Recover an Exchange 2010 SP1 Server

Posted on December 29, 2010 by Ward

Recover a Lost Exchange Server

1. Install the proper operating system and name the new server with the same name as the lost server. Recovery won’t succeed if the server on which recovery is being performed doesn’t have the same name as the lost server.

2. Join the server to the same domain as the lost server.

3. Install the following 2008 R2 HotFixes

The following hotfixes are required for the Client Access server for Windows Server 2008 R2:

Install the update described in Knowledge Base article 979099, An update is available to remove the application manifest expiry feature from AD RMS clients. Without this update, the AD RMS features may stop working.
Install the hotfix described in Knowledge Base article 982867, WCF services that are hosted by computers together with a NLB fail in .NET Framework 3.5 SP1. For more information, see these MSDN Code Gallery pages:
- For additional background information, see KB982867 – WCF: Enable WebHeader settings on the RST/SCT.
- For the available downloads, see KB982867 – WCF: Enable WebHeader settings on the RST/SCT.
Install the update described in Knowledge Base article 979744, A .NET Framework 2.0-based Multi-AppDomain application stops responding when you run the application.
Install the update described in Knowledge Base article 983440, An ASP.NET 2.0 hotfix rollup package is available for Windows 7 and for Windows Server 2008 R2. For more information, see these MSDN Code Gallery pages:
- For additional background information, see KB983440 – Win7 rollup package (PR for QFE 810219).
- For the available downloads, see KB983440 – Win7 rollup package (PR for QFE 810219).
Install the update described in Knowledge Base article 977020, FIX: An application that is based on the Microsoft .NET Framework 2.0 Service Pack 2 and that invokes a Web service call asynchronously throws an exception on a computer that is running Windows 7.

4. Set-Service NetTcpPortSharing -StartupType Automatic

5. RUN –> E:\Setup.com /m:recoverserver /InstallWindowsComponents

Home folders renamed to My Documents

Posted on December 7, 2010 by Ward

When you redirect users home folders to network share the folders are show as My Documents folder.

This is a bug in Windows 7
http://support.microsoft.com/kb/947222

Solution:

Do not grant the Read permission to the administrator for the Desktop.ini files on the server. To do this, follow these steps:

Note If more than one Desktop.ini file exists, follow these steps for all the Desktop.ini files.

Right-click the Desktop.ini file, click Properties, and then click the Security tab.
In the Group or user names pane, click Administrators.
Click to select the Deny check box for the Read permission.
Click OK.

If you have 1000+ home folders this is not great thing to do Sad smile

Richard Willis created a nice powershell script that will do it for you Open-mouthed smile
You need only change the groupName to the group that you will give deny read permissions.
Save the script in de home folder where all the “My Documents” are and run the script.

The Script:
———————————————————————————————————–

$folders = Get-ChildItem | where-object {$_.psiscontainer};
foreach ($folder in $folders)
{
$desktopIni = Get-ChildItem $folder -Filter desktop.ini -Force
if ($desktopIni -ne $null)
{
$Acl = Get-Acl $desktopIni.FullName
$Ar = New-Object system.security.accesscontrol.filesystemaccessrule `
("groupName","Read","Deny")
$Acl.SetAccessRule($Ar)
Set-Acl $desktopIni.FullName $Acl
}
}

———————————————————————————————————-

Exchange 2010 SP1 Prerequisites

Posted on September 2, 2010 by Ward

Some day’s ago Microsoft Releases Exchange 2010 SP1. When you install Exchange 2010 SP1 you need to install some hotfixes. The Exchange Team have made a nice over view witch hotfixes you need for the OS.

