Pages

Friday, December 14, 2012

Kaspersky Administration Kit "MMC cannot open the file C:\Program Files\Kaspersky\..."

When I try to launch the Kaspersky Administration Kit interface, I get an error message starting that:

MMC cannot open the file C:\Program Files\Kaspersky Lab\Kaspersky Administration Kit\CS Admin kit.msc

This may be because the file does not exist, is not an MMC console, or was created by a later version of MMC. This may also be because you do not have sufficient access rights to the file".

Solution:
  • Locate the file "CS Admin Kit", and Delete it.
"CS Admin Kit" is located in:

 For Windows XP open: C:\Documents and Settings\AdminUser\Application Data\Microsoft\MMC\CS Admin Kit.

For Windows 7 and Server 2008 open: C:\Users\AdminUser\Application Data\Microsoft\MMC\Cs Admin Kit.

Note: Remplace the "AdminUser" with the user name you are using.

Now you are ready to open Kaspersky Administration Kit; enjoy it :)

Wednesday, December 5, 2012

Full Mailbox Access Permission Exchange Server 2010


When an Assistant Administrator or Department Supervisor need full access to a mailbox other than  their own for X reasons. You can do this quickly and easy using the Exchange Management Shell.

In the scripts below you can see the permissions assigned to different users in your organization and how you can assign a user Full Mailbox Access. Only remember to replace the blue text with the appropriate information of your organization.

To start, going to open the Exchange Management Shell
  1. Click Start < All programs < Microsoft Exchange Server 2010.
  2. Right click on "Exchange Management Shell", then click on "Run as administrator
  • To view permission on a Mailbox use the below command:
Get-MailboxPermission "User Name"

  • To assign Full Mailbox Access permission from one "User Mailbox" to another "User Mailbox" use the below command:
Add-MailboxPermission "User Name" -AccessRights FullAccess -user "Another User Name"

  • To assign Full Mailbox Access permission to grant a specific user full access to everybody on a specific Exchange Server use the below command:
Get-Mailbox -Server "Server Name" -ResultSize unlimited | Add-MailboxPermission -User "User Name" -AccessRight FullAccess -Inheritancetype all

  • To remove Full Mailbox Access permission on a specific Exchange Server use the below command:
Get-Mailbox -Server "Server Name" -ResultSize unlimited | Remove-MailboxPermission -User "User Name" -AccessRight FullAccess -Inheritancetype all

Congratulation!!! Now you know how you can assign Full Mailbox Access quickly in Exchange Server 2010. :)

Tuesday, December 4, 2012

Delete Emails in Specific Mailbox or in Multiple Mailboxes from Exchange Server 2010



In order to find and delete a certain email from one mailbox or from multiple mailboxes you can perform the following steps
  • Click Start < All Programs < Microsoft Exchange Server 2010.
  • Right click on "Exchange Management Console", then click on "Run as administrator".
Now you opened Microsoft Exchange Management Console as administrator.  Type the command below and change blue text according to appropiate.

*   If you need remove a specific message from a mailbox: 

Search-Mailbox -Identity "User Name" -SearchQuery subject:"Email Subject" -DeleteContent
 
*   If you need remove a specific message from all mailboxes:
 

Get-Mailbox –Server “servername” –ResultSize unlimited | Search-Mailbox -SearchQuery subject:"Email Subject" –DeleteContent

  
If you receive the error “Search-Mailbox” Is Not Recognized as the Name of a cmdlet..., don't worry!!! This error will be generated if the snap-in has not been registered, for fix this error type the next command.
 
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
 
Now you can trying again. :)
 



Friday, November 23, 2012

Migrating from Exchange Server 2003 to Exchange Server 2010

Microsoft Exchange Server is the backbone of messaging service in most of the organizations and works in synchronization with the Active Directory. We will make the necessary steps for a successful migration from Exchange Server 2003 to Exchange Server 2010.

I assume you know the hardware requirements for the installation and operation of Exchange Server 2010.
 
Lets get started!
 
