new MFCMAPI window that contains various properties. 
9. Under the Subject column, right-click the item that has the subject IPM.Configuration.Autocomplete, and then click Export Message. This action opens the Save Message To File window. 
10. In the drop-down list, select MSG file (UNICODE), and then click OK. 
11. Select a folder location to which you want to save the message, and then click Save. Note this location. 

Step 2: Import the AutoComplete mailbox message 

1. Exit Outlook, and then close Outlook Web Access or Outlook Web App (OWA) on all workstations that are connected to your mailbox. 
2. Download and install MFCMAPI from http://mfcmapi.codeplex.com. 
3. Run mfcmapi.exe. 
4. On the Session menu, click Logon. 
5. If you are prompted for a profile, select the desired profile name, and then click OK. 
6. In the top pane, locate the line that corresponds to your mailbox, and then double-click it. 
7. In the left-side navigation pane, expand Root Container, and then expand Top of Information Store or IPM_SUBTREE. 
8. Right-click the Inbox folder, and then click Open Associated Content Table. This action opens a new MFCMAPI window that contains various properties. 
9. To avoid duplicate entries, you must delete the existing AutoComplete message. 

Note: Before you delete the IPM.Configuration.Autocomplete message, you must export the message by using the steps in the “How to export the Auto-Complete cache” section. 

To delete the existing AutoComplete message, follow these steps: 

1. In the Subject column, locate the item that has the subject IPM.Configuration.Autocomplete. 
2. Right-click the item, and then click Delete message. This opens the Delete Item window. 
3. In the drop-down list, select Permanent deletion (deletes to deleted item retention if supported), and then click OK. 

10. On the Folder menu, click Import, and then click From MSG. 
11. Locate the .msg file that you created in step 11 of the “Export the AutoComplete mailbox message” above, and then click OK. 
12. In the Load MSG window that appears, select Load message into current folder in the Load style list, and then click OK. 

The AutoComplete information is imported from the IPM.Configuration.Autocomplete_<hexadecimal code>.msg, where the placeholder<hexadecimal code> represents a long string of numbers and letters.  

Coy and import an .nk2 file 

Step 1: Copy the Auto-Complete file from the old computer 

1. Because the default folder is hidden folder, the easiest way to open the folder is to use the command %APPDATA%\Microsoft\Outlook in the Windows Search box (or, browse to C:\Users\username\AppData\Roaming\Microsoft\Outlook). 
2. In the Outlook folder, find your Auto-Complete List (.nk2) file. 

Note:  By default, file extensions are hidden in Windows. To change whether file extensions are shown, in Window Explorer on the Tools menu (in Windows 7 or Windows Vista, press the ALT key to see the Tools menu), click Folder Options. On the View tab select or clear the Hide extensions for known file types check box. 

3. Copy the file to the new computer. The file is small and can be placed on a removable media such as a USB memory stick.  

Step 2: Copy the Auto-Complete file to the new computer 

1. On the new computer, in Control Panel, click or double-click Mail. 

Mail appears in different Control Panel locations depending on the version of the Microsoft Windows operating system, the Control Panel view selected, and whether a 32- or 64-bit operating system or version of Outlook 2010 is installed. 

The easiest way to locate Mail is to open Control Panel in Windows, and then in the Search box at the top of window, type Mail. In Control Panel for Windows XP, type Mail in the Address box. 

Note:  The Mail icon appears after Outlook starts for the first time. 

2. Click Show Profiles. 
3. Make a note of the name of the profile. You will need to change the .nk2 file name to match the name later. 
4. Copy the .nk2 file to the new computer in the folder in which Outlook configurations are saved. Because the default folder is hidden folder, the easiest way to open the folder is to use the command %APPDATA%\Microsoft\Outlook in the Windows Search box (or, browse to C:\Users\username\AppData\Roaming\Microsoft\Outlook). 
5. After the file is coped to the folder, right-click the file, click Rename, and change the name to match the profile name that appeared in step 3. 

Step 3: Import the Auto-Complete List 

You are now ready to start Outlook and import the file, but you must start Outlook with a special one-time command. 

• Type outlook /importnk2 in the Windows Search box and then press Enter. 

The Auto-Complete List should now have the entries from your other computer when you compose a message and begin typing in the To, Cc, or Bcc boxes.