Sunday, September 12, 2010

"Here you have" worm mail

Hi friends

"Here you have" worm mails after a decade.. Soon we can expect the update in one of the engine of the Microsoft forefront for exchange.

Can be blocked by putting a rule in the edge server/hub transport using the content filter or by transport rule..


Saturday, July 10, 2010

SCCM Client : Reassign Sitecode

Hi Friends,

The below is the script which can be used to assign the sitecode for the SCCM Client PC remotely. There will be a scenario of changing the sitecode in the client computers after implementation of new SCCM server with different sitecode, or may be moving all the users from the earlier SMS to SCCM2007 environment of different sitecode. In this case, we can make use of the below VBScript to change the sitecode in the configuration client (SCCM Client) in all the clients remotely. The below scripts can be deployed using the GPO via Logon Script or using the remote execution of the scripts or even use remote script execution tools. The permission for the execution of the script in the client PC is obvious, for better practice can make use of the same SCCM admin account, which in turn will have the appropriate permission for the script execution.


'replace with your Site Code
sMachine = "."
set oCCMNamespace = GetObject("winmgmts://" & sMachine & "/root/ccm")
Set oInstance = oCCMNamespace.Get("SMS_Client")
set oParams = oInstance.Methods_("SetAssignedSite").inParameters.SpawnInstance_()
oParams.sSiteCode = sSiteCode
oCCMNamespace.ExecMethod "SMS_Client", "SetAssignedSite", oParams


Save the above file with the extension .vbs and replace "NEWSITECODE" with your sitecode accordingly.



Backup and Recovery

This article gives information about backing up the Blackberry data and also restoration. As we know the BES and exchange are tightly integrated, the real email data’s are stored in the email servers only. In BES server level, the following needs to be backed up
* BES Database of SQL 2005 i.e., BESMgmt Database
* BES User details and Configuration details.

1. BES Database Backup and Restore:
For Blackberry, as we know the database is hosted in the SQL Server. Henceforth can make use of the backup and restore option in the SQL Server itself.
Open the backup console from the SQL 2005 studio express console,
• Go to the concern Database in the console -- right click and select Task -- Backup
• Enter the backup file name and location in the general window.
• Select the options for media writing as required to complete the backup in the option window.
For the restoration same process, select the restore option from the console.
• Select the destination of the latest backup file in the General window.
• Select the appropriate write option to complete the restoration in the option window.

2. Blackberry User Information Backup and restore
The BB user details and Configuration details can be backed up by using the built-in tool called BlackberryBackup.exe. The below is the location of the file,
C:\Program Files\Research In Motion\BlackBerry Enterprise Server\Utility
Note : Here C:\ is the source installed drive.
### To take the backup of the user information
BlackBerryBackup.exe -b -o C:\BB_Bkp\bb_user.txt -n dxb-bbs-01
### To take the backup of the BES configuration information
BlackBerryBackup.exe -r -o C:\BB_Bkp\bes_conf.txt -n dxb-bbs-01
-b –o -- Backup (-b) of BB user details to the output file (-o) C:\BB_Bkp\bb_user.txt
-n -- Blackberry servername
-r –o -- Backup (-r) of BB configuration details to the output file (-o) C:\BB_Bkp\bb_conf.txt
### To restore the user information from the file using the option "-i"
BlackBerryBackup.exe -b -i C:\BB_Bkp\bb_user.txt -n dxb-bbs-01
### To restore the configuration information from the file using the option "-i"
BlackBerryBackup.exe -r -i C:\BB_Bkp\bes_conf.txt -n dxb-bbs-01
-b –i -- Restore (-b) the BB user details from the input file (-i) C:\BB_Bkp\bb_user.txt
-n -- Blackberry servername
-r –i -- Restore (-r) the BB configuration details from the input file (-i) C:\BB_Bkp\bb_conf.txt


Blackberry Enterprise Server Deployment

This article gives you the deployment steps for the Blackberry Enterprise Server in the Exchange Server Environment. Before deploying the BES Server, we need make sure some pre requisite tasks. I have considered Blackberry Enterprise Server 4.2 application and SQL 2005 Std for this article.

1. Existence of functioning exchange 2007 Env and BESadmin Account
Before deploying the BES application, the functioning exchange 2007 is obvious.

1.1 Creation of BB admin account called BESadmin
1. On the computer that hosts Microsoft Exchange, log in as an administrator with the permission to create an account.
2. Open the Microsoft Exchange Management Console.
3. Create a Microsoft Exchange account that is named BESadmin.