1. Exchange Server 2003 requirements 

Domain Functional Level should be at least 2003 Native 
  • Click Start < Administrative tools < Active Directory Users and Computers. 
  • Right click on Organization Name e.g "xxxxxxxx.com".
  • Click "Raise Domain Funtional Level...".
  • In "Raise Domain Funtional Level" window, choose Windows Server 2003 and click on Raise button. 
  • Then you see a caution window ** This cannot be reversed at any point of time, click OK
At this point you Raised your Domain Functional Level to Windows Server 2003 Native.
Raise Forest Functional Level  
  • Click Start < Administrative tools < Active Directory Domains and Trust
  • Right click on Active Directory Domains and Trust,  click on "Rise Forest Functional Level...". 
  • In "Raise Forest Functional Level" window, choose Windows Server 2003 and click on Raise button. 
At this point you Raise your Forest Functional Level.
Change Exchange Server 2003  to Native mode 
  • Click Start < All Programs < Microsoft Exchange Server < Exchange System Manager.
  • In "Exchange System Manager window", right click on "First Organization (Exchange) and click on Properties.
  • In "First Organization Properties" window, in Operation mode you see "Mixed Mode ......" click on Change Mode button, and choose Native Mode.
  • You see a "Exchange System Manager" caution window, then click Yes.
Your Exchange is now in Native Mode. 

2. Exchange Server 2010 prerequisites installation


    * At  this point you should already have installed Windows Server 2008 R2 SP1  

    Download and Install “Microsoft Filter Pack” (64bit Version)
    Install Exchange Server 2010 Prerequisites on Windows Server 2010 R2
    * After the Server restart:
  • Insert the installation Exchange Server 2010 DVD in the DVD drive.
  • Copy the Script below.
  • Open Notepad and paste it.
  • Save it in C:/ExchangePreparation.bat
  • Right click in the "ExchangePreparation.bat" file, and Run as administrator
    * In this case the DVD-Drive letter is E: \, you must check the letter corresponding to your DVD-Drive and make the change in the line 7 on the script.
 


     * After running the above script and successfully complete all commands can proceed to install Exchange Server 2010.


3. Install Exchange Server 2010


     For install Exchange 2010 run the follow script:
  • Copy the Script below.
  • Open Notepad and paste it.
  • Save it in C:/ExchangeInstallation.bat
  • Right click in the "ExchangeInstallation.bat" file, and Run as administrator
     * In this case the DVD-Drive letter is E: \, you must check the letter corresponding to your DVD-Drive and make the change in the line 7 on the script.




     When Microsoft Exchange Server 2010 window installation appears. Click on "Step 4: Install Microsoft Exchange", and follows the next steps

  • In the "Exchange Server 2010 Setup" page, click to choose "Typical Exchange Server Installation" and Give a check mark for "Automatically install Windows Server roles and features required for Exchange".
  • In the "Configure Client Access server external domain" page, click to check "The Client Access server role will be internet-facing" and give the external domain name.
  • In the "Mail Flow Settings" page, you will get this option to configure mail flow between these Servers, If Exchange 2003 Exists in your Environment.
  • In the "Readiness Checks" page, setup will verify the prerequisites for selected components and if they have completed successfully. Click Install.
  • In the "Completion" page you can see the progress of the installation, once all are completed, click Finish.
  • In the initial setup pop-up screen, after you click Close, you will be prompted to install latest critical updates for Exchange Server before exiting. Click Yes.
  • Now Reboot your Server.

 4. Exchange Server 2010 Setup


    Send Connector in Exchange 2010

  • Click Start < All Programs < Microsoft Exchange Server 2010 < Exchange Management Console.
  • Click to expand Microsoft Exchange On-Premises < Organization Configuration.
  • Click Hub Transport.
  • In the "Hub Transport" panel, click Send Connectors tab.
  • Right click in the result panel, and click "New Send Connector ..."
  • In the "New Send Connector" Introduction window, you can type a friendly name and click Next.
  • In the "New Send Connector" Address space, click on Add ...
  • In "SMTP Address Space" window  leave by default, then click OK.
  • In the "New Send Connector" Network Settings by Default type – Use Domain Name System (DNS); If your using a smart host “Route Mail through the following smart hosts”, and Add the IP and configure your smart host for the same.
  • In the "New Send Connector" Source Server window, Add new Exchange name, and click Next. If you have multiple Exchange 2010 you can configure the source server as per your Requirement.
  • In the "New Send Connector" Completion window click Finish
     Now you are configured Send Connector in Exchange 2010.

     Receive Connector in Exchange 2010

  • Click Start < All Programs < Microsoft Exchange Server 2010 < Exchange Management Console.
  • Click to expand Microsoft Exchange On-Premises < Server Configuration.
  • Click Hub Transport.
  • In the "Hub Transport" panel, click Receive Connectors tab.
  • Right click in the Default Connector , and click to select Properties.
  • In the "Default Connector Properties" window, click Permission Group tab and check Anonymous users permissions group.
  • Click Ok.
    Now your Server will receive mails from Internet (If your Firewall Points to Exchange 2010 Server). 

