Archive for win2003

06.04.09

Moving Public Folders

Posted in OS, win2003, powershell at 11:01 am by webmaster

I have come accross the need to move public folder content from one machine to another (This is not a SBS environment.)

There are generally two ways in the Exchange 2007 era you can do this.  If both machines are in the same forest you can use Powershell.  If the machines are not in the same forest (not connected - migration scenerio) you can use Outlook.

Powershell

MoveAllReplicas.ps1 -Server -NewServer

How to Move Public Folder Content from one Public Folder Database to Another Public Folder Database

 

Outlook Method

  1. Use an account on Office Outlook 2003 or 2007 client computer that has administrative rights to log on to a mailbox on the Exchange Server 2007.
  2. In Outlook, on the File menu, click Import And Export. If the menu item is not available, hover your pointer over the chevrons at the bottom of the menu, and then click Import and Export.
  3. Click Export To File, and then click Next.
  4. Click Personal Folder File (.pst) , and then click Next. Click the public folder, check the option “Include Subfolders” and then click Next.
  5. Click the Browse button, and then select the location to save the .pst file.
  6. In the File Name box, type a descriptive file name for the .pst file, and then click OK.
  7. Click Finish.
  8. Log off the Outlook client.
  9. From the Outlook client, use an account that has administrative rights to log on to a mailbox that is homed on the Exchange 2003 computer.
  10. In Outlook, on the File menu, click “Data File Management”
  11. Click Add button, choose “Office Outlook Personal Folder File (.pst)” and click Ok
  12. On the open window, navigate to the PST we just exported.
  13. Choose it and click OK
  14. Then, check the added folder in Outlook.
  15. Drag the folders from the Personal Folders folder to All Public Folders in the Outlook folder list.

08.10.07

Monitoring Software - Inventoring your LAN

Posted in win2003, Windows XP, OS, Vista, SBS2003, Windows Vista at 11:31 pm by webmaster

A recent discussion came up in sbs2k3 Yahoo group about the various software IT Professionals use to inventory their LAN.  Quite a few software packages were brought up that I had never heard of. A summary is included here:

  1. angryip - simple powerful network scanner to obtain IP and MAC address (No install required)
  2. SIW - standalone tool (No install required, technician license available (No install required)
  3. produkey - obtain product keys of software installed on your computer (No install required)
  4. SteelInventory - freeware
  5. SYDI - vbscript
  6. OCS Next Generation Inventory system - open source, (agent install)
  7. spiceworks - web based
  8. Kaseya - Enterprise class
  9. Prodoc - Computer renditions vbscript
  10. Houndog
  11. Network Veiw USB key, not free trial or demo may be available
  12. Loginventory
  13. Portable Utilities for the USB Drive Not sure what this is
  14. SNNP Tools 1, 2, SNMP Informant , webgetif
  15.  Special K
  16. GFI

If these tools are “network aware” you can open up the Windows Firewall to just allow TCP ports 445 and 135 from a specific IP address.

Setting Path:
Computer Configuration/Administrative Templates/Network/Network Connections/Windows Firewall/Domain Profile
Windows Firewall: Allow remote administration exception

 

07.27.07

Root Certificate Authorties in Windows Products

Posted in win2003, Windows XP, OS, Vista, SBS2003, Windows Vista at 12:51 pm by webmaster

Often the question of what root certificate authrity is supported in a particular product.  This MSDN reference summarizes all root CA’s and the feature set they provide.

07.23.07

Adding a branch office to Small Business Server

Posted in OS, win2003, SBS2003 at 12:19 pm by webmaster

As of this writing there is no known official Microsoft documnets specific to addding a branch office to SBS. 

Defacto Microsoft documentation

  1. Branch Office Guide for Windows Server 2003

Check out these third party references:

  1. SmallBizServer (subscription)
  2. WindowsITPro 

04.17.07

Change domain administrator account on SBS

Posted in OS, win2003, SBS2003 at 10:42 am by webmaster

A question that often gets asked is how to change the domain administrator password on Small Business Server.  I will take this oppurtunity to plug the wealth of information available on the sbs2k3 Yahoo group.  The guys (and gals) over there have come up with this:

 