Hotfix	Download	Windows Server 2008	Windows Server 2008 R2	Windows 7 & Windows Vista
979744 A .NET Framework 2.0-based Multi-AppDomain application stops responding when you run the application	MSDN or Microsoft Connect	Windows6.0-KB979744-x64.msu (CBS: Vista/Win2K8)	Windows6.1-KB979744-x64.msu (CBS: Win7/Win2K8 R2)	N. A.
983440 An ASP.NET 2.0 hotfix rollup package is available for Windows 7 and for Windows Server 2008 R2	Request from CSS	Yes	Yes	N.A.
977624 AD RMS clients do not authenticate federated identity providers in Windows Server 2008 or in Windows Vista. Without this update, Active Directory Rights Management Services (AD RMS) features may stop working	Request from CSS using the “View and request hotfix downloads” link in the KBA \| US-English	Select the download for Windows Vista for the x64 platform.	N.A.	N.A.
979917 Two issues occur when you deploy an ASP.NET 2.0-based application on a server that is running IIS 7.0 or IIS 7.5 in Integrated mode	Request from CSS using the Hotfix Request Web Submission Form or by phone (no charge)	Yes	N. A.	N. A.
973136, FIX: ArgumentNullException exception error message when a .NET Framework 2.0 SP2-based application tries to process a response with zero-length content to an asynchronous ASP.NET Web service request: “Value cannot be null”.	Microsoft Connect	Windows6.0-KB973136-x64.msu	N.A.	N. A.
977592 RPC over HTTP clients cannot connect to the Windows Server 2008 RPC over HTTP servers that have RPC load balancing enabled.	Request from CSS	Select the download for Windows Vista (x64)	N.A.	N. A.
979099 An update is available to remove the application manifest expiry feature from AD RMS clients.	Download Center	N. A.	Windows6.1-KB979099-x64.msu	N. A.
982867 WCF services that are hosted by computers together with a NLB fail in .NET Framework 3.5 SP1	MSDN	N. A.	Windows6.1-KB982867-v2-x64.msu (Win7)	X86: Windows6.1-KB982867-v2-x86.msu (Win7) x64: Windows6.1-KB982867-v2-x64.msu (Win7)
977020 FIX: An application that is based on the Microsoft .NET Framework 2.0 Service Pack 2 and that invokes a Web service call asynchronously throws an exception on a computer that is running Windows 7.	Microsoft Connect	N. A.	N. A.	x64: Windows6.1-KB977020-v2-x64.msu X86: Windows6.1-KB977020-v2-x86.msu

Some of the hotfixes would have been rolled up in a Windows update or service pack. Given that the Exchange team released SP1 earlier than what was planned and announced earlier, it did not align with some of the work with the Windows platform. As a result, some hotfixes are available from MSDN/Connect, and some require that you request them online using the links in the corresponding KBs. All these updates may become available on the Download Center, and also through Windows Update.

These hotfixes have been tested extensively as part of Exchange 2010 SP1 deployments within Microsoft and by our TAP customers. They are fully supported by Microsoft.

The TechNet article Exchange 2010 Prerequisites is updated with the hotfixes and install the prerequisites required for your server version (the hotfixes are linked to in the above table).

You can use the Install the Windows Server 2008 SP2 operating system prerequisites on a Windows 2008 R2 server. Only you have to run the following powershell command: Import-Module ServerManager

Installed Exchange 2010 SP1 on a Windows 2008 R2 Server with problems. I feels that the MMC is faster. Tomorrow upgrading a DAG/NLB cluster to Exchange 2010 SP1.

MDT 2010 Multiple Partitions Issues & hidden Bitlocker partition

Posted on August 19, 2010 by Ward

I had a new laptop where I wanted to deploy Windows 7 x64 Enterprise and walked to a bug in MDT 2010. Default config.

I configured 2 partitions to use the whole disk. See screenshot.

When I deploy the task I get the following error

He wants to format partition D. But partition D is not availably.
I ended the task and opened the PE window and started Diskpart and listed the volumes.

The strange thing was that the extended partition has the drive letter S had and it was a raw partition.

After studying ZTIDiskpart.log (X:\MININT\SMSOSD\OSDLOGS\ZTIDiskpart_diskpart.log)

I found out that there was no space left to create a 300mb partition for saving Bitlocker information.