    Configure Client Access Server Role migrating from Exchange 2003 to Exchange 2010 


  • Click Start < All Programs < Microsoft Exchange Server 2010 < Exchange Management Console.
  • Click to expand Microsoft Exchange On-Premises < Server Configuration.
  • Click Client Access, in the result panel click Outlook Web App tab, then right click on owa (Default Web Site), and select Properties.
  • In the "owa (Default Web site) Properties" window, in General tab you can set Internal URL - e.g "https://server-name.domain.com/owa" and External Url - e.g "https://mail.domain.com/owa"
  • In the "owa (Default Web site) Properties" window, in Authentication tab you need check "Basic Authentication" & "Integrated Windows Authentication".
  • Click Apply, and OK.
* You can configuring Client Access Server Role using Exchange Management Shell.
 

Set-OwaVirtualDirectory -Identity “Exchange-Server-Name\owa (Default Web Site)” -ExternalUrl https://mail.Domain.com/owa -InternalUrl https://Exchange-Server-Name.Domain.com/owa
 
 
Set-OwaVirtualDirectory -Identity “Exchange-Server-Name\owa (Default Web Site-BasicAuthentication:$True -WindowsAuthentication:$True

    Configure Exchange Control Panel

  • Click Start < All Programs < Microsoft Exchange Server 2010 < Exchange Management Console.
  • Click to expand Microsoft Exchange On-Premises < Server Configuration.
  • Click Client Access, in the result panel click Exchange Control Panel tab, then right click on ecp (Default Web Site), and select Properties.
  • In the "ecp (Default Web site) Properties" window, in General tab you can set Internal URL - e.g "https://server-name.domain.com/owa" and External Url - e.g "https://mail.domain.com/owa".
  • In the "ecp (Default Web site) Properties" window, in Authentication tab you need check "Basic Authentication" & "Integrated Windows Authentication".
  • Click Apply, and OK.
 * You can configuring Exchange Control Panel  using Exchange Management Shell.
 

Set-EcpVirtualDirectory -Identity “Exchange-Server-Name\ecp (Default Web Site-BasicAuthentication:$True -WindowsAuthentication:$True

    Configure Microsoft Server ActiveSync

  • Click Start < All Programs < Microsoft Exchange Server 2010 < Exchange Management Console.
  • Click to expand Microsoft Exchange On-Premises < Server Configuration.
  • Click Client Access, in the result panel click Exchange ActiveSync tab, then right click on Microsoft-Server-ActiveSync (Default Web Site), and select Properties.
  • In the "Microsoft-Server-ActiveSync (Default Web Site) Properties" window, in General tab you can set Internal URL - e.g "https://server-name.domain.com/Microsoft-Server-ActiveSync" and External Url - e.g "https://mail.domain.com/Microsoft-Server-ActiveSync". 
  • Click Apply, and OK.
* You can configuring Microsoft Server ActiveSync using Exchange Management Shell.

 
    Set-ActiveSyncVirtualDirectory -Identity “Exchange-Server-Name\Microsoft-Server-ActiveSync (Default Web Site)” -InternalUrl https://Exchange-Server-Name.Domain.com/Microsoft-Server-ActiveSync –ExternalUrl “https://mail.Domain.com/Microsoft-Server-ActiveSync


     Configure Offline Address Book Distribution

  • Click Start < All Programs < Microsoft Exchange Server 2010 < Exchange Management Console.
  • Click to expand Microsoft Exchange On-Premises < Server Configuration.
  • Click Client Access, in the result panel click Offline Address Book Distribution tab, then right click on OAB (Default Web Site), and select Properties.
  • In the "OAB (Default Web Site) Properties" window, in URLs tab you can set Internal URL - e.g "https://server-name.domain.com/OAB" and External Url - e.g "https://mail.domain.com/OAB". 
  • Click Apply, and OK.
* You can configuring OAB using Exchange Management Shell.

 
 Set-OabVirtualDirectory -Identity “Exchange-Server-Name\OAB (Default Web Site)” -PollInterval 480 -InternalUrl http:// Exchange-Server-Name.Domain.com/OAB -ExternalUrl https://mail.Domain.com/OAB


    Configure Outlook Anywhere 

  • Click Start < All Programs < Microsoft Exchange Server 2010 < Exchange Management Console.
  • Click to expand Microsoft Exchange On-Premises < Server Configuration.
  • Click Client Access, in the result panel right click on Server-Name, then click on Enable Outlook Anywhere, and the Enable Outlook Anywhere wizard appears. 
  • In the "Enable Outlook Anywhere wizard"window, type the external host name for Outlook Anywhere users to use when connecting remotely to Exchange e.g "mail.Domain.com", and choose Basic Authentication method. 
  • Click Apply, and OK.
 * You can configuring Outlook Anywhere Exchange Management Shell.

