Microsoft

How to dynamically create security-enhanced redirected folders by using folder redirection in Windows 2000 and in Windows Server 2003

Feb 18th

Posted by Wahid in Active Directory

No comments

In Microsoft Windows 2000 and in Microsoft Windows Server 2003, as an administrator, you can customize desktops by using Folder Redirection. You can redirect the following folders by using Active Directory and Group Policy:

  • Application Data
  • Desktop
  • My Documents
  • My Documents/My Pictures
  • Start Menu

You can find more information about Folder Redirection by searching Windows Help for Folder Redirection.

When you redirect folders to a shared location on a network, users need both read and write access to this location so that the users can read the contents these folders. However, in some scenarios, you may not want to grant read access.


Create security-enhanced redirected folders


To make sure that only the user and the domain administrators have permissions to open a particular redirected folder, do the following:

  1. Select a central location in your environment where you would like to store Folder Redirection, and then share this folder. In this example, FLDREDIR is used.
  2. Set Share Permissions for the Everyone group to Full Control.
  3. Use the following settings for NTFS Permissions:
    • CREATOR OWNER – Full Control (Apply onto: Subfolders and Files Only)
    • System – Full Control (Apply onto: This Folder, Subfolders and Files)
    • Domain Admins – Full Control (Apply onto: This Folder, Subfolders and Files)
    • Everyone – Create Folder/Append Data (Apply onto: This Folder Only)
    • Everyone – List Folder/Read Data (Apply onto: This Folder Only)
    • Everyone – Read Attributes (Apply onto: This Folder Only)
    • Everyone – Traverse Folder/Execute File (Apply onto: This Folder Only)
  4. Configure Folder Redirection Policy as outlined in Windows Help. Use a path similar to \\server\FLDREDIR\username to create a folder under the shared folder, FLDREDIR.

Because the Everyone group has the Create Folder/Append Data right, the group members have the proper permissions to create the folder; however, the members are not able to read the data afterwards. The Username group is the name of the user that was logged on when you created the folder. Because the folder is a child of the parent folder, it inherits the permissions that you assigned to FLDREDIR. Also, because the user is creating the folder, the user gains full control of the folder because of the Creator Owner Permission setting.

, , , , ,

Tuning DNS Caching under Microsoft Windows

Feb 18th

Posted by Wahid in DNS

No comments

You can modify the behavior of the Microsoft Windows DNS caching algorithm by setting two registry entries in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters registry key.

The MaxCacheTtl represents the maximum time that the results of a DNS lookup will be cached. The default value is 86,400 seconds. If you set this value to 1, DNS entries will only be cashed for a single second.

MaxNegativeCacheTtl represents the maximim time that the results of a failed DNS lookup will be cached. The default value is 900 seconds. If you set this value to 0, failed DNS lookups will not be cached.

, , , ,

Turning off DNS Caching under Microsoft Windows

Feb 18th

Posted by Wahid in DNS

No comments

If you experience frequent issues with DNS caching under Microsoft Windows , you can disable client-side DNS caching with either of these two commands:

1. net stop dnscache
2. sc servername stop dnscache

This will disable DNS caching until the next reboot. To make the change permanent, use the Service Controller tool or the Services tool to set the DNS Client service startup type to Disabled.

, , , ,

How do I Flush DNS?

Feb 18th

Posted by Wahid in DNS

No comments

Most DNS clients cache the results of name resolution requests. This speeds up name resolution if multiple lookups are done to the same address, such as is common when browsing the web. Sometimes a bad DNS entry will be cached and you will need to either flush the DNS cache to get rid of it, or wait up to 24 hours for it to be dropped from the cache automatically.

In Microsoft Windows, you can use the command ipconfig /flushdns to flush the DNS resolver cache:
C:\>ipconfig /flushdns
Windows IP Configuration Successfully flushed the DNS Resolver Cache.

You can also use the command ipconfig /displaydns to view the DNS resolver cache.