1.2 BB Computer Account Permission on BESadmin
On each computer that you plan to install the BlackBerry® Enterprise Server or the BlackBerry Manager on, you must configure the Local Security Policy permissions for the Microsoft® Exchange account that you plan to use to complete the installation.
Without the proper permissions, the BlackBerry Enterprise Server cannot function.
1. Right-click My Computer – Planned BES Server Eg dxb-bbs-01.
2. Click Manage.
3. In the left pane, expand Local Users and Groups.
4. Navigate to the Groups folder.
5. In the right pane, double-click Administrators.
6. Click Add.
7. In the Enter the object names to select field, type BESadmin.
8. Click OK.
9. Click Apply.
10. Click OK.

1.3 BESadmin Account permission on Exchange
Configure Microsoft Exchange 2007 permissions for the Microsoft Exchange account
1. On a computer that hosts the Microsoft® Exchange Management Shell, open the Microsoft Exchange Management Shell.
2. Perform one of the following actions:
• If you are performing the command locally on the Microsoft Exchange 2007 server, type: addexchangeadministrator
"BESAdmin" –role ViewOnlyAdmin
• If you are performing the command from another computer, type: get-mailboxserver
"" | add-exchangeadministrator "BESAdmin" –role ViewOnlyAdmin
3. Type the following command:
get-mailboxserver " " | add-adpermission –user "BESAdmin" –accessrights ExtendedRight –extendedrights Send-As, Receive-As, ms-Exch-Store-Admin

1.4 BB Device Users permission for sending message in exchange
Enable BlackBerry device users to send messages in a Microsoft Exchange 2007 environment. In this case, we are giving the BESadmin account the sendas permission to the domain root, so that all the BB enabled in turn will be able to send message from their BB enabled device.

1. On any computer within your organization's domain, on the taskbar, click Start > Administrative Tools > Active Directory Users and Computers.
2. In the View menu, click Advanced Features.
3. Right-click the domain root.
4. Click Properties.
5. On the Security tab, click Advanced.
6. Click Add.
7. Type BESadmin.
8. Click Check Name.
9. Click OK.
10. In the Apply Onto drop-down list, click User Objects.
11. In the Allow column, select the Send As check box.
12. Click Apply.
13. Click OK.

2. Installing the SQL 2005 for BB Database
• Install the SQL server 2005 with default instance and enter the information of service account which is created for BB management (BESAdmin) while installing the SQL and install the SQL with windows authentication. Apply the latest service pack after the installation for SQL.
• Select all the components and also select the Default Instance for the SQL installation.
• Enter the information of service account created for BB(BESAdmin) for SQL service.
• On Authentication Page, Use the windows authentication mode
• Click Next in all the screens as per the default options and click Install to complete the SQL server installation.

3. BES Installation
Before starting the BES server installation, make sure the below are available with the diskette.

• client access license key
• SRP identifier
• SRP key
• SRP host

1. Click the Setup.exe
2. Enter the Appropriate name and organization, select the region.
3. Accept the license agreement.
4. Select the setup type; choose Blackberry Enterprise Server option which in turn will install all the components like MDS, Router, attachment Service, etc.
5. Accept the apache license agreement page also.
6. Pre install checklist screen.
7. Enter the BB service account name – BESadmin and password. Choose the installation folder and log file folder accordingly.
8. Installation summary and next.
9. Select Continue
10. Press yes to reboot the server and after restarting login as BESadmin and the installation window will start automatically.
11. Database integration part, leave the default values and press next
12. Enter the CAL Key and press next.
13. Enter the SRP Address and use test connection.
14. Enter the SRP info (Damac SRP details)
15. SRP Identifier
16. SRP Authentication Key
17. Leave the host routing information empty.
18. Click Validate SRP key and ID, the window pops up with the exchange server details. Enter the Exchange server name and user name BESadmin.
19. On WAN SRP setting, leave default value and press next.
20. Messaging part, leave the default.
21. Leave the default and press next for the proxy settings.
22. Check the start service option and click “start service” button.
23. It will start all the BB related services and hence the end of the installation process finish.

4. Post Installation Check
4.1 Check the installation logs
Check the installation setup logs in the below location
C:\Program Files\Research In Motion\BlackBerry Enterprise Server\Installer

4.2 Check the MDS connection
Check the MDS connection as below in the server,
Open the explorer – http://localservername:8080 , which opens the Blackberry Mobile Data Service Connection Service Page.

4.3 Checking the Blackberry Server Components
Go to Control panel --> Blackberry Server Configuration, will have all the components details like router, attachment Server, SRP details. In this case, we have installed all in the same server and hence forth it has set all the values by default, no need to change any values.