 
 Enable-OutlookAnywhere -Server ‘Exchange-Server-Name′ -ExternalHostname ‘anywhere.Domain.com’ -DefaultAuthenticationMethod ‘Basic’ -SSLOffloading $false 

5. Request a new Certificate from a trusted Certificate Authority in Exchange 2010 

    
    We can use a internal windows Certificate Authority certificate with Exchange 2010 to avoid Certificate Errors.
   
    Now will Learn issuing a Internal Windows CA Certificate, for this to be used externally you need to have a CNAME record in your public DNS
    pointing to your Public IP NAT to your CAS.
       
  • Click Start < All Programs < Microsoft Exchange Server 2010 < Exchange Management Console.
  • Click to expand Microsoft Exchange On-Premises.
  • Click on Server Configuration, in the result panel right click on Server-Name and click to select "New Exchange Certificate...", and the New Exchange Certificate wizard appears.
  •  In "Introduction" windows, type a friendly name for the new certificate e.g Exchange2010Certs, and click Next.
  • In "Domain Scope" window, Wild Card is used if you are going to manage more URL e.g *.Domain.com, if not leave it by default, and click Next
  • In "Exchange Configuration" window, click to assign the required services:
          * Click to expand "Client Access server (Outlook Web App)", then click to choose "Outlook Web App is on the intranet" and "Outlook Web
             App is on the Internet"
          * Click to expand "Client Access server (Exchnage ActiveSync)", then click to choose "Exchange Active Sync is Enable"
          * Click to expand "Client Access server (Web Services, Outlook Anywhere, and Autodiscover)", then click to choose "Exchange Web
             Services is enable" and "Outlook Anywhere is enable"
          * Click to expand "Legacy Exchange Server", then click to choose "Use legacy domain"
  • Click Next.
  • In "Cetificate Domains" window you will see the collection for URL's. click Next.
  • In "Organization and Location" window fill out the form, and click Next.
  • In "Completion" window click Finish.
    You request a file name: Exchange2010Certs. Right click in it and open with Notepad.  

    Now we need install Active Directory Certificate Services.

  • Click Start < Server Manager.
  • In new window click Continue.
  • In "Server Manager" window click on Roles.
  • In "Roles" panel click Add Roles, click Next, and click to choose "Active Directory Certificate Services".
  • In "Select Role Services" window click to choose "Certification Authority" and "Certification Authority Web Enrollment", then click Next.
  • In "Specify Setup Type" window choose "Enterprise", and click Next.
  • In "Specify CA Type" window choose "Root CA", and click Next.
  • In "Set Up and Private Key" window choose "Create a new private key", and click Next.
  • In "Configure Cryptography for CA" window leave it by default with 2048 key Character length, and click Next.
  • In "Configure CA Name" window leave it by default, and click Next.
  • In "Set Validity Period" window leave it by default, and click Next.
  • Finally you see "Instalation Result" window then click Close.
    Next;
  • Click Start < Administrative Tools < Internet Information Services (IIS) manager.
  • In the left panel click to expand Server-Name < Sites < Default Web Site.
  • Click on "CertSrv", in the Action panel click on Browse *:443 (https).
  • When Internet Explorer window open, click on "Continue to this website (not recomended)".
  • In "Welcome" page, click on "Request a certificate".
  • In "Request a Certificate" page, click on "advanced certificate request".
  • In "Advance Certificate Request" page, click on "Submit a certificate request by using a base-64-encode......"
  • In "Submit a Certificate Request or Renewal Request" page, in "Saved Request" paste content of file "Exchange2010Certs" that you create above; in "Certificate template" choose "Web Server", then click Submit.
  • In "Certificate Issued" page, click to select "Base 64 encoded" and click in "Download certificate".
  • Click on Save.
    Next;
  • Click Start < Exchange Management Console.
  • Click to expand Microsoft exchange On-Premises < Server Configuration.
  • In "Server Configuration" panel, right click on "Exchange2010Certs" and click to select "Complete Pending request".
  • In "Complete Pending Request" window, click to browse the new created certificate above then click Complete.
  • In "Server Configuration" panel, right click on "Exchange2010Certs" and click to select "Assign Services to Certificate...".
  • In "Select Servers" window, leave by default and click Next.
  • In "Select Services" window, click to select IMAP, POP, SMTP, and IIS then click Next.
  • In "Assign Services" window, click on Assign.
    At this moment the Server Part is ready.
 
    Now we going to install the Certificate in the Client End.
 
