Secure non-Microsoft applications by publishing 3rd-party updates to WSUS

This article is really good. It is a must for enterprises that use standard users and have these 3rd-party apps (Adobe, Java, etc.). We’ve also suppressed the notifications at most clients using custom ADMX.

Secure non-Microsoft applications by publishing 3rd-party updates to WSUS


Managing Exchange Full Access–Who can see who’s mail?

This is a good snippet that can be run from the Exchange Management Shell (PowerShell) prompt:


Get-Mailbox | Get-MailboxPermission | Where-Object { ($_.AccessRights -eq "FullAccess") -and ($_.IsInherited -eq $false) -and -not ($_.User -like "*nt authority\self*") } | Select Identity, User | Export-CSV c:\fullperm.csv

This returns a CSV with the first column showing the Active Directory path for the “Identity” that is giving full access. The second column shows the domain\<username> of the “User” that has the access to the “Identity” mailbox.

Auto Archive not working in Outlook 2007 due to modified date change.

This past summer we (for one of our clients) migrated email to a cloud email service instead of continuing to manage an on site exchange environment. The email is still Exchange but hosted “in the cloud.” This makes a lot of sense for smaller environments.

The customer would now like to auto archive emails both sent and received that are older than 1 year. Again this makes a lot of sense as these messages don’t want to be deleted but are not used with any frequency. We setup the archive.pst file to live on a mapped drive (G:\) so that they would be backed up during server backups.

When the auto-archive ran for each of the users only the folder structure and no messages were found in the Archive Personal Folder.

If you didn’t know Auto-Archive queries that Modified Date and not the Received/Sent Date field. All of the modified dates were 08/11/2010, the day migrated to the cloud exchange, and well less than the desired 12 months.

There is a workaround involving advanced searches and moving them to an archive PST and then permanently deleted the message on the exchange side.  In this specific case the customer chose to wait until 08/11/2011 when the archive will really get going.

Postini Spam filter by Google. Great tool that keeps the spam outside of your network. But…

The #1 benefit to having Postini in your environment over something like Barracuda is that the spam never even touches your network. You won’t see your bandwidth affected by a single  customer click that unleashes it’s wrath on you. Instead let Google Postini shield you…

Onto the But…

The maximum number of characters for each approved/blocked list in the Administration Console is 4000. If each address or domain is 30 to 40 characters, each sender list can include approximately 100 to 130 addresses and domains.
The maximum number of characters for all lists for each user in the Message Center is 1000.
For each address, add an additional 2 characters to get an accurate count.
If you run out of space and attempt to add another address, you receive an error similar to this:
List length limit (4000) exceeded
To free up more space, delete addresses that are no longer used.
You may consider adding an address from user’s list to the appropriate organization-level list to improve filtering for all users, while freeing up space for that particular user.

This is a limitation in the Postini database, not disk space. There are no plans to increase this limitation.

Setting the Server Edition in Windows Server 2008 R2 – Upgrading without media – TechNet Blogs

Upgrading Windows Server 2008 R2 without media – TechNet Blogs

Pay special attention as MAK keys span editions and result in a 1605 Error Code.

Instead of using the a MAK key use the generic KMS client key for Windows 2008 R2 Enterprise it is  489J6-VHDMP-X63PK-3K798-CPX3Y. This will not activate but later you can apply the proper key by Changing product key from Control Panel\System and Security\System or Right-Click of Computer –> Properties.

How to refresh the Group Policy Settings on remote computers

I’ve been asked this question so many times that I can’t even count them. GPOs are powerful admins want them to work NOW!

How to refresh the Group Policy Settings on remote computers

Profile and Folder Redirection In Windows Server 2003


Profile and Folder Redirection In Windows Server 2003

Support guidelines for migrating roaming user profiles data to Windows Vista or to Windows Server 2008


Support guidelines for migrating roaming user profiles data to Windows Vista or to Windows Server 2008