Monday, December 31, 2012

Enable Ping in Windows Server 2008 R2


By default Windows 2008 does not respond to pings. To enable:
Administrative Tools
Windows Firewall with Advanced Security
Inbound Rules
File and Printer Sharing (Echo Request - ICMPv4-IN)
Enable Rule
You should now be able to ping your server from the LAN.

Sunday, December 30, 2012

Restore Points doesn’t exist in Windows 2008


Restore Points doesn’t exist in Windows 2008

 If the tab "System Protection" is missing.. then we need to do the below first:
(1)Open Command line as admin.i.e. Right click CMD -> RUN AS ADMIN
(2) type the below commands..

dism /online /enable-feature /featurename:WindowsServerBackup
dism /online /enable-feature /featurename:WindowsServerBackupCommandlet
shutdown -r

The first two commands will enable the backup role, the third will reboot your system

(1) Right Click your "Computer" on Win 2K8, open "Properties", "Advanced Settings" and there you'll find "System Protection" tab.
(2) There will be a option.. CREATE A RESTORE POINT..

Wednesday, December 26, 2012

OWA 2010 - Create An Email Signature


This article explains how to create a personalized email signature when using Outlook Web App (OWA) running on an Exchange 2010 server.

  1. Click on Options in the upper-right.
  2. Select See All Options from the drop-down menu.
    owa2010faq02.PNG
  3. Select Settings.
    owa2010faq03.JPG
  4. Compose your signature in the E-Mail Signature text box. If you have an existing signature in your mail client, copy and paste it here.
  5. Click Automatically include my signature on messages I send if you want the signature to appear by default on your outgoing email.
    owa2010faq04.JPG
  6. Click Save in the lower-right portion of the screen.
  7. If you did not choose to automatically include your signature on outgoing email, you must manually insert it. In the new email window, Click the Insert Signature button. Your signature will appear in the text of your message.
    owa2010faq05.PNG

Saturday, December 8, 2012

File Services Role: Access-based Enumeration


Applies To: Windows Server 2008
Access-based enumeration displays only the files and folders that a user has permissions to access. It is a feature that was previously available as a downloadable package for the Windows Server® 2003 operating system (it was also included in Windows Server 2003 Service Pack 1). Access-based enumeration is now included in the Windows Server 2008 operating system, and you can enable it by using Share and Storage Management.
Access-based enumeration displays only the files and folders that a user has permissions to access. If a user does not have Read (or equivalent) permissions for a folder, Windows hides the folder from the user’s view. This feature is active only when viewing files and folders in a shared folder; it is not active when viewing files and folders in the local file system.
  • IT administrators who want to control which files and folders are visible to network users
  • IT administrators who want to control the user's experience
For example, if you enable access-based enumeration on a shared folder that contains many users’ home directories, users who access the shared folder can see only their personal home directories; other users’ folders are hidden from view.
Microsoft made the following changes to the functionality of shared folders to enable the use of access-based enumeration:
On a computer that is running Windows Server 2008, access-based enumeration is enabled by default on every folder that is shared by using the File Sharing feature. (This is the default sharing feature that is available through Windows Explorer).
However, access-based enumeration is not enabled by default on the following types of shared folders:
  • Shared folders that are created with Share and Storage Management, Advanced Sharing in Windows Explorer, or the net share command
  • Volumes
  • Folders or volumes that are shared for administrative purposes, such as C$ and ADMIN$
Access-based enumeration can be manually enabled or disabled on individual shared folders and volumes by using Share and Storage Management. This snap-in is available after a folder or volume has been shared. You can access Share and Storage Management in the File Services server role in Server Manager, and in Administrative Tools. You can also install it manually in Server Manager by adding the File Server role service to File Services.
There are two ways to enable and disable access-based enumeration by using Share and Storage Management:
  • Share a folder or volume by using the Provision a Shared Folder Wizard. If you select the SMB protocol on the Share Protocols page of the Provision a Shared Folder Wizard, the advanced settings options on the SMB Settings page includes the option to enable access-based enumeration on the shared folder or volume. (To see the advanced settings options, on the SMB Settings page of the wizard, click Advanced).
  • Change the properties of an existing shared folder or volume. To change the properties of an existing shared folder or volume, on the Shares tab of Share and Storage Management, click the shared folder or volume, and then click Properties in the Action pane. The information under Advanced settings displays whether access-based enumeration is enabled. Click Advanced and then select or clear the Enable access-based enumeration check box.