  •  Double click on Certificate, and click on Install Certificate...
  • In "Welcome to the Certificate Import Wizard" window, click Next.
  • In "Certificate Store" window, click to select "Place all certificates in the following store" then click Browse... select "Personal", click OK, click Next, then click Finish.
  • In "Certificate Store" window, click to select "Place all certificates in the following store" then click Browse... select "Trusted Root Certification Authorities", click OK, click Next, then click Finish.
  • In "Certificate Store" window, click to select "Place all certificates in the following store" then click Browse... select "Intermediate Certification Authorities", click OK, click Next, then click Finish.
    Now you are ready to use a internal windows CA certificate with Exchange 2010.
 

6. Move offline address book from Exchange 2003 to Exchange 2010 


    In the process of migration from Exchange 2003 to Exchange 2010. We going to move the Offline address book.
  • Click Start < Exchange Management Console.
  • Click to expand Microsoft Exchange On-Premises < Organization Configuration.
  • Click on Mailbox, in the Mailbox panel click on "Offline Address Book" tab.
  • Right click on "Default Offline Address...", and click to select Move.
  • In "Move Offline Address Book", choose your Offline Address Book generation Server to your Exchange 2010 Server, then click Move.
  • Right click on "New Default Offline Address...", click to select Properties, and click on Distribution tab.
  • Click to check "Enable Web-based distribution" and "Enable public folder distribution", then click on Add..., and click Apply.
    The Offline address book migration is complete.

7. Move Public Folders from Exchange 2003 to Exchange 2010


    Moving public folders is simple if your mail flow is fine between Exchange 2003 and Exchange 2010.

    For small and medium Public Folder Database we can go ahead and use Scripts. This will add replica of Public Folders from Exchange Server 2003 to
    Exchange Server 2010.
  • Click Start < All Programs < Microsoft Exchange Server 2010 < Exchange Management Shell.
  • Browse your prompt into the Scripts folder and you can run this command

    C:\Program Files\Microsoft\Exchange Server\V14\Scripts>.\AddReplicaToPFRecursive.ps1 -TopPublicFolder “\” -ServerToAdd “Exchange-Name-Server2010″

    Once that completes . Dismount your Public Folder database in your Exchange 2003 and try to access data from your Exchange 2010 Mailbox. This
    verifies the data has been replicated fine.

    Once the replica is added and data has been replicated over to finish of the Public Folder migration we going  to move the replica from Exchange 2003
    to Exchange 2010.
  •  Click Start < All Programs < Microsoft Exchange Server 2010 < Exchange Management Shell.
  • Browse your prompt into the Scripts folder and you can run this command.
    C:\Program Files\Microsoft\Exchange Server\V14\Scripts>.\MoveAllReplicas.ps1 -Server “Exchange-Name-Server2003″ -NewServer “Exchange-Name-Server2010″

    Great, your Public Folder migration is done.

    Now, we  are moving Folder Hierarchies.
  • In Exchange Server 2003, click Start < All Programs < Microsoft Exchange < Exchange Management Console.
  • Click to expand  Administrative Groups, right click on Exchange Administrative Group, click on New, then click Public Folders Container.
  • Click to expand First Administrative Group < Folders, and you can see Public Folders.
  • Click and Drag “Public Folders” from First Administrative Group < Folders  to Exchange administrative Group < Folders container. 
     At this moment your Public Folder Folders are completely migrated.

8. Remove Recipient Update Services


    Now we remove Recipient Update Services using "Adsiedit.msc". In the process of migration to Exchange 2010.
  • Click Start, in "Search programs and files" type "adsiedit.msc".
  • In "ADSI Edit" window, right click on "ADSI Edit" and click "Connet to...".
  • In "Connection Settings" window, click to check "Select a well known Naming Context" and select "Configuration".
  • In "ADS Edit" click to expand Configuration < Services < Microsoft Exchange  < First Organization (Default ORG name) < Address lists Container < Recipient Update Services, right click to remove the Recipient Update Services, the click OK.
    Now we remove Routing Group Connector.
  • Click Start < All Programs < Microsoft Exchange Server 2010 < Exchange Management Shell.
  • Browse your prompt into the Scripts folder and you can run this command.

    C:\Program Files\Microsoft\Exchange Server\V14\Scripts>Get-RoutingGroupConnector | Remove-RoutingGroupConnector

9. Uninstall Exchange 2003

  • Click Start < Control Panel < Add and Remove Programs.
  • Search Microsoft Exchange Server 2003, and click Remove.
    Congratulation!! You do successfully migrated from Exchange Server 2003 to Exchange Server 2010 :)


Wednesday, October 17, 2012

Restrict use of a computer to one domain user only

The "Authenticated Users" group on each computer allow users from trusted domain to be authenticate
and logon to computer.
If you want restrict use of a computer to one domain user only, performs the following steps:

Option 1:  Active Directory Users and Computers

  • Click Start < Administrative Tools < Active Directory Users and Computers.
  • Click to expand Domain Name < Domain Users < Organization Units “Name” < Users.
  • Right click on User, then click to select User Properties.
  • In the User Properties windows, click to select Account tab, then click on Log On To… button.
  • In the Logon Workstation Windows, Click to select “The following computers”, Then type the name of the computer.
  • Click on Add button,  click Ok for close all windows.
Now the restriction is setup.