, ,

How to use one Mailbox Manager recipient policy to move items to the Deleted Items folder and then to delete the items

Feb 18th

Posted by Wahid in Exchange

No comments

Problem description


In Exchange 2000 and in Exchange 2003, a customer wanted to use one Mailbox Manager recipient policy to move items to the Deleted Items folder after 30 days. Additionally, the customer wanted a second Mailbox Manager recipient policy to delete the items from the Deleted Items folder after five days. By design, only the highest priority recipient policy is applied. Therefore, if two recipient policies are created, only the first recipient policy is evaluated.

Solution

In Exchange System Manager, create one Mailbox Manager recipient policy to perform both actions. To do this, follow these steps:

  1. Specify the action to “move items to the Deleted Items folder” from any specified folders. This forces the items to be moved to the Deleted Items folder.
  2. In the same policy, set the Age Limit for the Deleted Items folder. This forces Mailbox Manager to delete the items that have reached the age limit that is specified for the Deleted Items folder.

This behavior occurs because the items that are moved to the Deleted Items folder cannot be moved to another folder. Instead, the items are deleted.

, , ,

How to use recipient policies to control mailboxes in Exchange 2000 and Exchange 2003

Feb 18th

Posted by Wahid in Exchange

1 comment

You can use recipient policies to control e-mail address settings and to manage mailboxes. This step-by-step article describes how to use the recipient policies feature of Mailbox Manager to automatically process the contents of users’ mailboxes. Recipient policies come with preconfigurable options, including e-mail notification and automatic deletion of unwanted messages.
Requirements

The following list outlines the recommended hardware, software, network infrastructure, and service packs that you must have:

Microsoft Exchange 2000 Server

  • Microsoft Windows 2000 Server with Service Pack 2 (SP2)
  • Active Directory
  • Exchange Server 2000 with Service Pack 1 (SP1)

Note The Mailbox Manager feature is available only after you apply Service Pack 1 (SP1) or later for Exchange 2000 Server.

Microsoft Exchange Server 2003

  • Microsoft Windows 2000 Server with Service Pack 3 (SP3)
  • Active Directory
  • Exchange Server 2003
  • Exchange Server 2000 with Service Pack 1 (SP1)

This article assumes that you are familiar with the following topics:

  • Exchange System Manager
  • Recipient Update Service
  • The mailbox sizes that your users require to perform their jobs

Note For more information about how to use the Recipient Update Service in Exchange 2000, see the REFERENCES section.


A description of the Mailbox Manager recipient policy functionality


Mailbox management recipient policies are a set of configurable rules that run on a schedule and that evaluate the mailboxes on the local server. The policy uses rules to filter all the recipient objects and to selectively apply mailbox management settings to messages in folders that go past the limit of the predefined rules.

The mailbox management process detects folders in a mailbox that contain messages larger than a certain size. If a message remains in a folder after a predefined time has passed (by default, 30 days), a number of predefined actions can be taken, including the following:

  • Generate a report only and send the report to the mailbox owner.
  • Move the message to the Deleted Items folder.
  • Move the message to System Cleanup folders.
  • Delete the message immediately.

Note Use caution when you use the Delete the message immediately option, because users may have to recover their messages.

If you use recipient policies, it is easy to apply or revise the rules. You do not have to reconfigure settings individually on each object. You can also change recipient policy priority levels to change the way that multiple policies are adjusted.

Note There is no default recipient policy for mailbox management (unlike the e-mail recipient policies). However, you can add the required property page to the default recipient policy if you want to create a mailbox management policy that applies to all recipients.

Policies are applied according to the schedule that you set up on each server. This prevents mailbox management from running on all servers in the organization at the same time. However, you can force a manual update if you want a recipient policy to apply immediately.

Note Like e-mail recipient policies, the highest priority recipient policy that applies to an Exchange Server object is the effective policy. Lower priority policies are no longer evaluated after a match has been made.