Backup Exec cannot connect to the Remote Agent because a trust relationship was not established between the Remote Agent and the Media Server.


Problem



Backup Exec 2010 R3 job fails with the error: 0xe0009b86 - Backup Exec cannot connect to the remote agent because a trust relationship was not established between the remote agent and the media server. 


Error



0xe0009b86 / V-79-57344-39814 - Backup Exec cannot connect to the remote agent because a trust relationship was not established between the remote agent and the media server.  To establish a trust relationship, add the remote agent to the Favorite Resources in the backup selections tree.

 

Environment



Backup Exec 2010 R3 & Backup Exec 2012.

Cause



Backup Exec 2010 R3 and above now uses stronger network security protocols to secure communication between media servers and Remote Agents, reducing the possibility that backup or restore operations can be compromised.
When connecting to a remote computer from the media server, a trust relationship must be established between the media server and the remote computer.  In certain situations the trust must be established manually.
Examples:
1. If the Backup Exec 2010 R3 or above Remote agent for Windows (RAWS) is installed manually, the Trust must be established before selecting the remote computer for backup or an existing selection list / job can run.
2. An alternate or new media server is attempting to backup a remote computer where no trust is established.
3. A trust relationship for a remote Linux or UNIX computer must be established first before a backup. 
Note: This error also occurs if Backup Exec Server is trying to backup another media server with same version of RAWS. Ensure that BE is not installed on the target remote server. 

Solution



The trust relationship between the media server and a remote computer can be established manually in a number of ways:

A. Add the remote computer to Favorite Resources
1. Browse to the remote computer in backup selections from the Active Directory Domains orMicrosoft Windows Network domain
2. Browse to the remote computer after adding it to User‐defined Selections
3. Use the Remote Agent Utility on the remote computer to configure publishing option.

B. Manually establishing a trust relationship with a remote computer by adding to Favorite Resources:
1. On the navigation bar, click the arrow next to Backup.
2. Click New Backup Job.
3. On the View by Resource tab, right-click Favorite Resources and choose Add Windows System.
4. Enter the remote computer name in the System Name field.
5. Choose the option to Add a system that already has the Remote Agent installed.
6. Choose or create a Logon Account with appropriate credentials for the remote computer, then clickOK.
7. Click Yes at the prompt to establish the trust relationship.
8. Click OK at the message indicating the system was added successfully.

C. Manually establishing a trust relationship with one or more remote computers by browsing to the domain:
1. On the navigation bar, click the arrow next to Backup.
2. Click New Backup Job.
3. On the View by Resource tab, expand Domains.
4. Do one of the following:
  • To select the remote computer from an Active Directory domain, expand Active Directory Domains, and then expand the Active Directory domain where the remote computer resides.
  • To select the remote computer from a Microsoft Windows Network domain, expand Microsoft Windows Network, and then expand the domain where the remote computer resides.
5. Do one of the following:

To establish the trust relationship with a single remote computer:

a. Select or expand the remote computer.
b. Click Yes at the prompt to establish the trust relationship.

To establish a trust relationship with more than one remote computer in the same domain:

a. In the results pane on the right, click on the first remote computer to highlight it, but do not select the checkbox.
b. Use the or keys while you click on other remote computers that you want to select.
c. Right‐click the selected computers, and then click Establish trust relationship.

D. Manually establishing a trust relationship with one or more remote computers by adding to User-defined Selections:
1. On the navigation bar, click the arrow net to Backup.
2. Click New Backup Job.
3. On the View by Resource tab, right‐click User‐defined Selections, and then click Manage User‐defined Selections.
4. Type the name or IP address for the remote computer in the Name field and click Add
5. After adding remote computers to the list, click Close.
6. Expand User‐defined Selections in the tree.
7. Do one of the following:

To establish the trust relationship with a single remote computer:a. Select or expand the remote computer.
b. Click Yes at the prompt to establish the trust relationship.
To establish a trust relationship with more than one remote computer in the same domain:a. In the results pane on the right, click on the first remote computer to highlight it, but do not select the checkbox.
b. Use the or keys while you click on other remote computers that you want to select.
c. Right‐click the selected computers, and then click Establish trust relationship.