  1. CTRL-ALT-DEL and change the password
  2. Open services and check for any services running under this account, and reset the password.
  3. Open Scheduled Tasks and check for any tasks running under this account, and reset the password.
  4. Open a command prompt and enter the following to reset the Directory Services Restore password.
  5. Open Command Prompt.
    1. Type the following:
      1. ntdsutil
      2. set DSRM password
      3. reset password on server NULL
    2. Enter the new password.
    3. Type the following:
      1. Quit
      2. Quit
    4. Close Command Prompt.
  6. One final thing you may want to consider doing is to reset any cached passwords for the administrator account on any machines that may have these passwords cached otherwise you may be constantly prompted to enter a password.  Credit and background information here.
    1. Follow these steps to “forget” these passwords
      1. Start –> Settings –> Control Panel
      2. Double click “User Accounts
      3. Select the “Advanced” tab
      4. In the “Passwords and .NET Passports” area click “Manage Passwords”
      5. Remove everything there.
    2. Delete everything in the following two folders:

      C:\Documents and Settings\YOURUSERNAME\Application Data\Microsoft\Credentials
      C:\Documents and Settings\YOURUSERNAME\Local Settings\Application Data\Microsoft\Credential

 

04.14.07

Managing IE7 with group policy

Posted in win2003, IE7, SBS2003, Group Policy at 2:41 pm by webmaster

Want to make IE7 a better user experience for your users?  A simple group policy addition makes it much easier for your users to digest IE7.

The changes I make are:

  1. Display the menu bar
  2. Select some default options for users so they (you) don’t have to select them every time a new profile is created for a user.

You can make other changes if you want to but since IE7 is here to stay and it is not going away we might as well make this change easier for our users.

The steps are very straightforward:

  1. Download the new IE7 group policy settings which are deployed tfrom Microsoft through a .msi file which simply contains an adm file.
  2. Tweak the settings, here is what I have used (YMMV)
    1. Turn Off Managed Phishing Filter     Enabled (Automatic)
    2. Prevent participation in the Customer Experience Improvement Program Enabled
    3. Prevent Performance of first run customization settings   Enabled (Go directly to home page)
    4. Turn on Menu Bar by Default      Enabled

As I stated above, the whole point of this excercise is to provide a “similar” experience to our users for IE7.  This essentially should provide the menu bar for our users and prevent the users from having to answer questions about things they know nothing about anyway.

Want more details on how to do this?  Here is an attempt at a step by step procedure.  Please contact me if there are any errors or ommisions.

  1. Create a new Group Policy Object (GPO).  Lets call it Custom-IE7
    1. Start –> Administrative Tools –> Group Policy Management
    2. Navitage to Forest –> Domains –> Domain Name –> Group Policy Objects
    3. Right Mouse Click (In the right window Pane, select “New”
    4. Type the name ofm your new GPO - “Custom - IE7″
  2. Link the Custom-IE7 GPO to an existing OU.  This OU should contain the computers that you want to “tune” IE7 for.
    1. Find the Organizational Unit (OU) which contains the group of  computers you want to apply these settings to (Use Active Directory Users and Computers)
      1. For example when using SBS 2k3 SP1 or higher I would use Domain –> My Business –> Computers –> SBSComputers
    2. Using the “Group Policy Management” GPM snapin, navigate to the OU selected in the above step, Right Mouse Click in the left window, and select “Link an existing GPO” and then select the “Custom-IE7″ GPO you created previously
  3. Ensure IE7 adm files are loaded into your domain
    1. New Group Policy’s Administrative Templates (.adm files) for IE7 are loaded automatically onto the Domain Controller when a Group Policy is opened from a workstation where IE7 has been installed (I have never used this method)
    2. Download and install “Administrative Templates for Internet Explorer 7 for Windows” manually
      1. Download the templates
      2. Install them
        1. Use the msi installer you just downloaded to install the templates to your server
        2. Using the GPM snapin navigate to “Custom - IE7″ GPO
        3. Select Edit
        4. Click Computer Configuration  –> Administrative Templates
        5. Right-click Administrative Templates, click Add/Remove Templates, and then click Add
        6. navigate to wherever the templates were stored (C:\Program Files\Microsoft Group Policy)
        7. Select “inetres.adm”
        8. Click Yes
        9. Click Close
        10. Now the new IE7 Group policuy settings should be viewable in the GPO
  4. Configure the Custom-IE7 GPO to contain the special IE7 settings we want
    1. Using the GPM snapin navigate to “Custom - IE7″ GPO and Right Mouse Click and select Edit
    2. Navigate to: Computer Configuration –> Administrative Templates –> Windows Components –> Internet Explorer
    3. Modify the following settings
      1. Turn Off Managed Phishing Filter     Enabled (Automatic)
      2. Prevent participation in the Customer Experience Improvement Program Enabled
      3. Prevent Performance of first run customization settings   Enabled (Go directly to home page)
      4. Turn on Menu Bar by Default      Enabled
  5. Use “gpupdate /force” on a workstation to ensure  that your settings get incorporated right away
  6. Use “gpresult > gp.txt && notepad.exe gp.txt” to verify you see your group policy settings on your worksation.