Use recipient policies for mailbox management

When you use mailbox management recipient policies, you can configure a filter rule that specifies the subset of messaging-enabled objects that the recipient policy applies to. The recipient policy is then applied to objects that match the filter conditions. This is useful when you have a subset of users who have different storage requirements. For example, there may be a technical author in your organization who regularly sends out very large attachments that must be stored. You can use a less restrictive mailbox management policy for this user. Note You can configure mailbox storage limits to obtain a similar result. However, make sure that you note the following differences between mailbox storage limits and mailbox management recipient policies:

  • Mailbox storage limits limit the total size of the mailbox.
  • Mailbox management recipient policies limit messages over a certain size.

For more information about how to configure storage limits, click the following article number to view the article in the Microsoft Knowledge Base:

319583  (http://support.microsoft.com/kb/319583/ ) How to configure storage limits on mailboxes in Exchange 2000
Create a mailbox management recipient policy


Note Before you create a new recipient mailbox management policy, you must determine the following:

  • What limits you want the policy to enforce.
  • What group you want the policy to control.
  • How you want the policy to handle messages that go past policy limits.

The following procedure configures a mailbox limit for users in the accounts department of a test environment.

To create a mailbox management recipient policy, follow these steps:

  1. Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.
  2. In the left pane of Exchange System Manager, expand the Recipients object, right-click Recipient Policies, point to New, and then click Recipient Policy.The New Policy dialog box appears.
  3. Click to select the Mailbox Manager Settings check box, and then click OK.Note If you do not see the option for Mailbox Manager Settings, reapply the Exchange service pack. It may not have been correctly applied.
  4. The Properties dialog box appears. Type a name for the recipient policy in the Name box.Note We recommend that you use a descriptive name, such as “Accounts Department Mailbox Settings.”
  5. Click Modify.The Find Exchange Recipients dialog box appears.
  6. Click the General tab. In this example, mailbox management settings apply only to accounts that have an Exchange mailbox. Therefore, click to clear the Users with external e-mail addresses check box, the Groups check box, the Contacts check box, and the Public Folders check box to exclude these groups from the recipient policy.
  7. Click the Storage tab to configure mailbox management recipient policies that are specific to a particular Exchange 2000 computer. Then, do one of the following:
    • Click Mailboxes on this server, and then click Browse. The Select Exchange Server list box appears. Select the server that you want to use, and then click OK.
    • Click Mailboxes in this mailbox store, click Browse to search for a store, and then click OK.
  8. Click the Advanced tab, and then click Field. You can now select any of the following options:
    • User
    • Contact
    • Group
    • Public Folder
  9. For this example, click User, and then click Department to select Department in the field value.
  10. Under Condition, click any of the following:
    • Starts with
    • Ends with
    • Is (exactly)
    • Is not
    • Present
    • Not present
  11. If you click Starts with, Ends with, Is (exactly), or Is not as your condition, type a value in the Value field. For example, click Is (exactly), and then type Accounts to find all employees who work for the accounts department.
  12. Click Add to add the condition to the list.Note You can add additional conditions, but remember that all conditions must be true for a match to be displayed.
  13. After you have finished adding conditions, click Find Now.Any matches to the conditions are displayed in the new list that appears in the Find Exchange Recipients dialog box.
  14. If the list displays the correct users for this recipient policy, click OK. If not, revise the search conditions until your search displays the correct users for this recipient policy.
  15. Click OK. You receive the following message:
    When a recipient policy filter changes it does not mean that proxy addresses for recipients who may no longer be under the control of the policy will be automatically re-evaluated. For these recipients to receive proxies from the new policies that they belong to, use ‘Apply this policy now’ on the policies that now affect these recipients.

    This message does not affect mailbox management recipient policies. Click OK.

