Google Vault: Are shared files discoverable?

Google Vault: Are off domain shared files discoverable in Vault?

Recently a question about Google Vault was put to me in the G Suite product forums where I contribute under Google's Product Experts Program.

We are setting up Google Vault for our organization. Using me as an example, say my wife, who not a part of our organization but who has a personal Google account, shares a Google Doc for a household grocery list with me at my work address. Are you saying that that document would be then searchable by Vault administrators, since it was shared to my work account? [link]

Normally Google's Help Center is the place to go for most answers, but I was unable to find an article that covers this specific question. This article goes close but does specifically talk about the drive content owned by an off domain user.

So how does Vault handle this?

Testing

Test #1: Discover shared Drive content by off domain owner.

1. Login as a consumer gmail account.
2. Create a Google Doc
3. Share it directly with a G Suite user in a domain with Vault enabled.
4. Login as G Suite user and confirm I can view the shared file.
5. Login in as an Admin to Vault and search for the Google Doc.

Test #1 Result: Files shared by off domain user (owned) are discoverable in Vault.

Test #2: Discover unshared content by off domain owner.

1. Login as a consumer gmail account.
2. unshare the above Google Doc
3. Login as G Suite user and confirm I cannot view the shared file.
4. Login in as an Admin to Vault and search for the Google Doc.

Test #2 Result: Files unshared by off domain user (owned) are no longer discoverable in Vault.

Test #3: Discover publicly shared Drive content by off domain owner.

1. Login as a consumer gmail account.
2. Create a Google Doc
3. Share it publicly (link).
4. Login as G Suite user and use the link to confirm I can view the shared file.
5. Login in as an Admin to Vault and search for the Google Doc.

Test #3 Result: Files shared publicly (by link) by an off domain user (owned) are not discoverable in Vault.

Test #4: Discover publicly shared Drive content by off domain owner and "Add to My Drive..."

1. Login as a consumer gmail account.
2. Create a Google Doc
3. Share it publicly (link).
4. Login as G Suite user and use the link to confirm I can view the shared file.
5. Add the Doc to "My Drive" via the "Add to My Drive..." Option
   
6. Login in as an Admin to Vault and search for the Google Doc.

Test #4 Result: Files shared publicly (by link) by an off domain user (owned) are discoverable in Vault, if the G Suite user adds the file to their Drive .

Test #5: Discover publicly unshared content by off domain owner after it's removed from My Drive.

1. Login as G Suite user, select the Doc and "Remove from my Drive".
2. Login in as an Admin to Vault and search for the Google Doc.

Test #5 Result: Files are not discoverable in Vault.

Summary

Key findings:

• Files owned by users outside the domain and shared directly with G Suite users are discoverable.
• Discovery is only possible while sharing remains enabled.
• If the owner revokes the sharing, discovery is no longer possible.
• Files publicly shared, must be added via "Add to My Drive" for discovery to work.
• Removing the file from "My Drive", will stop discovery.

Considerations:

1. Vault will not provide visibility to data leakage via files owned by off domain users.
   
   Potentially a malicious actor could establish a Google consumer account, create and share a file with an G Suite user. Then dump data into that file and unshare, without Vault showing a record of that.
   
2.  External parties sharing Drive files or Google Docs with G Suite users must be aware G Suite admins can access via Vault. 

Office 365 Exchange online Outbound email blocked by Spamhaus (CBL)

Seems MS can't give a straight answer, but users on some trials are reporting difficulties with sending email (internal and external) due to transport restrictions enforced by MS.

MS uses the Spamhaus CBL to match IP in the header of the sending device. X-Originating-IP

Generally block lists are used for abusive SMTP/email servers, but MS are using it against Exchange clients (Outlook / Active Sync and OWA). Presumably to kerb spammers abusing the trial.

Error

Resulting in a NDR

Remote Server returned '550 5.7.501 Service unavailable, Client host blocked using Spamhaus. To request removal from this list see http://www.spamhaus.org/lookup.lasso (AS16042849)'

The NDR will contain the IP of the actual device where the message was generated, not the Exchnage server IP, as it the case with some other platforms.

X-Originating-IP: [1.125.48.104]

The Fix:

Modify the default connection filter to allow these IP's

• Use the EAC to edit the default connection filter policy - detailed here
• Use powershell to add multiple (max 1273) subnets (max subnet size /24)

PS> $UserCredential = Get-Credential

PS> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection


PS> $sn=@{Add="1.124.0.0/24",
"1.124.1.0/24",
"1.124.2.0/24",
...<snip>...
"1.127.255.0/24"}

PS> Set-HostedConnectionFilterPolicy “Default” –IPAllowList $null
PS> Set-HostedConnectionFilterPolicy “Default” –IPAllowList $sn

Links

Telstra Mobile IP's - http://wq.apnic.net/apnic-bin/whois....AINTERNET49-AU
Powershell command ref above - https://technet.microsoft.com/en-us/...xchg.160).aspx
EAC - IPAllowList Limits - https://technet.microsoft.com/en-us/...or=-2147217396

Full script - https://pastebin.com/3wkGF7Gx

Goodbye Map Maker Hello Local Guides

Map maker maybe gone...

but here is Google Maps - Local Guides

Anyone can be a Local Guide. Bring friends when you enjoy a meal, go on a hike or explore your neighbourhood. Don't forget to take pictures and review exciting new finds.

Spread the love, get some back

As a Local Guide, you’ll help others explore the world and get great benefits in return. It’s a win-win. Every place you improve on Google Maps earns you points toward unlocking something new.

Get started Now

Logitech Formula Force Drivers for Windows 10 64 Bit (x64)

Almost 20 years on, the Logitech Wingman Formula Force still works in windows. Released around the time USB was just arriving on the market, these robust wheels date from back in 1998.