E. Manually establishing a trust relationship with a remote computer using the Remote Agent Utility:
1. Open the Backup Exec 2010 Remote Agent Utility from the program menu.
2. On the Publishing tab, click Change Settings.
3. After the utility closes and reopens, click the Publishing tab and click Add.
4. Type the name or IP address of the media server, user name, and password in the corresponding fields.
NoteThe user must have administrative privileges on the specified media server.
5. Click OK.
6. Click the Security tab and verify that an entry appears for the specified media server.
7. Click OK to close the Remote Agent Utility.

F. Establishing a trust relationship while configuring a remote computer for deduplication
If a trust relationship with the remote computer has not already been established, establish it while configuring the remote computer for deduplication:
1. Open the Tools menu, then choose Configure Remote Agent for Deduplication... from theConfigure Devices submenu.
2. Type the name of the remote computer in the Server field.
3. Choose the port your remote computer is configured to use (default is 10000).
4. Type a description if one is desired.
5. Check or clear the Enable ICMP ping operations checkbox, depending on the network configuration.  If a firewall blocks ICMP, the checkbox will need to be cleared.
6. Choose or create a Logon account with the correct credentials for accessing the remote computer.
7. Click OK.
8. Click Yes at the prompt to establish the trust relationship.
9. Click Restart Now or Restart Later
Note: The Backup Exec services on the media server must be restarted before the remote computer can be used for client-side deduplication. 

Wednesday, November 28, 2012

How permissions are handled when you copy and move files and folders

You can modify how Windows Explorer handles permissions when objects are copied or moved to another NTFS volume. When you copy or move an object to another volume, the object inherits the permissions of its new folder. However, if you want to modify this behavior to preserve the original permissions, modify the registry as follows. 

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
  1. Click Start, click Run, type regedit in the Open box, and then press ENTER.
  2. Locate and then click the following registry key:

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
  3. On the Edit menu, click Add Value, and then add the following registry value:
    Value name: ForceCopyAclwithFile
    Data type: DWORD
    Value data: 1
  4. Exit Registry Editor.
You can modify how Windows Explorer handles permissions when objects are moved in the same NTFS volume. As mentioned, when an object is moved within the same volume, the object preserves its permissions by default. However, if you want to modify this behavior so that the object inherits the permissions from the parent folder, modify the registry as follows:
  1. Click Start, click Run, type regedit, and then press ENTER.
  2. Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
  3. On the Edit menu, click Add Value, and then add the following registry value:

    Value name: MoveSecurityAttributes
    Data type: DWORD
    Value data: 0
  4. Exit Registry Editor.
  5. Make sure that the user account that is used to move the object has the Change Permissions permission set. If the permission is not set, grant the Change Permissions permission to the user account.
Note The MoveSecurityAttributes registry value only applies to Windows XP and to Windows Server 2003. The value does not affect Windows 2000.

----------------------------------------------------------------------------------------------------------------------------------

You can also use ROBOCOPY command:
Link for guide: 

http://technet.microsoft.com/en-us/library/cc733145(WS.10).aspx


Sunday, November 25, 2012

Resolve or delete duplicate contacts


If you save a contact with the same name or e-mail name as one that already exists in your Contacts folder, Microsoft Outlook displays a dialog box with options to either add the duplicate contact as a new contact or update the existing contact with the new information from the duplicate contact. The same choices are offered for resolving duplicate Electronic Business Card.
Another situation in which duplicate contacts are created is when you import contacts into Outlook. In this case, you can delete the unwanted duplicates. You can also turn off the Duplicate Detection feature if you are saving many contacts at one time and want to speed up the process.

