06.05.09

Windows 2008 Performance Tuning Guide

Posted in OS, SBS2003 at 12:41 am by webmaster

While we are in the era of Windows 2008 (and SBS 2008) we need to consider new operating system tuning guidelines.

For example most partitions are aligned on 1 MByte boundries.  To see what your boundries are use:

 wmic partition get Index, Name, StartingOffset

Permalink Comments off

06.04.09

Moving Public Folders

Posted in OS, win2003, powershell at 11:01 am by webmaster

I have come accross the need to move public folder content from one machine to another (This is not a SBS environment.)

There are generally two ways in the Exchange 2007 era you can do this.  If both machines are in the same forest you can use Powershell.  If the machines are not in the same forest (not connected - migration scenerio) you can use Outlook.

Powershell

MoveAllReplicas.ps1 -Server -NewServer

How to Move Public Folder Content from one Public Folder Database to Another Public Folder Database

Outlook Method

1. Use an account on Office Outlook 2003 or 2007 client computer that has administrative rights to log on to a mailbox on the Exchange Server 2007.
2. In Outlook, on the File menu, click Import And Export. If the menu item is not available, hover your pointer over the chevrons at the bottom of the menu, and then click Import and Export.
3. Click Export To File, and then click Next.
4. Click Personal Folder File (.pst) , and then click Next. Click the public folder, check the option “Include Subfolders” and then click Next.
5. Click the Browse button, and then select the location to save the .pst file.
6. In the File Name box, type a descriptive file name for the .pst file, and then click OK.
7. Click Finish.
8. Log off the Outlook client.
9. From the Outlook client, use an account that has administrative rights to log on to a mailbox that is homed on the Exchange 2003 computer.
10. In Outlook, on the File menu, click “Data File Management”
11. Click Add button, choose “Office Outlook Personal Folder File (.pst)” and click Ok
12. On the open window, navigate to the PST we just exported.
13. Choose it and click OK
14. Then, check the added folder in Outlook.
15. Drag the folders from the Personal Folders folder to All Public Folders in the Outlook folder list.

Permalink Comments off

06.03.09

Microsoft resources on Antivirus Scanning on SBS2008

Posted in OS, sbs2008 at 12:58 pm by webmaster

This is a collection of links that describe Microsoft’s information on AntiVirus scanning in the SBS2008 era.

For Windows 2008, DNS, DHCP

Virus scanning recommendations for computers that are running Windows Server 2008, Windows Server 2003, Windows 2000, Windows XP, or Windows Vista

http://support.microsoft.com/?id=822158
 
 

For Exchange 2007

File-Level Antivirus Scanning on Exchange 2007

http://technet.microsoft.com/en-us/library/bb332342.aspx
 

For SQL 2005

Guidelines for choosing antivirus software to run on the computers that are running SQL Server

http://support.microsoft.com/kb/309422
 

For SharePoint 3.0

Microsoft’s Position on Antivirus Solutions for Microsoft SharePoint Portal Server

http://support.microsoft.com/kb/322941
 

For IIS 7 server, exclude the following folders:
 

1. %systemroot%\system32\inetsrv folder
2. Files that have the .log extension

 Antivirus software may cause IIS to stop unexpectedly

http://support.microsoft.com/kb/821749
 

For WSUS Server
Drive:\MSSQL$WSUS

Drive:\WSUS

(where Drive: is the drive letter where you installed Windows Software Update Services)

Permalink Comments off

06.02.09

BackupExec 10D and above on SBS 2003

Posted in OS, sbs2008 at 5:58 pm by webmaster

At all my Backup Exec 10D and above installs on SBS 2003 I am now creating two separate backup jobs to work around the issue of a compatibility problem when backuping up Exchange and System State at the same time.

1. The first backup job with AOFO which backs up everything but exchange
2. The second backup job without the AOFO on scheduled 30 minutes later, set to append to the tape that backs up Exchange

Note the following version is the most recent version of BackupExec available both released may 15, 2009:

BEWS_12.5.2213A_32BIT_VERSION.zip    12.5.2213A  557,764,568
BEWS_12.5.2213A_64BIT_VERSION.zip    12.5.2213A  597,707,883

Symatec article on the issue.

Consult the Administrators Guide and all the Best Practices Guides for all of the gory details.  I found the Advanced Open File Option Best Practice Guide especially helpfull.

