Wednesday, November 28, 2012

How permissions are handled when you copy and move files and folders

You can modify how Windows Explorer handles permissions when objects are copied or moved to another NTFS volume. When you copy or move an object to another volume, the object inherits the permissions of its new folder. However, if you want to modify this behavior to preserve the original permissions, modify the registry as follows. 

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
  1. Click Start, click Run, type regedit in the Open box, and then press ENTER.
  2. Locate and then click the following registry key:

  3. On the Edit menu, click Add Value, and then add the following registry value:
    Value name: ForceCopyAclwithFile
    Data type: DWORD
    Value data: 1
  4. Exit Registry Editor.
You can modify how Windows Explorer handles permissions when objects are moved in the same NTFS volume. As mentioned, when an object is moved within the same volume, the object preserves its permissions by default. However, if you want to modify this behavior so that the object inherits the permissions from the parent folder, modify the registry as follows:
  1. Click Start, click Run, type regedit, and then press ENTER.
  2. Locate and then click the following registry subkey:
  3. On the Edit menu, click Add Value, and then add the following registry value:

    Value name: MoveSecurityAttributes
    Data type: DWORD
    Value data: 0
  4. Exit Registry Editor.
  5. Make sure that the user account that is used to move the object has the Change Permissions permission set. If the permission is not set, grant the Change Permissions permission to the user account.
Note The MoveSecurityAttributes registry value only applies to Windows XP and to Windows Server 2003. The value does not affect Windows 2000.


You can also use ROBOCOPY command:
Link for guide:

Sunday, November 25, 2012

Resolve or delete duplicate contacts

If you save a contact with the same name or e-mail name as one that already exists in your Contacts folder, Microsoft Outlook displays a dialog box with options to either add the duplicate contact as a new contact or update the existing contact with the new information from the duplicate contact. The same choices are offered for resolving duplicate Electronic Business Card.
Another situation in which duplicate contacts are created is when you import contacts into Outlook. In this case, you can delete the unwanted duplicates. You can also turn off the Duplicate Detection feature if you are saving many contacts at one time and want to speed up the process.

The options for resolving duplicate contacts

You have two options to resolve duplicate contacts in the Duplicate Contact Detected dialog box:
Add a duplicate as a new contact     The new contact will be added to your Contacts folder. For example, if you create a contact with the name Judy Lew, and you already have a contact with that name in your Contactsfolder, you will have two contacts named Judy Lew. To distinguish between the two, you can add a middle initial to one.
 TIP   Displaying your contacts as Electronic Business Cards is a good choice of views in which to see enough information to distinguish contacts with duplicate names.
Update new information from a duplicate contact to an existing one    Outlook will compare all the fields that contain data in both the duplicate and existing contacts and copy the data from the duplicate contact into any fields in the existing contact that have conflicting data. For example, if you have a contact named Judy Lew with the phone number 555-0112, and you get a duplicate contact with a new phone number, Outlook will copy the new number into the appropriate field in the existing contact and leave all the other fields the same.
The color categories that you assign to the new contact and the text in the message from the new contact will not be copied into the existing contact. If you want to copy this information, you must do so manually. Certificates and links to contacts on the Activities tab will be copied from the duplicate contact and added to the existing contact without replacing the original information. However, links on the Activities tab to items other than contacts, such as tasks and appointments, will not be copied.
Whenever Outlook updates the data in a contact, a copy of the original contact is stored in the Deleted Itemsfolder. This copy can be used if you need to revert to the information in the original contact.

Delete duplicate contacts

If you imported contacts into Outlook by using the same names or e-mail addresses that already exist in yourContacts folder, and you selected the Allow duplicates to be created option in the Import and Export Wizard, you might have unwanted duplicates of several or all of the contacts that you imported.
Removing the unwanted duplicate contacts is a manual process, but the following is the easiest way to do it.
 NOTE    These instructions are for Outlook 2007. Instructions are also available for Outlook 2010 or Outlook 2003.
  1. In Contacts, select the contacts folder that has duplicate contacts.
  2. In the Navigation Pane, under Current View, click Phone List. This is the best view to scan your contacts list and see the duplicate contacts. Now you can sort the list by modified date and group the duplicates together.
  3. On the View menu, point to Current View, and then click Customize Current View.
  4. Click Fields, select Modified in the Available fields list, and then click Add.
  5. Click Move Up until Modified is at the top of the Show these fields in this order list.
  6. Click OK twice.
  7. In the list of contacts, hold down CTRL while you select each duplicate contact.
  8. When you have selected all the duplicate contacts, press DELETE.
 NOTE   If you do not want the duplicate contacts when you import contacts into Outlook, select the Do not import duplicates option or the Replace duplicates with items imported option in the Import and Export Wizard.
  • Do not import duplicates    Existing data is kept, and the duplicate information in the Personal Folders file (.pst) is not copied to the Contacts folder.
  • Replace duplicates with items imported    Existing data in the Contacts folder is replaced with the information in the .pst file that is being imported.