The options for resolving duplicate contacts

You have two options to resolve duplicate contacts in the Duplicate Contact Detected dialog box:
Add a duplicate as a new contact     The new contact will be added to your Contacts folder. For example, if you create a contact with the name Judy Lew, and you already have a contact with that name in your Contactsfolder, you will have two contacts named Judy Lew. To distinguish between the two, you can add a middle initial to one.
 TIP   Displaying your contacts as Electronic Business Cards is a good choice of views in which to see enough information to distinguish contacts with duplicate names.
Update new information from a duplicate contact to an existing one    Outlook will compare all the fields that contain data in both the duplicate and existing contacts and copy the data from the duplicate contact into any fields in the existing contact that have conflicting data. For example, if you have a contact named Judy Lew with the phone number 555-0112, and you get a duplicate contact with a new phone number, Outlook will copy the new number into the appropriate field in the existing contact and leave all the other fields the same.
The color categories that you assign to the new contact and the text in the message from the new contact will not be copied into the existing contact. If you want to copy this information, you must do so manually. Certificates and links to contacts on the Activities tab will be copied from the duplicate contact and added to the existing contact without replacing the original information. However, links on the Activities tab to items other than contacts, such as tasks and appointments, will not be copied.
Whenever Outlook updates the data in a contact, a copy of the original contact is stored in the Deleted Itemsfolder. This copy can be used if you need to revert to the information in the original contact.

Delete duplicate contacts

If you imported contacts into Outlook by using the same names or e-mail addresses that already exist in yourContacts folder, and you selected the Allow duplicates to be created option in the Import and Export Wizard, you might have unwanted duplicates of several or all of the contacts that you imported.
Removing the unwanted duplicate contacts is a manual process, but the following is the easiest way to do it.
 NOTE    These instructions are for Outlook 2007. Instructions are also available for Outlook 2010 or Outlook 2003.
  1. In Contacts, select the contacts folder that has duplicate contacts.
  2. In the Navigation Pane, under Current View, click Phone List. This is the best view to scan your contacts list and see the duplicate contacts. Now you can sort the list by modified date and group the duplicates together.
  3. On the View menu, point to Current View, and then click Customize Current View.
  4. Click Fields, select Modified in the Available fields list, and then click Add.
  5. Click Move Up until Modified is at the top of the Show these fields in this order list.
  6. Click OK twice.
  7. In the list of contacts, hold down CTRL while you select each duplicate contact.
  8. When you have selected all the duplicate contacts, press DELETE.
 NOTE   If you do not want the duplicate contacts when you import contacts into Outlook, select the Do not import duplicates option or the Replace duplicates with items imported option in the Import and Export Wizard.
  • Do not import duplicates    Existing data is kept, and the duplicate information in the Personal Folders file (.pst) is not copied to the Contacts folder.
  • Replace duplicates with items imported    Existing data in the Contacts folder is replaced with the information in the .pst file that is being imported.

Turn off the Duplicate Detection feature

If you are saving many contacts to Outlook, the process can be faster if you do not use the
Duplicate Detection feature. To turn this feature off, do the following:
  1. On the Tools menu, click Options.
  2. Click Contact Options, and then clear the Check for duplicate contacts check box.

How to Merge Outlook 2007 Contacts


Instructions

    • 1
      Open your Microsoft Outlook 2007 software and allow the program to fully load and check for new messages. Once the program has fully loaded, drag all the items in Outlook that contain relevant contact information and place them all into the folder marked "Contacts," on the left-hand side of the screen.
    • 2
      Allow the program's automatic duplicate detection system to determine if you have any duplicate contacts in your "Contacts" folder. If a message comes on screen asking if you would like to merge contact information from two pieces of data with the same information, click "Yes" and it will consolidate the contacts into one folder. Repeat this process until all your duplicate contacts are merged into one folder.
    • 3
      Select the option marked "Table View" to see your contacts in descending order according to the last time they were edited. Select all the contacts that were just modified in the previous step, right click the mouse and choose the option marked "Category." Add a category name that fits with the contacts that are present in this folder and click "OK." Your folder is now complete and your contacts are merged into one list.