Permalink Comments off

06.01.09

Isolated Sharepoint site on SBS2008

Posted in OS, sbs2008 at 7:30 pm by webmaster

There are many applications that call for having the ability to have users share information in Sharepoint both internally and externally to organizations.  It is very easy to setup this ability within Small Business Server 2008 and to provide isolation from the rest of the network resources as well.  (The same concept can also be done in SBS2003 but it is done a bit differently)

The first step is to ensure you are currently licensed for the number of users you are going to be using. 

The second step is create your users and to tweak them so they do not have access to your other resources:

1. Create new user using SBS Console
   
1. Users and Groups
2. Add a new User
1. First name
2. Last name
3. Username
4. Email Address (I add an external contact and forward later on)
5. Standard User
   
3. Type Strong Password
4. Add User
5. Do not allocate a computer just click finish
   
2. Edit Account Properties
   
1. Highlight User
2. Edit User Account Properties
3. Remove “Disable User can access RWW” on Remote Access menu
1. Groups
   
2. Remove “Sharepoint Membership Group” on Groups menu
   
3. Remove OWA from websites menu

    The third step is to create a new Sharepoint site with unique permissions.

   1. Login as Administrator

   2. Navigate to companyweb in browser

   3. Create a new Sharepoint Site with limited rights

   1. Companyweb  –> Site Actions –> Create
   2. Sites and Workspace
   1. Name                                    mysite

   2. Description                           Mysite Description

   3. URL                                        https://remote.DN:987/mysite

   4. Document Workspace

   5. Permissions                          Use Unique Permmisions

   6. Nav                                        No        

   7.                                               Yes

   8. Nav inheritance                     No

   3. I prefer to create a seperate visitors groups so the site can be totally independant of all other sites/settings
   1. Visitors                                  Mysite Visitors
   2. Members                               MysiteMembers
   3. Owners                                 MysiteOwners
   4. Access the site https://remote.DN:987/mysite

   That should do it.

Permalink Comments off

05.20.09

Issue with Symantec Endpoint Protection

Posted in OS, SAV, sbs2008 at 10:05 pm by webmaster

There have been issues reported issues with SEP 11MR4 MP1 and prior.  The issue definately affects SBS2008 (64 bit) when you deploy Network Threat Protection. 

Network Threat Protection is the firewall part of the Symantec suite.  I always deploy with the Microsft Windows firewall anyway because of the benefits of configuration via group policy so I have never seen the issue.

SEP 11 MR4 MP2 became available in North America on May 19, 2009.

Permalink Comments off

05.05.09

Exchange Server 2007 Content Filter log file

Posted in OS, Exchange, sbs2008 at 11:07 am by webmaster

The default configuration of SBS 2008, will by default reject email based on the SCL rating of a particular email. 

One option is to turn Content Filtering Off and use a cloud based email filtering engine. 

Another option is to tune the Content Filter settings so that it will throw potential junk email into a Junk Mail folder in Outlook.  You can still reject the more obvious Junk Mail.  There is also a SBS Blog post on this topic.  If you are like me though, you want to know what (if any) mail is rejected.  Exchange 2007 has a log file that logs what the Content Filter does with a mail message (not limited to the content filter).

You can peruse the log file located at %programfiles%\Microsoft\Exchange Server\TransportRoles\Logs\AgentLog to see why a message was rejected.

Kudos to the Microsoft Managed Newsgroup team for pointing this out.   Now it would be cool to find the time to write a custom alert for this one.

Permalink Comments off

05.02.09

Eventid 10016 on SBS2008

Posted in OS, sbs2008 at 11:28 pm by webmaster

Not sure why Microsoft was unable not fix the 10016 errors in the event log as we saw this very early in the beta.

To fix this perform the following steps (It’s a DCom issue):

1. Administrative Tools –> Component Services
2. Expand Component Services –> Computers –> My Computer –> DCOM Config
3. Find the IIS WAMREG Admin Service
4. Right click –> Properties –> Security tab
5. Launch and Activation Permissions –> Edit
6. Add the Network Service user
7. Add Local Activation rights
8. OK
9. OK
10. Close Component Services
11. Reboot Server 

Permalink Comments off

03.11.09

Adobe Vulnerabilities in Flash and Reader Acrobat (Feb 2009)

Posted in OS, Windows XP at 6:07 pm by webmaster

There are exploits that can perform malicious activities on your computer (such as install software).  This is the vulnerabilty as published by Adobe.   http://www.adobe.com/support/security/bulletins/apsb09-01.html
 Adobe released an update to their Flash player that prevents this malicious activity.  Take steps to ensure your Flash player(s) is/are up to date.  The vulnerability affects all Flash players prior to 10.0.12.36.  Please visit the following URL to check which version of Flash Player you have and to get an older version updated: http://www.adobe.com/software/flash/about/