So what did ZTIDiskpart.wsf. ZTIDiskpart.wsf gave the last partition that was created the drive letter S. This is the default letter for the Bitlocker partition. So hey wanted to format the file system with fat32. Because in my case the partition size was 200GB he cannot format the disk.

Solution:

Setting the extended partition to use 95%. Then MDT have enough space to create a 300mb hidden partition for Bitlocker.

How to Install & Configure Immidio Flex Profiles Advanced Edition

Posted on August 5, 2010 by Ward

Install Immidio Flex Profiles Advanced Edition with setup.exe. There is one thing you must no.

The Management console is there in to flavors x86 and x64.

The Immidio Flex Profiles Advanced Edition.msi that you need later works both fine on x86 and x64 machines.

Start Immidio FlexProfile Kit

Best Practice is that the ini are placed on a domain controller because If one domain controller fails you have no problems with your flex profile kit.

Import the ini files that you will find in the package
I have al ready some ini files (Word 2007, Outlook 2007, Excel 2007) that i used with a older version of flex profile kit.

Create on a File Server an application install folder. I named it Immidio Flex profiles
Copy the Immidio Flex Profiles Advanced Edition.msi to that folder and the following script.

flexprofilesinstall.cmd

REM Voor Immidio FlexProfiles.
IF EXIST "C:\Program Files\Immidio\Flex Profiles\flexengine.exe" GOTO END
msiexec.exe /i "\\ward-dc01\install\Immidio Flexprofiles\Immidio Flex Profiles Advanced Edition.msi" /qb! LICENSEFILE="\\ward-dc01\Install\Immidio Flexprofiles\wardvissers.lic" /l* c:\InstallFlex.log

:END

Create A New GPO on the computers where you want to install Immidio Flexprofile kit. I named Install Immidio Flexprofiles. Asssign the flexprofilesinstall.cmd als a startup script. Set the maximum wait time on 3600.

Afther that i created a new policy for my domain users witch a named Immidio FlexProfiles Users

Add the Immidio Flex Profiles.adm to the new created GPO Immidio FlexProfiles Users

I did some settings where to find the ini files and where to save the settings.

Now you have a working roaming profile based on Immidio Flexprofiles. It’s a great tool a im loving it.

It’s works great when you migrate from XP to Windows 7

Reviewing Least Privilege Security for Windows 7, Vista and XP

Posted on July 28, 2010 by Ward

I was recently approached to do a book review on “Least Privilege Security for Windows 7,Vista and XP by Russell Smith” published by Packt Publishing. I will review it soon. It show you how to configure your Windows environment so that your users can operate without administrator permissions.

Here is a list of the just some of technologies that this book talks about to achieve a Least Privilege Security:

Program Compatibility Wizard
Applications Compatibility Wizard
User Account Control
Group Policy Software Deployment
Internet Explorer Add-on Management
Troubleshooting Remote Users
Configuring Windows Firewall
Software Restrictions Policies and AppLocker
Microsoft Deployment Toolkit
CD Burning
ActiveX Controls
Changing system time and time zones
Power Management
Managing networks
Standard Users Analyzer
Applications Compatibility Toolkit
Logon Scripts
Remote Desktop Services
App-V
Med-V

I have read already some chapters. I think it is a great book to have on your collection.
You have always not enough time thinking about security. This book does it for you.

As a special offer Packt Publishing are also letting people download preview chapter of this book by download here Chapter No. 3 – Solving Least privilege Problems with the Application Compatibility Toolkit

Enable Windows 7 Features through Group Policy

Posted on July 21, 2010 by Ward

I love Windows 7. But there is one thing a hate about Windows 7.
There is no nice way to enable Windows 7 Features trough Group Policy.

So I created a small visual basis script that i used as a startup script.

It checks if adsnapins.txt exist in the program files files. If exsist do nothing if it don’t exsist enable the feature.

