Tuesday, February 24, 2009

Password Expiration Notifier

This is some really cool freeware (well, cool if you're some kind of IT geek). Anyway, Redmond Magazine recently had a review of NetWrix Password Expiration Notifier. In a nutshell, it e-mails users when their Active Directory password is about to expire. This is huge for companies with remote users who only use webmail, local users that don't logout for weeks at a time or Mac and Linux users that need Windows resources. The price is perfect for the base model and for more bells and whistles, prices start at $350 and climb upwards with the number of users.

Ps. Check out NetWrix's array of Freeware.

Sunday, February 22, 2009

Tuesday, February 17, 2009

Lose the Shutdown Event Tracker

This tip has been around for a while, but I think it's still worth sharing due to its possibly high annoyance factor.

On a production machine, I consider the Shutdown Event Tracker worthwhile, especially in environments with multiple administrators. When in a lab situation or testing environment, this prompt before shutdown gets old quickly. 

To change the setting go to Start > Run…, type gpedit.msc and press OK.

Drill down: Computer Configuration > Administrative Templates and highlight System. In the right pane, double-click the “Display Shutdown Event Tracker” and choose Disabled.

You're done, no more need for a reason to shutdown the system. (BTW, this tip works with Windows Server 2003 and you can even enable the Shutdown Event Tracker for Windows 7, Vista and XP.)

Hub Transport Warning during Exchange 2007 Install

This is sort of a bogus warning, but it comes up when installing Exchange 2007 integrated with Service Pack 1.

"Setup cannot detect an SMTP or Send connector with an address space of '*'."

A quick search came up with a Microsoft KB article stating you need to add an SMTP Send Connector after setup. This task always needs to be done if you won't be using an Edge Transport role. I imagine when the Exchange installer comes integrated with Service Pack 2 this message will either be gone or at least more explanatory.

Thursday, February 5, 2009

Enabling the Administrator account in Vista Home

I just received a batch of five Dell laptops with Vista Home for a lab. One of the requirements was to have low privilege "Student" logins and the usual Administrator account for the instructors.

If you've dug around in Vista for any amount of time, you probably know by now the Administrator account is disabled by default to aid with keeping the system secure. Far too many Windows 2000/XP systems were left with blank administrator passwords and this is Microsoft's answer to that typical security hole.

Enabling the account readily accomplished in Vista Business, Enterprise or Ultimate. Go to Run... type lusrmgr.msc, click OK, highlight the Users folder, right-click Administrator in the right-hand pane, choose Propertiesand uncheck Account is disabled.

For the Vista Home Editions you have to do this via the command line (there is no Users Manager). Go to Start > Accessories and right-click Command Prompt and choose Run as administrator (this will prompt a UAC box, click Continue).
At the command prompt type: net user administrator /active:yes then hit enter.

Now the Administrator account will be available in the Control Panel > User Accounts applet. Lastly, but far from least: give this account a good password!

Tuesday, February 3, 2009

Exchange 2007 PurportedSearch Error

This "PurportedSearch" error was a hard one to track down. I was installing the Mailbox role, for the Exchange 2003 to Exchange 2007 migration, and during the perquisites stage it would error out because there was an invalid character present in a custom Recipient Policy, as listed below:

Mailbox Role Prerequisites
Failed


Error:
An unexpected '(' character is found in the 'purportedSearch' attribute of the Recipient Policy 'firstdotlast', it will cause setup to fail. Please remove it and rerun setup. Current value: (&(&(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))(objectCategory=group)(objectCategory=publicFolder)(objectCategory=msExchDynamicDistributionList) )))).


I did numerous searches on the web and I found nothing conclusive; that's when I decided to burn one of the two Support Incidents I get with my TechNet subscription. The Microsoft tech knew right away what the issue was and how to get around it. It seems the old recipient policy in LDAP form needs to be converted to OPATH during an Exchange 2003 to 2007 migration and I hadn't done that...really, who knew? I hadn't read this in any of my numerous Exchange 2007 books or saw it on any website, but maybe I missed it.

The workaround was to open the ADSI editor(adsiedit.msc) and browse over to the recipient policy in question, copy and save the contents to a text file, then clear the value.
Here's the path for the ADSI editor: Configuration -> CN=Configuration,DC=company,DC=com -> CN=Services -> CN=Microsoft Exchange -> CN=Company -> CN=Recipient Policies -> CN=custom policy

Once that was done, I re-ran the Exchange 2007 Mailbox role installation and it went perfectly. Next was to reopen the ADSI editor and take the data from the text file and repopulate the purportedSearch value.

The Microsoft tech was very helpful and pointed me to a TechNet article regarding the conversion from LDAP to OPATH Recipient Policies. Now why wasn't this addressed in the Exchange 2007 installer? It would have been a simple script to do this in the background, or at the very least how about a real clue from the installer stating the actual problem. In any case, it is all working now.

Dell now posting Outlet deals on Twitter

Thanks to G4TV for this nugget:

Dell is now offering Outlet deals via Twitter. You can follow here: http://twitter.com/DellOutlet

Update: Check out who the Dell Outlet is following, there are more deals to be tweeted.