4.4 Check the Blackberry Manager Console,
Check the console in the program list in the start menu.

4.5 User creation and Mailflow with BB device
Finally, try creating the user profile in the blackberry Manager and check the mailflow with the device.


Saturday, July 3, 2010

SCOM 2007 Deployment

SCOM – System Center Operation Manager 2007 which is the successor of the MOM – Microsoft Operation Manager 2005, which is used for monitoring the Server, clients in the windows active directory environment. SCOM 2007 can be used for monitoring not only server and clients in the active directory which also includes network devices and other application like Exchange, SQL, ISA, etc. by the means of corresponding available Management Packs shortly called as MP. Deployment of SCOM 2007 is quote an easy task, this article focus on this.

• Selecting the OS either 2003 or 2008.
• Selection of 32 bit or 64 bit processor (it is important that if you choose the 64 bit and the reliable database package like SQL 2005 must be in 64 bit due to the factor operational database compatibility).
• Operational installation account in AD e.g., ScomAdmin (make password never expires) and related permissions.
• Check the forest and domain functional levels.

2.Pre requisite:
Since the installation first page has the prerequisite option, on clicking that will give you the availability status. Still, the below are the items which needs to be installed before deploying SCOM 2007.

• IIS 6.0 and above (IIS 7.0 needs to select some additional features like iis 6.0 compatibility, basic authentication and few. So better side can select all the features and install )
• SQL 2005 SP2 and above (SQL 2005 SP1 or express version does work for SCOM 2007) and use the ScomAdmin account during the installation of the default instance of SQL.
• Dot Net framework 2.0 with SP2 and above (Dot net framework 3 is better)
• ASP.NET 2.0 and ASP.NET AJAX Extension 1.0
• Using the tool MOMADAdmin.exe tool create a container for operation manager in AD

MOMAdAdmin.exe {Management Group Name} {Ops Mgr admin Group} {Ops Mgr account} {Domain name}


MOMADAdmin.exe OpsMgr ScomAdminGroup ScomAdmin

Login with the SCOM admin account (SCOM operational account that we created in the AD and also we used the same account during the installation of the SQL as well)

• Select Install operation manager 2007 to start the wizard
• Accept the end license and enter the license key.
• Installation type – choose custom type and select all the components, make sure all components and sun components are selected for installing on the local disk drive.
• Management Group Name : Enter “OpsMgr” (something meaningful and which cannot be changed later)
• User account selection: select ScomAdmin from the AD.
• Database Instance and port (1433) – leave the default values.
• Database and log file option – leave the default values
• Select the Data file and log file location.
• Management Server Action Account: accept the default domain or local account.
• Enter the SDK and Config Service account either domain or local account.(Can use ScomAdmin also)
• On the web console, choose the Windows Authentication
• Microsoft Error reporting option, choose ‘No’ option.
• Customer experience improvement program option.
• Click Install option to start the installation.
• On the end, it will ask for the Encryption key for Backup and restore option (optional).



Tuesday, May 4, 2010

New Features in Windows server 2008:

Hi Friends,

Getting busy on testing out some appl like SCCM 2007 and SCOM made me to stay away from blogging, so thought of writing one.

It’s been quite a time for windows server 2003, people already started using windows server 2008 and are happy with the new features available. This article gives you the new features available in Windows server 2008.

1. Role based installation

Windows server 2008 has quite number of roles in the server manager, which can be installed as when required. The below are the roles,

Active Directory Certificate Services

Active Directory Domain Services

Active Directory Federation Services

Active Directory Lightweight Directory Services

Active Directory Rights Management Services

Application Server

DHCP Server

DNS Server

Fax Server

File Services


Network Policy and Access Services

Print and Document Services

Remote Desktop Services

Web Services (IIS)

Windows Deployment Services

Windows Server Update Services (WSUS)

In the above some of them are new features, which I will discuss later. Also some of the above features are specific to certain edition of the windows server 2008. Please check out

2. Server core

One of the expected feature and most welcomed feature which going to drive Microsoft server OS forward is the server core feature. Like UNIX server environment, you can have the server core shell windows alone, no need of having GUI with fancy GUI drivers. But the optional GUI option also available. The trend of having the single shell for server operation in a Microsoft was a dream for most of the system administrator. This server core installation option allows us to install specific server role like DHCP or Print server. So all server operation can be done sufficiently in command prompt, no more GUI specific configuration stuffs required unlike previous versions.

