Monday, January 24, 2011

Send on Behalf and Send As


Send on Behalf and Send As are similar in fashion. Send on Behalf will allow a user to send as another user while showing the recipient that it was sent from a specific user on behalf of another user. What this means, is that the recipient is cognitive of who actually initiated the sending message, regardless of who it was sent on behalf of. This may not be what you are looking to accomplish. In many cases, you may want to send as another person and you do not want the recipient to be cognitive about who initiated the message. Of course, a possible downside to this, is that if the recipient replies, it may go to a user who did not initiate the sent message and might be confused depending on the circumstances. Send As can be useful in a scenario where you are sending as a mail-enabled distribution group. If someone replies, it will go to that distribution group which ultimately gets sent to every user who is a part of that distribution group. This article will explains how to use both methods.
Send on Behalf
There are three ways to configure Send on Behalf. The first method is by using Outlook Delegates which allows a user to grant another user to Send on Behalf of their mailbox. The second method is having an Exchange Administrator go into the Exchange Management Shell (EMS) and grant a specific user to Send on Behalf of another user. The third and final method is using the Exchange Management Console (EMC).
Outlook Delegates
There are major steps in order to use Outlook Delegates. The first is to select the user and add him as a delegate. You then must share your mailbox to that user.
  1. Go to Tools and choose Options
  2. Go to the Delegates Tab and click Add
  3. Select the user who wish to grant access to and click Add and then Ok
Note: There are more options you can choose from once you select OK after adding that user. Nothing in the next window is necessary to grant send on behalf.
  1. When back at the main Outlook window, in the Folder List, choose your mailbox at the root level. This will appear as Mailbox – Full Name
  2. Right-click and choose Change Sharing Permissions
  3. Click the Add button
  4. Select the user who wish to grant access to and click Add and then Ok
  5. In the permissions section, you must grant the user at minimum, Non-editing Author.
Exchange Management Shell (EMS)
This is a fairly simple process to complete. It consists of running only the following command and you are finished. The command is as follows:
Set-Mailbox UserMailbox -GrantSendOnBehalfTo UserWhoSends
Exchange Management Console (EMC)
  1. Go to Recipient Management and choose Mailbox
  2. Choose the mailbox and choose Properties in Action Pane
  3. Go to the Mail Flow Settings Tab and choose Delivery Options
  4. Click the Add button
  5. Select the user who wish to grant access to and click Add and then Ok

Send As
As of Exchange 2007 SP1, there are two ways to configure SendAs. The first method is having an Exchange Administrator go into the Exchange Management Shell (EMS) and grant a specific user to SendAs of another user. The second and final method (added in SP1) is using the Exchange Management Console (EMC).
Exchange Management Shell (EMS)
The first method is to grant a specific user the ability to SendAs as another user. It consists of running only the following command and you are finished. The command is as follows:
Add-ADPermission UserMailbox -ExtendedRights Send-As -user UserWhoSends
Exchange Management Console (EMC)
  1. Go to Recipient Management and choose Mailbox
  2. Choose the mailbox and choose Manage Send As Permissions in Action Pane
  3. Select the user who wish to grant access to and click Add and then Ok
Miscellaneous Information
No “From:” Button
In order for a user to Send on Behalf or Send As another user, their Outlook profile must be configured to show a From: button. By default, Outlook does not show the From: button. In order to configure a user’s Outlook profile to show the From: button:
Replies
If you are sending as another user, the recipient user might reply. By default, Outlook is configured to set the reply address to whoever is configured as the sending address. So if I am user A sending on behalf of user B, the reply address will be set to user B. If you are the user initiating the sending message, you can configure your Outlook profile to manually configure the reply address.


Conflicting Methods
If you are configuring Send on Behalf permissions on the Exchange Server, ensure that the user is not trying to use the Outlook delegates at the same time. Recently, at a client, I was given the task to configure Send As as well as Send on Behalf. As I was configuring Send As on the server, I found out that the client was attempting to use Outlook Delegates at the same time. Send As would not work. Once the user removed the user from Outlook Delegates and removed permissions for that user at the root level of your mailbox that appears as Mailbox – Full Name, Send As began to work. So keep in mind, if you are configuring Send As or Send on Behalf, use only one method for a specific user.

Saturday, January 22, 2011

"The security log on this system is full" in Windows XP or Windows 2003


  1. Click Start, point to All Programs, point to Administrative Tools, and then clickEvent Viewer.
  2. Right-click Security, and then click Properties.
  3. In the Log Size area of the Security Properties window, click the Overwrite events as needed option under When maximum log size is reached.
  4. Click OK.
  5. Close Event Viewer.

Tuesday, January 4, 2011

Grant a Member the Right to Logon Locally

Applies To: Windows Server 2008 R2

Grant a user or group the right to log on locally to the domain controllers in the domain

  1. Click Start, type gpmc.msc, and then press ENTER.
  2. Double-click the name of the forest, double-click Domains, double-click the name of the domain in which you want to join a computer, right-click Default Domain Controllers Policy, and then click Edit.
  3. In the console tree, expand Computer Configuration, Policies, Windows Settings, Security Settings, and Local Policies, and then click User Rights Assignment.
  4. In the details pane, double-click Allow Logon Locally.
  5. Ensure that the Define these policy settings check box is selected, and then click Add User or Group.
  6. Type the name of the account that you want to allow to log on locally. As an alternative, click Browse to locate the account with the Select Users, Computers, or Groups dialog box, and then click OK.
  7. After you have the account name entered, click OK in the Add User or Group dialog box, and then click OK in the Allow log on locally Properties dialog box.
securitySecurity Note
The domain controllers in the domain share the Default Domain Controllers Group Policy object (GPO). When you grant an account the Allow logon locally right, you are allowing that account to log on locally to all domain controllers in the domain.