Windows7ADSnapIns.vbs

‘Installeerd Windows 7 AD Management Snapins.
’13-07-2010 Ward Vissers

Set fso = CreateObject("Scripting.FileSystemObject")

If Not (fso.FileExists("C:\Program Files\adsnapins.txt")) Then
    Dim Wsh
    Set wsh = CreateObject("WScript.Shell")
    wsh.run "dism /online /enable-feature /featurename:RemoteServerAdministrationTools", ,1
    wsh.run "dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles", ,1
    wsh.run "dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles-AD", ,1
    wsh.run "dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles-AD-DS", ,1
    wsh.run "dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles-AD-DS-SnapIns", ,1
    fso.CopyFile "\\ad.local\afs\install\Windows7Feature\adsnapins.txt", "C:\Program Files\adsnapins.txt"

End If

Set fso = Nothing

MDT 2010 Importing automatically the right driver

Posted on July 19, 2010 by Ward

Microsoft Deployment Toolkit 2010 has some nice improvements to handle drivers. I will describe how I like to manage drivers in MDT 2010.

Some time I wrote i article about how to get the Name & Model from a computer. This is very important when you want to import only the right drivers automatically.

First we have to build the ‘Out-of-Box Drivers’ folder structure and import drivers. I have subdirectories for each architecture, brand and model. This is what my folder tree looks like:

However, you can build your own structure, as long as you respect the proper model & brand (make) name of the vendors.

Build Out-of-Box Drivers tree

To build up the folder structure you have to know the model name of your hardware. To retrieve the proper computer name execute at powershell command prompt: ‘Get-WmiObject -Class win32_computersystemproduct | fl Name,Model,UUID,Identifyingnumber,Vendor’, to get the exact name WMI queries to determine the computer model. In my case the computer name is “Latitude D830”.

Now that we have drivers imported in our Deployment Share, it’s time to move on.

1. DriverGroups

DriverGroups existed in MDT 2008 already, although the MDT Team added subdirectory support in MDT 2010.

At deployment phase MDT uses WMI to query the proper computer model and only the current model drivers will be injected. In order to get this working properly, you have to use the EXACT model name in your Out-of-Box Driver tree.

Inject the correct drivers in your Task Sequence

Add a new step in your Task Sequence to inject the correct drivers. MDT will query the computer name and inject the drivers which corresponds with the computer name from the Out-of-Box folder structure, right before applying the image at deployment.

I use ‘DriverGroup_001’ as Task Sequence Variable, and Win7×64\%Make%\%Model% as value for my Windows 7 x64. You have to adapt this to your Out-of-Box tree.

As I use a DriverGroup I’ve disabled the ‘Inject Drivers’ task.

Customsettings.ini

As my Task Sequence handles everything, there isn’t anything needed here.

If you don’t like to use a new Task in your TS, you can add DriverGroup variables in customsettings.ini like this:

DriverGroup_001=%Make%\%Model%

DriverGroup_002=Printers

2. Selection Profiles

New in MDT 2010 are DriverSelectionProfiles. These are easy for new MDT admins, very straight forward and easy to use.

Overview:

First you have to create a Profile (or use one of the default profiles):

You can even select Packages and Applications, use it for “bad drivers” aka driver setup packs.

Select what drivers you want to add to the profile;

After making the profiles you can use them in your Task Sequences. The default ‘Inject Drivers’ settings are on the left, the customized one on the right:

You can add Selection Profiles for drivers/packages or whatever you want. Just add an extra step in your task sequence like above.

Customsettings.ini

As with DriverGroups you can choose to handle the DriverSelectionProfile in customsettings.ini or in your TS.

Example:

DriverSelectionProfile=Dell Latitude D520 x64

Microsoft Deployment Toolkit (MDT) 2010 Update 1 is RTM

Posted on July 8, 2010 by Ward

Microsoft has released a new version of MDT 2010 named Update 1.

It’s a great tool im loving it.