Logitech discontinued driver development in 2006, however Saitek did release a 64bit driver based on the Immersion SDK. A primitive Force feedback design by today's standards, but it still works with most modern games.

This driver was adapted by Sly_North from the below Saitek source. 

To breath a new bit of life into the Logitech Wingman Formula Force, here is a Windows 10 Driver (signed) that will permit installation into Win10 x64 bit without the need to disable driver signing.

UPDATE [Jan 2020] - This driver no longer installs on fresh Windows 10 OS. This is due to MS changing signing requirements under fresh installs in Windows 10. The below driver is signed with SHA-1, which is no longer trusted, thus not supported in newer releases of Windows 10. I'm looking for a volunteer to re-sign these driver with SHA256 as per Practical Windows Code and Driver Signing

Enjoy!

Logitech Formula Force E-UA2 Windows7 8 10 64bits signed (updated 9/5/19)

Mirror

SHA256 C132B429B25D1AC0186C65A699FE6AC3131827E3E13297E8F507325B2B31B047

Saitek Source (updated 9/5/19)

Mirror

SHA256 ECC4B98757FFBF53501A7D239CE3FA3B4D05B9543F091CA156D9EDE1ED44DB6F

Credits: Leshcat of leshcatlabs.net for signing the drivers to make this happen and to Sly_North for the original Saitek driver mod. (http://web.archive.org/web/20160102083612/http://forums.logitech.com/t5/Logitech-G-Controllers/Wingman-Formula-Force-and-Windows-7-x64/td-p/428223?nobounce)

Automatically purge email from Gmail.

Here's a quick script I've knocked up that will purge/permanently email on a schedule that have a particular label and are in the trash/bin.

Make a copy of the script. Edit the parameters as required.

/*
  ****************************************************************************
  Name:PurgeGmail
  Version 1.01
  Date: 30/9/16
  Description: Script that will run automatically and permanently mail message
               based on a label + Bin 
  Author: Rob Ardill - G Guite Top Contributor
  Credits: Based on script http://www.labnol.org/internet/gmail-auto-purge/27605/
  Requires: Advanced Google Services + Gmail API enabled
  
  **************************** !!! IMPORTANT !!! ******************************
  
                     THIS SCRIPT WILL PERMANENTLY DELETE EMAIL.
                     NO WARRANTY PROVIDED OR LIABILITY ACCEPTED
                     INCORRECT USE OF THIS SCRIPT CAN LEAD TO LOSS
                     OF EMAIL!
  
  ****************************************************************************

INSTRUCTIONS
  
  1. Update the values of the field GMAIL_LABEL.
  2. Go to Resource -> Advanced Google Services and enable Gmail API.
  3. Go to Run -> Initialize and authorize the script.
  4. Go to Run -> Install to install the script.
  
  Follwign step 4, the script will now be active and will run every day at 1am permanently removing any email that is in the trasb/bin and with the GMAIL_LABEL.
  If there are more than 100 items to remove it will do so in batches of 100 every 2 minutes.
  
  * If you want the script to run more frequently, you can adjust the trigger in the Function Install()
  
MANUAL USE
  
  To manually run the script follow the above steps 1 to 3, then Go to Run -> purgeGmail
  
UNINSTALL

  To unistall the script go to Run -> Uninstall to stop the purging script anytime.

*/

https://script.google.com/d/1cyYaIvxV038OB4QRYU0gisLhJVADQi4EHE2QaGYnBdI1ImD0YmKnc16G/edit?usp=sharing

PrimalForms CE - Community Edition (Free)

Sapien make some great tools and this is no exception. PrimalForms Community Edition is a Free version that has limited functionality.

I've used this for several OSS projects and it covers the essentials. The link on Sapien sites no longer works so below is a alternative link I've found. This version is 1.0.9.0 but an version 1.0.10 was released also according to the blog. Only obvious change is it adds a start page.

Update: Unfortunately Sapien or one of their representatives has mistakenly slapped DMCA on this link for the free edition and I've removed it, rather than fight it.  You can certainly find it via Google or ask the right person ;-)

Details
Version 1.0.9.0 
Filename: PrimalFormsCE.exe
Signed By: Sapien Technologies, Inc.
File size: 4,689,920 bytes
MD5:A4C4AF9A49423133AA8AB4A7C5745C10
SHA1: B6DD673290F4DED363BD3A6B5787A5332BCC79A6
SHA256:F4BB718BAC1C1E309F92EF465702E933179D195217C3CE51B99E4936AEA1F8A7

Version 1.0.1.0 was released, but I'm yet to find a copy of it.

"Path too long" when trying to delete folder - Robocopy to the rescue

One of the many long running mysteries of Windows, is why it's possible to create deep nested directories/files (>256 characters), but not be able to delete/navigate them.

Deep nested (long) directory path, most often manifest around the use of shared folders or the subst command and it can be a hassle to deal with.

There's a few tools around that are designed to target this exact problem, but hiding on everyone system* is a great little program called Robocopy that is primarily designed for copying files. However it can be used to delete them as well.

Here's how you can delete those path too long directories easily, using a single robocopy command.

• Create an Empty directory
• Open a command prompt (cmd.exe) - Elevate if necessary.
• Open the Start menu and type "cmd".
• Right click the shortcut and select "Run as administrator" 
• At the command prompt type "robocopy /PURGE <path-to-empty-directory>  <path-to-long-directory>.
  Double check the paths, else risk deleting the wrong files/directory
• Hit Enter to start the process.

* Robocopy comes standard with Vista and above operating systems. If you are running XP or older, then you can obtain Robocopy as a part of the  Windows Server 2003 Resource Kit Tools