Thursday, November 15, 2012

Get delivery and read receipt confirmations


Track all messages that you send

  1. On the Tools menu, click Options.
  2. Under E-mail, click E-mail Options.
  3. Under Message handling, click Tracking Options.
  4. Select the Read receipt or the Delivery receipt check box.
Request read receipts for all messages
 TIP   As a best practice, we recommend that you consider tracking only single messages of importance instead of all messages. Recipients who occassionally receive a notification that a read receipt is requested on your e-mail message are less likely to turn off all read receipts for future messages.

Track a single message

  • In the message, on the Options tab, in the Tracking group, select the Request a Delivery Receipt or theRequest a Read Receipt check box.
Request delivery receipt

Track receipt responses

  1. Open the original message that you sent with a request for a delivery or read receipt. This message is usually located in the Sent Items folder.
  2. On the Message tab, in the Show group, click Tracking.
Show tracking
 NOTE   Tracking does not appear until at least one receipt is received. After you receive the first receipt in your Inbox, it might take several minutes before the Tracking button is available.

Change the processing of receipt responses

  1. On the Tools menu, click Options.
  2. Click E-mail Options, and then click Tracking Options.
  3. Select the processing options that you want by doing one or more of the following:
    • Automatically record responses in the original item     Select the Process requests and responses on arrival check box.
    • Delete notifications about delivered and read messages     Select the Process receipts on arrivalcheck box.
    • Move receipts out of your Inbox after processing     Select the After processing, move receipts to check box.
To select a folder other than Deleted Items, click Browse.
Receipt processing options Í

Disable Outlook Auto-Mapping with Full Access Mailboxes


Applies to: Exchange Server 2010 SP2
Topic Last Modified: 2011-12-16
In Exchange 2010 Service Pack 1 (SP1) Exchange introduced a feature that allows Outlook 2007 and Outlook 2010 clients to automatically map to any mailbox to which a user has Full Access permissions. If a user is granted Full Access permissions to another user's mailbox or to a shared mailbox, Outlook automatically loads all mailboxes to which the user has full access.
To accomplish this, Exchange populates the msExchDelegateListLink attribute in Active Directory to locate mailboxes for which the user has Full Access permission, and then provides this information to the Autodiscover service. Autodiscover then populates the AlternateMailbox attribute with the information necessary for Outlook to open the full access mailboxes. If the user has Full Access permissions to several mailboxes, performance issues may occur when starting Outlook. In Exchange 2010 SP1, there was no way to turn this feature off. However, in Exchange 2010 SP2, you can use the Shell to disable this feature.
Looking for other management tasks related to mailbox permissions? Check out Permissions to Manage Mailbox Servers
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Permissions and delegation" entry in the Mailbox Permissions topic.
noteNote:
You can’t’ use the EMC to disable auto-mapping.
This example grants the user Mark Steele full access permission to Jeroen Cool’s mailbox and disables the auto-mapping feature.
Add-MailboxPermission -Identity JeroenC -User 'Mark Steele' -AccessRight FullAccess -InheritanceType All -Automapping $false
This example removes auto-mapping on an existing shared mailbox and removes the auto-mapping behavior for users who have already been granted Full Access permissions.
$FixAutoMapping = Get-MailboxPermission sharedmailbox |where {$_AccessRights -eq "FullAccess" -and $_IsInherited -eq $false}
$FixAutoMapping | Remove-MailboxPermission
$FixAutoMapping | ForEach {Add-MailboxPermission -Identity $_.Identity -User $_.User -AccessRights:FullAccess -AutoMapping $false} 

Monday, November 12, 2012

Moving Local profiles to Roaming profiles



1. Create a shared profile folder (\\servername\Profiles$)
1.1 user must have full access to their profile folder (\\servername\Profiles$\Profile1)
2. Select all user on OU, on properties profile tab set it for \\Servername\Profiles$\%usrname%
3. Config a GPO for profile redirection
when they logoff the profile must redirect to the shared folder.
Drive a test on one or two non critical users

10 PowerShell commands every Windows admin should know



1: Get-Help

The first PowerShell cmdlet every administrator should learn is Get-Help. You can use this command to get help with any other command. For example, if you want to know how the Get-Process command works, you can type:
Get-Help -Name Get-Process
and Windows will display the full command syntax.
You can also use Get-Help with individual nouns and verbs. For example, to find out all the commands you can use with the Get verb, type:
Get-Help -Name Get-*