Turn off the Duplicate Detection feature

If you are saving many contacts to Outlook, the process can be faster if you do not use the
Duplicate Detection feature. To turn this feature off, do the following:
  1. On the Tools menu, click Options.
  2. Click Contact Options, and then clear the Check for duplicate contacts check box.

How to Merge Outlook 2007 Contacts


    • 1
      Open your Microsoft Outlook 2007 software and allow the program to fully load and check for new messages. Once the program has fully loaded, drag all the items in Outlook that contain relevant contact information and place them all into the folder marked "Contacts," on the left-hand side of the screen.
    • 2
      Allow the program's automatic duplicate detection system to determine if you have any duplicate contacts in your "Contacts" folder. If a message comes on screen asking if you would like to merge contact information from two pieces of data with the same information, click "Yes" and it will consolidate the contacts into one folder. Repeat this process until all your duplicate contacts are merged into one folder.
    • 3
      Select the option marked "Table View" to see your contacts in descending order according to the last time they were edited. Select all the contacts that were just modified in the previous step, right click the mouse and choose the option marked "Category." Add a category name that fits with the contacts that are present in this folder and click "OK." Your folder is now complete and your contacts are merged into one list.

Thursday, November 15, 2012

Get delivery and read receipt confirmations

Track all messages that you send

  1. On the Tools menu, click Options.
  2. Under E-mail, click E-mail Options.
  3. Under Message handling, click Tracking Options.
  4. Select the Read receipt or the Delivery receipt check box.
Request read receipts for all messages
 TIP   As a best practice, we recommend that you consider tracking only single messages of importance instead of all messages. Recipients who occassionally receive a notification that a read receipt is requested on your e-mail message are less likely to turn off all read receipts for future messages.

Track a single message

  • In the message, on the Options tab, in the Tracking group, select the Request a Delivery Receipt or theRequest a Read Receipt check box.
Request delivery receipt

Track receipt responses

  1. Open the original message that you sent with a request for a delivery or read receipt. This message is usually located in the Sent Items folder.
  2. On the Message tab, in the Show group, click Tracking.
Show tracking
 NOTE   Tracking does not appear until at least one receipt is received. After you receive the first receipt in your Inbox, it might take several minutes before the Tracking button is available.

Change the processing of receipt responses

  1. On the Tools menu, click Options.
  2. Click E-mail Options, and then click Tracking Options.
  3. Select the processing options that you want by doing one or more of the following:
    • Automatically record responses in the original item     Select the Process requests and responses on arrival check box.
    • Delete notifications about delivered and read messages     Select the Process receipts on arrivalcheck box.
    • Move receipts out of your Inbox after processing     Select the After processing, move receipts to check box.
To select a folder other than Deleted Items, click Browse.
Receipt processing options Í

Disable Outlook Auto-Mapping with Full Access Mailboxes

Applies to: Exchange Server 2010 SP2
Topic Last Modified: 2011-12-16
In Exchange 2010 Service Pack 1 (SP1) Exchange introduced a feature that allows Outlook 2007 and Outlook 2010 clients to automatically map to any mailbox to which a user has Full Access permissions. If a user is granted Full Access permissions to another user's mailbox or to a shared mailbox, Outlook automatically loads all mailboxes to which the user has full access.
To accomplish this, Exchange populates the msExchDelegateListLink attribute in Active Directory to locate mailboxes for which the user has Full Access permission, and then provides this information to the Autodiscover service. Autodiscover then populates the AlternateMailbox attribute with the information necessary for Outlook to open the full access mailboxes. If the user has Full Access permissions to several mailboxes, performance issues may occur when starting Outlook. In Exchange 2010 SP1, there was no way to turn this feature off. However, in Exchange 2010 SP2, you can use the Shell to disable this feature.
Looking for other management tasks related to mailbox permissions? Check out Permissions to Manage Mailbox Servers
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Permissions and delegation" entry in the Mailbox Permissions topic.
You can’t’ use the EMC to disable auto-mapping.
This example grants the user Mark Steele full access permission to Jeroen Cool’s mailbox and disables the auto-mapping feature.
Add-MailboxPermission -Identity JeroenC -User 'Mark Steele' -AccessRight FullAccess -InheritanceType All -Automapping $false
This example removes auto-mapping on an existing shared mailbox and removes the auto-mapping behavior for users who have already been granted Full Access permissions.
$FixAutoMapping = Get-MailboxPermission sharedmailbox |where {$_AccessRights -eq "FullAccess" -and $_IsInherited -eq $false}
$FixAutoMapping | Remove-MailboxPermission
$FixAutoMapping | ForEach {Add-MailboxPermission -Identity $_.Identity -User $_.User -AccessRights:FullAccess -AutoMapping $false} 