3. Virtualization – Hyper V

Virtualization enables you to have multiple logical servers in a single server provided with all functionality like networking, dedicated memory, high performance, etc. Since virtualization as a technology is a revelation in IT because of its cost reduction. Already we have application like VMWARE and virtual PC making ways. Hyper V along with the server OS is definitely good. Just to make it interest, please check out the below link to find the comparison between the VMWARE and Hyper V.

4. Powershell

Powershell was as expected one. Since Powershell started making news from the release of the exchange 2007. The entire administrative task can be done with ease using the Powershell, which makes the system administrator life easier. Powershell has the built-in active directory related cmdlets which can be effectively used for multiple purposes.

5. Right Management Services

Data security has been taken to the next level by means of this service. We don’t have answers for the security on documents which the end users who have the access or the mails which have the sensitive information can be forwarded to anyone outside the organization. This service helps in preventing the above scenarios. Since it is integrated with the active directory helps in providing security for file level and also emails.

6. RODC – Read Only Domain Controllers

It is one of the new features which have excellent features in terms of both functionality and design. It provides solution for the scenario like most of the branch offices DC server lacks the quality administration, henceforth chance are there for poisoning the Home DC by replicating the faulty data’s. This RODC only acts as a Read only DC; it won’t be chance to write any data and resulting in no need of sending any update to the main office. So it is unidirectional update i.e., only from normal DC to RODC. RODC do wonders for multi-site work environment.

7. IIS 7.0

IIS 7.0 has been improved mainly in terms of security when compared to the IIS 6.0. I don’t know much about this application interiors, I leave it to you people to check out the new features from the link . These improvements are with respect to Authentication, Authorization, SSL, Web Service Extension Restriction List and IP restrictions.

8. Enhanced Terminal Services – Remote desktop Services

The former terminal service has been renamed to Remote desktop Services and which has been significantly improved. The features are the following.

RemoteApp – Server based remote application programs can be accessed in the local computer using the terminal services, which looks like normal execution of the local application.

Web Access – Using this they will be able to access the remote app programs through internet via browser.

Gateway – Using this feature the user will be able to take the remote connection from the outside LAN i.e., from public provided the TS gateway is configured.

9. Network access protection

Network access protection is the new features which mainly related the security. This policy enables us to have the control over the connection to domain network based upon some threshold compliance, in case of any systems which are sort of the threshold compliance; it will force the missing compliance and then allow the host to connect it to the LAN. For e.g., we have the deployed some security patches for all the users, one of the user who is not part of this activity came after a long vacation. There is a chance for some security lapse; here comes the role of NAP to enforce the missing one.

10. Group Policy Management Improvements.

Group Policy Management has many improvements in account policies, password policies, etc. We have special query option in the GPMC console in order to list out the policies which are set or also no need to search for a particular policy in the hierarchy can be easily searched with the namespace.

11. Windows Deployment Services:

Using this deployment services we can even able to deploy the OS. In previous version, this option was not available and also it can be achieved by application like SCCM. Windows Deployment service use the TFTP protocol and makes it comparatively faster. Moreover it has the option for Autocast or schedulecast deployment.

The above are main new features which come to my mind; Security of the Server OS is definitely improved much when compared to the earlier versions.

Hope the above information is useful.



Friday, January 29, 2010

New features Available in Exchange Server 2007 SP2:

Hi friends,
We all know the release of the Exchange 2007 SP2, making news around the corner. The below is the brief information about the new features that are avaiable with the SP2.

1. VSS Enabled plug-in supports exchange aware backups. WSBExchange.exe is the core plug-in file which gets installed while installing SP2. This feature is only available for exchange 2007 hosted in windows server 2008, since windows server backup feature is not available in the windows server 2003. Though it has some limitations when compared to the third party exchange aware backup application like veritas,etc. For further details check,

2. Enhanced Auditing options available. Using this we can have the granular auditing reports like folder access, message access in a mailbox, etc.

3. Improvement/change in the Schema Update. New Dynamic schema update method has been introduced in SP2, which will check for the conflicts when adding a new property to the schema which in turn will avoid the future conflicts.

4. Public folder quota management is the new improvement. Set-publicfolder is the cmdlet for this particular function.

5. Apart from the above, there are bunch of new cmdlets comes along SP2,


In the above, some of the cmdlets seems like they are already present before, but which were improved or changed for better purposes in SP2. For eg, in import-mailbox cmdlet is not working as expected when we try for importing mails on particular date basis for large mailboxes.

6. The above mentioned are only the new features, SP2 contains all the bugs fix code which we all rolled out as a Roll ups.

Hope the above info is useful.


Logan | 971-552596187