What new:

For System Center Configuration Manager 2007 users:

New “User Driven Installation” deployment method. An easy-to-use UDI Wizard allows users to initiate and customize an OS deployment on their PCs that’s tailored to their individual needs.
Support for Configuration Manager R3 “Prestaged Media.” For those deploying Windows 7 and Office 2010 along with new PCs, a custom OS image can easily be loaded in the factory and then customized once deployed.

For Lite Touch Installation:

Support for Office 2010. Easily configure Office 2010 installation and deployment settings through the Deployment Workbench and integration with the Office Customization Tool.
Improved driver importing. All drivers are inspected during the import process to accurately determine what platforms they really support, avoiding common inaccuracies that can cause deployment issues.

Bug Fixes and small improvements

LTI Wizard performance improvement. The LTI Wizard now takes less time to initialize and shows up faster.
Issue in validating connection to the server fixed. In a few scenarios, MDT 2010 used to report the error message, "A connection to the distribution share could not be made" when a task sequence is run. The Microsoft Support article, “Error message when you use MDT 2010: ‘Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed,’” at http://support.microsoft.com/kb/977566 describes this issue in detail. This issue has been fixed in MDT 2010 Update 1.
Support for installing Windows 7 roles and features. MDT 2010 Update 1 adds support for installation of Windows 7 operating system roles and features.
Looping issue with x64 custom Windows images fixed. In MDT 2010, ZTI–System Center Configuration Manager deployments could get into an infinite loop when deploying an x64 Windows image captured by LTI. This issue has been fixed in MDT 2010 Update 1
Error handling improvements in MDT task sequence templates. In MDT 2010, task sequences appear to finish successfully even when they really failed. These issues are fixed in MDT 2010 Update 1.

Download the new version HERE

Deploy Office 2010 with Multiple Languages with MDT 2010

Posted on June 24, 2010 by Ward

I Like Office 2010. For me it is the best Office version i ever worked with.
MDT 2010 it’s great tool that Microsoft created.
Now i will talk about how you deploy Office 2010 with Multilanguage packs with MDT 2010.

Step 1: Download the Office 2010 English version booth will be in x86 & x64

Step 2. Download the Office 2010 (language) Multilanguage iso only available from the Microsoft Volume Licensing site. Both in x86 en x64.

Step 3. Add the Office 2010 English version to MDT 2010 here office-2010-uitrollen-met-mdt-2010

Step 4. Extract the Office 2010 (language) Multilanguage iso with 7zip in the same application folder witch you created in Step 3.

Step 5. When you open MDT 2010 management console and you go to the Office 2010 Application that you added in step 3. You wil see that MDT sees more the one language. In my case it was en-us and nl-nl. The Screenshot is from the older MDT 2010 you MDT sees Office 2010 as Office 2007. MDT 2010 beta 1 supports Office 2010. I found till now no issues deploying Office 2010.

Step 6. Check the languages that you want. Check the Screenshot how i did it.

Step 7. Deploy the a Windows XP or Windows 7 client with Office 2010 Multilanguage versions.

Step 8. You can check with Microsoft Office 2010 Language Preferences or the languages that you configured are installed.

Step 9. Use Group Policy to set the language settings for users

Download the Office 2010 policy template files to your computer. You will find them HERE
Make a new GPO named Office 2010 languages settings it is a user policy.
Under User Configuration in the console tree, right-click Administrative Templates.
Click Add/Remove Templates, and then click Add.
In the Policy Templates dialog box, click the template that you want to add, and then click Open.
After you add the Office 2010 templates, click Close.
Open the Group Policy object (GPO) for which you want to set policy.
Double-click User Configuration and expand the tree under Administrative Templates.
Locate language-related policies in the Microsoft Office 2010 \ Language Settings node.
Select the languages that you want to use for each setting.
Save the GPO.
Go Testing

Ward Vissers

Things About Microsoft & Exchange & VMware

Tag Archives: Windows 7