Monday, November 12, 2012

Moving Local profiles to Roaming profiles

1. Create a shared profile folder (\\servername\Profiles$)
1.1 user must have full access to their profile folder (\\servername\Profiles$\Profile1)
2. Select all user on OU, on properties profile tab set it for \\Servername\Profiles$\%usrname%
3. Config a GPO for profile redirection
when they logoff the profile must redirect to the shared folder.
Drive a test on one or two non critical users

10 PowerShell commands every Windows admin should know

1: Get-Help

The first PowerShell cmdlet every administrator should learn is Get-Help. You can use this command to get help with any other command. For example, if you want to know how the Get-Process command works, you can type:
Get-Help -Name Get-Process
and Windows will display the full command syntax.
You can also use Get-Help with individual nouns and verbs. For example, to find out all the commands you can use with the Get verb, type:
Get-Help -Name Get-*

2: Set-ExecutionPolicy

Although you can create and execute PowerShell scripts, Microsoft has disabled scripting by default in an effort to prevent malicious code from executing in a PowerShell environment. You can use the Set-ExecutionPolicy command to control the level of security surrounding PowerShell scripts. Four levels of security are available to you:
  • Restricted — Restricted is the default execution policy and locks PowerShell down so that commands can be entered only interactively. PowerShell scripts are not allowed to run.
  • All Signed — If the execution policy is set to All Signed then scripts will be allowed to run, but only if they are signed by a trusted publisher.
  • Remote Signed — If the execution policy is set to Remote Signed, any PowerShell scripts that have been locally created will be allowed to run. Scripts created remotely are allowed to run only if they are signed by a trusted publisher.
  • Unrestricted — As the name implies, Unrestricted removes all restrictions from the execution policy.
You can set an execution policy by entering the Set-ExecutionPolicy command followed by the name of the policy. For example, if you wanted to allow scripts to run in an unrestricted manner you could type:
Set-ExecutionPolicy Unrestricted

3: Get-ExecutionPolicy

If you’re working on an unfamiliar server, you’ll need to know what execution policy is in use before you attempt to run a script. You can find out by using the Get-ExecutionPolicy command.

4: Get-Service

The Get-Service command provides a list of all of the services that are installed on the system. If you are interested in a specific service you can append the -Name switch and the name of the service (wildcards are permitted) When you do, Windows will show you the service’s state.

5: ConvertTo-HTML

PowerShell can provide a wealth of information about the system, but sometimes you need to do more than just view the information onscreen. Sometimes, it’s helpful to create a report you can send to someone. One way of accomplishing this is by using the ConvertTo-HTML command.
To use this command, simply pipe the output from another command into the ConvertTo-HTML command. You will have to use the -Property switch to control which output properties are included in the HTML file and you will have to provide a filename.
To see how this command might be used, think back to the previous section, where we typed Get-Service to create a list of every service that’s installed on the system. Now imagine that you want to create an HTML report that lists the name of each service along with its status (regardless of whether the service is running). To do so, you could use the following command:
Get-Service | ConvertTo-HTML -Property Name, Status > C:\services.htm

6: Export-CSV

Just as you can create an HTML report based on PowerShell data, you can also export data from PowerShell into a CSV file that you can open using Microsoft Excel. The syntax is similar to that of converting a command’s output to HTML. At a minimum, you must provide an output filename. For example, to export the list of system services to a CSV file, you could use the following command:
Get-Service | Export-CSV c:\service.csv

7: Select-Object

If you tried using the command above, you know that there were numerous properties included in the CSV file. It’s often helpful to narrow things down by including only the properties you are really interested in. This is where the Select-Object command comes into play. The Select-Object command allows you to specify specific properties for inclusion. For example, to create a CSV file containing the name of each system service and its status, you could use the following command:
Get-Service | Select-Object Name, Status | Export-CSV c:\service.csv

8: Get-EventLog

You can actually use PowerShell to parse your computer’s event logs. There are several parameters available, but you can try out the command by simply providing the -Log switch followed by the name of the log file. For example, to see the Application log, you could use the following command:
Get-EventLog -Log "Application"
Of course, you would rarely use this command in the real world. You’re more likely to use other commands to filter the output and dump it to a CSV or an HTML file.