Option 2: Domain Wide Policy

  • Click Start, in “Search programs and files” type gpmc.msc.
  • In the “Group Policy Management Editor” windows, click to expand:
Computer Configuration < Policies < Windows Settings < Security Settings < Local policies < User Right Assignment
  • In the Policy panel double click in “Deny logon locally” for open the “Deny logon locally window”.
  • In “Deny logon locally window”, click to check “define these policy settings”, and click on Add User or Group… button.
  • In Add User or Group windows type the name or click on browser button.
  • Finally when you add the user or group click ok to finished.
  • After that click Start, right click on command prompt, and click "Run as Adminitrator".
  • In the “Administrator: Command Prompt window” type “Gpupdate /force”, then press Enter key.
Now the restriction is setup.
 
  

Tuesday, August 21, 2012

Audit Logon Times with Windows Server 2003 Group Policy

You can use Windows Group Policy to track employee log in times. Here I will show you how to enable log in auditing using a Windows Domain and Group Policy Objects (GPO).

For this you need follow me in the steps below:

* First: we need create a new Policy and Configure Enable auditing in your Policy.
  1. Click Start > Administrative Tools > Active Directory Users and Computers.
  2. In  "Active Directory Users and Computers" open window, right click on name of you Domain, and click on Properties.
  3. In the new open window, click Group Policy tab, click on Open.. button.
  4. In the "Group Policy Management", click to expand your domain.
  5. Right click in "Group Policy Objects", and click on New.
  6. In "New GPO" open window type the name of the new Policy, and click OK.
  7. Expand "Group Policy Objects", right click on the new created policy, and click to Edit.
  8. Click to expand Computer Configuration > Windows Settings > Security Settings > Local policy.
  9. Click to select Audit Policy.
  10. In the right panel double click on "Audit account logon events".
  11. In the "Audit account logon events" open windows click to check boxes "Success" and "Failure", then click OK.
  12. Now double click on "Audit logon events".
  13. In the "Audit logon events" open windows click to check boxes "Success" and "Failure", then click OK.
  14. Close The Group Policy Object Editor window.
* Audit account logon events: This secutity setting determines whether to audit each instance of a user logging on to or logging off from another computer in wich this computer is used to validate the account.

* Audit logon events: this security setting determines whether to audit each instance of a user logging on to or logging off from a computer.

Now you need will be assigning the policy to an Organizational Unit (OU) containing the computers we wish to have under the policy. For this follow the steps below.
  1.  Click Start > Administrative Tools > Active Directory Users and Computers.
  2. In  "Active Directory Users and Computers" open window, right click on (OU) what do you want to apply the security setting, and click in Properties.
  3. In the new open window, click Group Policy tab, click on Open.. button.
  4. In the "Group Policy Managenet" open window is select the (OU), right click in it and select "Link an Existing GPO...".
  5. Now in "Group Policy objects:" select the new policy created in the first step in this tutorial, and click OK.
  6. Now in "Group policy Management" open window in the right panel we can see the new policy linked in GPO for this Organizational Unit.
* In a few hours  it depend of the size of your network you are ready to see the Audity Log Success in the Log Name: Security at Event Viewer.

Use Nslookup To Test MX Record

The Nslookup is a tool to verify that your MX records are configured correctly by querying an external or Internet DNS server.

For use Nslookup to test MX Records following the steps below:
  1. Click Start, in "Search programs and files..." type <cmd /k nslookup>, and press Enter.
  2. In Command Prompt open window type [server <ip address>], and prees Enter.
  3. Now type <set q= mx>, and press Enter.
  4. Finally type <domain name>, and then press Enter.
* If the MX record for the domain you entered is show, everything is Ok

* If the MX record is no displayed, and you recive a error like this "xxx-xxxxx.domain can't find domain: No response from server. Then DNS is not configured properly.