  16. Under Filter rules, the LDAP filter statement shows the current filter rule. Click the Mailbox Manager Settings (Policy) tab.Note If the Mailbox Manager Settings (Policy) tab is not available after you apply Exchange 2000 Server SP1, right-click the recipient policy, click Change Property Pages, and then click to select the Mailbox Manager Settings check box.
  17. Under When processing a mailbox, click one of the following options for handling messages that go past the policy limits:
    • Generate report only
    • Move items to Deleted Items folder
    • Move to System Cleanup folder
    • Delete immediatelyNote Use caution when you use the Delete the message immediately option on folders, because users may have to recover their messages.
  18. In the list of folders, select the folder that you want to configure, and then click Edit.
  19. In the Folder Retention Settings dialog box, type an age limit when you want the selected processing action to occur, specify a size limit for the messages that you want the action to apply to, and then click OK.For example, if you type 90 and 2048, all messages that are older than 90 days and over 2 megabytes (MB) are processed.
  20. Repeat steps 18 and 19 for each folder in the list that you want to configure.
  21. Click Send notification mail to users after processing if you want to send users an e-mail message notifying them when their mailboxes have been processed. Click Message to edit the notification message.
  22. Click the Insert the number of messages processed check box if you want a summary of the number of oversize messages processed. Click OK to return to the Properties dialog box.
  23. If you want to exclude certain message classes (for example, to prevent the processing task reports), click the Exclude specific message classes box, and then click Customize. The Message Classes dialog box appears. Type a message class in the Exclude Message Classes field. For example, type IPM.Task, and then click Add. Add all the classes you want to exclude.Message class types include:
    • Calendar IPM.Appointment
    • Contacts IPM.Contact
    • Inbox IPM.Note
    • Journal IPM.Activity
    • Notes IPM.StickyNote
    • Tasks IPM.Task
    • Meeting Requests IPM.Schedule.Meeting.Request

    For a full list of message classes, visit the following Microsoft Web site:
    http://msdn2.microsoft.com/en-us/library/aa262246(office.10).aspx (http://msdn2.microsoft.com/en-us/library/aa262246(office.10).aspx)

  24. After you have finished adding message classes, click OK to return to the Properties dialog box.
  25. Click OK to close the Properties dialog box.The new mailbox management recipient policy is displayed in the right pane in Exchange System Manager.
Configure mailbox management at the server level

To schedule the day and time when a policy will run, change the settings at a server level. To do this, follow these steps:

  1. Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.
  2. In the left pane of Exchange System Manager, expand the Servers object.
  3. Right-click the computer that you want to configure, and then click Properties. The Servername Properties dialog box appears.
  4. Click the Mailbox Management tab to display the current settings.
  5. Under Start mailbox management process, do one of the following:
    • Click the drop-down list to select a time for the mailbox management to run.
    • Click Customize, click a day in the left column, and then click a time on the top row. After you select the times that you want, click OK.
  6. Click Reporting to select the type of report (either a detailed report or a summary) to create when mailboxes are processed. You must also select a recipient to receive the reports. Click Browse, select a recipient, and then click OK. Note You cannot send reports to distribution lists.
  7. Click OK to accept the mailbox management settings.
Manually run mailbox management


To run mailbox management immediately, follow these steps:

  1. Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.
  2. In the left pane of Exchange System Manager, expand the Servers object.
  3. Right-click the computer that you want to process, and then click Start Mailbox Management Process.Mailbox management starts after a short delay, depending on the current resource utilization on that computer.

Note Avoid using the mailbox management process when the system is busy, because this may affect server performance.

Confirm that your new mailbox management policy works correctly


To confirm that your new mailbox management policy works, follow these steps:

  1. Create a test Exchange user account.
  2. Configure the filter rule so that the recipient policy applies only to the test account.
  3. Import old and large messages to the test account.
  4. Run the mailbox management process manually from the server.

If your new mailbox management policy works, messages are moved according to the policy settings, and you receive the notification message as configured in the policy. Note Mailbox Manager does not process mailboxes in the priority order that the mailbox management recipient policies are applied. When Mailbox Manager runs, it iterates through all the private stores on the server, and then iterates through all the mailboxes in each store. Each mailbox is cleaned based on the recipient policy that is applied to the user object for that mailbox in the Active Directory directory service by the Recipient Update Service. The order or priority of the recipient policies does not affect the order that the mailboxes are processed

Troubleshooting


The most common errors that occur when you use recipient policies to control mailboxes occur because of incorrectly configured filters. For example, if you configure Mailbox Manager to send detailed reports or summary reports to the administrator’s mailbox after mailbox management is complete, when you start the mailbox cleanup process manually or the mailbox cleanup process starts according to its schedule, an administrative report may not be generated. Confirm that the filters are configured correctly by following the steps in the Create a mailbox management recipient policy section. Make sure that the filter produces the expected results when you click Find Now in the Find Exchange Recipients dialog box.