9: Get-Process

Just as you can use the Get-Service command to display a list of all of the system services, you can use the Get-Process command to display a list of all of the processes that are currently running on the system.

10: Stop-Process

Sometimes, a process will freeze up. When this happens, you can use the Get-Process command to get the name or the process ID for the process that has stopped responding. You can then terminate the process by using the Stop-Process command. You can terminate a process based on its name or on its process ID. For example, you could terminate Notepad by using one of the following commands:
Stop-Process -Name notepad
Stop-Process -ID 2668
Keep in mind that the process ID may change from session to session.

Export-CSV of Active Directory Objects

I tried this script below it works fine:

$alist = "Name`tAccountName`tDescription`tEmailAddress`tLastLogonDate`tManager`tTitle`tDepartment`tCompany`twhenCreated`tAcctEnabled`tGroups`n"
$userlist = Get-ADUser -Filter * -Properties * | Select-Object -Property Name,SamAccountName,Description,EmailAddress,LastLogonDate,Manager,Title,Department,Company,whenCreated,Enabled,MemberOf | Sort-Object -Property Name
$userlist | ForEach-Object {
    $grps = $_.MemberOf | Get-ADGroup | ForEach-Object {$_.Name} | Sort-Object
    $arec = $_.Name,$_.SamAccountName,$_.Description,$_.EmailAddress,$_LastLogonDate,$_.Manager,$_.Title,$_.Department,$_.Company,$_.whenCreated,$_.Enabled
    $aline = ($arec -join "`t") + "`t" + ($grps -join "`t") + "`n"
    $alist += $aline
$alist | Out-File D:\Temp\ADUsers.csv

Windows Update fails with code 800B0001 when checking WSUS (works for web updates) after installing latest version of 7 Windows Update software

I was having the same issue on my systems and found this patch for WSUS 3.0 SP2. It was released around the same timeframe that Microsoft change the client on Microsoft Update.

I applied the patch on my WSUS server last night and my clients automatically updated there Windows Update client to what appears to be the same version as listed on Microsoft Update. My machines no longer have the issue and I can switch between checking WSUS and Microsoft Update without issue. 

Monday, November 5, 2012

How to Uninstall WSUS 3.0 SP2 and Its Related Components

To uninstall Windows Internal Database

  1. Open a command prompt.
  2. Type msiexec and the following key for the operating system platform:
    • For 32-bit platforms, use:
      msiexec /x {CEB5780F-1A70-44A9-850F-DE6C4F6AA8FB} callerid=ocsetup.exe
    • For 64-bit platforms, use:
      msiexec /x {BDD79957-5801-4A2D-B09E-852E7FA64D01} callerid=ocsetup.exe

How to uninstall WSUS 3.0 SP2 server software

To uninstall WSUS

  1. On the WSUS server, click Start, click Control Panel, and then click Uninstall a Program.
  2. In the Programs and Features pane, click Windows Server Update Services, and then click Uninstall.
  3. In the Remove Windows Server Update Services pane, click Database, click Log Files, click Downloaded Updates, and then click Next.
  4. Click Next to start uninstalling WSUS. Be aware that as soon as you start uninstalling this software, you will be unable to cancel the process.
  5. When the uninstall process is completed, click Finish to exit the wizard.

How to uninstall the WSUS 3.0 SP2 Administration Console

You can remove the WSUS 3.0 SP2 Administration Console from a computer by using the following procedure:

To remove the WSUS Administration Console

  1. Click Start, click Control Panel, and click Programs and Features.
  2. Click the Windows Update Administration Console in the list of installed programs.
  3. Click Uninstall.

WSUS accounts

Uninstalling WSUS might leave some WSUS accounts on local computers that are running SQL Server. The Network SSService and ASP.NET accounts that are created by WSUS Setup are not removed by the WSUS uninstallation component. If an application or database is using these accounts, this ensures that these applications or databases do not fail. If you are sure that no other application or database requires the Network Service or ASP.NET accounts, you can manually remove them from the computer running SQL Server.