Friday, August 17, 2012

Using Windows Server 2008 R2 Group Policy to enable Auditing User Accounts

Is very important consider authentication in a Windows Security Audit. Collecting data generated by user activity for analizing the security of information, verifing system integrity, and detecting sings of suspicius behivior are really important for all Network System Administrators today. You can monitor and audit log files using Event Viewer, but before you need activate some rules in the Group Policy. Follow the below step for configure this policy :
  1. Click Start, in the "Search programs and files..." type "gpedit.msc"
  2. In "Local Group Policy Editor" window, locate Computer Configuration.
  3. Click to expand Windows Settings > Security Settings > Advance Audit Policy > Sistem Audit Policies.
  4. Click to select Account Management.
  5. In the right panel, right click in "Audit User Account Management", then click in Properties.
  6. In the "Audit User Account Management Properties" window, click to check "Configure the following audit events", and then click to check "Success" and "Failure" events.
When you configure this Policy and audit event is generate when an attempt to change a user account is made. You can see it in Event Viewer > Security. e.g <A user account is created, changed, deleted, remove, disable, enable, locked out, etc.

Also you can audit evenst generated by user account successful logon attempts, failed logon attemps, and closing of a logon session. For this continue reading below:

Steps 1 to 3 are the same steps described above.

      4.  Click to select "Logon/Logoff".
      5.  In the right panel, right click in "Audit Logoff" policy, then click in Properties.
      6.  In the "Audit User Account Management Properties" window, click to check "Configure  
           the following audit events", and then click to check "Success" and "Failure" events.

Repeat steps 5 and 6 for "Audit Logon" policy.

Now in Event Viewer > Security do you have a report about who is logon and logoff.

Tuesday, August 14, 2012

Extend or Increase "Exchange 2007 or 2010" OWA Automatic Log off time



When you trying log in to OWA you can select "This is a public or share computer" or "This is a private computer" options.
  • Public: is the default option. If you use this option your username will no saved and your session will terminate after 15 minutes.
  • Private: is intended for private computers. If you use this option your username to be remember automatically, however you need to retype your password each time, and your session will terminate after 8 hours.
For you modify  this values you need create one or both of above key. For this task following the below steps:
  1. Click Start, in "Search programs and files" type "regedit" to open the Registry Editor.
  2. Locate the following registry subkey: HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/MSExchange OWA.
  3. In the right panel, right click New and select DWORD value if your system is 32 bit or select QWORD value if your system is 64 bit.
  4. Rename "New Value #1" for PublicTimeout.
  5. Right click in PublicTimeout REG-DWORD created and select Modify...
  6. In the Value data type 30, and in Base panel click to select Decimal.
  7. Click Ok.
* For create PrivateTimeout key follows the same steps used above. After That close the  Registry Editor.

Finally restart IIS Admin Service to take effect the change. Now OWA Timeout in Exchange is restricted and working

Monday, August 13, 2012

Event Id: 8193 Vss Error in Windows Server 2008 R2



If you receive an error in your event viewer like this "Error: Vss, Event Id: 8193" all do you have to do is follow the steps below describe.

  1. Click Start.
  2. In Run type "dcomcnfg.exe".
  3. When the Component Services window is open. Click to expand Component Services > Computers > My Computer.
  4. Right click in my Computer, and click in Properties.
  5. In the new window click COM Security tab.
  6. Under Access Permission, click Edit Default.
  7. From the Access Permissions window,  click Add button, then add "NETWORK SERVICE" with a Local Access allowed.
  8. Click Ok button to close all opened  windows.

Now you can restart the Server or waiting for the changes to take effect.

Your Mailbox has been temporary move on Microsoft Exchange Server


If you're trying to open Microsoft Outlook, and It  show you an error message like this "Your Mailbox has been temporary move on Microsoft Exchange Server". Do not worry, follow the instructions belove and you'll be working with the outlook very soon.

  1. Close all Outlook application.
  2. Click Start > Control Panel > Mail (32 bit) or (64 bit).
  3. In Mail Setup-outlook window, click Show Profiles.
  4. In Mail window select the followings profile, click in the Remove Button, and then click Yes.
  5. On  Mail window,  in the bottom click to select "Always use this profile", then click OK button.
  6. In Mail Setup-outlook window, click E-mail Accounts button.
  7. Click E-mail tab and select the E-mail Account in the middle panel, then click in Change.
  8. In Microsoft Exchange Server type the correct Exchange IP address, click to check "Used Cache Exchange Mode", type the User Name, and click  in Check Name button. 
  9. After it finished click Next button, click Ok in the next windows, and finally click Finish button.
Now you can open Microsoft Outlook and working in it.