2: Set-ExecutionPolicy

Although you can create and execute PowerShell scripts, Microsoft has disabled scripting by default in an effort to prevent malicious code from executing in a PowerShell environment. You can use the Set-ExecutionPolicy command to control the level of security surrounding PowerShell scripts. Four levels of security are available to you:
  • Restricted — Restricted is the default execution policy and locks PowerShell down so that commands can be entered only interactively. PowerShell scripts are not allowed to run.
  • All Signed — If the execution policy is set to All Signed then scripts will be allowed to run, but only if they are signed by a trusted publisher.
  • Remote Signed — If the execution policy is set to Remote Signed, any PowerShell scripts that have been locally created will be allowed to run. Scripts created remotely are allowed to run only if they are signed by a trusted publisher.
  • Unrestricted — As the name implies, Unrestricted removes all restrictions from the execution policy.
You can set an execution policy by entering the Set-ExecutionPolicy command followed by the name of the policy. For example, if you wanted to allow scripts to run in an unrestricted manner you could type:
Set-ExecutionPolicy Unrestricted

3: Get-ExecutionPolicy

If you’re working on an unfamiliar server, you’ll need to know what execution policy is in use before you attempt to run a script. You can find out by using the Get-ExecutionPolicy command.

4: Get-Service

The Get-Service command provides a list of all of the services that are installed on the system. If you are interested in a specific service you can append the -Name switch and the name of the service (wildcards are permitted) When you do, Windows will show you the service’s state.

5: ConvertTo-HTML

PowerShell can provide a wealth of information about the system, but sometimes you need to do more than just view the information onscreen. Sometimes, it’s helpful to create a report you can send to someone. One way of accomplishing this is by using the ConvertTo-HTML command.
To use this command, simply pipe the output from another command into the ConvertTo-HTML command. You will have to use the -Property switch to control which output properties are included in the HTML file and you will have to provide a filename.
To see how this command might be used, think back to the previous section, where we typed Get-Service to create a list of every service that’s installed on the system. Now imagine that you want to create an HTML report that lists the name of each service along with its status (regardless of whether the service is running). To do so, you could use the following command:
Get-Service | ConvertTo-HTML -Property Name, Status > C:\services.htm

6: Export-CSV

Just as you can create an HTML report based on PowerShell data, you can also export data from PowerShell into a CSV file that you can open using Microsoft Excel. The syntax is similar to that of converting a command’s output to HTML. At a minimum, you must provide an output filename. For example, to export the list of system services to a CSV file, you could use the following command:
Get-Service | Export-CSV c:\service.csv

7: Select-Object

If you tried using the command above, you know that there were numerous properties included in the CSV file. It’s often helpful to narrow things down by including only the properties you are really interested in. This is where the Select-Object command comes into play. The Select-Object command allows you to specify specific properties for inclusion. For example, to create a CSV file containing the name of each system service and its status, you could use the following command:
Get-Service | Select-Object Name, Status | Export-CSV c:\service.csv

8: Get-EventLog

You can actually use PowerShell to parse your computer’s event logs. There are several parameters available, but you can try out the command by simply providing the -Log switch followed by the name of the log file. For example, to see the Application log, you could use the following command:
Get-EventLog -Log "Application"
Of course, you would rarely use this command in the real world. You’re more likely to use other commands to filter the output and dump it to a CSV or an HTML file.

9: Get-Process

Just as you can use the Get-Service command to display a list of all of the system services, you can use the Get-Process command to display a list of all of the processes that are currently running on the system.

10: Stop-Process

Sometimes, a process will freeze up. When this happens, you can use the Get-Process command to get the name or the process ID for the process that has stopped responding. You can then terminate the process by using the Stop-Process command. You can terminate a process based on its name or on its process ID. For example, you could terminate Notepad by using one of the following commands:
Stop-Process -Name notepad
Stop-Process -ID 2668
Keep in mind that the process ID may change from session to session.