References:

  1. Internet Explorer Deployment Guide (March 2007)
  2. Exploring New Functionality in Internet Explorer (Virtual Lab Doc)

 

02.24.07

VSS hotfixes

Posted in OS, win2003, SBS2003 at 3:24 pm by webmaster

 Note: Update 9/18/07  Susan Bradley created a blog post which includes new updates to changes with VSS updates.  Read here:  http://msmvps.com/blogs/bradley/default.aspx

 

Thanks to Susan Bradley on the sbs2k yahoo group for compiling this list.  If your having VSS issues with backup checkout the following hotfixes.

VSS with MSDE and SQL 2000 k912414

VSS Updates kb913648

NTBackup and VSS kb923628

COM update kb912818 

 

01.20.07

Understanding Security Events in Windows

Posted in OS, win2003, SBS2003 at 4:06 am by webmaster

The good folks over at the sbs2k  Yahhoogroup were discussing how to intrepret security events in the eventlog.  Since I *know* I will need this next week I thought I would take the time to note the nuggets of information posted.

Microsoft Article on Auditing User Authentication

Logon/Logoff codes

 See Security Expert Randy Smith’s plain english encyclopideo on Windows security events

http://www.ultimatewindowssecurity.com/encyclopedia.html

Do you know vbscript?  Want to search the event logs under control of a script?  See a previous article I wrote on this subject. 

Another nice article on Security audit:

http://www.microsoft.com/technet/security/midsizebusiness/topics/serversecurity/attackdetection.mspx

 

 

 

 

09.16.06

Using OWAAdmin on Windows XP SP2 (Enable change password in OWA)

Posted in OS, win2003, SBS2003 at 5:05 pm by webmaster

There are times where you want to enable users to change their passwords remotely.  (You will have to decide if this is a worthwhile security risk for yourself)  This can be done using Exchange Outlook Web Access using SSL. First it is important to understand that the easiest way to manipulate the registry settings for the so-callled OWA hidden features is by installing the OWAadmin utility from Microsoft.  Although this utiliity performs one step in the process of enabled remote password changes you may want to use it for something else.  See Petri’s great article on how to perform this task without installing this software. Please note that some of the documentation I have run accross for doing this is a bit dated so I will attempt to summarize what you need to do assumming a standard install of Windows Server 2003 with Exchange Service Pack 2 or Small Business Server 2003 SP1 (Exchange Service Pack 2).

  1. Windows 2003 Server 2003 SP1 Only Preparation (Not SBS 2003 SP1)
    1. Install IIS (requires Server 2003 media)
    2. Install SMTP
    3. Install NNTP
    4. Install a Certificate Authoity (See Petri’s excellent article on this) 
    5. Ensure OWA is setup to correctly use SSL  (Again See Petri’s excellent article on this) 
  2. Obtain dedicated Windows XP Professional SP2 workstation attached to the domain to use for administrating the OWA settings.  (For example you can’t have outlook installed - apparently there is a conflict)
  3. Install IIS on XP (requires XP media)
  4. Install .net 2.0 framework on XP (Older documentation stated asp.net was required however I did not require it.  I beleive that is because it is part of .net 2 now)
  5. Install adminpak on XP (Note there is a different version for Windows Server 2003 R2 now as well)
  6. Install ESM Admin tools only,  on XP (requires Exchange Media)
  7. Add a virtual directory to Add a virtual directory to IIS not installed by default.
  8. From XP, log on to https://winxpmachine/OWAAdmin/ and look under the security settings for the change password option and set it to yes.

Note that you can set the domain administrator password as well? Look for the new password change setting under OWA –> Options  

06.22.06

Has that tape ejected?

Posted in OS, win2003, SBS2003 at 1:01 am by webmaster

Often you are administering a system and want to know if that tape has ejected or not.

You can use the rsm in manage computer to determine this:

  1. Right click on My Computer, and select Manage.
  2. Under Storage, select removable storage.
  3. Expand libraries
  4. highlight the device which you are interested in.
  5. In the right hand side it will say whether or not there is a tape in the drive, and what the status is.