Another common issue occurs when policies do not apply as you expect. This can be caused by overlapping policies. Only one mailbox recipient policy can be applied to each user. If you have more than one recipient policy applied to a user, make sure that the recipient policy membership does not overlap. If two mailbox recipient policies are applied to the same user, the priority of the recipient policies determines which recipient policy is used.

, , , , ,

How to change Mailbox store path at existing user profile in AD?

Feb 18th

Posted by Wahid in Exchange

No comments

Solution: Make sure the user is not connected with the Mailbox that you want to move
Now follow the steps below:

1)Right Click the AD user and select Exchange Tasks
2)Click Next on the Welcome screen
3)Highlight “Move Mailbox” and click next
4)Select the correct Server and Mailbox Store and click next
5)Wait for the move and follow the on screen instructions

, , , , ,

Save queries in Windows Server 2003’s Active Directory Users and Computers tool

Dec 22nd

Posted by Wahid in Active Directory

No comments

Windows Server 2003 administrators can’t live without the Active Directory Users and Computers tool. Here’s a quick look at the saved queries portion of the tool, which allows you to save and reuse lookups for different Active Directory (AD) objects. The ability to reuse queries can save time and speed up the process of locating objects within your AD environment.

The Active Directory Users and Computers tool is included in the AD implementation used by Windows Server 2003. The following steps will help in saving AD queries:

  1. Open Active Directory Users And Computers.
  2. Right-click the Saved Queries folder in the left pane of the window.
  3. Select New and choose Query.
  4. Enter a name and description for your saved query. (The description is optional, but it can help you remember what the query is looking for if you ever need to revisit the query definition.)
  5. Click the Define Query button, which will open the Common Queries window. (You’ll find that Microsoft has created a few predefined queries to assist you in finding certain objects. For this example, we will create our own query to find any users whose last names are similar to Miller.)
  6. In the Find box, select Users, Contacts, And Groups.
  7. Select the Advanced tab.
  8. Click the Field button, select User, and then select Last Name.
  9. For an operator in the center list box, select Is Like.
  10. Enter Miller or Mille* in the final text box on the row and click Add.
  11. Click OK in the Define Query window to return to the New Query window. (In the New Query window, you can also choose to include sub containers. Selecting this will search in any child organizational units or container objects for things that meet the conditions of the query you created.)
  12. Click OK to close the New Query window and return to Active Directory Users And Computers.

Your query will appear saved beneath Saved Queries in the left pane of the console. To execute the query, right-click it and choose Refresh. If you select the query without refreshing, the results from the last time you ran the query will appear.

This method does not circumvent or remove the need for Active Directory Users and Computers, but it may make it a little more useful. Remember that you can create truly custom queries for all of the AD object properties in your environment.

How to configure a mailbox to forward mail to a mail-enabled contact

Dec 22nd

Posted by Wahid in Exchange

No comments

This article describes how to configure a mailbox to forward mail to either a mail-enabled contact (a custom recipient in Exchange Server 5.5) or another mailbox on an Exchange 2000 computer or on an Exchange Server 2003 computer.

Note This procedure must be performed on a computer that is running both Exchange System Manager and the Active Directory Users and Computers snap-in. The Exchange Server-specific options are not available if the computer is not running the DLL files that are installed with Exchange System Manager.

The procedure is divided into two separate sections. If you are only going to be forwarding mail from one Exchange 2000 or Exchange 2003 mailbox or user to another Exchange 2000 or Exchange 2003 mailbox user, you do not have to complete the following first or second sections.

How to create a contact

1. Start the Active Directory Users and Computers snap-in.
2. Expand the server, and then right-click Users.
3. Click New, and then click Contact.
4. Type a name.
5. Click Modify, click SMTP, and then click OK to create the custom SMTP mail address.
6. Type the SMTP e-mail address, click OK, click Next, and then click Finish.