Monday, August 6, 2012

Remove schedule backup create by Windows Server Backup

Sometimes we need to removeconfigured backup in Windows Server Backup. We can not accomplish this task through the Windows Server Backup interface. But is very simple if you use from Windows Power Shell wbadmin command.
  1. Click Start.
  2. In Search program and files, type PowerShell.
  3. Right click in Windows Power Shell, and click Run as administrator.
  4. In the Windows Power Shell  type "wbadmin disable backup", then press Enter.
  5. Type "Y" to select yes, and press Enter.
If you goin to Windows Server Backup, you will see that you do not have any backup schedule.

Remove messages created by Windows Server Backup

If you use Windows Server Backup and you want  delete all messages that have been created in the Windows Server Backup interface. So, you need to Following this guide.
  1. Click Start.
  2. In Search programs and files type "eventvwr", and then click Enter.
  3. Click to expand Application and Services Logs > Microsoft > Windows > Backup.
  4. Click to select Operational file.
  5. In the middle panel, click to select the event do you want delete.
  6. In the right panel, click Clear Log...
  7. In the pop up windows, click Clear.
  8. Close Event Viewer windows and restart Windows Server Backup.
Now you are ready to begin configuring new backups.

Tuesday, July 31, 2012

Microsoft Outlook Hyperlinks Fail to Open

When you try to open a link from Microsoft Outlook and it fails is very uncomfortable. Here I bring the recipe for what to do to make this feacture working again in Microsoft Outlook.

* The first thing to do is reset the default browser:
  1. Open Internet Explorer.
  2. Click Tools > Internet Options > Programs tab.
  3. Click Make default button.
  4. Click OK.
* At this time we need register some Windows DLL files. For this following the below instructions:
  1. Copy the script below, open the Notepad and paste the script in it.
  2. Save this in any location, with any name e.g C:/DLLinstall.bat.
  3. Go to the location of .bat file in my case C:/DLLinstall.batright click in it, and Run as administrator.
  4. After finished. Click OK in any DLL installation confirmation. 
* If we don't have any error in the DLL installed, we can continue.


* Now,  we need reset the (NONE) URL file Types. For this following the below steps:
  1. Click Star > My Computer > Tools menus > Folder options > File Types tab.
  2. Scroll down until (NONE) URL:HyperText Transfer Protocol. Click to select.
  3. Click on Advanced button.
  4. Click to select open item.
  5. Click Edit > Browser button.
  6. Go to C:\Program Files\Internet Explorer\iexplorer.exe. Click OK.
  7. Add %1 to the end of the file name e.g. C\Program Files\Internet Explorer\iexplorer.exe %1.
  8. Click OK > Close.
* We need repeat the above process for (NONE) URL:HyperText Transfer Protocol with Privacy.

Finally you are ready to Test a hyperlink in Microsoft Outlook. 

Friday, July 27, 2012

Make Bootable USB in Windows 7

Having a bootable USB is very essential. Using bootable USB to install a Windows Operating System makes the installation faster and you have a copy more secure and reliable.
Here I'll show  how you make a bootable usb through a bat file.

  • Copy the Script below.
  • Open Notepad and paste it.
  • Save this in any location, with any name  e.g C:/Bootable USB.bat.

* In the sentence of Robocopy must change [d: \] with the letter that has your CD-DVD drive, and [H: \ \] with the letter you have your USB drive.

Now we are starting to create the bootable USB.

* Go to the location of .bat file in my case C:/Bootable USB.bat, right click in it, and Run as administrator.
* When cmd windows is open. Type 1, and then press Enter key.
* A new cmd windows is open. In the new cmd window performs the following instructions:
  1. Type LIST DISK, and press Enter.
  2. Type SELECT DISK 1 "Remplace DISK 1 with your USB Disk number", then press Enter.
  3. Type CLEAN, and press Enter.
  4. Type CREATE PARTITION PRIMARY, and press Enter.
  5. Type SELECT PARTITION 1, and press Enter.
  6. Type ACTIVE, and press Enter.
  7. Type FORMAT FS=NTFS, then press Enter. After to finish formatting the USB drive.
  8. Type ASSIGN, then press Enter key.
  9. Type EXIT, and press Enter key.
* Now go to the cmd window that is open, Type 2, and then press Enter key.
* A new cmd windows is open. In the new cmd window performs the following instructions:
  1. Type BOOTSECT.EXE /NT60 H:,  "Remplace H: for your USB drive letter". After Bootcode was successfully update.
  2. Type EXIT.
* Now go to the cmd window that is open, Type 3, and then press Enter key.
A new cmd windows is open, and automatically start copying the files from the CD-DVD drive to the USB drive. This process take a few minutes, please be patient.
* When this process finished, go to the cmd window that is open, Type 4, and then press Enter to close the script.

Now you have a bootable USB  for install Windows Operating System.