Posts

Exchange- Web Access, and blocking your attachements

/0 Comments/in /by

If you use Exchange Server 2003, you can block attachements for the Web Access. Attachments extensions can be configured through the registry on your Exchange Server. OWA is originally installed with the default set of extensions, shown below.
Level 1: attachments with file extensions prohibited from being accessed by OWA:
Location: HKLM\System\CurrentControlSet\Services\MSExchangeWeb\OWA
Value: Level1FileTypes
Type: REG_SZ
Value Data: ade, adp, app, asx, bas, bat, chm, cmd, com, cpl, crt, csh, exe, fxp, hlp, hta, inf, ins, isp, js, jse, ksh, lnk, mda, mdb, mde, mdt, mdw, mdz, msc, msi, msp, mst, ops, pcd, pif, prf, prg, reg, scf, scr, sct, shb, shs, url, vb, vbe, vbs, wsc, wsf, wsh
Level 2: attachments with extensions accessed only if saved to the client’s file system first:
Location: HKLM\System\CurrentControlSet\Services\MSExchangeWeb\OWA
Value: Level2FileTypes
Type: REG_SZ
Value Data: ade, adp, asx, bas, bat, chm, cmd, com, cpl, crt, exe, hlp, hta, htm, html, htc, inf, ins, isp, js, jse, lnk, mda, mdb, mde, mdz, mht, mhtml, msc, msi, msp, mst, pcd, pif, prf, reg, scf, scr, sct, shb, shs, shtm, shtml, stm, url, vb, vbe, vbs, wsc, wsf, wsh, xml, dir, dcr, plg, spl, swf
If you’re interested in more Exchange management solutions, we can help. The Active Directory Manager provids an easy to use interface and customizable, comprehensive Exchange reports.

Retrieving object details from Active Directory

/0 Comments/in /by

Obtaining any type of info from your Directory Services requires scripting, if you’re using the native tools. There’s an easier and faster way- you can use third party Active Directory solutions like the Active Directory Manager, or Active Directory Reporter.
So let’s compare the two approaches; let’s try to get something simple… say “User” details:
1- Scripting. Ok, we’re not big fans of scripting around here. Still, let’s follow this through, painful as it is:
public void GetUserDetails()
{
try
{
drpUsersList.Items.Clear();
ListItem li =new ListItem(“– Users List –“,””);
drpUsersList.Items.Add(li);
string _path =”LDAP://Your Domain Name”;
_filterAttribute =txtSearchEmployee.Text;
DirectorySearcher dSearch = new DirectorySearcher(_path);
dSearch.Filter = “(&(objectClass=user)(givenName=” + _filterAttribute + “*))”;
foreach(SearchResult sResultSet in dSearch.FindAll())
{
LoginName=GetProperty(sResultSet,”cn”); // Login Name
FirstName=GetProperty(sResultSet,”givenName”); // First Name
MiddleInitials=GetProperty(sResultSet,”initials”);// Middle Name
LastName=GetProperty(sResultSet,”sn”); // Last Name
Company=GetProperty(sResultSet,”company”); // Company
State=GetProperty(sResultSet,”st”); //State
City=GetProperty(sResultSet,”l”); //City
Country=GetProperty(sResultSet,”co”); //Country
Postalcode=GetProperty(sResultSet,”postalCode”); //Postalcode
TelephoneNumber=GetProperty(sResultSet,”telephoneNumber”);
Email=GetProperty(sResultSet,”mail”); //Email
uniqueName = GetProperty(sResultSet,”mailnickname”);
ListItem newitem = new ListItem(uniqueName,uniqueName);
drpUsersList.Items.Add(newitem);
}
}
catch(Exception ex)
{
Response.Write(ex.Message.ToString());
}
}
public static string GetProperty(SearchResult searchResult, string PropertyName)
{
if(searchResult.Properties.Contains(PropertyName))
{
return searchResult.Properties[PropertyName][0].ToString() ;
}
else
{
return string.Empty;
}
}
2- Active Directory Manager/Active Directory Reporter. First off- NO SCRIPTING. Once you log in through the web interface (that’s your bowser), it’s pretty easy to obtain any details about User objects. It’s a 3 step process taking virtually seconds- click on the “Reports Tab/User reports”, click “General Reports” and “All Users”. In the next screen, search for the user you’re looking for, and the Active Directory Manger will display all the User details.
The script in the first example is quite simple. By all accounts, if you want to do anything more involved in AD the script is only going to get more complicated. And we all know the longer the script is, the more chances you have of something going wrong.
In today’s world, you have to simplify your IT– why add more complexity to your environment?

Group Policy best practice analyzer tool

/0 Comments/in /by

This tool has been available for about 1 year or so. Many people are aware of it, but we talk to many other IT folks that either chose to ignore it or are simply unaware of it.
According to Microsoft- You can use the Microsoft Group Policy Diagnostic Best Practice Analyzer (GPDBPA) tool to collect data about an environment’s Group Policy configuration. For example, you can use this tool to analyze a Group Policy configuration for the following purposes:
• To search for common configuration errors
• To discover and to diagnose problems
• To collect data for archiving
The account that you use to run the tool must have the appropriate permissions to access both the Active Directory database on an environment’s domain controllers and the SYSVOL file structure that is maintained on those domain controllers. Additionally, the account must have local Administrator permissions on the Group Policy client.
There are two additional prerequisites for using the GPDBPA tool:
• The Microsoft .NET Framework version 1.1 or a later version must be installed on the computer on which the GPDBPA tool is installed.
• The Windows Management Instrumentation (WMI) service must be running on the environment’s domain controllers.
Our Active Directory Manager has a robust built-in Group Policy management module. Contact us for more info about this or any of our other solutions.

Quick note about Group Policies – Server 2003 vs. Server 2008

/0 Comments/in /by

A major issue in Server 2003 implementations of Group Policies is the huge amount of space they take up. For each Policy, there’s a corresponding .ADM file. The .ADM file supports only the English language, and it’s also 3.5MB in size. Not much right? When you consider that for each policy you have, there’s a new .ADM file and another 3.5MB, you can see how this can get out of control. For example, let’s say you have 200 policies– that’s 700MB of extra data that you have to back up. Even if you only have 100 policies, that’s still 350MB.
Server 2008 offers a new way of dealing with this issue. In Server 2008 you can use ADMX files, which are based on XML- more lightweight by comparison. With the new ADML files, you now also have multiple language support.
The Active Directory solutions we provide will help with your Group Policies management. Contact us for more information.

Failed to access IIS metabase

/0 Comments/in /by

When setting up the Active Directory Manager, some people may encounter issues related to the IIS setup.
The possible cause: When you install IIS AFTER .NET 2.0 framework, the rights of the ASPNET user had not been set correctly.
Suggested resolution: Repair (Uninstall if repair does not work for you) .NET Framework 2.0
You can run the following from the command line to reset the IIS registry settings for aspnet user. In most cases, framework directory for .Net Framework 2.0 resides under C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727


Microsoft KB Resources
Contact us for more Active Directory help.