How to mail-enable a contact

1. Start the Active Directory Users and Computers snap-in.
2. Right-click the contact, and then click Exchange Tasks.
3. Click Next, click to select Establish e-mail addresses, and then click Next.
4. If the contact does not have an alias, enter an alias for the contact.
5. Click the appropriate e-mail address type, and then type the e-mail address.Note Click the Advanced tab to configure the Message Format setting.
6. Click OK, click Next, and then click Finish.

How to configure mail forwarding

Note The forwarding address can be any mail-enabled object. Examples of mail-enabled objects include distribution groups, security groups, public folders, and other related items.

1. Start the Active Directory Users and Computers snap-in.
2. Right-click the mail-enabled user, and then click Properties.
3. Click the Exchange General tab.
4. Click Delivery Options.
5. In the Forwarding Address section, click Forward to, and then click Modify.
6. Click the mail-enabled user or the mail-enabled contact. Then, click OK.Note If you want e-mail to be delivered to the original mailbox as well as the forwarding address, select the Deliver messages to both forwarding address and mailbox check box.
7. To close Delivery Options and to close Properties, click OK two times.

Schedule Windows server to reboot or shutdown automatically

Dec 22nd

Posted by Wahid in Servers

No comments

Sometime it is necessary to reboot (or shutdown) windows server. Under UNIX or Linux you can use reboot / hal t/shutdown command via cron jobs or at command. But, when it comes to Windows server there is no built in command exist. Only Windows 2000 Resource Kit offers shutdown command line utility.

However, sysinternals has nifty utility called PsShutdown. It is a command-line utility similar to the shutdown utility from the Windows 2000 Resource Kit, but with the ability to do much more. In addition to supporting the same options for shutting down or rebooting the local or a remote computer, PsShutdown can logoff the console user or lock the console (locking requires Windows 2000 or higher). PsShutdown requires no manual installation of client software.

How do I schedule Windows Server Reboot / Shutdown?

You can download PsShutdown from sysinternals web site.

Store file on Windows server in folder. I use folder called C:\admutils. Next open windows command prompt (Start > Run > cmd) and use windows at command to schedule reboot:
c:> at 2:00am c:\admutils\psshutdown.exe -r -f -c -t 10
Above command will reboot system at 2am. If you want to shutdown system:
c:> at 1:00am c:\admutils\psshutdown.exe -s -f -c -t 10
Where,

  • -s: Shutdown windows server
  • -r: Reboot windows server
  • -f: Forces all running application to exit
  • -c: Allow the shutdown to by cancel by user
  • -t: Specifies the countdown in seconds until the shutdown

 

I dont think there is a solution to reboot through AD…but here is a good way to do it….

If you are doing it during work hours use the shutdown.exe command that is free from Microsoft…simply enter…

shutdown.exe \\PCNAME /R /T:10 “Message” /C

/R – Reboots the machine
/T:10 – give it 10 seconds for anyone to save work if they need to (Can be whatever time)
“Message” – a message to any users on the PC at the time. (Eg you have 30 seconds)
/C – Causes all porgrams open to close down

You can create a scheduled task to do this out of hours by putting this (shutdown.exe \\PCNAME /R /T:10 “Message” /C) in the Run part of the scheduled task

To do this to lots of PC’s at the same time do a simple command script….

Put the shutdown.exe file on the c: drive
Create PClist.txt file on the C: Drive

Create a txt file and rename the .txt part at the end of the file .cmd

right click and select edit and type in there….
—————————————————-

@Echo Off

SET PCNAMES=”C:PCList.txt”

FOR /F %%a IN (%PCNAMES%) DO CaLL :DODEL %%a

GOTO :EOF

:DODEL
SET BRSVR=%1
ECHO %BRSVR%

C:\shutdown.exe  \\%PCNAMES% /R /T:10 “Message” /C

—————————————————

In the PCList put in the names of the PC’s for example….

Server01
PC01
Laptop01

Then click the cmd script and this will apply this to all the pc’s and restart each of them

« Older Entries

  • EgateBD Tweets

    Follow me on Twitter!

  • Geek Tweets

    Follow me on Twitter!